Feeds

Higgins: an API for identity

A long tail

Beginner's guide to SSL certificates

Identity is an essential enabler for eCommerce; unfortunately, it's currently a bit of a mess. However, there is hope...

Like Microsoft’s InfoCard and Kim Cameron’s vision of an identity metasystem, the open source Higgins identity project aims to move us away from the current hotchpotch of identity systems. InfoCard concentrates on a consistent user experience; Higgins aims to simplify things for developers.

Today developers have to learn each individual identity system; and what you have to learn to work with user names and passwords or PKI certificates doesn’t help much if you want to use Shibboleth, YADIS or OpenID. Then, Google and Yahoo both have their own authentication APIs to learn. The OpenPGP API is freely available but you’ll need to buy a toolkit from RSA if you want to develop an RSA PKI. And if you want to support both IRC and Jabber in your system, you have to manage two identification systems. There are also multiple standards for working with identity: LDAP, WS-Trust, Liberty Alliance, SAML and more, and the code you develop for one system won’t work with another.

Higgins is a project to create an Eclipse framework to abstract both identity data and also interactions with identity services, so that you can build your own identity management infrastructure. It was originally called the Eclipse Trust Framework and then renamed after a long-tailed mouse in a reference to the long tail of the many identity systems they hope to support. And that means you’ll be able connect to multiple identity systems without having to learn and write code for all of them. This is a substantial undertaking: Higgins will have to deal with a wide range of identity providers as well as with the client software like the browsers and IM (Instant Messaging) tools where people use their identities. To access an identity system in your application, you’ll need a plug-in that uses each identity system’s native protocols or APIs to map the information from that specific identity system to the abstractions of the Higgins framework; one for LDAP, one for SAML, one for InfoCard, one for OpenID and so on.

As an open source project, anyone can contribute an adaptor, for an existing identity system or a new one: IBM can contribute an adaptor for Tivoli and also support Higgins to allow Tivoli to work with other identity systems in turn. Paul Trevithick – who is both a member of The SocialPhysics Project that Higgins is part of and part of Parity Communications, which contributed much of the initial Higgins code - expects to see a WS* service for Higgins soon, so you can use Higgins on a Mac or Linux system to interoperate with InfoCard. He explains that “the problem is deep and no one vendor or technology can solve it alone; in order for this to work it has to run on all platforms.”

The list of planned plug-ins also includes Active Directory, XMP (the Extensible Messaging and Presence Protocol), Extensible Resource Identifiers, Firefox, Internet Explorer, Lotus Notes, Exchange, Groove, Outlook and Workplace. None of these will be finished until the project reaches 1.0 status in 2007.

To a user, Higgins will group identities into a profile where they can view and change information in one place, rather than updating multiple systems. For developers, identities are in contexts; an LDAP context would include the users in your company directory, along with metadata describing relationships between them. For each context the plug-in provides services that allow the framework to communicate with that identity system, so for LDAP you’ll have services both for the LDAP server and for LDAP client applications.

Information from each context will be passed back to Higgins’ base context (known as IContext), which means Higgins applications can associate information from different contexts. Applications can also navigate through the identities in a context, as long as the authorisation policy for that context allows it.

Higgins will also include an identity selector interface that you’ll use in your applications, so users always see the same interface when they’re choosing whichever digital identity they want to use and whatever information they’re happy to reveal.

The reference implementation of the Higgins framework will be in Java, making it portable between operating systems and architectures; and will use the authorisation that’s the basis of the Java security sandbox.

Trevithick wants to put identity back in the hands of the individuals being identified; he believes the new identity infrastructure “needs to work more on behalf of the user than anything else”. One key way Higgins will do that is by making the developer’s life easier when s/he works with identity, so s/he can spend his/her time making design decisions rather than researching the intricacies of different identity systems.®

Internet Security Threat Report 2014

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
SLURP! Flick your TONGUE around our LOLLIPOP – Google
Android 5 is coming – IF you're lucky enough to have the right gadget
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.