Feeds

Higgins: an API for identity

A long tail

5 things you didn’t know about cloud backup

Identity is an essential enabler for eCommerce; unfortunately, it's currently a bit of a mess. However, there is hope...

Like Microsoft’s InfoCard and Kim Cameron’s vision of an identity metasystem, the open source Higgins identity project aims to move us away from the current hotchpotch of identity systems. InfoCard concentrates on a consistent user experience; Higgins aims to simplify things for developers.

Today developers have to learn each individual identity system; and what you have to learn to work with user names and passwords or PKI certificates doesn’t help much if you want to use Shibboleth, YADIS or OpenID. Then, Google and Yahoo both have their own authentication APIs to learn. The OpenPGP API is freely available but you’ll need to buy a toolkit from RSA if you want to develop an RSA PKI. And if you want to support both IRC and Jabber in your system, you have to manage two identification systems. There are also multiple standards for working with identity: LDAP, WS-Trust, Liberty Alliance, SAML and more, and the code you develop for one system won’t work with another.

Higgins is a project to create an Eclipse framework to abstract both identity data and also interactions with identity services, so that you can build your own identity management infrastructure. It was originally called the Eclipse Trust Framework and then renamed after a long-tailed mouse in a reference to the long tail of the many identity systems they hope to support. And that means you’ll be able connect to multiple identity systems without having to learn and write code for all of them. This is a substantial undertaking: Higgins will have to deal with a wide range of identity providers as well as with the client software like the browsers and IM (Instant Messaging) tools where people use their identities. To access an identity system in your application, you’ll need a plug-in that uses each identity system’s native protocols or APIs to map the information from that specific identity system to the abstractions of the Higgins framework; one for LDAP, one for SAML, one for InfoCard, one for OpenID and so on.

As an open source project, anyone can contribute an adaptor, for an existing identity system or a new one: IBM can contribute an adaptor for Tivoli and also support Higgins to allow Tivoli to work with other identity systems in turn. Paul Trevithick – who is both a member of The SocialPhysics Project that Higgins is part of and part of Parity Communications, which contributed much of the initial Higgins code - expects to see a WS* service for Higgins soon, so you can use Higgins on a Mac or Linux system to interoperate with InfoCard. He explains that “the problem is deep and no one vendor or technology can solve it alone; in order for this to work it has to run on all platforms.”

The list of planned plug-ins also includes Active Directory, XMP (the Extensible Messaging and Presence Protocol), Extensible Resource Identifiers, Firefox, Internet Explorer, Lotus Notes, Exchange, Groove, Outlook and Workplace. None of these will be finished until the project reaches 1.0 status in 2007.

To a user, Higgins will group identities into a profile where they can view and change information in one place, rather than updating multiple systems. For developers, identities are in contexts; an LDAP context would include the users in your company directory, along with metadata describing relationships between them. For each context the plug-in provides services that allow the framework to communicate with that identity system, so for LDAP you’ll have services both for the LDAP server and for LDAP client applications.

Information from each context will be passed back to Higgins’ base context (known as IContext), which means Higgins applications can associate information from different contexts. Applications can also navigate through the identities in a context, as long as the authorisation policy for that context allows it.

Higgins will also include an identity selector interface that you’ll use in your applications, so users always see the same interface when they’re choosing whichever digital identity they want to use and whatever information they’re happy to reveal.

The reference implementation of the Higgins framework will be in Java, making it portable between operating systems and architectures; and will use the authorisation that’s the basis of the Java security sandbox.

Trevithick wants to put identity back in the hands of the individuals being identified; he believes the new identity infrastructure “needs to work more on behalf of the user than anything else”. One key way Higgins will do that is by making the developer’s life easier when s/he works with identity, so s/he can spend his/her time making design decisions rather than researching the intricacies of different identity systems.®

Secure remote control for conventional and virtual desktops

More from The Register

next story
BBC: We're going to slip CODING into kids' TV
Pureed-carrot-in-ice cream C++ surprise
China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
Told to cough up more details as antitrust probe goes deeper
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Windows 7 settles as Windows XP use finally starts to slip … a bit
And at the back of the field, Windows 8.1 is sprinting away from Windows 8
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?