from http://www.infoq.com/news/2008/02/higgins_1_0
Identity management for networked and distributed applications
continues to present several unique challenges for users and
developers. Protocols such as
OpenID and
WS-Trust have emerged as distributed identification protocols to help enable a more globally available authentication scheme.
Earlier this month, the Eclipse Foundation
announced the release of Higgins 1.0.
Higgins
is a suite of identity management solutions from the Eclipse
foundation, created with the intent of simplifying and adding
consistency to online authentication. The software infrastructure
provided by Higgins is specifically targeted at providing a consistent
interaction for users with multiple authentication protocols:
Higgins is not another identity
protocol like OpenID, SAML, or WS-Trust; it is a framework that allows
software developers to integrate and leverage multiple protocols within
their applications. Specific identity protocols, like OpenID, which is
very important for solving password management for things like blog,
wikis, etc., are popular with specific users for specific use cases;
however, the Project Higgins community believes there will continue to
be multiple identity protocols used to support differing identity
scenarios. Instead of requiring a developer to become proficient in all
protocols, they can now use Higgins to gain support for them all.
Higgins is built around the concept of information cards, which
are simply visual representations of a digital identity. The various
components of Higgins are centered around helping end users interact
with information cards, as well as enabling developers to support
identity cards as a form of authentication in their respective
applications.
There are three components provided by Higgins for enabling information-card authentication:
First, it provides multi-platform
“identity selector” applications that end-users can use to sign-in to
web sites and systems that are compatible with the emerging
user-centric “Information Card”-based (or “i-card”-based) approach to
authentication. This approach promises people fewer passwords, more
convenience, and better security.
Current end-user solutions available include:
Second, it provides complete “identity
provider” web services as well as the “relying party” code necessary to
enable websites and systems to be information card- and
OpenID-compatible. Software developers can incorporate this "relying
party” code into their applications to make it easier for their users
to login to their site. There are currently two web-site developer
solutions available:
- STS IdP - An identity provider solution utilizing WS-Trust.
- SAML2 IdP -An identity provider solution utilizing SAML2
Third, it implements the Higgins Global
Graph (HGG) data model and the Higgins Identity Attribute Service
(IdAS). Developers now have a framework that provides an
interoperability and portability abstraction layer over existing
“silos” of identity data. For the first time, IdAS makes it possible to
“mash-up” identity and social network data across highly heterogeneous
data sources including directories, relational databases, and social
networks.
The HGG/IdAS layer of Higgins offers integration opportunities between
several identification protocols such as OpenID, WS-Trust, SAML, and
LDAP.
Higgins has received industry support from several companies that
provide identity-management solutions including: IBM, Microsoft, and
Novell.
Microsoft authored a similar technology to Higgins information cards with
Windows CardSpace (initially released in 2006); Higgins identity selector solutions are compatible with CardSpace-enabled applications.
At the
Eclipse project page, more information is available regarding Higgins identity solutions, and downloads are available for Higgins 1.0
solutions and
components.