Microsoft has acquired Canadian cryptography specialist Credentica. This news sees Microsoft reverting back to its more traditional approach of acquiring small (Credentica is a team of three) specialist technology vendors to plug very specific gaps. In this case, Credentica brings its U-Prove technology to Microsoft's Identity & Access Group to enhance the privacy assurance capabilities of Microsoft's CardSpace and Windows Communication Foundation (WCF).

Credentica was founded by acknowledged security expert Stefan Brands, whose team has applied some very advanced cryptography techniques to allow users to authenticate to service providers directly without the involvement of identity providers. They also limit the disclosure of personally-identifiable information to prevent accounts being linked across service providers and provide resistance to phishing attacks. Credentica's own marketing literature highlights the synergies with CardSpace:

The SDK is ideally suited for creating the electronic equivalent of the cards in one's wallet and for protecting identity-related information in frameworks such as SAML, Liberty ID-WSF, and Windows CardSpace.

This is a smart move by Microsoft. Not only does it bring some very innovative and well-respected technology (with endorsements from the likes of the Information and Privacy Commissioner of Ontario, Canada) which extends the capabilities of Microsoft's identity and security offerings; it also brings some heavyweight cryptography and privacy expertise and credibility from the Credentica team. The latter can, and undoubtedly will, be exploited by Microsoft in the short term: the former will take more time to realise with Microsoft stating that integrated offerings are at least 12–18 months away.

Businesses and public sector organisations offering B2C/G2C services should be following Microsoft's integration strategy closely as privacy becomes a more significant concern (and thus a differentiator).