privacy

Seattle WA – September 27, 2010 – Last month, at the Privacy Identity Innovation 2010 conference in Seattle, Microsoft Senior Program Manager Christian Paquin hosted a session on the U-Prove minimal disclosure technology. ICF Executive Director Drummond Reed interviewed Christian for the following in-depth Q&A about U-Prove.

Q: First, can you tell me what is U-Prove?

A: U-Prove is an innovative privacy-enhancing security technology that can help people protect their identity-related information. U-Prove combines the security of PKI (public key infrastructure) with the flexibility of federation technologies that allow people to link identities across domains. And it does all this while providing privacy-by-design. That makes the U-Prove technology ideally suited to protect claims (attributes) in user-centric identity systems.

Q: Microsoft made a major announcement about U-Prove at RSA in March. What was the essence of that announcement?

A: The initial release of the U-Prove technology we announced at RSA consisted of two parts. First, we released the U-Prove specifications, published under the Open Specification Promise (OSP), so anyone can implement and use them freely and for any purpose. The first specification describes the core cryptographic protocols, and the second is a WS-Trust / OASIS IMI profile (the protocol used for Information Cards). We also released two open-source Software Development Kits (SDK) – one in C#, one in Java – implementing the core cryptographic specification.

ICF Executive Director Drummond Reed just returned from a two-week trip to the EU. He shares the following observations:

My first stop was giving a keynote at the NordSec conference in Oslo, wonderfully organized by Dr. Audun Jøsang of the University of Oslo. The agenda was one of the richest of any conference in my recent memory; I found myself taking notes constantly on talks covering STORK, ID management based on mobile SIM cards, and privacy risks in Web 2.0, among other topics.

The day ended with a panel on “Global identity management – a threat or an opportunity for privacy?” I spoke strongly in favor of the opportunity Information Card technology offers for privacy protection, and how the U.S. government’s open identity solutions initiative is taking advantage of this. That initiative and the ICF/OIDF open trust frameworks project drew a great deal of interest among the largely EU-based audience—its potential for helping “raise the bar” on Internet privacy was one the main themes of the panel.

-Government Embraces Innovative Technology to Support Citizen Participation-

(For more details about this release, please see our Open Identity for Open Government FAQ)

Washington, D.C. - September 9, 2009 - Ten industry leaders - Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems - announced today they will support the first pilot programs designed for the American public to engage in open government - government that is transparent, participatory, and collaborative. This open identity initiative is a key step in President Obama's memorandum to make it easy for individuals to register and participate in government websites - without having to create new usernames and passwords. Additionally, members of the public will be able to fully control how much or how little personal information they share with the government at all times.

These companies will act as digital identity providers using OpenID and Information Card technologies. The pilot programs are being conducted by the Center for Information Technology (CIT), National Institutes of Health (NIH), U.S. Department of Health and Human Services (HHS), and related agencies. The participating companies are being certified under non-discriminatory open trust frameworks developed under collaboration between the OpenID Foundation (OIDF) and the Information Card Foundation (ICF) per the federal government Trust Framework Provider Adoption Process.

The Information Card Foundation has been working with the U.S. General Service Administration (GSA) and other Internet identity organizations on identity management solutions that will enable open government.

On Monday, August 10th, the GSA is hosting an all-day event in Washington, DC called the Open Government Identity Management Solutions Privacy Workshop. This public meeting will discuss the work done to date and solicit input from the privacy community and the public.

ICF Executive Director Drummond Reed and Certification Committee Chair Mary Ruddy will both be speaking at the event.

Agenda and registration details are available at:
http://www.idmanagement.gov/drilldown.cfm?action=privacy_workshop

Registration is on a first come, first served basis.