1 / 81

Higgins

Higgins 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation. Sections. Introduction Higgins 1.0 - Released in February 2008 Higgins 1.1 – Planned for Q3 2009 Beyond 1.1. Introduction. Goals / Vision.

lynn-nelson
Download Presentation

Higgins

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Higgins 1: A species of Tasmanian long-tailed mouse2: An open source identity framework being developed at the Eclipse Foundation

  2. Sections • Introduction • Higgins 1.0 - Released in February 2008 • Higgins 1.1 – Planned for Q3 2009 • Beyond 1.1

  3. Introduction

  4. Goals / Vision • Provide an identity and security layer for the Internet • User-centered design • Shift control to the user over their own digital identity • Enhance privacy and security • Provide a simple, consistent, selector/card-based user experience • Identity data integration • Integrate user’s profiles & social networks across data silos and apps • Provide a common data model with persistent cross-context links • Selectors everywhere • Cross-platform (Windows, Mac, Linux, Mobile…) • Extensible architecture based on frameworks & plugins • Designed for interoperability • Cross-Protocol (I-Card, OpenID, SAML, un/pw…) • Authentication technology agnostic • Open source, community-based project • Business model friendly EPL license

  5. Identity Models • Uses a selector-based identity model • Vs. today’s cookie-based model

  6. Today’s cookie-based model(No cross-site context) Websites: You go from site to site filling forms & passwords Type, type, type. Click, click, click. Here a password, there a password, everywhere a password. Here a form, there a form, ...

  7. Selector-based model:Cross-site context is now possible Sets of claims are made portable by putting them on Information Cards Any kind of information: your preferences, favorite songs, employee id numbers, drivers licenses, affiliations, your health plan id, etc., can be on a card. Cards from multiple sites are managed in an Identity Selector application

  8. Card-based Login Click Higgins is interoperable with Microsoft CardSpace™ shown here

  9. Card-based Login • Per-site passwords are eliminated • Strong anti-phishing protection • Security tokens instead of phishable passwords • Site declares what claims it needs or desires • User reviews and consents to all release • Privacy enhancing minimal disclosure

  10. Higgins 1.0 Released February 2008 Commercial products based on Higgins 1.0 are available from IBM, Novell, Serena, Computer Associates and Parity

  11. Higgins 1.0 Higgins Selector Identity Services Identity Attribute Service

  12. Supported Card Types Managed What some other entity says about you Personal What you say about you

  13. Data Flow Tokens containing claim data is requested and received here Cards are generated and downloaded from here. A local Token Service issues tokens as requested by Selector. Selector Browser Extension & Client App Relying Party Website or App Identity Provider Cards are stored and selected here

  14. Data Flow Some Higgins Selectors rely on a hosted I-Card Service component Selector Browser Extension & Client App Relying Party Identity Provider

  15. Selector client/server Web Selector I-Card Service STS IdP RP Website RP Libraries Internet Selector Switch Browser Extension Client apps for Windows, OSX and Linux Selector Browser Key Higgins Generic User

  16. 1.0 Selectors • Firefox-embedded Selector (Javascript) • For Firefox on Windows, Linux, and OSX • Requires hosted I-Card Service (but otherwise NO local client code) • GTK / Cocoa Selector (C++) • For Firefox on Linux, FreeBSD, and OSX • Available as DigitalMe™ from Novell (& in SUSE) • RCP Selector (Java) • For Eclipse RCP Application

  17. Cocoa Selector (Mac)

  18. RCP Selector

  19. RCP Selector (Manager Mode)

  20. Higgins 1.0 Higgins Selector Identity Services Attribute Services

  21. Identity Providers Web Selector I-Card Service STS IdP RP Website RP Libraries Higgins STS is used by the IdP website Internet Selector Switch Browser Extension Selector Browser Key Higgins Generic User

  22. Identity Providers • WS-Trust IdP / Security Token Service • Web service • Web site for card issuing • Java • SAML2 IdP • Web service • HTML artifact binding • Java

