IBM and friends tout open source ID management

By Edmund X. DeJesus 28 Feb 2006 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

A consortium of companies -- including IBM and Novell Inc. -- announced this week that they are contributing code to Project Higgins, an initiative of the Eclipse Foundation to create open source tools, APIs and applications to manage the security of user identities on the Internet.

Higgins is meant to help individuals consolidate their various online identities, serving as an abstraction layer that will integrate with multiple identity management systems. Its backers hope it will simplify development efforts by letting programmers write to a common interface.

"Higgins will enable users and enterprises to integrate identity, profile, and relationship information across multiple systems," explains Mary Ruddy, vice president of marketing and business development for Parity Communications Inc., a collaboration firm based in Chestnut Hill, Mass.. "Our goal is to address the lack of common interfaces to identity/networking systems, the need for interoperability, and the need to manage multiple contexts."

Contrary to previous reports, Higgins is not intended as an alternative to Microsoft's recently announced InfoCard identity management plan. "Higgins is intended to be complementary with multiple identity systems, including Microsoft's InfoCard," observes Ruddy.

Project Higgins aims to create an API, develop example plug-ins, write sample applications, and make the results available for developers to use.

"One goal is to create an infrastructure to support user-centric systems," reports Ruddy. "At the simplest level, this could mean single sign-on for you the individual, not just the standard SSO offerings for you the corporate employee."

However, the new framework could also provide the basis for new online businesses. "Ultimately, this approach will give consumers greater control, and businesses powerful new ways to interact with their customers," notes Dale Olds, distinguished engineer at Novell.

The open source nature of the project is important to the participants. "We've recognized several current trends in security and privacy," said Nataraj Nagaratnam, IBM's chief architect for identity management. "One is to shift control of personal identity management to the individual, rather than the institution. Another is to recognize that there is a social aspect to our online identities, and a global perspective to the privacy laws that suggests open source would work best."

IBM is contributing code for security frameworks, including plug-ins and descriptions of Web services for Java and non-Java implementations. Novell expects to contribute code later this year. IBM plans to incorporate the technology into its Tivoli and Lotus Workplace products.

Project Higgins is managed by the Eclipse Foundation, originally a consortium formed when IBM released the Eclipse Platform into open source, but now an independent body. Many of the concepts in Higgins originated with the SocialPhysics project of Harvard Law School's Berkman Center for Internet and Society, a multidisciplinary effort to help create a "social" layer for the Internet to focus on user control of identity and profile information, social relationships, and reputation.

Edmund X. DeJesus is a freelance writer in Norwood, Mass.

Tags: Enterprise Single Sign-On (SSO),  Web Authentication and Access Control,  Software Development Methodology,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise Single Sign-On (SSO) How to log in to multiple servers with federated single sign-on (SSO) Security on a budget: How to make the most of authentication tools Best Identity and Access Management Products Changing times for identity management Kerberos configuration as an authentication system for single sign-on How to use single sign-on for Web access control to prevent malware Learn about enterprise strategy for server virtualization single sign-on Enterprise single sign-on: Easing the authentication process Exploring authentication methods: How to develop secure systems User provisioning and SSO for PeopleSoft- and Unix-based products Enterprise Single Sign-On (SSO) Research Web Authentication and Access Control Group to shed light on secure identity management threats How to confirm the receipt of an email with security protocols Schneier-Ranum Face-Off: Is Perfect Access Control Possible? Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat Changing times for identity management How to use single sign-on for Web access control to prevent malware IBM USB banking device stops keyloggers, malware Can mutual authentication beat phishing or man-in-the-middle attacks? Could someone place a rootkit on an internal network through a router? Sun launches open source OpenSSO for identity management Software Development Methodology Quiz: How to build secure applications How to detect software tampering Developers Need Help with Security Errors Does an EULA make it truly illegal to decompile software? SQL injection continues to trouble firms, lead to breaches IBM acquires Ounce Labs for source code analysis Microsoft issues emergency Active Template Library updates Software security threats and employee awareness training Adobe patches ColdFusion vulnerability blocking website attack nCircle statistics show rising Web application vulnerabilities

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary onboarding and offboarding  (SearchSecurity.com) single sign-on  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary