Big news this week on the identity management front. Microsoft has purchased the well-respected but often-ignored identity technologies developed by Stefan Brands at Credentica. This technology allows someone to prove that they have some characteristic (e.g., age, citizenship) or privilege (e.g., club member, paying customer) without revealing any information about their actual identity. This is a key enabling technology for developing powerful, privacy-protecting identity systems, and the transaction this week suggests that Microsoft does get it.
Digital Identity, Privacy, and the Internet’s Missing Identity Layer
As Craig Burton pointed out many years ago, one key defining aspect of the Internet is that everything is equidistant from everything else.
That means we can get easily to the most obscure possible resources, which makes the Internet fantastic. But it also means unknown ”enemies” are as “close” to us as our “friends” – just a packet away. If something is just a packet away, you can’t see it coming, or prepare for it. This aspect of digital ”physics” is one of the main reasons the Internet can be a dangerous place.
That danger can be addressed by adopting a need-to-know approach to the Internet. As little personal information as possible should be released, and to the smallest possible number of parties. Architecturally, our infrastructure should lead naturally to this outcome.
…
Our goal is that Minimal Disclosure Tokens will become base features of
identity platforms and products, leading to the safest possible [Internet]. I don’t think the point here is ultimately to make a dollar.
It’s about building a system of identity that can withstand the ravages
that the Internet will unleash. That will be worth billions.