Let's avoid the word "credential". It has so many meanings as to be confusing

Microsoft has released a beta of its most important developer tool to date

I found the samples very clear, and uncluttered with a lot of "sample decoration"

Kim Cameron and I recorded a podcast on digital identity for MySuccessGateway this week at the invitation of Jim Peake of SpeechRep Consulting. Jim was a gracious, informed, and enthusiastic host during our conversation, which covered a wide range of digital identity topics including identity theft, shared secrets, privacy, Information Cards and the Information [...]

Last week IDology demonstrated a first that many of us see great possibilities for: an Information Card making a verified age claim. I’m excited at this first step towards the goal of enabling people to routinely use interoperable verified claims about themselves via Information Cards. Obtaining my age-verified card online was easy. I submitted my name, address, and birth date (via a self-issued card) to IDology’s verification process. Next they asked me a few additional questions to confirm that

User-centric doesn't mean 'The Dictatorship of the Users'

Mike (one of those who need no sleep) blogged about Fun Communication's openid idtheft site and I encourage you to read Mike's post and try your personal idtheft immediately. Back here?! Well, you knew all this already, didn't you? But seeing it in action is another thing, I guess. So where does this lead us? Remember the " openid dogfight " from September 2007? I too think that we need a spectrum of solutions. I agree that openid is for when an RP has "trivial" security requirements, but I think

Microsoft Germany offers the Microsoft 360° Security Days to German speaking architects, project managers and developers. One session for architects and project managers is about Microsoft CardSpace . I really hope this will be an inspiring talk given by a true believer of the claims paradigm. It's a pity that a participant can not provide her claims by using information cards during registration for the event. Anyway, I am happy that CardSpace is a topic. We need more events that advocate information

Today I re-viewed the Craig Mundie keynote from the RSA 2008 conference. Many things were said that I liked: Recently, a few weeks ago, we announced that we had acquired Credentica, and their U-Prove technology, which we think is going to be an example of a way to realize this requirement where we can tease apart some of the individual claims around identity or elements of identity and present them individually, and therefore be able to prove certain pieces of information without disclosing too much.

This morning I was at the VRM unworkshop at the EIC2008 conference. What I understood there was that VRM is about principles for service providers that serve my claims. - what are the logging and privacy contraints ? - can administrators see my data ? etc Whether this concept will be a success, I don't know. I think that most users don't understand what and how much and to whom and under what conditions they should give away claims or not. So in the sense of making a deal with the web-shop (I give