More and more personal, private information is being used and stored online
than ever before, and at the same time, attacks on that information are
increasing in frequency and sophistication. Phishing is a growth industry—it's
very profitable to trick people into handing over names, passwords, credit card
numbers, and so on, so that their finances can be pillaged. Important activities
like banking and filing tax returns are being performed, and these need strong
proof of identity. On the other hand, there's no reason why a storefront like,
say, iTunes, needs to know your identity; it only needs to know that the money
being handed over is yours to hand over.
Ultimately, we want to be able to securely make transactions without giving
third parties the ability to masquerade as us; we want to be able to visit
websites and make purchases without those sites being able to track us or
combine different pieces of information to draw a more complete picture of us;
we want to be able to be able to disclose some information about ourselves, but
not everything. The U-Prove framework,
released as a CTP today by Microsoft, aims to solve these problems.