Feeds

Higgins: an API for identity

A long tail

Secure remote control for conventional and virtual desktops

Identity is an essential enabler for eCommerce; unfortunately, it's currently a bit of a mess. However, there is hope...

Like Microsoft’s InfoCard and Kim Cameron’s vision of an identity metasystem, the open source Higgins identity project aims to move us away from the current hotchpotch of identity systems. InfoCard concentrates on a consistent user experience; Higgins aims to simplify things for developers.

Today developers have to learn each individual identity system; and what you have to learn to work with user names and passwords or PKI certificates doesn’t help much if you want to use Shibboleth, YADIS or OpenID. Then, Google and Yahoo both have their own authentication APIs to learn. The OpenPGP API is freely available but you’ll need to buy a toolkit from RSA if you want to develop an RSA PKI. And if you want to support both IRC and Jabber in your system, you have to manage two identification systems. There are also multiple standards for working with identity: LDAP, WS-Trust, Liberty Alliance, SAML and more, and the code you develop for one system won’t work with another.

Higgins is a project to create an Eclipse framework to abstract both identity data and also interactions with identity services, so that you can build your own identity management infrastructure. It was originally called the Eclipse Trust Framework and then renamed after a long-tailed mouse in a reference to the long tail of the many identity systems they hope to support. And that means you’ll be able connect to multiple identity systems without having to learn and write code for all of them. This is a substantial undertaking: Higgins will have to deal with a wide range of identity providers as well as with the client software like the browsers and IM (Instant Messaging) tools where people use their identities. To access an identity system in your application, you’ll need a plug-in that uses each identity system’s native protocols or APIs to map the information from that specific identity system to the abstractions of the Higgins framework; one for LDAP, one for SAML, one for InfoCard, one for OpenID and so on.

As an open source project, anyone can contribute an adaptor, for an existing identity system or a new one: IBM can contribute an adaptor for Tivoli and also support Higgins to allow Tivoli to work with other identity systems in turn. Paul Trevithick – who is both a member of The SocialPhysics Project that Higgins is part of and part of Parity Communications, which contributed much of the initial Higgins code - expects to see a WS* service for Higgins soon, so you can use Higgins on a Mac or Linux system to interoperate with InfoCard. He explains that “the problem is deep and no one vendor or technology can solve it alone; in order for this to work it has to run on all platforms.”

The list of planned plug-ins also includes Active Directory, XMP (the Extensible Messaging and Presence Protocol), Extensible Resource Identifiers, Firefox, Internet Explorer, Lotus Notes, Exchange, Groove, Outlook and Workplace. None of these will be finished until the project reaches 1.0 status in 2007.

To a user, Higgins will group identities into a profile where they can view and change information in one place, rather than updating multiple systems. For developers, identities are in contexts; an LDAP context would include the users in your company directory, along with metadata describing relationships between them. For each context the plug-in provides services that allow the framework to communicate with that identity system, so for LDAP you’ll have services both for the LDAP server and for LDAP client applications.

Information from each context will be passed back to Higgins’ base context (known as IContext), which means Higgins applications can associate information from different contexts. Applications can also navigate through the identities in a context, as long as the authorisation policy for that context allows it.

Higgins will also include an identity selector interface that you’ll use in your applications, so users always see the same interface when they’re choosing whichever digital identity they want to use and whatever information they’re happy to reveal.

The reference implementation of the Higgins framework will be in Java, making it portable between operating systems and architectures; and will use the authorisation that’s the basis of the Java security sandbox.

Trevithick wants to put identity back in the hands of the individuals being identified; he believes the new identity infrastructure “needs to work more on behalf of the user than anything else”. One key way Higgins will do that is by making the developer’s life easier when s/he works with identity, so s/he can spend his/her time making design decisions rather than researching the intricacies of different identity systems.®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?