Higgins 1.0: Identity Management Solutions from the Eclipse Foundation

Identity management for networked and distributed applications continues to present several unique challenges for users and developers. Protocols such as OpenID and WS-Trust have emerged as distributed identification protocols to help enable a more globally available authentication scheme.

Earlier this month, the Eclipse Foundation announced the release of Higgins 1.0. Higgins is a suite of identity management solutions from the Eclipse foundation, created with the intent of simplifying and adding consistency to online authentication. The software infrastructure provided by Higgins is specifically targeted at providing a consistent interaction for users with multiple authentication protocols:
 
Higgins is not another identity protocol like OpenID, SAML, or WS-Trust; it is a framework that allows software developers to integrate and leverage multiple protocols within their applications. Specific identity protocols, like OpenID, which is very important for solving password management for things like blog, wikis, etc., are popular with specific users for specific use cases; however, the Project Higgins community believes there will continue to be multiple identity protocols used to support differing identity scenarios. Instead of requiring a developer to become proficient in all protocols, they can now use Higgins to gain support for them all.

Higgins is built around the concept of information cards, which are simply visual representations of a digital identity. The various components of Higgins are centered around helping end users interact with information cards, as well as enabling developers to support identity cards as a form of authentication in their respective applications.

There are three components provided by Higgins for enabling information-card authentication:

First, it provides multi-platform “identity selector” applications that end-users can use to sign-in to web sites and systems that are compatible with the emerging user-centric “Information Card”-based (or “i-card”-based) approach to authentication. This approach promises people fewer passwords, more convenience, and better security.

Current end-user solutions available include:
  • A GTK/Cocoa selector, which includes a Firefox extension to launch the selection interface when a website requests i-card authentication.
  • An Eclipse RCP-based desktop application which supports integration with Internet Explorer 7 to prompt for i-card selection on website request.
  • A distributed, embedded Firefox-plugin-based selector -Where-as the first two solutions provide a local registry and selection service for managing information cards, this solution is an early representation of using a remote server to act as a distributed card registry.
Second, it provides complete “identity provider” web services as well as the “relying party” code necessary to enable websites and systems to be information card- and OpenID-compatible. Software developers can incorporate this "relying party” code into their applications to make it easier for their users to login to their site. There are currently two web-site developer solutions available:
  • STS IdP - An identity provider solution utilizing WS-Trust.
  • SAML2 IdP -An identity provider solution utilizing SAML2

Third, it implements the Higgins Global Graph (HGG) data model and the Higgins Identity Attribute Service (IdAS). Developers now have a framework that provides an interoperability and portability abstraction layer over existing “silos” of identity data. For the first time, IdAS makes it possible to “mash-up” identity and social network data across highly heterogeneous data sources including directories, relational databases, and social networks.

The HGG/IdAS layer of Higgins offers integration opportunities between several identification protocols such as OpenID, WS-Trust, SAML, and LDAP.

Higgins has received industry support from several companies that provide identity-management solutions including: IBM, Microsoft, and Novell.
Microsoft authored a similar technology to Higgins information cards with Windows CardSpace (initially released in 2006); Higgins identity selector solutions are compatible with CardSpace-enabled applications.

At the Eclipse project page, more information is available regarding Higgins identity solutions, and downloads are available for Higgins 1.0 solutions and components.
XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I