11 March 2010

Microsoft Proves it Can Go Open Source

One of the technologies I am waiting for would allow me to effect transactions without giving over vast quantities of personal data. After all, what companies really need to know are: can I pay, and do I have the necessary qualities (age, residence) I claim to have. They don't need to know a vast range of irrelevant *details* about me.

Such a system exists; it's called U-Prove:

It was put together by respected cryptography researcher Dr Stefan Brands. He created a company to develop and market U-Prove, Credentica, which was bought by Microsoft in March 2008. With U-Prove, identity information can be used securely, and private data can be safely shared to those parties that need it, without leaking more information than is required.

U-Prove allows the creation of secure ID tokens, which are pieces of data that incorporate whatever information I need for a given task—but no more—along with cryptographic protection to ensure that they can't be forged, reused, traced back to me, or linked to other tokens that I have issued.

In a world with U-Prove, many existing identity management problems would go away. If my credit card company and online music service both supported U-Prove, I could create a token that allowed a single limited electronic money transfer from my card to the music company, without disclosing my name, address, or date of birth, and without that token being usable to make further purchases. Similarly, I might want to buy a computer game from an online store, the same situation as before, but this time with a twist: the computer game is rated 18+. So to make the purchase, I have to reveal my age, as well as the money transfer, to the online store. U-Prove lets me do this, but still doesn't require me to reveal my name, address, or any other irrelevant detail.

An hour-long presentation by Dr Brands describes how U-Prove works and how it achieves what it does (with even more detail available in his freely downloadable book). It builds on existing public key cryptography concepts, but adds to them the important ability to hide data. Normal public key cryptography is something of an all-or-nothing affair—to prove that a particular piece of data was encrypted by a particular person, you need to know the data. U-Prove allows that proof to take place without revealing all the data.

This is absolutely brilliant. There's just one problem: you can't use it in practical situations, because it's not widely deployed. And because it's not widely deployed, nobody uses it...

So, how do you break that vicious circle? Easy - you make it freely available to encourage uptake - and that's just what Microsoft has done:

It is for these reasons that Microsoft has released its U-Prove SDK using the open source BSD license. Source code is available in both C# and Java, and the technology is covered by Microsoft's Open Specification Promise. This is a irrevocable promise by Microsoft that the company will not assert any claims against anyone using the technology that relate to any patents covering the technology. By releasing the technology under a permissive license, and by making a legally binding agreement that patents covering the technology will not be used in legal action, the company hopes that there will be no barriers to using the system for both service and identity providers.

It's really great to see Microsoft taking advantage of open source in a *good* way; it's just unfortunate that the accompanying Open Specification Promise has a big loophole that makes it pretty useless for consideration by serious free software projects.

Now, if Microsoft were to place all the relevant patents in the public domain....

Follow me @glynmoody on Twitter or identi.ca.

2 comments:

Sam Ramji said...

Glyn - what terms do you think need to be added to the OSP by Microsoft in order to make it GPL-compatible? Brendan Scott had a good post here but I'm still trying to get my head around what's missing.

glyn moody said...

@Sam: OK, first of all, IANAL: what follows is probably not true in any deep legal sense; it might not be true in any shallow, non-legal sense, but I'm going to say it anyway, since it's the best I can do, and it might help.

One problem, in my understanding, is that the promise doesn't apply to all future specifications, just the ones around at the moment. This means that one day a new version of a specification might pop up that *wasn't* covered, and so would be useless for free software purposes.

Solution: make the promise include *all past, present and future* versions.

Another issue has to do with derived code. If I write some code for one of the covered projects, the promise applies. But I believe - correct me if I'm wrong - if someone takes that code from me and uses it in their project, they are not covered. That's not compatible with the GPL.

Solution: give pass-on rights to any user of code (maybe subject to something about being compliant with the terms of the GPL or similar).

But the *real* solution is as I said: put all the relevant patents in the public domain so that anyone can use them in any way. This will get the widest use of the technologies, which is the point of the exercise.

As you know, the patent system is broken, and trying to patch just isn't going to work. The sooner people just short-circuit it by putting everything in the public domain, or - preferably - we get rid of it, the better.

Idealistic, unreasonable? Certainly - and your point is....?

Hope that helps - please feel free to come back for clarifications of my poor explanations.