I've been experimenting with two implementations of Microsoft's InfoCards technology. This promises to be a great leap forward in online user authentication, and a real opportunity for Privacy Enhancing Technologies to go mainstream.
Kim Cameron, Microsoft's Identity Architect, has done sterling work in ensuring that this technology has been designed from the ground-up to be privacy-friendly. Microsoft has also been unusually open in the technology development process, going as far as to promise not to enforce patents against those implementing InfoCards.
From a privacy perspective, the most important feature of the technology is that users can have a range of InfoCards that contain different personal information, and choose which of these cards they reveal to third parties. Advanced cryptographic techniques like Stefan Brand's blind credentials can be used to give further privacy guarantees.
The Windows and Firefox implementations proved to be relatively simple to install and set up. I was annoyed though to see that both sites I tested the resulting InfoCard with demanded first and last names and e-mail addresses. You can of course lie about the former, but Kim Cameron's site sent a message to the address given containing information necessary to enable the card. I appreciate he is trying to avoid killer spam robots, but surely there must be a more privacy-friendly mechanism?