Feeds

Microsoft lines up with the good guys on identity tech

Brands and Cameron pitch the fix for government's Big ID problem

Security for virtualized datacentres

Dr Brands is evidently delighted about the U-Prove sale, which had been under discussion for two years. "There is no industry player around I believe in as much as Microsoft with regard to its commitment to build security and privacy into IT systems and applications," he says. He points to Microsoft's existing presence throughout the target markets for ID and access management, and its influence both on the client and server side of the application. "It is easy to say why this is a perfect match."

Mr Cameron sees U-Prove's minimal disclosure tokens as base features of emerging identity platforms which will lead to the safest possible Internet: "I don't think the point here is ultimately to make a dollar. It's about building a system of identity that can withstand the ravages that the Internet will unleash. That will be worth billions." He looks forward to good privacy practice becoming one of the norms of e-commerce.

The prospect is that Brands' minimal disclosure tokens, with their properties of selective disclosure, unlinkability, and powerful revocation capabilities, will be built with half a dozen man-years' development effort into the Windows Cardspace user interface arising from Mr Cameron's work, and also into the underlying Windows Communication Foundation.

If U-Prove is available in WCF that makes it available to any applications on the Windows platform. U-Prove is also covered by Microsoft's (not wholly uncontroversial) Open Specification Promise.

MS as ID standards hero?

Now that the world knows it is Microsoft – instead of a Nokia, Google or IBM – that has acquired Dr Brands' patents there is concern on just how U-Prove will be used competitively. A statesmanlike market leader can afford the view that a safe online world for all is prerequisite for the health of their future market. But Microsoft has a history as an inveterate playground bully that rivals don't easily forget.

Mr Cameron protests that times have changed: "I can guarantee everyone that I have zero intention of hoarding minimal disclosure tokens or turning U-Prove into a proprietary Microsoft technology silo. Like, it's 2008, right? Give me a break, guys!" Dr Brands echoes the point: "It's very clear to me that's not why the people who pushed for the deal wanted to do this."

The outstanding question is how well the undoubted intentions and integrity of both men will stand up to the residual primitive and exploitative tendencies that still reside in large parts of Microsoft.

So, why is this acquisition so important for us in the UK?

It's not just about general cybercrime and data losses, although the UK suffers from that as much as anywhere. It's about the broad thrust of government IT plans. The UK's "Transformational Government" public-sector IT strategy is written and implemented by people who have yet to take a privacy-friendly approach to single sign-on and data sharing. And they've managed to marginalise the very small number of people inside government who appreciate Dr Brands' work.

To say the acquisition is important to UK government is not to say that Whitehall should now buy more Microsoft products – indeed part of the problem was that Tony Blair was seduced by Bill Gates, and Whitehall was locked by Microsoft into a Hailstorm-era way of thinking with its central authentication and health services. When Scott McNealy pointed out the dangers of Hailstorm UK e-Envoy Andrew Pinder scornfully and publicly retorted that the Sun boss was simply jealous that Bill Gates' firm was bigger and more successful than his.

New hybrid storage solutions

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.