« Sustainable SOA and "closed loop" thinking | Main | Symantec's Norton gets all user-centric »

A couple of interesting stories related to open source user-centric identity came my way, courtesy of CNET. The first concerns a donation to the Higgins Project from IBM and the second is about some important interoperability announcements to come at this week's RSA Conference.

The Higgins Project, which I have been following closely for the last year or so, is under the auspices of Eclipse and sets out to provide a platform- and identity protocol-independent software framework to aid in the development of user-centric identity management solutions. IBM has donated the results of some work, the Identity Mixer, carried out by its Research Lab in Zurich focussed on enhancing user privacy. Identity Mixer exploits advanced cryptographic techniques so that individuals do not have to provide "real" data to service providers. Instead, they can provide pseudonyms and other credentials which the service provider can verify directly or indirectly to provide the service. So, for example, in an online commerce transaction there is no need to provide a credit card number. Instead, the individual provides an encrypted credential which the service provider sends to the credit card issuer for verification. The credentials are single use in much the same way that the likes of Citigroup and PayPal issue one-time credit card numbers.

This will necessitate changes to the way that service providers, credit card issuers work. However, I think the potential barriers to adoption will reduce as user-centric identity initiaitives mature. As more immediate problems, such as the proliferation of usernames and passwords and inconsistent user experiences, are addressed then issues such as privacy assurance will take on a higher profile and individuals will come to demand it.

On a related note, I came across this post from Bill Barnes (a product manager for Microsoft's CardSpace) discussing another potential barrier to adoption of such privacy enhancing techniques: the fact that they introduce additional transaction steps. Bill discusses how CardSpace could help to address this. When a CardSpace user selects an information card associated with their credit card issuer, a credential representing the credit card could be sent to the service provider alongside other information required for authentication and authorisation.

The second story also concerns Higgins, together with the closely related Bandit Project (which I first discussed here). The story is a little light on details but it seems that there will be some demonstrations of interoperability scenarios involving CardSpace and the Liberty Alliance protocols. Definitely something to watch out for.

Posted by nmacehiter in Identity Management |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1237