The Wayback Machine - https://web.archive.org/web/20110714090009/https://connect.microsoft.com/site1188
Search

Microsoft U-Prove Community Technology Preview R2 

 

The move to online services offers great promise in terms of both cost reduction and improved user experience. However, the realization of this promise has been severely hampered by the lack of trust on the Internet – specifically, the absence of a practical mechanism for users to obtain and present strong, verified digital identity information online. In some cases, the information simply isn’t available in a digital form; however, even when it is available, the current set of identity technologies force a trade-off between the level of identity information assurance and the level of privacy given to users.

 

U-Prove is an advanced cryptographic technology that, combined with existing standards-based identity solutions, overcomes this long-standing dilemma between identity assurance and privacy. This unlocks a broad range of scenarios that have historically been out of the reach of both the private and public sectors - cases where both verified identity information and privacy are required.

 

Microsoft is releasing a second Community Technology Preview (CTP) of U-Prove and related software innovations, so policy makers, developers, end-users and members of the Internet Identity community can try out the concepts, evaluate the capabilities and provide feedback to Microsoft.

 

 

 

U-Prove Agents

At the core of Microsoft’s vision are U-Prove Agents—software that acts as an intermediary between websites and allows users to share their personal information in a way that helps protect their privacy. U-Prove Agents exist explicitly to represent the users’ interests in choosing to share (or not to share) their personal information with sites on the Internet.

 

Specifically, the Agent provides a mechanism to separate the retrieval of identity information from trusted organizations from the release of this information to destination sites. The underlying mechanisms help prevent the issuing organizations from tracking where or when this information is used, and to help prevent different destination sites from trivially linking users’ actions together.

 

In this CTP, Microsoft offers a U-Prove Agent running as an online service, accessible from any computing device with a web browser. Optional client-side software delivered by this service provides enhanced security and privacy capabilities.

 

The technical architecture embodied by this technology preview, by design, allows for an unlimited number of Agents, and does not mandate any specific computing platform. It is expected that numerous U-Prove Agents will exist over time, operated by a diverse set of parties, including commercial and government organizations.

 

The U-Prove CTP Whitepaper provides the business, architectural, and technical framing for the R2 release of the U-Prove technology, including the U-Prove Agent. The whitepaper is available for download here.

 

 

 

Testing the Microsoft U-Prove Agent

For testing purposes, Microsoft has created several sample websites, representing organizations in public and private sectors that can issue verified information or consume this information. These sample sites have been setup with fictitious user accounts and fictitious user data.

 

You can try:

·         Selling or buying a car at an auction site, with verified information about your car or yourself

·         Applying for unemployment benefits with verified identity claims

 

Instructions for using these sample websites is available on the sample websites page.

 

 

 

Additional capabilities

This release includes optional components for use with the Microsoft U-Prove Agent:

·         Client Component. While many privacy protections can be delivered as a web-based service, some key security, privacy and convenience features require software to run locally on your computer. In this Technology Preview, Microsoft has selected Silverlight as the client-side technology to deliver those features. Silverlight is supported by all major browsers on both Mac OS X and Microsoft Windows.

·         Invocation Helper. This optional component is a browser plugin that looks for a U-Prove Agent Object Tag and manages the launch of the Agent. The invocation helper for the Microsoft U-Prove Agent can be downloaded from its home page. Note: in this Technology Preview, this component is based on COM (ActiveX) and has only been tested with Internet Explorer 8 and 9.

·         U-Prove enabled Smartcards. Smartcards can be used for two-factor protection of the user’s information, to reduce significantly the risk of this information being transferred or stolen. For testing purposes, a software-based Smartcard Emulator is included in this Technology Preview. Physical U-Prove enabled smartcards, developed by our partner Gemalto, are also available for a limited set of testers.

 

 

 

Developing with U-Prove

The U-Prove Specification describes the foundational features of the U-Prove technology. This specification has been published under the Open Specification Promise allowing anyone to use or implement the technology. This and other key documents are available from the Specifications and Documentation page.

 

To support experimentation, Microsoft developed a reference C# SDK and a Java SDK implementing the cryptographic specification; both are released under the Apache 2.0 open-source license and available on MSDN Code Gallery.

 

Visit the Developer Tools page for .NET specific tools and samples that will help you try the new technology and create proofs-of-concept. 

 

  

Frequently Asked Questions

The answers to many common questions regarding the U-Prove Agent can be found on the Frequently Asked Questions page.

 

 

Getting involved

To further the practical collaboration on privacy protecting solutions across open source and commercial partners, Microsoft is working with Identity Commons to form a new working group. The charter for the working group includes testing for interoperability across common browsers and platforms, and testing of specific scenarios in an end-to-end manner in order to build confidence in the identity and privacy ecosystem. This group’s charter is available here.

 

 

 

Providing feedback

We are interested in your suggestions and ideas of how to improve the U-Prove CTP components. Please submit feedback and questions by sending emails to [email protected].

 

 

 

Further Information 

Privacy Awards

 

·     Kuppinger Cole awarded Microsoft U-Prove "Best Innovation" in the category of Outstanding projects and initiatives in Identity Management

 

·     HP and International Association of Privacy Professionals honored Microsoft U-Prove for Technology Innovation

 

·     Fraunhofer Fokus was honored with the TeleTrusT Technology Innovation Award for their work with Microsoft on privacy-enhancing identity systems

 

 

 Related content

 

·     ABC4Trust (European research project on minimal disclosure technologies)

 

·     Scott Charney's RSA 2011 Keynote

 


    
© 2011 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement