I must confess to mixed feelings about news that Microsoft has acquired Credentica’s U-Prove™ technology, together with all of the underlying patents.
On the one hand, it’s wonderful to see the “market” at work. Dr Stefan Brands and his team have put in a lot of work into this over the years and the market has rewarded hard work and great technology. Good stuff.
It’s also wonderful to see that “security” and “privacy” are not seen as trade-offs but essential elements of a “Need-to-Know Internet.” Kim Cameron goes on to say that “It’s about building a system of identity that can withstand the ravages that the Internet will unleash. That will be worth billions.” Again, good stuff.
Jeff Bohren made the point that “The real question is whether the theoretical benefits will ever be realized by significant relying party adoption.” On that front, I think the answer is actually quite positive. For example, as a part of the work we are doing in NZ for igovt, we have several use cases where U-Prove™ technology can be very valuable.
It was therefore comforting to see Kim Cameron say “I can guarantee everyone that I have zero intention of hoarding Minimal Disclosure Tokens or turning U-Prove into a proprietary Microsoft technology silo.” I can’t wait to see this as a part of the CardSpace Managed Cards offering as well as available via an open standards based offering. And again, good stuff.
But… I was slightly uneasy to read that one of Dr Stefan Brands’ reasons for going to Microsoft was that it “can influence both the client and server side of applications like no industry player can…” Now, Kim Cameron was quick to downplay this by saying “I don’t actually buy the “influence/control both client and server” phraseology. I’m fine with influence, but see control as an elusive and worthless goal. That’s not how the world works.” OK, let’s chalk that up as another good, sort of.
And therein lies the rub. We are, after all, talking about Microsoft. Look at any IT news page and cringe. I can’t even begin listing the current controversies it is involved in. Can the company’s track record and actions (as opposed to words and intentions) be glossed over? Is there an “untraceable” and “unlinkable” connection between the Identity and Access Group and the larger corporate group?
So far, Kim Cameron’s and Microsoft’s thought leadership and execution of the identity metasystem has been brilliant.
Can an old dog learn new tricks? I hope so.