U-Prove article posted to ICF news site

0 views

Skip to first unread message

Drummond Reed

unread,

Sep 27, 2010, 2:10:35 PM9/27/10

to icf-co...@googlegroups.com, ICF.General, Christian Paquin

ICF Members and Community:

One of the most detailed articles about Microsoft's U-Prove technology and its relationship to Information Cards and other open identity technologies has just been posted to the ICF site:

http://informationcard.net/blog/u-prove-featured-interview-pii2010

Many thanks to Microsoft Senior Program Manager Christian Paquin for helping me develop this article, based on his talk at Privacy Identity Innovation 2010 conference in Seattle in August.

=Drummond

Paul Trevithick

unread,

Sep 28, 2010, 10:44:48 AM9/28/10

to Anders Rundgren, Drummond Reed, icf-co...@googlegroups.com, ICF.General, Christian Paquin

On Sep 28, 2010, at 6:30 AM, Anders Rundgren wrote:

> Thanx Drummond!
>
> I hope you don't mind me quoting the article...
>
> "Q. You mentioned SAML and PKI, is U-Prove meant to replace these technologies?
>
> A. No. U-Prove is a core cryptographic technology that can be used to complement
> PKI and federation technologies such as SAML. U-Prove is independent of the integration
> environment. We released a WS-Trust/IMI (Identity Metasystem Interoperability) profile
> that specifies how to use U-Prove with Information Cards, but you could easily write a
> PKI or SAML profile that specifies how to use U-Prove to extend these technologies.
>
> In fact, a key point of the Identity Metasystem is to enable different token types
> to co-exist in the same environment. For example, you could setup a Security Token Service (STS)
> to receive U-Prove tokens (to protect the user’s privacy) and seamlessly translate them into
> SAML tokens (for legacy systems).
>
> This is exactly how I see it. A problem for Microsoft is that they have no contact
> (or market share) with the established consumer PKI market in the EU and Asia and
> therefore lack a "vehicle" for launching new cool stuff like Information Cards and U-Prove.

Anders, I'll let Microsoft speak for itself, but I'm confused about what you mean by a "vehicle".

It seems to me that the only "vehicle" we need now is a handful of "lighthouse" relying parties to deploy infocard-IMI compatible sites. And that's what we've been working on here in the US. Everything else is either in place, or will quickly fall into place once the "demand side" is there.

Here's what I mean by that last sentence: Getting IdPs set up to issue infocards is a solved problem. My company, Azigo, for example, has sold our CardPress SAAS solution to Acxiom, Equifax, PayPal and others, and there are lots of other ways to skin that cat. And as for selectors, over half the Windows installed base already has CardPress installed. And for all the other users (including Mac or iPhone/iPad users) they can download and install one.

Reply all

Reply to author

Forward

0 new messages