Higgins, Bandit and Microsoft: Open Source for Tight Privacy

The open source Bandit and Eclipse Higgins projects, both of which are working toward providing an open and consistent approach to identity management, have announced they have created a reference application that showcases open source identity services that interoperate with the Microsoft Windows CardSpace identity management system.

In addition, the reference application enables Liberty Alliance-based identity federation via Novell’s Access Manager. It’s noteworthy because it’s a first-of-its-kind open source identity system that features interoperability with leading platforms and protocols. The Bandit and Higgins teams plan to showcase the application at next week’s RSA Conference in San Francisco.

Multiple Perspectives

The Bandit and Higgins projects focus on developing cross-platform open source identity services to help organizations and individuals to manage identity information.

From an individual perspective, Higgins is a project within the Eclipse Foundation that focuses on providing application frameworks for building software that helps individuals securely control who has access to their online personal information, such as bank accounts, credit card numbers, medical information, and employment records.

While the Bandit and Higgins projects both work on developing identity standards, the Novell-sponsored Bandit project tends to focus more on enterprise identity management challenges. For example, an employee in a large organization might need to access a variety of enterprise applications that reside on different server platforms and require different user names and passwords.

Another example might be an organization that offers Web portals to supply chain businesses partners, all of which require secure identity-based access. Any time someone forgets their login information, they immediately start losing productivity. It only gets worse if someone’s login information is stolen.

“For better or worse, we have an identity infrastructure in place today — the user name and password. Unfortunately we’ve discovered that this infrastructure is less than ideal with regards to security and manageability,” Dale Olds, distinguished engineer and Bandit Project lead for Novell, told LinuxInsider. “That’s why there are a number of new initiatives, including the work underway through Bandit and Higgins, to design, develop and implement a new identity infrastructure.”

The reference application leverages parts of both Bandit and Higgins to create the interoperability with Microsoft’s CardSpace identity management system, which ships with the Vista operating system. Microsoft has been promoting Windows CardSpace as an implementation of an identity metasystem to help provide a model for identity interoperability. At the same time, the company is very much interested in working with others, including the open source community, to create a standards-based identity system.

Identities in Transition

“If you look at the protocols of the Internet, like TCP/IP, that make it the common standard and open communications infrastructure that it is — and that’s the essence that gives it its power — those protocols aren’t owned and controlled by any one vendor,” Jamie Lewis, CEO and research chair of Burton Group, told LinuxInsider. “They aren’t a patented product that you can only buy in one place. It’s just sort of baked in, you can rely on it, and you know it works. Well, identity is far from that, and we are in a current transitional mode to that level of standardization and openness around identity.”

Lewis likened the current position in the evolving world of identity management to that of a football team on its own 30 yard line — there’s still 70 yards to go to get a touchdown.

“There are two basic requirements for translating the potential of recent identity infrastructure developments into real-world benefits for users: interoperability and a consistent means of developing identity-aware applications,” Lewis said.

“First, vendors must deliver on their promise to enable interoperability between different identity systems serving different needs,” he continued. “Second, developers need a consistent means of creating applications that leverage identity while masking many of the underlying differences in those systems from the programmer. The Bandit and Eclipse Higgins interoperability demonstration shows progress on the path toward these goals. And the fact that they are open source software projects increases the potential that the identity infrastructure will emerge as a common, open system for the Internet.”