Progress Report toward Independent Identity
Last September's cover story examined the Identity Metasystem, proposed by Kim Cameron and his team at Microsoft, in support of personal identities that are independent of any vendor's silo. Microsoft's inaugural member of the Identity Metasystem is an identity selector called InfoCard and is due for inclusion in Vista when that operating system arrives in 2007. (It will be back-implemented for XP as well.)
Since then, the Identity Gang has grown in number, and it has held a series of meetings and workshops where progress has been dramatic and encouraging. In a meeting at Harvard in December 2005, Paul Trevithick of Social Physics introduced Higgins, a framework for building user-centric identity-enabled services. At the Internet Identity Workshop in January 2006 in Berkeley, creators of OpenID, LID and XRI/XDI joined various pieces to create Yadis: a new and simple combined lightweight identity system. At the Mountain View IIW in May 2006, a large conference room was packed with participants from Red Hat, Higgins, Identity Commons, XRI/XDI, the IETF, LID, Novell/SUSE, VeriSign, Tucows, OpenID and other interested parties, to engage Kim Cameron and Mike Jones of Microsoft—and to talk about open-source implementations of InfoCard.
That conversation has since been formalized in a series of phone calls and a mailing list called OSIS (Open Source Identity Selector). A report on the first of the weekly OSIS conference calls began with this:
We reaffirmed that the initial goal of the project is to build InfoCard selector implementations for non-Windows platforms that are compatible with the Microsoft implementation, with targets possibly including GNOME, KDE, Mac and mobile devices.
We agreed that the goal is to move quickly, enabling deployment of interoperable implementations by the time that Windows Vista ships.
Since then, progress has been so rapid and varied (within and between different participants) that it's hard to follow exactly what's going on. When I asked Paul Trevithick to summarize it for Linux Journal readers, he wrote back:
The situation is extremely fluid. The Red Hats, Novells, independents and others are all bouncing around trying to understand what's really going on.
There are now at least three efforts afoot that as either a total or a partial goal include creating an open-source capability to interoperate fully with Microsoft's InfoCard system and especially the specific ways that it uses WS-Trust and related protocols:
1) OSIS: effort appears to be defined as a clone of Microsoft's InfoCard software but for Mac and Linux.
2) Higgins: one of the highest priorities is to provide full interoperability with Microsoft's InfoCard and thereby to provide equivalent functionality on non-Windows platforms. (Higgins also has goals that are beyond authentication and security, and it will support other protocols.)
3) The UNC Lab of Information Integration, Security and Privacy Project (www.sis.uncc.edu/LIISP) under Dr Gail-Joon Ahn, which was presented at IIW2006.
...and there may be others. Kim has stated that Microsoft will provide technical support to any and all groups to enable them to achieve interoperability.
Two additional points. First, Dr Ahn's implementation is ready in advance of Microsoft's own. (To an enthusiastic reception by Microsoft folks at the May 2006 IIW, where the system was demonstrated.) Second, I know of at least one commercial InfoCard-compatible implementation, which should be ready by the time this issue is published.
Phil Windley, author of Digital Identity (O'Reilly, 2005) and an organizer of the Internet Identity Workshops, said:
For us to have a metasystem, we need identity selectors for Linux desktops, Macs and other platforms. It's impressive that the identity community accepts Kim Cameron's vision—that there needs to be interoperability. It's Kim's political acumen that enables this. He just put out the Laws and said, “Here's a system that obeys these, and it's open.” It's important that InfoCard isn't Microsoft Kool-Aid. If Microsoft stopped, all this other stuff could keep working.
I've been impressed, all through this process, at how committed all these different development projects are to staying open toward each other, in the general directions where they might converge. For example, InfoCard and Yadis are solutions to different problems, yet there are design decisions both communities can make today that will be interoperable at some point in the future when their uses overlap.
As we know too well, being open source doesn't prevent market-halting incompatibilities and failures to interoperate. Why, other than adherence to principles of niceness, are all these projects working to keep things from breaking as they grow in converging directions?
Phil Windley says there may be a couple of subtle reasons. First, “Sometime early last year, the competing participants got to the point where they said, 'We don't have to be enemies. We can work together.'” Second:
Some of the developers realized that relying parties—say, any Web site that has to rely on an identity credential from an identity provider—don't have to support different systems. It's the identity provider—the Amazons and Googles and eBays of the world—that will have to play in all those systems, if they want to be in the game. They have the incentive, as well as the ability, to interoperate. If you're Amazon, and want your customers' identities to be useful across a lot of Web sites, you have an incentive to interoperate. Now look at it the other way around. If the relying parties needed this, and not the identity providers, interop would always be “someday”.
Instead, I think we're likely to see user-centric “independent” identity in widespread use sometime in the next two years.
Doc Searls is Senior Editor of Linux Journal.
Doc Searls is Senior Editor of Linux Journal
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- New Products
- The Pari Package On Linux
- What's the tweeting protocol?
- Trying to Tame the Tablet
- This is the easiest tutorial
1 hour 5 min ago
- Ahh, the Koolaid.
6 hours 43 min ago
- git-annex assistant
12 hours 43 min ago
- direct cable connection
13 hours 5 min ago
- Agreed on AirDroid. With my
13 hours 16 min ago
- I just learned this
13 hours 20 min ago
13 hours 50 min ago
- not living upto the mobile revolution
16 hours 41 min ago
- Deceptive Advertising and
17 hours 17 min ago
- Let\'s declare that you have
17 hours 18 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.