Higgins shows road map for open-source identity project

Network World - IBM, Novell and a group of academics working on an open-source project designed to tie together applications and identity systems plan to ship the first release of their code next summer.

The Higgins project, which was started in March, is a framework designed to integrate identity, profile and relationship data from across multiple systems. The framework, which has interface and middleware components, includes both code and an API that developers will use to link their applications into the Higgins identity services. The goal is to support applications whose front-ends are either a browser, rich client or Web services based.

The group made the announcement at the Digital ID World conference.

The Higgins group plans to release a middleware piece called the Identity Attribute Service that acts as a layer on top of identity repositories such as directories or applications. It can aggregate data from multiple sources in real-time and bundle them into a single identity credential. The idea is to link to data without having to move it around the network.

"It is very important for Higgins to enhance privacy," says Paul Trevithick, CEO of Parity Communications and the project lead on Higgins. "We will segregate information into distinct contexts."

The Higgins project also plans to produce an open-source Security Token Service (STS) based on the WS-Trust protocol. The STS is a lightweight gateway that can run on servers or clients and negotiate the exchange of security tokens. The Higgins project says it will provide a set of basic token brokers that plug into the STS.

Some users say the system appears to act like a virtual directory.

"Most virtual directories talk the [Lightweight Directory Access Protocol], but this potentially has more flexibility to get identity information from systems," said an IT architect who asked that his name and the name of his company not be used.

In addition to the middleware components, Higgins is developing a user interface component for desktops and devices called I-Card, which shows a list of user-managed digital identity cards that can be used for authentication or other purposes such as tracking relationships with online stores.

The cards will have read/write capabilities so information can be updated using technologies such as Really Simple Syndication.

The I-Card interface will support Microsoft's InfoCard format, as well as, other Higgins identity card formats under development.

The Higgins end-user interface will be available both from a browser and a rich client.

"They are building on the lessons learned from [Java Naming and Directory Interface] and from [Active Directory Service Interfaces]," says Mark Wahl, president of Informed Control, which develops security solutions based on identity management. "All these abstractions are being brought to Higgins and that will be a powerful model and make it easier to build applications for the Higgins framework."

Wahl says he is working on some Higgins schema mappings for systems based on the LDAP and for Microsoft's InfoCard/CardSpace technologies.

The Higgins project plans to develop a Java binding and implementation as its initial reference. It will use the C programming language for some core components and support PHP, Python and Ruby in enabling components used to request identity data.

In addition, the group hopes to define the Higgins framework in terms of service descriptions, messages and port types that mirror the service-oriented architecture model.

In Version 1.0, Higgins will include support for Debian, Red Hat and Ubuntu Linux, Macintosh OS X, Windows and Eclipse plug-ins. Supported protocols will include the WS-* family of Web services protocols, OpenID and LDAP.