Day: March 1, 2006

Here is the latest from Eric Norlin, Editor of Digital ID World and industry veteran:

The big (as in could not miss it) news yesterday was the launch of the Higgins project — an open source instantiation of the WS-Trust framework within the Eclipse foundation. Several tech news articles got the take *way* wrong – pitching it as open source vs. microsoft story. In reality, that's not what it is at all.

In brief, the Higgins project (which is apparently named for some “long-tailed” tasmanian mouse, and NOT the guy from “Magnum P.I.” — and, really, wouldn't it be much more interesting if it was named after the guy from Magnum P.I.?) means the following:

1. This is, net-net, a *win* for Kim Cameron's Identity Metasystem. In the past few weeks, Kim has had Verisign announce support, and now an open source project building out a WS-Trust framework for application developers. So, make no mistake about it, Higgins equals more momentum for the Metasystem.

2. However, the move by IBM and Novell *appears* to be a move designed to pressure Microsoft and ensure that their instantiation of the metasystem (InfoCards) remains “open.”

3. That move is being done in response to one very big (and obvious) realization: InfoCards is going to ship in Vista (probably early) and it is going to be a game-changer in the user-centric identity space.

4. But more importantly, it may *also* be a game changer in the enterprise space, as well. There is a tremendous amount of enterprise interest in using InfoCards as a central metaphor for enterprise identity management.

5. So think about this for a second: InfoCards on a huge number of desktops, enterprises upgrading to Vista for its security features (like BitLocker), and InfoCards needs to have an identity credential issued. Where might that be issued from? Active Directory. It is no mistake that (as John Fontana observed), Active Directory is now the hub off of which all of Microsoft's enterprise identity management offerings hang.

6. ergo InfoCards will drive even more adoption of what is quickly becoming the Active Directory juggernaut.

7. Therefore, if I'm a company selling products that are competitive to Active Directory (say, like, for instance IBM or Novell), and I believe that the identity metasystem has gained enough critical mass, then it is absolutely in my best interest to push forward an open source project for the metasystem. Not doing so is to hand over my market to Active Directory.

8. Higgins is good for the community at large (the more Identity Metasystem things we get going the better), and necessary for the vendors involved.

Stay tuned, Phil will have much more to say about this in his newsletter this week.

I have no idea what peoples’ motivations might be. It all reminds me of the moments when my kids (who are now out of beta) have told me all about their friends” motivations and the knots they are experiencing in their relationships with them. When they have asked for advice, the one thing I've told them is to forget about thinking they understand peoples’ motivations, and just act so they have the best possible relationship at each moment in time… Maybe I'm hopelessly naive.

This said, I think (and here I join the speculation movement) there might be truth in the premise that once InfoCard started to gain steam, Microsoft's Active Directory support might have helped spur others to get into the middle of the game. And this is a good thing.

On the other hand, I know and work with all the players and they are people with whom I share a very deep common identity vision. They, like me, have to convince their colleagues to do some fairly counter-intuitive things to get this identity vision realized. So maybe, in this sense, the prospect of Active Directory support is something which actually helps them in their drive to explain all the dynamics in play.

Perhaps the most important thing I can say is that neither IBM nor Novell, nor Sun or anyone else, is really my competitor in this space. The competition comes from the vast patchwork of one-off and ad-hoc identity contraptions that the whole industry has been forced to build because the architecture of the Internet is missing the identity layer, leaving our virtual world in grave danger. So far, the one-off contraptions have about 99% of the market. So there's lots of space for all of us who want to change all that.

This is little Higgins. Does he look like something that would pick fight with InfoCard? I don't think so. Anyone who knows what we're trying to do here at SocialPhysics and especially in the Identity Gang knows that we're striving for a common language and understanding in an area whose depth and complexity humbles the mighty. Many of us building technology are influenced by how this conversation evolves, where the common ground is, and where we can build interoperability ‘bridges’. The implications for society are real. The last thing we want here is more division. This blog post is an attempt to put out the flames that have arisen from recent press coverage about Higgins, IBM and Novell:

Is Higgins competitive with InfoCard?

No. InfoCard is the code name for a Windows WinFX component that provides a user interface and related services that allow that Windows system to interoperate with service providers and identity providers using the WS-Trust and related protocols. Higgins, on the other hand, is a software framework that relies on service adapters that connect to external systems using that system's native protocols or APIs. [If you're familiar with the framework/provider design pattern, what I just called service adapters are Higgins providers.] We expect that in the next few months a WS-* service will be created for Higgins. Higgins when configured with this service and running on Linux, MacOS, etc. will fully interoperate with InfoCard running on Windows.

How is Higgins related to Microsoft?

We are all indebted to Kim for his important work on the seven laws of identity, for his sincerity and tolerance in reaching across traditional divides and ‘doing the right thing’ to make the web a safer place to live. Inspired by Kim, the Higgins mouse has mended his ways, is now completely law-abiding, and brushes his teeth twice a day. We also are grateful for the support Microsoft has given to the SocialPhysics project (of which Higgins is a part) through the Berkman Center.