  23. STS / IdP

  24. Relying Party Website Web Selector I-Card Service STS IdP RP Website RP Libraries Higgins RP Website provides code to validate tokens from Identity Selectors Internet Selector Switch Browser Extension Selector Browser Key Higgins Generic User

  25. Relying Party Website • Multi-Protocol Relying Party Website Enablement • Information Card authentication • OpenID authentication Information Card Icon (button)

  26. Higgins 1.0 Higgins Selector Identity Services Attribute Services

  27. Identity Attribute Service Identity Attribute Service (IdAS) Plug-ins LDAP XML File RDF Google Contacts Others… Key: Context Providers (Plugins) Connect to existing data sources Higgins 1.0 Beyond Higgins 1.0

  28. IdAS • The Context Data Model is implemented by the Identity Attribute Service • Contexts may be accessed using IdAS may employ a variety of authentication approaches • The contained Entities may be inspected, navigated and or modified based on authorization policy of the Context • IdAS is extended by Context Providers (plugins) • Context Providers map existing data sources into the Higgins Context Data Model

  29. Context Data Model (CDM) • Data sources are called Contexts • E.g. enterprise directories, social networks, RDF repositories • Contexts contain objects called Entities • Entities represent people, organizations, etc. • Entities have Attributes; Attributes have values • The core semantics of the model are based on RDF & OWL

  30. CDM extends RDF • Globally linked data • Higgins uses UDIs not just HTTP URIs • Some EntityId UDI ids are globally resolvable • Supports protocols beyond HTTP • Uses XRDS discovery of UDI endpoint metadata, including protocol for data access • Read and write access • Access Control management & enforcement

  31. Interoperability Event ParticipantsRSA 2008

  32. Interoperability Event ParticipantsRSA 2008

  33. Higgins 1.1 June 2009

  34. Higgins 1.1 Higgins Selector Identity Services Attribute Services

  35. New: Higgins Selector Switch Web Selector I-Card Service STS IdP RP Website Provides an abstraction layer that decouples browser extensions from selectors. RP Libraries Internet Selector Switch Browser Extension Selector Browser Key Higgins Generic User

  36. Higgins 1.1 HSSTargets: Win, Mac [& Linux – hopefully] Key Internet Explorer Firefox Component Set HSS Manager HSS Launcher Higgins Browser Extension IE MIME-type Handler Higgins Browser Extension Firefox Addon Component Plugin Higgins Selector Switch (HSS) New /Modified Component Non-Higgins Component Higgins GTK/Cocoa Selector Higgins RCP Selector Higgins AIR Selector Microsoft CardSpace OpenInfoCard Remote Local Different Process Local Same Process Target Platforms: Windows, Mac OSX, Linux V1.1.102

  37. New: “Hybrid” AIR-Based Selector • Selector UI is based on Adobe AIR • Integrates with Firefox, IE, and Safari • Runs on Windows, OSX and Linux • More secure • Card Manager remains a (GWT) web app • Replaces the H1.0 “Firefox-embedded” selector

  38. New Card TypesAIR Selector and I-Card Service Relationship Card What you and Best Buy say about you Password Card Stores all of your username/password data one a single card

  39. Cocoa Selector (Mac OSX)

  40. Unified/Harmonized SelectorTo be partially completed by H1.1 Release Key Higgins Selector Switch Component Set Component Selector UI Plugin  OR  Local I-Card Service New /Modified Component Non-Higgins Component Higgins Server External STS IdP Remote Local Different Process Local Same Process Target Platforms for client portion: Windows, Mac OSX, Linux V1.1.116

  41. New: Synchronizing Card Store Selector UI New

  42. New: iPhone Selector [& Manager] • Comprised of two apps: • iPhone Selector client and (web) Card Manager • iPhone Card Manager (see next section)

  43. iPhone Selector (Warning: Requires Jailbreak)

  44. iPhone Card Manager

More Related