Microsoft U-Prove CTP Is Live

In Microsoft’s perspective, an increased level of security when it comes down to private access to both on-site and Cloud-based applications is a critical factor in building safer and more trusted enterprise environments. Microsoft U-Prove is designed as a catalyst of safer enterprise environments by keeping information disclosure associated with online transactions down to a minimum. The Redmond company hopes that the evolution of identity solutions for corporations will ultimately reverberate across the Internet, providing enhanced privacy and security for all users.

The RSA Conference 2010 was the stage where the software giant launched a Community Technology Preview of the U-Prove technology. Companies interested in testing U-Prove can access the project on Microsoft Connect immediately. All that testers will need to access U-Prove on Connect is a Windows Live ID.

“U-Prove is an innovative cryptographic technology that enables the issuance and presentation of cryptographically protected claims in a manner that provides multi-party security: issuing organizations, users, and relying parties can protect themselves not just against outsider attacks but also against attacks originating from each other. At the same time, the U-Prove technology enables any desired degree of privacy (including authenticated anonymity and pseudonymity) without contravening multi-party security. These user-centric aspects make the U-Prove technology ideally suited to create the digital equivalent of paper-based credentials and the plastic cards in one's wallet,” the project’s description on Connect read.

U-Prove’s description might be a tad cryptic, so here’s a simpler approach. The technology essentially allows people to own and leverage multiple IDs at different times. Because of the claims-based model, people no longer need to pass their whole identity, while being able to only pass claims. At the same time, the beauty of the technology is that it allows limited disclosure tokens. Essentially, users can restrict the amount of information that is disclosed.

“We're announcing a couple of things. First of all, with regard to U-Prove, we're releasing under the Open Specification Promise the patented crypto algorithms of U-Prove, and we're donating under the Free BSD License two reference toolkits implementing the algorithms,” Scott Charney, corporate vice president, Trustworthy Computing, revealed. “Additionally, we're releasing a second specification under OSP for integrating U-Prove into Open Source identity selectors. That will be accompanied by preview code integrating U-Prove, ADFS, Windows Identity Foundation, and CardSpace.”

Charney underlined that the industry, along with developers and IT professionals, were invited to put together identity solutions that would better protect individual privacy, by leveraging U-Prove CTP.