Here's an article by Joris Evers, a Staff Writer at CNET News.com. Joris has done a great job covering the industry and has certainly paid his dues.

IBM and Novell on Monday are expected to announce an open-source response to Microsoft's forthcoming InfoCard identity management technology.

The companies plan to contribute to an open-source initiative code-named Higgins Project. The project aims to help people manage their plethora of Internet logins and passwords by integrating identity, profile and relationship information used across authentication systems on the Net.

The initiative also includes the Berkman Center for Internet & Society at Harvard Law School and Parity Communications, a company developing “social commerce” software that has been operating in stealth mode.

The open-source project, managed by the Eclipse Foundation, is a response to Microsoft's InfoCard identity management technology, Anthony Nadalin, distinguished engineer and chief security architect at IBM, said in an interview.

“This is a move to help get identity management out in the open source. InfoCard is one user-centric identity system…but the implementation Microsoft has is not what I would call open,” he said. “There are a lot of hidden elements.” One example, he said, is how it interacts with Active Directory, Microsoft's identity management technology for businesses.

Microsoft has described InfoCard as a technology that gives people a single place to manage authentication and payment information, in the same way a wallet holds multiple credit cards. An InfoCard client on a PC will connect with Web sites that need information for authentication or transactions.

Yet, the Higgins Project is more than a rival to InfoCard, Nadalin said. “We are not here to create another identity system; we are here to aggregate the existing systems,” he said. “We have invited Microsoft to participate…and we will continue to work with Microsoft to integrate with InfoCard. We think that has to happen.”

The Higgins Project will complement InfoCard in providing client software for operating systems other than Windows, Nadalin said. Also, it will make existing identity management products, such as IBM's Tivoli software, work with InfoCard, he said. IBM is expected to support Higgins in its products sometime next year.

“Microsoft would be left out in the cold without Higgins; it allows Microsoft to participate in non-Windows environments,” Nadalin said “Customers want choice. They end up voting with their pocket book. They don't want to be locked in.”

The Higgins Project looks to be a step forward in solving the problem surrounding online identities, said Kim Cameron, identity architect at Microsoft. “From what I've seen, this is a very positive development,” he said. “I think we are really going to see the identity big bang–a whole wave of social and identity-aware applications that are suddenly becoming possible.”

But while Nadalin may have his mind set on where the Higgins Project is headed, nothing is set in stone, said Burton Group analyst Mike Neuenschwander. “It is open source; it is hard to tell exactly where it will head,” he said.

There are other efforts to integrate identity information. But with IBM and Novell, the Higgins Project has attracted big-name support, Neuenschwander said.

“Everybody wants to be that central hub that integrates everybody else's stuff,” he said. “Higgins is significant in that IBM and Novell have stepped up to say they are going to develop their client software under that project.”

Neuenschwander doesn't expect to see anything tangible come out of the Higgins Project until at least the end of the year. “Then we can see with greater certainty where they are headed,” he said. “Microsoft has made it much further down the road with InfoCard.”

Microsoft plans to deliver InfoCard by the end of this year as part of Windows Vista, the next version of its flagship operating system. InfoCard will also be available for Windows XP, Microsoft has said.

Now, all is fair in love and software, and everyone who advances identity is a friend of mine. Nor do I expect people to bow down and say, “InfoCards are great and good and we will obsequiously follow in Microsoft's footsteps.” People need to differentiate themselves.

None-the-less I did contact Anthony to ask about the notion that “the implementation Microsoft has is not what I would call open.” I wanted to know what he saw as “hidden elements.” To my knowledge there is nothing hidden whatsoever, as the implementors guide published on this site testifies.

His answer:

“What I said was that User centric perspective points out the need to make it simple and easy for users to manage. What is also needed is that the framework be able to allow users and institutions to choose any identity systems and be able to integrate and interoperate between them. e.g., they can choose from any of the identity information stores to be federated – be it IBM Directory Server, Novell eDirectory, SAP system, ActiveDirectory, collaborative spaces, OpenLDAP, etc.”

And I couldn't agree more. InfoCard is specifically designed to allow this. And Anthony knows this as well as I do. So what I suspect might have happened is that when he pointed out the need to integrate all the other systems, it likely appeared that he saw things as being more counterposed than was actually the case.

With the Identity Metasystem, the paradigm is shifting. The way we are building this thing, in the open and in the blogosphere and in a spirit of collaboration, is a big break with the past. It's hard to get your arms around it. It's hard to know how to “message it” when we talk to others. It's hard to write about without it sounding silly.

But hey – we are gaining momentum and we are going to get this puppy moving full speed ahead. Further, we are going to have a renaissance of the industry that will shock everyone as the big bang hits the world of applications.