Digital identity and digital identity management are key aspects of security for both home and corporate users. The capacity to validate identity and the ability to securely perform transactions online form the basis of consumer and business-to-business interactions. Without a valid digital identity and a mechanism to securely store, manage and transmit that identity, there can be no trust between transacting entities.
Unfortunately there is no single standard for defining and managing identity. There have been numerous attempts to develop a standard and a centralized infrastructure for digital identity management. These have included Microsoft's Passport, OpenID, Liberty Alliance and the now-lapsed open source project IDsec. None of these attempts, however, have yet resulted in a consolidated identity infrastructure. In particular, issues of cross-platform support and integration between Windows, Linux/Unix and other platforms have limited the viability of many of these attempts.
Now joining these projects are two new initiatives, one proprietary and the other open source. The proprietary project, Microsoft's CardSpace (previously code-named InfoCard), has developed a new standard identity management infrastructure, a self-described "identity metasystem". CardSpace provides a single repository for identity, authentication and payment information. It has a mechanism for allowing a user to select appropriate credentials to perform an online transaction or log into a website. CardSpace is shipped as part of Microsoft Vista and available as an add-on for Windows XP.
But CardSpace is a Windows-focused initiative and does not address the requirements of Linux, Unix and OS X users. In a complementary initiative, a team of developers supported by IBM and Novell have begun to develop an open source identity management platform called the Higgins Project, named for a long-tailed Tasmanian jumping mouse. Higgins is more a software framework than an application itself. It's extensible and designed to be identity protocol-independent. Ultimately, Higgins aims to provide equivalent functionality to CardSpace for platforms such as Linux and OS X.
Like CardSpace, Higgins will allow the collection and management of identity and authentication information. Adapters will permit directories, collaboration and communication tools like Web Services, LDAP, email and instant messaging to be integrated. The initial stages of the project include the specification of a service-oriented architecture (SOA) model and a Java-based implementation reference model.
Also under development is interoperability with Microsoft's CardSpace initiative. An initial release of this interoperability was demonstrated at the recent RSA Conference in San Francisco. Integration with the Liberty Alliance's open identity specification using Novell's Access Manager was shown too. Interoperability will allow non-Windows users on Linux, OS X and other operating platforms to make use of not only CardSpace capabilities and functionality but potentially other identity management infrastructures. This interoperability is critical to the success of the Higgins Project as previous standards and initiatives failed because they represented competing rather than complementary, integrated solutions.
But the Higgins Project does have a major stumbling block to overcome before serious development and deployment can take place. Many of the concepts and features of the project rely heavily on patents and intellectual property held by Microsoft. A concern exists that if Microsoft enforced their intellectual property rights, then the viability of the Higgins Project could be called into question. Until a clear message is received from Microsoft that the project can go ahead unhindered, the future of the Higgins Project remains uncertain.
To take a closer look at the Higgins Project, the best place to start is the project's homepage which contains architecture diagrams, component breakdowns, a wiki and some early adopter source code for review. Also present is the genesis of a data model for the project. The project is actively looking for assistance and if you have an interest in identity management, trust models and open source development, then this is the cutting edge project to be involved in.
This was first published in March 2007