IBM, Novell and Parity Communications announced they are contributing code to an Eclipse project, code-named Project...
Higgins, which is developing a trust framework for user-centric identity management.
The intent of the open source project, said Dale Olds, distinguished engineer at Novell, is to give users more control over their online identity information. "It's returning information to users that really belong to them," he said, by allowing users to manage and control their relationships.
Higgins reflects the shift toward user-centric identity management, as well as the emergence of social networks, according to Nataraj Nagaratnam, IBM's chief architect for identity management. "Empowering users is important," he said. "Each of us has multiple identities -- we're employees, travelers, consumers, etc." Today a lot of that information is being managed and controlled by institutions, he said.
"What we've consistently seen at the net and identity layer is a blurring of lines of what is inside the enterprise and outside on the Internet," Olds said. The role management necessary in an enterprise software deployment "is similar to the profiles, personas and context in user-centric computing," he said.
Novell had been looking at these issues and discussing them with IBM, and both companies decided to get involved in the project. "We decided an open source foundation was what we wanted to leverage and build as a flagship foundation to manage identity for the Internet," Nagaratnam said. Rather than building a new system, the framework will allow existing identity management systems to plug in and interoperate, Nagaratnam said.
Project Higgins builds on a concept developed by Harvard Law School's Berkman Center for Internet & Society and the SocialPhysics project to create a "social web" -- a layer built on top of the Internet to provide a trusted way to link people, organizations and concepts, and to give users more control over their digital identities.
The Eclipse Trust Framework (ETF) was first proposed in December 2004. The project was approved by the Eclipse organization in April 2005 and subsequently renamed Project Higgins, after the Tasmanian long-tailed Higgins mouse. The trust framework can be used to aggregate across the "long tail" of groups and relationships online.
As a result of the Higgins Trust Framework, users will be able to decide what information they want shared with trusted online Web sites and providers, Nagaratnam said. For example, he said, a trusted Web site like eBay may hold a user's social security number, and the user could decide that eBay can share that information with the user's children's school, but not with Amazon.com. "Today, the identity infrastructure doesn't have the necessary controls to put policies in place from the end-user perspective," he said.
With the ability to set those policies, a user may have more than one source of trust, Nagaratnam said. "I may trust my bank to hold some information, but the postal service may have my address." He said the user could put a policy in place so that when he or she makes a change to the address, that information is pushed out to all trusted providers rather than the user having to go to multiple sites.
According to Eclipse, the Higgins Trust Framework will address four issues: the lack of common interfaces to identity/networking systems, the need for interoperability, the need to manage multiple contexts and the need to respond to regulatory requirements around security and privacy.
The Higgins project has four goals: build an extensible framework that supports an API for use by Eclipse plug-ins and applications and is accessible via a Web services interface; create a set of exemplary context "provider" plug-ins; create an exemplary application that demonstrates how to use the framework; and enable developers to leverage Higgins in applications, Web sites and services. The open approach is intended to support any technology platform and identity management system.
Developers' jobs could get easier
Both Nagaratnam and Olds said the framework will potentially make the developer's job easier.
"Developers are aware that identities are coming at them from all over map -- there are all kinds of passwords, policies, directories. To write applications through a common interface, and have multiple identity sources referenced under that through a plug-in framework, will make it easier for the developer to handle," Olds said. "Developers know it's not in their best interest to hold onto identity data they don't know [is current]." The trust framework is about partitioning data and allowing it to be linked, he said.Project Higgins is at milestone 0.2 currently. Much of the initial code came from the SocialPhysics project, which was initiated by Parity Communications in Chestnut Hill, Mass., and co-founded by John Clippinger, a senior fellow with the Berkman Center. Parity plans to introduce products at the intersection of e-commerce, social networking, and user-centric identity later this year.
IBM expects to contribute code later this year, Nagaratnam said. The company plans to incorporate Higgins technology within its Tivoli identity management software.
Novell's Olds said his team is already working with the 0.2 code and has fixed some errors. He said Novell expects to contribute code later in the project and provide plugs-in for Novell systems. "From the Novell perspective, the framework is only in Java, which we support, but we're looking for my team to help in implementing in other languages."
Olds added that the project will be heavily influenced by the WS* standards.
Dig Deeper on Software Security Test Best Practices