Microsoft working with German government to implement claims-based ID cards

While promoting the release of its Forefront Identity Manager product set during this week’s RSA conference in San Francisco, Microsoft announced its support for a prototype national ID card system in Germany that is designed to allow individual citizens to use a single ID card yet precisely control the personal information disclosed by individuals to the minimum necessary to perform a given function or complete a specific transaction. This is a practical implementation of claims-based identity management principles, which Microsoft (among many others) has been advocating for several years. Even without going to the level of a nationalized identity system, giving users the ability to manage all their identity attributes but limit the disclosure of personal data to just what’s needed is a promising approach within specific industry contexts such as healthcare. The U.S. federal government, through agency-specific initiatives as well as the efforts of the Identity, Credential, and Access Management (ICAM) Subcommittee of the Federal CIO Council, is pushing forward with federated identity management following a user-centric approach using open identity, while continuing to try to address some of the key security and privacy challenges associated with this approach.