Seattle WA – September 27, 2010 – Last month, at the Privacy Identity Innovation 2010 conference in Seattle, Microsoft Senior Program Manager Christian Paquin hosted a session on the U-Prove minimal disclosure technology. ICF Executive Director Drummond Reed interviewed Christian for the following in-depth Q&A about U-Prove.
Q: First, can you tell me what is U-Prove?
A: U-Prove is an innovative privacy-enhancing security technology that can help people protect their identity-related information. U-Prove combines the security of PKI (public key infrastructure) with the flexibility of federation technologies that allow people to link identities across domains. And it does all this while providing privacy-by-design. That makes the U-Prove technology ideally suited to protect claims (attributes) in user-centric identity systems.
Q: Microsoft made a major announcement about U-Prove at RSA in March. What was the essence of that announcement?
A: The initial release of the U-Prove technology we announced at RSA consisted of two parts. First, we released the U-Prove specifications, published under the Open Specification Promise (OSP), so anyone can implement and use them freely and for any purpose. The first specification describes the core cryptographic protocols, and the second is a WS-Trust / OASIS IMI profile (the protocol used for Information Cards). We also released two open-source Software Development Kits (SDK) – one in C#, one in Java – implementing the core cryptographic specification.
Last December ICF Executive Director Drummond Reed spent a day in Victoria, B.C. with the identity management team in the Office of the CIO for the Province of British Columbia, including Ian Bailey, the Executive Director of Architecture and Standards, Charmaine Lowe, Director of Information Standards, and Patricia Wiebe, Senior Identity Architect. The following interview is based on many of the topics they discussed.
Q: Let’s start with the big picture: when did your office first begin to focus on identity management?
A: Back in 1996 we determined that identity management was going to be key to developing a shared services approach for the delivery of IM/IT services for government and started a program to develop a corporate identity management Technology was a real barrier for us at that point, but with the release of Windows Active Directory in 2000 we were able to consolidate most of our directories into a single centralized domain for government workers. Also at that time we were building our first version of an authentication service to support government’s interactions with businesses and citizens, and in 2002 we started our BCeID identity provider service. We learned a lot from those first efforts, particularly that directory centric solutions were not going to work in the long term.
Q: So you’ve been at this a long time. Overall, what are the goals of your IdM program, i.e., what’s your vision for what IdM can do for the BC government and the people of the province?