IBM and friends tout open source ID management

By Edmund X. DeJesus 28 Feb 2006 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

A consortium of companies -- including IBM and Novell Inc. -- announced this week that they are contributing code to Project Higgins, an initiative of the Eclipse Foundation to create open source tools, APIs and applications to manage the security of user identities on the Internet.

Higgins is meant to help individuals consolidate their various online identities, serving as an abstraction layer that will integrate with multiple identity management systems. Its backers hope it will simplify development efforts by letting programmers write to a common interface.

"Higgins will enable users and enterprises to integrate identity, profile, and relationship information across multiple systems," explains Mary Ruddy, vice president of marketing and business development for Parity Communications Inc., a collaboration firm based in Chestnut Hill, Mass.. "Our goal is to address the lack of common interfaces to identity/networking systems, the need for interoperability, and the need to manage multiple contexts."

Contrary to previous reports, Higgins is not intended as an alternative to Microsoft's recently announced InfoCard identity management plan. "Higgins is intended to be complementary with multiple identity systems, including Microsoft's InfoCard," observes Ruddy.

Project Higgins aims to create an API, develop example plug-ins, write sample applications, and make the results available for developers to use.

"One goal is to create an infrastructure to support user-centric systems," reports Ruddy. "At the simplest level, this could mean single sign-on for you the individual, not just the standard SSO offerings for you the corporate employee."

However, the new framework could also provide the basis for new online businesses. "Ultimately, this approach will give consumers greater control, and businesses powerful new ways to interact with their customers," notes Dale Olds, distinguished engineer at Novell.

The open source nature of the project is important to the participants. "We've recognized several current trends in security and privacy," said Nataraj Nagaratnam, IBM's chief architect for identity management. "One is to shift control of personal identity management to the individual, rather than the institution. Another is to recognize that there is a social aspect to our online identities, and a global perspective to the privacy laws that suggests open source would work best."

IBM is contributing code for security frameworks, including plug-ins and descriptions of Web services for Java and non-Java implementations. Novell expects to contribute code later this year. IBM plans to incorporate the technology into its Tivoli and Lotus Workplace products.

Project Higgins is managed by the Eclipse Foundation, originally a consortium formed when IBM released the Eclipse Platform into open source, but now an independent body. Many of the concepts in Higgins originated with the SocialPhysics project of Harvard Law School's Berkman Center for Internet and Society, a multidisciplinary effort to help create a "social" layer for the Internet to focus on user control of identity and profile information, social relationships, and reputation.

Edmund X. DeJesus is a freelance writer in Norwood, Mass.

Tags: Secure Coding and Application Programming,  Secure User Authentication and Authorization,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure Coding and Application Programming Using resource allocation management to prevent DoS and other attacks Static analysis tools boost security, but integration still an issue Open source software security tops commercial apps, study finds Improving software with the Building Security in Maturity Model (BSIMM) How to prevent Adobe hacks from affecting your organisation SANS Institute, MITRE release new top 25 dangerous coding errors list Code complexity analysis: How to keep it simple Active PDF attacks target Reader, Acrobat zero-day vulnerability Software piracy group offers cash to whistleblowers SQL injection detection tools and prevention strategies Secure User Authentication and Authorization Trojan virus attack using hijacked Web browser sessions hits UK banks Single sign-on technology for health care helps medics roam securely Two-factor authentication service launched for emergencies SMS two-factor authentication for electronic identity verification How to configure IIS authorization and manager permissions Preventing password fatigue with single sign-on (SSO) authentication Gridsure finds global deal for its pattern-based authentication Physical security threats: Don't gift your data away Using unique device identification for bank website security Yahoo login credentials at risk to hijacking attack

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Chip and PIN  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary