Day: August 17, 2005

Here's some info hot of the press – or rather, hot off the Ping Toolkit's readme.

The SourceID InfoCard STS Toolkit for Java is a library and simple framework for writing server-side applications which interact with the Microsoft InfoCard identity system (InfoCard is itself also still a work-in-progress as of this writing).

Microsoft InfoCard is an identity system scheduled for inclusion in Windows Vista (a.k.a. Longhorn), with a possible release for Windows XP to follow. It allows users to create identity information cards (“InfoCards”)–and/or collect signed cards from third-party Identity Providers–and use them to provision accounts and/or instantly sign in to web applications(via browser) and web services (via SOAP clients)…

Status

Currently, the SourceID Java library is a work in progress and is not fully
functional, in an interoperability sense, with any published Microsoft software.

It represents early work done privately with Microsoft in advance of the Digital ID World demonstration (May, 2005), and further work into trying to interoperate with the Indigo Beta for Windows XP (which contains some InfoCard code as well).

SourceID will be targeting another release of the InfoCard STS Toolkit after the Beta 2 release of Windows Vista (a.k.a. Longhorn), which we assume will be in Q4 2005. The InfoCard backplane in Vista will be more mature by that time and more ready to interoperate with non-Windows implementations such as this toolkit.

In the meantime, please treat this release as an “early preview” demonstrating some concepts and code on the path to a full InfoCard STS for Java.

Toolkit and Architecture

Thorough architecture and usage documentation will be ready for the next release of this toolkit. In the meantime, the following will serve as a quick guide.

Microsoft InfoCard makes heavy use of the WS-* family of Web Services specifications, including:

WS-Security
WS-Security SAML Token Profile
WS-SecureConversation
WS-MetadataExchange
WS-Policy

The goal of this toolkit is to be able to build a Web Service (and ultimately browser-based applications as well) that is capable of requesting and receiving InfoCards from an InfoCard-enabled client.

To achieve this, the framework leans upon existing work done by the Apache foundation. In particular, the following tools and systems are used in this project:

– Apache Tomcat v5.5.7
– Apache Axis for Java v1.2
– Apache XMLBeans v2.0.0
– Apache WSS4J

With the complete InfoCard STS Toolkit for Java, developers will eventually be able to create Web Services (on top of Axis) and/or web applications (servlet-based) which can seamlessly and automatically request and handle InfoCards (of any variant) from InfoCard-enabled clients.

Conclusion

Please check this project again for updates to this toolkit, with a more complete (and documented) API and the ability to interact in a useful manner with published Microsoft software (though we assume that Microsoft's InfoCard implementation will likely still be in beta form at least into 2006).

[tags: Ping Identity, Identity Metasystem, Java, Toolkit]

It's hard to believe my eyes but the Ping People seem to be right out there on the forward edge of the innovation heat wave…

They've just released a toolkit through which you can build applications that support InfoCards wherever you can run Java. You can download it here. Unfortunately the download page still requires a username and password. I wonder how long it will be before you can use an InfoCard there?

I'm trying to come up to speed with the capabilities in this version of the toolkit, and will want to try it out. Ping calls it a “work in progress”.

Anyway – it's great stuff… I'm stoked.

[tags: Ping Identity, Identity Metasystem, Java, Toolkit]

There is a new Apache Software Foundation (ASF) site run by Hans Granqvist and dedicated to a project that is intended as an incubator for thinking and innovation around Identity 2.0. The project is known as TSIK (Trust Services Integration Toolkit) and joins the WSS4J initiative as a possible foundation for Apache's identity solutions.

Hans’ first posting says:

Some of the initial ideas of TSIK is to implement WS-* standards as they are developed, in particular the ones related to implementation of a federated ID protocol such as Microsoft's InfoCard, but also other federated ID protocols could be of interest, for example, Liberty Alliance, Sxip networks, Identity Commons, LID NetMesh, Passel.org.

This is wonderful. To put it slightly differently, it is my hope that by implementing the Infocard Identity Metasystem components Apache would effectively build in support for the whole gamut of identity tokens, including those used by Liberty, Sxip, Identity Commons, LID and Passel. In other words, I see InfoCards and the Metasystem as a platform, not a competitor, for these other systems.

Hans goes on to say:

“The Apache TSIK is an incubation subproject of the Apache Web Services Project to develop a Java class library for implementations of various W3C and OASIS specifications related to XML and Web services security.

“For more information on current APIs and usage patterns, check out the javadoc TSIK API.

“History

“TSIK was originally developed as closed source by VeriSign over a period of five years before being opened up and incubated at Apache in August, 2005. TSIK today is comercially used in several software products and appliances.

“Comparison to WSS4J

“Apache currently have another project, WSS4J, that implements WS-Security 1.0 from OASIS Web Services Security TC.

“WSS4J's functionality overlaps TSIK's, but there are some differences. WSS4J uses Apache Axis as SOAP engine, and builds on the Apache XML-Security project. TSIK contains its own XML security engine as well as its own SOAP stack implementation.

“Roadmap

“Initially, there is room for both WSS4J and TSIK since they serve somewhat different target audiences. Over time, depending on the desire of TSIK developers, TSIK XML security layers may be re-architected to use Apache XML-Security libraries. WSS4J and TSIK may also assimilate into a single project using the best parts of both…

“Incubation Disclaimer

“The Apache TSIK project is an effort undergoing incubation at the Apache Software Foundation (ASF). As such, it is not yet a full ASF project. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.

“The initial proposal for Apache TSIK is here.

“Mailing lists

“There is a TSIK developer mailing list set up. Please join in to discusss current implementation and future direction of TSIK.

• The list is at <tsik-dev@ws.apache.org>;
• To subscribe to the list, send a message to: <tsik-dev-subscribe@ws.apache.org>;
• Send mail to the following for info: <tsik-dev-info@ws.apache.org>; “

I've met with excellent people from the WSS4J project as well as from TSIK, and it would be silly for me to comment on the overlap between these initiatives – even if I understood the implications. All I know is that Apache's identity people are good news for the whole industry – and a harbinger of what Doc Searls is talking about here.

Clearly this type of involvement at Apache starts to answer some of the very legitimate questions posed to me by Julian Bond. More on this going forward.

[tags: Digital Identity, Identity Metasystem, Apache, Apache WSS4J, Trust Services Integration Toolkit]