Verified Identity Claims

From IIW

Issue/Topic: VERIFIED IDENTITY CLAIMS – An introduction to U-Prove privacy-enhancing technology

Session: Tuesday 3C

Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page

Convener: Craig Wittenberg (Microsoft)

Notes-taker(s): Ariel Gordon (Microsoft)

Tags: Verified Claims; Identity Attributes; Privacy; Privacy Enhancing Technology; Cryptography; user-centric technology: user control.


  • Craig Wittenberg Microsoft
  • Ariel Gordon Microsoft
  • Jan Unger
  • Tim Cole KuppingerCole
  • Bret Tobey Assa Abloy
  • John Fontana Ping Identity
  • Jon Webb Sony PlayStation network
  • Nishant Kaushix Oracle
  • Takeshi Kitagawa NTT Communications
  • Mark Horstmeier Kynetx
  • Matt Tebo Proviti
  • Greg Turner Sierra Systems
  • Mike Min Booz
  • Guibin Kony Google
  • Aravmdan Ranga PayPal
  • Tom Leon AOL
  • Jim Fenton Cisco
  • Dale Olds Novell
  • Ben Goodman Novell
  • Fady Semaan AOL
  • Henrik Biering Peer Craft
  • Stuart Proffitt Novell
  • Jeff Stollman Secure Identity
  • Ambarsh Malpar CA
  • Alex Ran Intuit
  • Thomas Hardjono MIT Kerberos
  • Peter Capek Self
  • Lloyd Burch Novell
  • Kimberly Little LexisNexis
  • Frank Travestino eBay
  • Heather Ford UC Berkeley

Discussion notes:

File:U-Prove technology overview-Nov2010.pdf

Verified Identity Claims -- Technical introduction Craig Wittenberg presented the U-Prove technology U-Prove well respected in academia. Originally created by Credentica; purchased by Microsoft two years ago; incubated as part of the Verified Claims Team .

Similar characteristics as X.509 certificate but with much better privacy characteristics.

Craig presented a few scenarios, starting with Alice purchasing wine online and proving that she's over 21 and that she's a resident of WA state. Other scenarios included leveraging a German eID to access citizen and private services.

Many clarification Q&A followed on the technology and its benefits, including:

Q: Why not do back-end attribute exchange? Why go through all this trouble for exchanging attributes?

A: There are scenarios with privacy requirements such as un-traceability. If you take the case where Governments issue identity claims, there are requirements for the government not to be able to trace where the user is using his proof of age (for example). Depending on the geography, the privacy requirements may come from the government itself or from Privacy Groups.

Q: If there is a Cloud Service that stores and releases information, does it effectively create a secondary IdP?

A: If there are no client side bits, there is effectively a “broker” in the cloud that manages the user’s private keys. Microsoft and its partners are investigating different ways to build the u-prove verified claims agent that mitigates those issues.

there is a powerpoint deck associated with this session: U-Prove technology overview-Nov2010.pptx