The leaders of two open source projects next week plan to showcase how they are using their services to integrate common identity platforms and provide developers with hooks to link their applications to those platforms.
The nearly year-old Higgins project, founded by IBM, Novell, a group of academics, and the Bandit project (started by Novell in mid-2006), plan to use next week's RSA conference to show a reference application that uses open source identity services to tie together Microsoft's CardSpace user identity system in Vista, and Liberty Alliance-based identity federation technology in Novell's Access Manager.
The goal is to provide corporate users and others with a common way for disparate identity platforms, protocols and services to integrate with each over both public and private networks. In addition, the open source advocates hope to provide developers with tools to easily tie their applications with corporate identity management systems.
"By working with a number of open source products and components, we are going to show that we can tie together a Liberty product with Microsoft CardSpace," says Dale Olds, a distinguished engineer with Novell. "You have these large identity systems with Liberty and CardSpace, but it is Higgins and other open source projects such as Bandit that are working to provide the glue. This reference application is very significant in that it shows the initial touch points."
Higgins is a framework designed to integrate identity, profile and relationship data from across multiple systems. The framework has interface and middleware components, such as the Identity Attribute Service, that act as a layer on top of identity repositories. The framework includes both code and an application programming interface (API) that developers will use to link their applications into the Higgins identity services. The goal is to support applications whose front-ends can be a browser, rich client or Web services-based.
Bandit, introduced in June 2006 by Novell, is an open source set of services that incorporate existing protocols such as WS-*, the Liberty Alliance standards and Higgins. Bandit is seen as a sort of standard bus that identity-enabled applications and back-end identity systems can plug into. Applications would basically need only to hook in via a generic adapter, say for authentication, and then IT could plug in whatever authentication mechanism it wants.
Olds also mentions other open source projects such as XMLDAP, which supports a browser-based digital identity card selector on Linux, and the Pamela Project focused on PHP plug-ins for CardSpace to enable identity services on such applications as wikis and blogs.
At RSA, the Higgins and Bandit project teams will show how an identity card from CardSpace can be used to authenticate a user to Novell's Access Manager. They also will demonstrate how a user account in Access Manager can generate a card using Higgins components that can be used to authenticate through CardSpace and a Linux-based card selector to wikis and blogs.
Bandit's contributions to the reference application include multiple "context providers" that plug into the Higgins Identity Attribute Service and provide access to identity information from disparate identity stores. It also highlights the role engine and audit reporting capabilities the Bandit project is developing.
"This is a development milestone," says Mary Ruddy, one of the project leaders on Higgins. "We have a path of milestones leading to a 1.0 release sometime near the end of this summer. We have been very encouraged with the work being done not only with Higgins and Bandit, but the work that is happening in this space in general. Some of the things with CardSpace and identity cards provide a [user interface] that is very useful for people having a consistent user experience with identity."