170 likes | 376 Views
Higgins. Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…. Eclipse Higgins Project. Mission:
E N D
Higgins Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
Eclipse Higgins Project Mission: • Higgins is an open source Internet identity framework designed to integrate identity, profile, and social relationship information across multiple sites, applications, and devices. • Higgins is not a protocol, it is software infrastructure to support a consistent user experience that works with all popular digital identity protocols, including WS-Trust, OpenID, SAML, XDI, LDAP, and so on
Features Higgins features are packaged into seven Solutions in three categories • Identity Selector Applications • Identity Providers • Relying Party Enablement
Components and Solutions Higgins uses the term component to refer to a logical set of Eclipse projects. Components are assembled into entire solutions. Most of these components expose their own API (the exceptions are multiple plugins all supporting the same provider API) • Various components have been used by Novell in their “Digital Me” product and Identity Provider product. IBM has announced that they will deliver commercial products based on Higgins components • Oracle is considering using the IdAS API for their Identity Governance Framework project at Open Liberty, which is affiliated with the Liberty Alliance Organization • Serena has released a commercial solution called Serena Business Mashupsthat uses the Higgins STS
Architectural Features • The Higgins architecture has evolved very rapidly and over multiple years • Whereas we are adding new layers and functional capabilities, the basic architecture has been stable for at least one year • There are multiple plug-ins in the java architecture: • Data stores are adapted by “context provider” plug-ins • New security token types are provided by plug-ins • New relying party security languages can be plugged in • Persistence of i-card objects is managed by “i-card provider” plug-ins
Key Standards Used • WS-Security • WS-Trust • WS-Federation • SAML Assertion 1.1 and SAML2 protocol • XRI 2.0 • XML Canonicalization, Digital Signature, and Ecryption • LDAP • OWL and RDF • XRI XRDS • The Higgins data model and Identity Interchange Framework (X.IDIF) are being proposed for adoption by the ITU-T (The International Telecommunications Union’s Standards Sector)
Communities • Higgins has attracted and build an activity community with contributions from Parity, IBM, Novell, Google…with additional involvement from Microsoft, CA, Serena, Oracle, etc. • Committers - Higgins has 22 committers (three were just approved during the release process) • Contributions were also made by other members of the community
Multiple digital identities… • eCommerce (e.g. Amazon, eBay) • Social Networking (e.g. LinkedIn) • Book club • Family • Professional networks • Dating networks Buddy Lists Websites • Healthcare System • Corporate Directories Communities of Interest Enterprise Apps • Second Life • Croquet • WOW Email or IM Virtual Spaces You
…each in its own context (silo) • eCommerce (e.g. Amazon, eBay) • Social Networking (e.g. LinkedIn) • Book club • Family • Professional networks • Dating networks • Healthcare System • Corporate Directories Buddy Lists Websites Communities of Interest Enterprise Apps Email or IM Virtual Spaces • Second Life • Croquet • WOW You
Introducing i-cards I create (personal) • I define a few personas • Business “me”, web surfing “me”, dating “me” Others create (managed) • Credit cards • Membership, reputation in community • 3D avatar (virtual identity) • Governments (drivers license) I co-create with others (relationship) • My preferences, interests within community • Might include shopping history and wishlists
You use them to • Sign-in to sites • Exchange with friends; stay in sync • Increase convenience and privacy (e.g. far fewer passwords) • Project my values, interests, preferences to sites • Support worthwhile causes • Get introductions and offers that I find relevant and compelling Here’s how it works…
First, I need an identity agentI get one from any site that uses i-cards… • I download the Higgins browser add-on • Restart my browser • The wizard walks me through setting up my web “surfing” persona i-card …That’s it.
Now I can sign in to sitesWithout passwords at each site i-cards (digital “me”s) are displayed in my browser or mobile device
I-Card Selector User Interface Click on a card
Higgins is an interoperability framework Higgins Browser Extension Eclipse RCP Apps Identity Providers Relying Parties Apps and Services Higgins Framework Plug-ins Protocol Providers implement protocols for interacting with Relying Parties CardSpace OpenID RSS SSE HTML Forms I-Card Providers implement identity protocols and card types CardSpace Managed (WS-Trust) CardSpace Personal Higgins Relationship Token Providers implement different kinds of security tokens SAML X509 Kerberos UN/PS Idemix IdAS Context Providers connect to different identity data sources JNDI / LDAP Enterprise Apps RDF/OWL Active Directory Comms Clients
Higgins delivers A consistent user experience based on i-cards • Any identity protocol • Any token data type • Any kind of identity data • Any identity data source • Any platform