Progress Report toward Independent Identity
Last September's cover story examined the Identity Metasystem, proposed by Kim Cameron and his team at Microsoft, in support of personal identities that are independent of any vendor's silo. Microsoft's inaugural member of the Identity Metasystem is an identity selector called InfoCard and is due for inclusion in Vista when that operating system arrives in 2007. (It will be back-implemented for XP as well.)
Since then, the Identity Gang has grown in number, and it has held a series of meetings and workshops where progress has been dramatic and encouraging. In a meeting at Harvard in December 2005, Paul Trevithick of Social Physics introduced Higgins, a framework for building user-centric identity-enabled services. At the Internet Identity Workshop in January 2006 in Berkeley, creators of OpenID, LID and XRI/XDI joined various pieces to create Yadis: a new and simple combined lightweight identity system. At the Mountain View IIW in May 2006, a large conference room was packed with participants from Red Hat, Higgins, Identity Commons, XRI/XDI, the IETF, LID, Novell/SUSE, VeriSign, Tucows, OpenID and other interested parties, to engage Kim Cameron and Mike Jones of Microsoft—and to talk about open-source implementations of InfoCard.
That conversation has since been formalized in a series of phone calls and a mailing list called OSIS (Open Source Identity Selector). A report on the first of the weekly OSIS conference calls began with this:
We reaffirmed that the initial goal of the project is to build InfoCard selector implementations for non-Windows platforms that are compatible with the Microsoft implementation, with targets possibly including GNOME, KDE, Mac and mobile devices.
We agreed that the goal is to move quickly, enabling deployment of interoperable implementations by the time that Windows Vista ships.
Since then, progress has been so rapid and varied (within and between different participants) that it's hard to follow exactly what's going on. When I asked Paul Trevithick to summarize it for Linux Journal readers, he wrote back:
The situation is extremely fluid. The Red Hats, Novells, independents and others are all bouncing around trying to understand what's really going on.
There are now at least three efforts afoot that as either a total or a partial goal include creating an open-source capability to interoperate fully with Microsoft's InfoCard system and especially the specific ways that it uses WS-Trust and related protocols:
1) OSIS: effort appears to be defined as a clone of Microsoft's InfoCard software but for Mac and Linux.
2) Higgins: one of the highest priorities is to provide full interoperability with Microsoft's InfoCard and thereby to provide equivalent functionality on non-Windows platforms. (Higgins also has goals that are beyond authentication and security, and it will support other protocols.)
3) The UNC Lab of Information Integration, Security and Privacy Project (www.sis.uncc.edu/LIISP) under Dr Gail-Joon Ahn, which was presented at IIW2006.
...and there may be others. Kim has stated that Microsoft will provide technical support to any and all groups to enable them to achieve interoperability.
Two additional points. First, Dr Ahn's implementation is ready in advance of Microsoft's own. (To an enthusiastic reception by Microsoft folks at the May 2006 IIW, where the system was demonstrated.) Second, I know of at least one commercial InfoCard-compatible implementation, which should be ready by the time this issue is published.
Phil Windley, author of Digital Identity (O'Reilly, 2005) and an organizer of the Internet Identity Workshops, said:
For us to have a metasystem, we need identity selectors for Linux desktops, Macs and other platforms. It's impressive that the identity community accepts Kim Cameron's vision—that there needs to be interoperability. It's Kim's political acumen that enables this. He just put out the Laws and said, “Here's a system that obeys these, and it's open.” It's important that InfoCard isn't Microsoft Kool-Aid. If Microsoft stopped, all this other stuff could keep working.
I've been impressed, all through this process, at how committed all these different development projects are to staying open toward each other, in the general directions where they might converge. For example, InfoCard and Yadis are solutions to different problems, yet there are design decisions both communities can make today that will be interoperable at some point in the future when their uses overlap.
As we know too well, being open source doesn't prevent market-halting incompatibilities and failures to interoperate. Why, other than adherence to principles of niceness, are all these projects working to keep things from breaking as they grow in converging directions?
Phil Windley says there may be a couple of subtle reasons. First, “Sometime early last year, the competing participants got to the point where they said, 'We don't have to be enemies. We can work together.'” Second:
Some of the developers realized that relying parties—say, any Web site that has to rely on an identity credential from an identity provider—don't have to support different systems. It's the identity provider—the Amazons and Googles and eBays of the world—that will have to play in all those systems, if they want to be in the game. They have the incentive, as well as the ability, to interoperate. If you're Amazon, and want your customers' identities to be useful across a lot of Web sites, you have an incentive to interoperate. Now look at it the other way around. If the relying parties needed this, and not the identity providers, interop would always be “someday”.
Instead, I think we're likely to see user-centric “independent” identity in widespread use sometime in the next two years.
Doc Searls is Senior Editor of Linux Journal.
Doc Searls is Senior Editor of Linux Journal
|Designing Electronics with Linux||May 22, 2013|
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
- Designing Electronics with Linux
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Dynamic DNS—an Object Lesson in Problem Solving
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Build a Skype Server for Your Home Phone System
- Validate an E-Mail Address with PHP, the Right Way
- A Topic for Discussion - Open Source Feature-Richness?
- Why Python?
- Tech Tip: Really Simple HTTP Server with Python
1 hour 16 min ago
- Reply to comment | Linux Journal
1 hour 24 min ago
- Understanding the Linux Kernel
3 hours 38 min ago
6 hours 8 min ago
- Kernel Problem
16 hours 11 min ago
- BASH script to log IPs on public web server
20 hours 38 min ago
1 day 14 min ago
- Reply to comment | Linux Journal
1 day 46 min ago
- All the articles you talked
1 day 3 hours ago
- All the articles you talked
1 day 3 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?