Thursday, March 06, 2008

Microsoft acquired Credentica

This is such a smart move of Microsoft! I am impressed and I am sure that Credentica's technology will lead to a privacy improved version of CardSpace. I hope that Microsoft will provide open access to this technology for others to implement identity selectors, relying parties and security token servers. CardSpace is token agnostic but when I have read the U-Prove papers correctly then there is more then one roundtrip between id selector and STS required to deliver all the nice features. The protocol between id selector and STS thus probably has to be changed.
"Nice features": Some weeks ago somebody asked me "What is this (group signatures, zero knowledge based algorithms, electronic money based algorithms) good for. Where can anonymity, privacy, pseudonyms, untracebility, unlinkability, ... be used". At that time I answered this questions on a too technological level, interpreting the word "where" to mean protocols, signatures, encryption. The better answers would have been, and the acquisition of Credentica by Microsoft points in this direction: If the technology in available on every desktop computer or mobile computer/phone then users will learn to want privacy, untracebility and unlinkability. The services a company offers must have these features then or the users will use services that provide them.

No comments: