230 likes | 416 Views
Higgins Trust Framework. Michael McIntosh IBM Research. The Higgins Vision: “Bridging Contexts”. eCommerce (e.g. Amazon, eBay) Social Networking (e.g. LinkedIn) Alumni websites. Book club Family. Healthcare System Sales Force Automation Corporate Directories. Buddy Lists.
E N D
Higgins Trust Framework Michael McIntosh IBM Research
The Higgins Vision: “Bridging Contexts” • eCommerce (e.g. Amazon, eBay) • Social Networking (e.g. LinkedIn) • Alumni websites • Book club • Family • Healthcare System • Sales Force Automation • Corporate Directories Buddy Lists Websites • Professional networks • Dating networks Communities of Interest Enterprise Apps Social Networks • Lotus Notes • P2P Apps Email or IM Virtual Spaces YOU 2
Best known for the Eclipse Java IDE Has grown to include over 60 other projects Extensive support for plug-in architectures All code is under Eclipse Public License (EPL) EPL allows linking with proprietary code Project infrastructure: dev lists, CVS, Wiki, etc. Eclipse Foundation 3
Broad Community Involvement • Committers • 12 individuals • Organizations • IBM • Novell • Parity • ooTao • Broader Community • Collaboration with closely related communities: OSIS, Identity Commons, Liberty, OpenID, XRI, XDI • We’ve co-founded and built on • IdentityGang.org • IdentitySchemas.org • Other vendors: VeriSign, Oracle, Ping, Red Hat 4
Provide a consistent user experience based on card icons for the management and release of identity data Empower users with more convenience, control and privacy over personal information Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources Plug-in adapters enable existing data sources including directories, communications systems, collaboration systems, and databases each using differing protocols and schemas to be integrated into the framework Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries Project Scope 5
Extensible Java framework Code not protocols! Deployments vary from: Browser extension + hosted service 100% local Higgins Framework 6
Multiple contexts, identities, profiles & links Health Provider Visa United Home Work 329 Main Street, Chestnut Hill, MA (617) 879 9971 ptrevithick@alum.mit.edu HMO, GroupID, # Dr. James Levine 175lbs, Type O- … Account number Credit limit = $5,000 Balance = $1,250.22 ,,, PTrev pw=batman8 Window seating, vegetarian, non-smoking, economy Marriot rewards, … 7
Existing protocols, systems and sites are adapted using plugins Higgins Visa United Home Work HC Provider 8
Higgins as an Interoperability Framework HBX Eclipse RCP IdPs and RPs Apps and Services Higgins Framework (Core Components) Plug-ins CardSpace OpenID Liberty …more Authentication Protocols Data Sharing JNDI/LDAP RDF RSS …more Service Metadata WS-Addressing XRI/Yadis URI 9
Provides a consistent user experience Identity information presented as i-card channels to identity data sources Empowers: Designed around the user Provides more control over user’s personal data Protects and projects as the user desires Protects Identity Mixer –Privacy enhancing technology contributed from IBM Zurich Research Projects Provide rich profiles to trusted partners Manages Links and syncs user’s information info across silos For End Users: an “Identity Agent” 10
Information Cards • Store credentials, profiles, personal data, and social networks –not just for sign-in! • Dynamic or Static • Managed or Self-Issued • Push or Pull synchronization • CardSpace™ or OpenID or RSS or … 11
We want is to all “just work” Manage our multiple identities in multiple contexts Works with any protocol Works on any platform Towards an Identity Metasystem 12
Only one API to learn Saves developer from the details of multiple identity systems Relies on plug-ins to support protocols and technologies: CardSpace™, OpenID, RSS, XRI, XDI, LDAP, etc.. For Developers: Identity Tooling 13
Contexts and ContextIds Digital Subjects and SubjectIds Attributes Metadata Ontologies (schema) Data Model Concepts 15
A Context is a data set Usually requires authentication The data contained may vary by observer Identified uniquely by ContextIds ContextIds are URIs (and may be XRIs) Examples OpenID Provider (OP) LDAP directory PeopleSoft database Contexts and ContextIds 16
Nodes are Digital Subjects A person, thing, event, group, etc Arcs are relationships between Digital Subjects Within and across contexts Arcs are called Subject Relationships Context Data: Nodes and Arcs Contextboundaries 17
Identity Attributes E.g. self-assertion: {UserName, “foo”} Profile Attributes E.g. self-assertion: {PreferredMealType, “vegetarian”} Relationship Attributes A reference to another Digital Subject Comprised of (i) a ContextId (a URI or XRI) that identifies the target Context and (ii) a SubjectId that uniquely identifies the target Digital Subject in the target Context Kinds of Attributes 18
Digital Subject, Attributes, Metadata Person [Mary] uniqueIdentifier String Person: eyecolor mary@socialphysics.org Person: phoneNumber String String value source Blue value expiration creationDate Dept. Motor Vehicles 555-1212 Mar 20 1999 Mar 3 1999 19
Contexts describe their schemas using OWL OWL builds on: RDFS, RDF, XML, XML Schema Contexts base their OWL on higgins.owl Otherwise free to define their own data model E.g. a Context could define the concept of a Person, and this Person having eyeColor and phoneNumber attributes Person would sub-class higgins:DigitalSubject eyeColor would sub-property higgins:Attribute Metamodel, Ontologies 20
Context Providers:Mapping data into the Higgins model Context Provider lookup for a given ContextId. Registration of ContextIds with Providers and any configuration data (if needed) Higgins Identity Attribute Service Context Provider Context Provider Context Provider Context provider plug-ins IContext instances. Each is authenticated to underlying Context data (view of data may vary by who is authenticated) Underlying bits (backing store) 22
Thank you! 23