The Eclipse Foundation recently announced the availability of Eclipse
Higgins 1.0, a freely downloadable identity framework designed to
integrate identity, profile and social relationship information across
multiple sites, applications and devices using an extensible set of
components. Web 2.0, mashups, social networking and the general rise
of networked applications have made Web-based identity management
complex for both the end-user and the developer. The Eclipse Higgins
project, a coalition of organizations and individuals, has been working
to address these issues. Multiple identity protocols have been developed
to address different needs, including WS-Trust, OpenID, SAML, XDI, LDAP,
etc. This requires software developers to support multiple protocols,
resulting in unnecessary complexity in managing identities. Additionally,
individuals are particular about which entities they share what personal
information. For example, one might not prefer to share credit card
information on a social networking site as readily as with a leading
on-line retailer. To address these challenges, Higgins provides a
software framework that delivers three technologies: (1) Identity
Selector: First, it provides multi-platform 'identity selector'
applications that end-users can use to sign-in to web sites and systems
that are compatible with the emerging user-centric 'Information Card'-based
(or 'i-card'-based) approach to authentication. This approach promises
people fewer passwords, more convenience, and better security. An
Information Card is a new, graphical way to refer to a collection of
identity information that you might wish to send to a website or
program. (2) Identity Provider: Second, it provides 'identity provider'
web services that can issue i-cards as well as the code necessary to
enable web sites and applications to accept i-cards. Software developers
can incorporate this code into their applications to make it easier
for their users to log-in to their sites. (3) Data Model: Third, it
implements the Higgins Global Graph (HGG) data model and the Higgins
Identity Attribute Service (IdAS). Developers now have a framework
that provides an interoperability and portability abstraction layer
over existing 'silos' of identity data. For the first time, IdAS makes
it possible to 'mash-up' identity and social network data across highly
heterogeneous data sources including directories, relational databases,
and social networks. Technology built on this framework could allow
users to login to their bank account with a secure authorization key,
which would be automatically freshly generated for each visit. Users
wouldn't need to remember or write down passwords, which can also be
long and complex enough to be secure. Additionally, this same interface
also could allow users to sign into their favorite wiki or blog with
just one click. Higgins is not another identity protocol like OpenID,
SAML, or WS-Trust; it is a framework that allows software developers
to integrate and leverage multiple protocols within their applications.
No comments:
Post a Comment