Feeds

Higgins: an API for identity

A long tail

The essential guide to IT transformation

Identity is an essential enabler for eCommerce; unfortunately, it's currently a bit of a mess. However, there is hope...

Like Microsoft’s InfoCard and Kim Cameron’s vision of an identity metasystem, the open source Higgins identity project aims to move us away from the current hotchpotch of identity systems. InfoCard concentrates on a consistent user experience; Higgins aims to simplify things for developers.

Today developers have to learn each individual identity system; and what you have to learn to work with user names and passwords or PKI certificates doesn’t help much if you want to use Shibboleth, YADIS or OpenID. Then, Google and Yahoo both have their own authentication APIs to learn. The OpenPGP API is freely available but you’ll need to buy a toolkit from RSA if you want to develop an RSA PKI. And if you want to support both IRC and Jabber in your system, you have to manage two identification systems. There are also multiple standards for working with identity: LDAP, WS-Trust, Liberty Alliance, SAML and more, and the code you develop for one system won’t work with another.

Higgins is a project to create an Eclipse framework to abstract both identity data and also interactions with identity services, so that you can build your own identity management infrastructure. It was originally called the Eclipse Trust Framework and then renamed after a long-tailed mouse in a reference to the long tail of the many identity systems they hope to support. And that means you’ll be able connect to multiple identity systems without having to learn and write code for all of them. This is a substantial undertaking: Higgins will have to deal with a wide range of identity providers as well as with the client software like the browsers and IM (Instant Messaging) tools where people use their identities. To access an identity system in your application, you’ll need a plug-in that uses each identity system’s native protocols or APIs to map the information from that specific identity system to the abstractions of the Higgins framework; one for LDAP, one for SAML, one for InfoCard, one for OpenID and so on.

As an open source project, anyone can contribute an adaptor, for an existing identity system or a new one: IBM can contribute an adaptor for Tivoli and also support Higgins to allow Tivoli to work with other identity systems in turn. Paul Trevithick – who is both a member of The SocialPhysics Project that Higgins is part of and part of Parity Communications, which contributed much of the initial Higgins code - expects to see a WS* service for Higgins soon, so you can use Higgins on a Mac or Linux system to interoperate with InfoCard. He explains that “the problem is deep and no one vendor or technology can solve it alone; in order for this to work it has to run on all platforms.”

The list of planned plug-ins also includes Active Directory, XMP (the Extensible Messaging and Presence Protocol), Extensible Resource Identifiers, Firefox, Internet Explorer, Lotus Notes, Exchange, Groove, Outlook and Workplace. None of these will be finished until the project reaches 1.0 status in 2007.

To a user, Higgins will group identities into a profile where they can view and change information in one place, rather than updating multiple systems. For developers, identities are in contexts; an LDAP context would include the users in your company directory, along with metadata describing relationships between them. For each context the plug-in provides services that allow the framework to communicate with that identity system, so for LDAP you’ll have services both for the LDAP server and for LDAP client applications.

Information from each context will be passed back to Higgins’ base context (known as IContext), which means Higgins applications can associate information from different contexts. Applications can also navigate through the identities in a context, as long as the authorisation policy for that context allows it.

Higgins will also include an identity selector interface that you’ll use in your applications, so users always see the same interface when they’re choosing whichever digital identity they want to use and whatever information they’re happy to reveal.

The reference implementation of the Higgins framework will be in Java, making it portable between operating systems and architectures; and will use the authorisation that’s the basis of the Java security sandbox.

Trevithick wants to put identity back in the hands of the individuals being identified; he believes the new identity infrastructure “needs to work more on behalf of the user than anything else”. One key way Higgins will do that is by making the developer’s life easier when s/he works with identity, so s/he can spend his/her time making design decisions rather than researching the intricacies of different identity systems.®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.