Interesting developments in open source user-centric identity
A couple of interesting stories related to open source user-centric identity came my way, courtesy of CNET. The
first concerns a donation to the
Higgins Project from IBM and the
second is about some important interoperability announcements to come at this week's RSA Conference.
The Higgins Project, which I have been following closely for the last year or so, is under the auspices of Eclipse and sets out to provide a platform- and identity protocol-independent software framework to aid in the development of user-centric identity management solutions. IBM has donated the results of some work, the
Identity Mixer, carried out by its Research Lab in Zurich focussed on enhancing user privacy. Identity Mixer exploits advanced cryptographic techniques so that individuals do not have to provide "real" data to service providers. Instead, they can provide pseudonyms and other credentials which the service provider can verify directly or indirectly to provide the service. So, for example, in an online commerce transaction there is no need to provide a credit card number. Instead, the individual provides an encrypted credential which the service provider sends to the credit card issuer for verification. The credentials are single use in much the same way that the likes of Citigroup and PayPal issue one-time credit card numbers.
This will necessitate changes to the way that service providers, credit card issuers work. However, I think the potential barriers to adoption will reduce as user-centric identity initiaitives mature. As more immediate problems, such as the proliferation of usernames and passwords and inconsistent user experiences, are addressed then issues such as privacy assurance will take on a higher profile and individuals will come to demand it.
On a related note, I came across
this post from
Bill Barnes (a product manager for Microsoft's CardSpace) discussing another potential barrier to adoption of such privacy enhancing techniques: the fact that they introduce additional transaction steps. Bill discusses how CardSpace could help to address this. When a CardSpace user selects an information card associated with their credit card issuer, a credential representing the credit card could be sent to the service provider alongside other information required for authentication and authorisation.
The second story also concerns Higgins, together with the closely related Bandit Project (which I first discussed
here). The story is a little light on details but it seems that there will be some demonstrations of interoperability scenarios involving CardSpace and the Liberty Alliance protocols. Definitely something to watch out for.
UPDATE: If you're interested in learning more about the Bandit/Higgins interoperability demonstration then take a look at the description of the
reference application: Media Wiki server with Bandit and Higgins components which has been CardSpace-enabled for authentication; Bandit Role Engine using XACML (eXtensible Access Control Markup Language) for role-based control of access to Wiki pages (read, edit, administrator); Bandit audit and logging facilities; LDAP-based identity repository; support for the creation of CardSpace info cards; and security token interoperability based on Higgins and the XMLdap project.
Labels: identity
