The title of this blog is intentionally strong.
I have been attending a meeting of the Microsoft Trustworthy Computing Academic Advisory Board in Seattle. During the meeting, Kim Cameron announced that Microsoft had acquired Stefan Brand's Credentica and the U-Prove Identity Management system. The announcement was made public the next day.
IIS worked with Kim & Microsoft when he was in Australia a couple of years ago spreading the word on his 7 Laws of Identity. Our earlier writings on this topic include "Proof of ID required? Getting Identity Management Right" and "Trust and the critical role of user centric ID management".
But Kim has always been focused on giving life to the theory. The first step was to deploy CardSpace in Vista and back load it into XP (Have a look at Windows CardSpace in One Minute). A good start, but never seen as enough by itself.
The purchase of Credentica is a very significant next step. Here is a way in which an assertion about identity or anything else can be authenticated to a relying party WITHOUT the organisation that does the authenticating knowing anything about the transaction between the individual and the relying party (such as the individual's bank, a government agency etc). Thus "connecting the dots" between the different parts of the individual' life or between the different parties with whom the individual is interacting no longer is a necessary component of the process.
Much more will be written about this development in coming days and weeks. Microsoft will be working on practical deployment which will be fascinating to follow.
But the immediate blog entries are the following:
Take a moment to read at least one of these entries. The bar for acceptable ID management has just been suddenly raised. The old "we will control whether or not you exist & will keep track of everything you do whether you like it or not" was never acceptable. Now alternatives are coming onstream in the mainstream.
I think the title of this blog entry is an understatement.