Eclipse Foundation and Novell Collaborate on Open Source ID-Services Integration
- By John K. Waters
Two open source identity-services projects are set to announce a jointly produced reference application designed to enable multi-platform, multi-protocol open source identity services.
The Higgins Trust Framework Project, sponsored by the Eclipse Foundation, and the Bandit Project, sponsored by Novell, are both seeking to provide a consistent approach to managing digital ID information, regardless of the underlying technology.
Based on working code from the two projects and the larger community of open source developers, the reference application features interoperability with leading platforms and protocols including Microsoft's Windows CardSpace identity management system and Liberty Alliance-enabled products.
The reference app leverages the information card metaphor, explains Dale Olds, Bandit project lead, which allows an individual to use different digital identity "I-Cards" to gain access to online sites and services. This is the metaphor used in the Window's CardSpace identity management system that ships with the Vista operating system.
"Higgins comes from a consumer-centric ID space," Olds says, "while Bandit comes from a more enterprise ID management space. But the two worlds are blurring rapidly. The firewall is dissolving, you might say, and we need to give people the ability to make intuitive choices—convenient, but clear choices—about their ID information. And the card metaphor is particularly useful for that."
Microsoft supports the developments."Windows CardSpace is an implementation of Microsoft's vision of an identity metasystem, which we have promoted as a model for identity interoperability," said Kim Cameron, architect for identity and access at Microsoft. "It's rewarding to see the Bandit and Higgins projects, as well as the larger open source community, embracing this concept and deliveringis on the promise of identity interoperability."
In a related announcement, the Liberty Alliance unveiled last week the openLiberty Project, a global open source initiative formed to provide OSS developers with tools for integrating the privacy and security capabilities of Liberty Federation and Liberty Web Services into a variety of new identity-based services. The Alliance is an industry consortium working to establish a standard for federated network identity through open technical specifications.
The Alliance also launched openLiberty.org, a portal where developers can collaborate in the openLiberty Project and access tools and information for "jump starting" the development of more secure and privacy-respecting apps based on the Liberty Federation and Liberty Web Services standards.
Olds, who is a distinguished engineer in Novell's Identity and Security Management Group, applauds the Liberty Alliance news. "We find it very encouraging and wonderful," he says. "The more people in the ID space that participate in open source, the easier it is to build components that interoperate. We look forward to working with those components."
The jointly developed Higgins-Bandit reference application currently provides Liberty Alliance-based identity federation via Novell's Web access management product, Novell Access Manager.
"There are lots of standards out there," Olds adds. "Liberty, SAML,, Kerberos, and WS-* are all coming along. What's been lacking is working code that will bring together ID information from any of those standards and make it useable for systems and end-users."
Members of the two open source projects are scheduled to demo the reference app at next week's RSA security conference in San Francisco. Developers can download that application now.
John K. Waters is a freelance writer based in Silicon Valley. He can be reached