RSA Conference: Microsoft Releases Preview of U-Prove

Microsoft on Tuesday released a community technology preview (CTP) of its U-Prove cryptographic tech, and opened up its patented crypto algorithms under the company's Open Specification Promise (OSP). The Redmond software maker also open sourced two SDKs (C# and Java editions) under the Free BSD license for integrating U-Prove into open-source identity selectors. The release will be accompanied by preview code integrating U-Prove with ActiveDirectory Federation Services v2, Windows CardSpace v2 and Windows Identity.

Scott Charney, vice president of Microsoft's Trustworthy Computing group, announced the U-Prove CTP during his opening keynote at the annual RSA Security Conference, underway this week in San Francisco.

"The idea is to get more people to embrace these kinds of technologies," Charney told attendees packed into the Moscone Center auditorium. "Then we can create the identity metasystem that [Microsoft] has been talking about for a while now." The brainchild of Microsoft's ID access architect Kim Cameron, the identity metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations, and providers.

Microsoft acquired U-Prove two years ago from Montreal-based privacy vendor Credentica. Developed by the company's founder, well-known security expert and cryptographer Stefan Brands, U-Prove in an encryption and authentication system designed to allow users to conduct secure digital transactions while revealing as little about themselves as possible -- a process called selective disclosure. Brands, along with colleagues Greg Thompson and Christian Paquin, joined Microsoft's Identity and Access group at the time of the acquisition.

Microsoft is now working with a German organization on a prototype national ID card system based on U-Prove, Charney said. The company is working with the Fraunhofer Institute for Open Communication Systems in Berlin on a system that will give end users control over the amount of personal data they share. Germany is planning to issue electronic ID cards to its citizens in November.

Charney also talked about the growing security risks presented by cloud computing, and characterized it as a shared responsibility between the user and the cloud services provider. In fact, he said, the cloud has the potential to shift the balance of power between individuals and the state.

"Everything will go to the cloud if the vision is right," he said, "[including] your health records, your tax records, your diary -- which you'll want to access from all sorts of different devices. As we move more and more of this data to the cloud, it means governments and litigants can go to the cloud and get that data without ever coming to the citizen. The question is: Is that the right place to be or not?"

At one point, Charney added himself to the growing list of advocates for mandatory quarantines of malware-infected PCs. He likened consumers running infected PCs with malware to smokers exhaling second-hand fumes.

"The [Environmental Protection Agency] comes out with second hand smoke [warnings] and suddenly smoking is banned everywhere," he said "You have a right to infect and give yourself illness. You don't have the right to infect your neighbor. Computers are the same way... You're not just accepting [the risk] yourself," he said. "You're contaminating everyone around you."

Published by Microsoft in 2006, the OSP is Microsoft's "irrevocable promise not to assert" its patent claims on a list of technologies. Among other things, the OSP covers many WS specs (WS-Security, WS-Management, WS-Trust, etc.), as well as SOAP and WSDL specifications.

The new SDKs are available for download now. Developers can download the C# edition here or the Java edition here.

About the Author

John K. Waters is the editor in chief of a number of sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].

comments powered by Disqus


  • Death of the Dev Machine?

    Here's a takeaway from this week's Ignite 2020 event: An advanced Azure cloud portends the death of the traditional, high-powered dev machine packed with computing, memory and storage components.

  • COVID-19 Is Ignite 2020's Elephant in the Room: 'Frankly, It Sucks'

    As in all things of our new reality, there was no escaping the drastic changes in routine caused by the COVID-19 pandemic during Microsoft's big Ignite 2020 developer/IT pro conference, this week shifted to an online-only event after drawing tens of thousands of in-person attendees in years past.

  • Visual Studio 2019 v16.8 Preview Update Adds Codespaces

    To coincide with the Microsoft Ignite 2020 IT pro/developer event, the Visual Studio dev team shipped a new update, Visual Studio 2019 v16.8 Preview 3.1, with the main attraction being support for cloud-hosted Codespaces, now in a limited beta.

  • Speed Lines Graphic

    New for Blazor: Azure Static Web Apps Support

    With Blazor taking the .NET web development world by storm, one of the first announcements during Microsoft's Ignite 2020 developer/IT event was its new support in Azure Static Web Apps.

  • Entity Framework Core 5 RC1 Is Feature Complete, Ready for Production

    The first release candidate for Entity Framework 5 -- Microsoft's object-database mapper for .NET -- has shipped with a go live license, ready for production.

Upcoming Events