Feeds

Microsoft lines up with the good guys on identity tech

Brands and Cameron pitch the fix for government's Big ID problem

High performance access to file storage

Dr Brands is evidently delighted about the U-Prove sale, which had been under discussion for two years. "There is no industry player around I believe in as much as Microsoft with regard to its commitment to build security and privacy into IT systems and applications," he says. He points to Microsoft's existing presence throughout the target markets for ID and access management, and its influence both on the client and server side of the application. "It is easy to say why this is a perfect match."

Mr Cameron sees U-Prove's minimal disclosure tokens as base features of emerging identity platforms which will lead to the safest possible Internet: "I don't think the point here is ultimately to make a dollar. It's about building a system of identity that can withstand the ravages that the Internet will unleash. That will be worth billions." He looks forward to good privacy practice becoming one of the norms of e-commerce.

The prospect is that Brands' minimal disclosure tokens, with their properties of selective disclosure, unlinkability, and powerful revocation capabilities, will be built with half a dozen man-years' development effort into the Windows Cardspace user interface arising from Mr Cameron's work, and also into the underlying Windows Communication Foundation.

If U-Prove is available in WCF that makes it available to any applications on the Windows platform. U-Prove is also covered by Microsoft's (not wholly uncontroversial) Open Specification Promise.

MS as ID standards hero?

Now that the world knows it is Microsoft – instead of a Nokia, Google or IBM – that has acquired Dr Brands' patents there is concern on just how U-Prove will be used competitively. A statesmanlike market leader can afford the view that a safe online world for all is prerequisite for the health of their future market. But Microsoft has a history as an inveterate playground bully that rivals don't easily forget.

Mr Cameron protests that times have changed: "I can guarantee everyone that I have zero intention of hoarding minimal disclosure tokens or turning U-Prove into a proprietary Microsoft technology silo. Like, it's 2008, right? Give me a break, guys!" Dr Brands echoes the point: "It's very clear to me that's not why the people who pushed for the deal wanted to do this."

The outstanding question is how well the undoubted intentions and integrity of both men will stand up to the residual primitive and exploitative tendencies that still reside in large parts of Microsoft.

So, why is this acquisition so important for us in the UK?

It's not just about general cybercrime and data losses, although the UK suffers from that as much as anywhere. It's about the broad thrust of government IT plans. The UK's "Transformational Government" public-sector IT strategy is written and implemented by people who have yet to take a privacy-friendly approach to single sign-on and data sharing. And they've managed to marginalise the very small number of people inside government who appreciate Dr Brands' work.

To say the acquisition is important to UK government is not to say that Whitehall should now buy more Microsoft products – indeed part of the problem was that Tony Blair was seduced by Bill Gates, and Whitehall was locked by Microsoft into a Hailstorm-era way of thinking with its central authentication and health services. When Scott McNealy pointed out the dangers of Hailstorm UK e-Envoy Andrew Pinder scornfully and publicly retorted that the Sun boss was simply jealous that Bill Gates' firm was bigger and more successful than his.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.