Eclipse Higgins, a free user-centric identity framework

The Eclipse Foundation released Eclipse Higgins 1.0, a freely downloadable identity framework designed to integrate identity, profile and social relationship information across multiple sites, applications and devices using an extensible set of components.

Web 2.0, mashups, social networking and the general rise of networked applications have made Web-based identity management complex for both the end-user and the developer. The Eclipse Higgins project, a coalition of organizations and individuals, has been working to address these issues.

Multiple identity protocols have been developed to address different needs, including WS-Trust, OpenID, SAML, XDI and LDAP. This requires software developers to support multiple protocols, resulting in unnecessary complexity in managing identities. Additionally, individuals are particular about which entities they share what personal information. For example, one might not prefer to share credit card information on a social networking site as readily as with a leading on-line retailer.

To address these challenges, Higgins provides a software framework that delivers three technologies:

First, it provides multi-platform “identity selector” applications that end-users can use to signin to web sites and systems that are compatible with the emerging user-centric “Information Card”-based (or “i-card”-based) approach to authentication. This approach promises people fewer passwords, more convenience, and better security. An Information Card is a new, graphical way to refer to a collection of identity information that you might wish to send to a website or program.

Second, it provides “identity provider” web services that can issue i-cards as well as the code necessary to enable web sites and applications to accept i-cards. Software developers can incorporate this code into their applications to make it easier for their users to login to their sites.

Third, it implements the Higgins Global Graph (HGG) data model and the Higgins Identity Attribute Service (IdAS). Developers now have a framework that provides an interoperability and portability abstraction layer over existing “silos” of identity data. For the first time, IdAS makes it possible to “mash-up” identity and social network data across highly heterogeneous data sources including directories, relational databases, and social networks. Technology built on this framework could allow users to login to their bank account with a secure authorization key, which would be automatically freshly generated for each visit. Users wouldn’t need to remember or write down passwords, which can also be long and complex enough to be secure. Additionally, this same interface also could allow users to sign into their favorite wiki or blog with just one click.

Higgins is not another identity protocol like OpenID, SAML, or WS-Trust; it is a framework that allows software developers to integrate and leverage multiple protocols within their applications. Specific identity protocols, like OpenID, which is very important for solving password management for things like blog, wikis, etc., are popular with specific users for specific use cases; however, the Project Higgins community believes there will continue to be multiple identity protocols used to support differing identity scenarios. Instead of requiring a developer to become proficient in all protocols, they can now use Higgins to gain support for them all.

With this initial 1.0 release of Higgins, many of the largest providers of identity management software recognize its potential. IBM, Microsoft and Novell are significant contributors to the project. Additionally, companies like Serena are already using Higgins in their commercial products. Companies such as Oracle support the goals of the project.

More information about Eclipse Higgins as well as download options are available here.