Microsoft today announced the acquisition of Credentica’s online privacy enhancing technology, U-Prove:
Today is an exciting day for privacy and Trustworthy Computing at Microsoft. One of the main objectives of Microsoft’s privacy strategy is to provide our customers with more control over the collection and use of their personal information. Today we unveiled the acquisition of an important privacy-enhancing technology that aligns very well with this objective. Microsoft has acquired Credentica’s U-Prove technology for private and secure identity and access management, together with all of the underlying patents invented by Dr. Stefan Brands. This technology can, among other things, enable people to prove things about themselves without needing to reveal their identity.
Credentica’s U-Prove technology will help people protect their identities by enabling them to disclose only the minimum amount of information needed for a transaction – sometimes no personal information may be needed at all. When this technology is broadly available in Microsoft products (such as Windows Communication Foundation and Windows Cardspace), enterprises, governments, and consumers all stand to benefit from the enhanced security and privacy that it will enable. We look forward to a world where people have more control of their personal information and are better protected from harms of online fraud and identity theft. Stefan Brands has now joined Microsoft’ Identity & Access Group along with his colleagues Christian Paquin, and Greg Thompson.
No terms were announced. For more details on U-Prove and the rationale behind the acquisition, check out Stephan Brands’ blog post on the acquisition.
Today, Bill Gates and Craig Mundie keynoted the RSA Conference 2007 and announced a variety of security related Microsoft initiatives. Perhaps the biggest news was announced in detail on the blog of Microsoft’s Kim Cameron where Microsoft pledged interoperability between its CardSpace identity technolgy and the emerging open standard, OpenID:
JanRain, Microsoft, Sxip, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpace™ to make the Internet safer and easier to use. Specifically (excerpted – ed.):
- Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure. Kim Cameron, Chief Architect of Identity at Microsoft, will work with the OpenID community on authentication and anti-phishing.
- JanRain, Sxip, and VeriSign recognize that Information Cards provide significant anti-phishing, privacy, and convenience benefits to users. Information Cards, based on the open WS-Trust standard, are available though Windows CardSpace™.
- JanRain, Sxip and VeriSign plan to add Information Card support to future identity solutions.
- Microsoft plans to support OpenID in future Identity server products
- The four companies have agreed to work together on a “Using Information Cards with OpenID” profile that will make it possible for other developers and service providers to take advantage of these technology advancements.
The OpenID connection wasn’t surprising given Microsoft’s past failed attempt to go it alone in the identity business with Passport.
• Microsoft announced Identity Lifecycle Manager (ILM) 2007. Available to customers in May, ILM 2007 is a new solution that builds on Microsoft’s metadirectory and user provisioning capabilities by adding support for managing strong credentials such as certificates and smart cards. ILM provides an integrated and comprehensive solution for managing the entire life cycle of a user identity. Microsoft also unveiled a comprehensive strategy and road map for identity life-cycle management, including planned availability of ILM “2,” the next version of ILM, in late 2008.
• Microsoft launched the public beta of the new Forefront Server Security Management Console, a centralized, Web-based management solution for onsite or remote administration of Microsoft messaging and collaboration security solutions.
• Microsoft announced that it has enabled support for Extended Validation (EV) SSL Certificates in Internet Explorer 7, which is the first browser to fully support EV SSL Certificates. When a user visits a site with a valid EV Certificate, Internet Explorer 7 will alert the user to the available identity information by turning the background of the address bar green and displaying identity information. Twelve certificate authorities, including VeriSign Inc., Cybertrust and Entrust, are already issuing EV SSL Certificates.
• Microsoft has added four new data providers to the Microsoft Phishing Filter service: the Australian Computer Emergency Response Team (AusCERT), BrandProtect, MySpace.com and Netcraft Ltd., whose own broad set of Internet Explorer and Firefox toolbar anti-phishing data sources will be included as data feeds into the service. These new providers join Microsoft’s current anti-phishing data providers, which include Cyveillance, Digital Resolve, Internet Identity, MarkMonitor Inc., and RSA Security, the security division of EMC Corp.
There are still developers protesting Microsoft’s renaming of WinFX as .NET 3.0, but it is proceeding in step with Windows Vista and Release Candidate 1 was released last week and can be downloaded here:
The Microsoft .NET Framework 3.0 (formerly known as WinFX), is the new managed code programming model for Windows. It combines the power of the .NET Framework 2.0 with new technologies for building applications that have visually compelling user experiences, seamless communication across technology boundaries, and the ability to support a wide range of business processes. These new technologies are Windows Presentation Foundation, Windows Communication Foundation, Windows Workflow Foundation, and Windows CardSpace (formerly code named “Infocard”). Microsoft plans to ship .NET Framework 3.0 as part of the Windows Vista operating system. In addition, Microsoft is making these technologies available on Windows XP and Windows Server 2003. The following Community Technology Preview of .NET Framework 3.0 enables you to continue experimenting with early builds of these technologies, get acquainted with the development experience, and provide feedback to Microsoft.
Please note that the License Agreement in this pre-release version of the .NET Framework v3.0 does not allow usage in a live operating environment. Information about Go-Live possibilities can be found here.
This release supports Visual Studio 2005 RTM and is compatible with 2007 Microsoft Office system Beta 2 Technical Refresh.
I suppose I should update my categories – I’m still calling them Avalon, Indigo, and Infocard. Also to get up to speed, there’s David Chappell’s new MSDN paper, Introducing the .NET Framework 3.0.
Paul Krill at InfoWorld:
Microsoft has re-branded its WinFX technologies as .Net Framework 3.0 to clarify the naming convention for its developer framework, company representatives said on Friday.
.Net Framework 3.0 is planned for inclusion in Windows Vista, due out in early 2007. The framework features the Windows Communication Foundation Web services platform; the Windows Presentation Foundation presentation layer technology; Windows Workflow, for workflow; and the newly renamed Windows CardSpace, for identity management. CardSpace had been code-named InfoCard. Current .Net Framework 2.0 technologies, such as the CLR (Common Language Runtime), also are part of .Net Framework 3.0
“The .Net Framework has always been at the core of WinFX, but the WinFX brand didn’t convey this,” said S. “Soma” Somasegar, corporate vice president of Microsoft’s Developer Division, in his blog.
The Somasegar post is here and makes it clear that it is a name change only for all the .NET Framework 2.0 pieces. There are more details by following both the links, but there’s nothing that gets techies crankier than nomenclature so I expect there will be some complaints, particularly as this is a just a mash-up under a new name of technologies that previously had a separate life of their own. In any case, as expected (per Somasegar):
The .NET Framework 3.0 will still ship with Windows Vista, and will be available down-level for Windows XP and Windows Server 2003 as planned. This change doesn’t affect in any way the ship schedules of either Windows Vista or the .NET Framework 3.0 itself.
Update 6/21: Roy Osherove provides more information and a table that’s very helpful in puzzling out the .NET Framework versioning and future plans.