I talk so much about the importance of perspective to understanding identity that I often feel I'm overdoing it. Then a week like this one arrives, and I know that I'm not.
Monday, at the Tribeca Grill in New York, Project Higgins had its coming out party. Since that time, the story has been ill-reported and misinterpreted to the point that a number of really smart people are still scratching their heads trying to figure out what Higgins actually is, and what it's appearance on the scene means. (See Phil's post for examples – Kim).
The Importance of Higgins
Higgins is potentially an extremely important development in both identity technology and the identity conversation. So even though this will be a bit lengthy, I am going to take a swing at explaining what Higgins is in a way that can be understood by non-technical types and that provides perspective on where it fits in the identity pantheon.
Exactly what is Higgins? This sounds like a simple question, but geeks and engineers are genetically unable to explain complex new technology paradigms to anyone who doesn't already understand them. Everyone else ends up confused, picking pieces of obscure acronyms out of the pores of their skin. The result is confusion that gets worse instead of better, compounded by reactions to misunderstandings.
Does Higgins Compete With InfoCards?
One of the incorrect, but logically occurring questions is whether Higgins is competition for Infocards. Perspective is key to seeing that this is the wrong question. InfoCards begins its outlook on the identity problem set it's solving by saying “we need a common, intuitive user experience so a user can relate to their identity information and use it safely and with the results they expect.”
This perspective (creating a common user identity experience) led Kim Cameron to develop his laws of identity
from the user's viewpoint, and then conceptualize the development of an open identity metasystem, which would allow his user interface to connect with and manage a user's information interoperably with nearly any kind of identity infrastructure that exists or might come to exist in the future.
The perspective of InfoCards is thus the user's view port on the world of identity, and the identity metasystem is how InfoCards can connect to the “identity plumbing” of the world. InfoCards will become part of the Windows desktop when Vista is released later this year, with downloadable versions to retrofit XP and Windows 2000 desktops.
The Higgins Perspective
The Higgins project
begins from what might be thought of as the other end of the identity universe, with the mission of giving an application developer a common view port on the world of identity. Its goal is to provide interfaces and abstractions which allow a developer to use identity and have it work as the policies in the system expect it to, but without having to learn the intimate details of how all this happens or works under the hood.
It is especially ironic that a project that is all about identity context doesn't explain its *own* context very well. The best explanation of Higgins I've found is this one, from SocialPhysics:
I note, however, that the key context setting sentence for *why* Higgins is needed is the *very last one* on this page. “The application developer who needs to integrate an identity/networking system is forced to learn the intricacies of each different system. …This learning investment is not transferable.” I'll add that this usually means that the developer's work is also not transferable, and this is one of the reasons that identity deployments today are usually much harder than they need to be.
The Higgins Context
To fully understand the perspective from which Higgins approaches identity, you first need to know that significant software development today nearly always occurs in what is called an Integrated Development Environment (IDE). There are many of these, but the world is quickly narrowing to Visual Studio.NET for Windows application development, and Eclipse for the rest of the world.
Eclipse, being open source, is architected to allow new concepts to be created by new groups and made part of the developer's environment through a concept known as Eclipse Frameworks. Higgins is a project to create an Eclipse Framework that abstracts identity data and service interactions so that the application developer can easily develop a standardized relationship to varying identity infrastructure.
Higgins’ Relationship to “Identity Plumbing”
This is a major task, and it will only succeed if they develop a common set of abstractions that can cover all of the ways identity “plumbing” relates to identity data today or in the future. This encompasses not only the functionality of various identity protocols, but the quirks of data repositories and mechanisms behind them where those influence how identity infrastructure operates. The Higgins framework also has to deal with varying client side capabilities, such as browsers, IM clients, or other client software with differing identity needs and capabilities.
Higgins handles interaction with various protocols through plug-ins to its framework. Thus there would be a plug-in to map LDAP to the Higgins abstractions, another to map SAML to those abstractions, and others for such things as WS-Trust, Liberty, proprietary protocols, etc. As an open source project, new Higgins adapters would appear as contributors develop them, allowing it to evolve as infrastructure changes.
How Mature is Higgins?
Today the Higgins project is in its infancy (version 0.2), and most of this work remains to be done. The announcement Monday, however, indicates that the identity industry is reaching the point where it realizes that this type of step is badly needed, and larger players are now looking to promote the development of such solutions.
InfoCards is no doubt adding a sense of urgency to this process, as it means that there will soon be an end-to-end user-centric identity infrastructure deploying widely. While the underlying identity metasystem that InfoCards runs on is open, only Microsoft will have both the user and the application endpoints available when it deploys. Ping identity recently released PingTrust, which will allow federation to an InfoCard infrastructure, but the rest of the field isn't really ready to take advantage if users end up liking what InfoCards presents them as a unified way to interact with and manage their networked identity data.
A Sense of Urgency is a Good Thing for All
Over the years I've seen that a sense of urgency generally produces good results, and often rapid evolution in either the capability or the packaging and ease of use of identity technology. As I wrote last week, this is exactly what potential customers are saying they need vendors to provide more of to buy. So it looks like both the customer demanding RPD (reduced pain on deployment) and the prodding of InfoCards to look at the identity problem in a far more systematic and integrated way are both pushing development in the same direction.
It now seems likely that by our conference in September the identity technology world will be changing very significantly. The identity conversation is getting more interesting every day…