• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (8)

1 localhost commented Permalink

Bob,Would you elaborate on what Higgins does and does not do. I saw one analyst quoted as saying that Higgins is similar to Liberty Alliance and Shibboleth. Do you agree?You say that Higgins can use LA, and I presume it could use Shibboleth as well. To me, that means that Higgins isn't like them.

2 localhost commented Permalink

While I can see the difference between Liberty and Higgins I am a little confused as to how this will all work. So I am somewhat sceptical at this time.The same problem that exists in media world - analog holes - exist in the digital domain right now. I assume you aren't going to wait for the trusted computing platform to actually make it out the door and widely deployed. So how will this work? If I give someone (or somebody) access to a piece of my information, will I be able to pull back access from them? How will I be able to prevent them from passing the information on? Will there be some legal frame work?Or is this something like the work of Stephen Brand?Peace,Chuck Wegrzyn

3 localhost commented Permalink

I got this response from IBM's Tony Nadalin to Swashbuckler's question:

The Higgins framework could be thought of as a kind of generalized attribute service where specific plug-ins implement the protocols necessary to connect to particular systems containing identity data, (and optionally profile data and relationship) information to the Higgins framework itself. The purpose of the Higgins framework is to provide a common data model, support a consistent UI for managing identity, profile information across all contexts, and allow federation (or virtual integration if you prefer) of this information across contexts.

Every IM, email, directory, shared space, database, etc. system has some or all of the following characteristics: one or more Identity Contexts; a set of Digital Identities within each context; a namespace for each Context to uniquely identify a Digital Identity within the Context; a set of Identity Attributes for each Digital Identity; a set of associations between Digital Identities within a context; a set of associations between Digital Identities across Contexts. Higgins Framework provides an abstraction layer for these things. It then relies on plug-in services to provide concrete implementations of these abstractions. The plug-in might use SXIP, WS-*-as-used-by-InfoCard, Liberty, etc. protocols to connect to a network endpoint that implements that protocol.

4 localhost commented Permalink

Chuck,Sorry, but why are you skeptical? I would be happy to put you in direct contact with our tech guys to talk it through. My IBM email is sutor at us.ibm.com.Bob

5 localhost commented Permalink

Could you please elaborate on the "not competiting with Infocard" story. A fundamental piece of Infocard is the Identity Meta System that Microsoft's Kim Cameron created. Looking at Project Higgins, it achieves to solve the same problems.Admittedly, the meta system itself isn't an actually product. But in the end is will affect how Eclipse builds its tools. Do you expect enterprise to deploy both Microsoft tools and Higgings tools in their infrastructure and development tools (eg: Visual Studio and Eclipse)? Or will they rather chose one or the other?If Higgins and Microsoft aren't communicating, IBM and Novell did a poor job at communicating that. Because they even have a bunch of industry analysts convinced that they do.In fact, IBM's distinguished engineer and chief security architect told Cnet that Higgins is a response to Microsoft's InfoCard identity management technology.Sigh?

6 localhost commented Permalink

toms,This is from Tony again:Some clarification here, everything has a context, so the context of the statement pointed out was an IBM's response to join the open source project, since the project was already created in Eclipse Foundation. Empowering users to manage information, and allowing customers to choose their identity system of choice, has been part of our identity strategy. So intent of Higgins fits well in that strategy. Joining this project was a direct result of customers coming to IBM wanting interoperability with Microsoft Infocards and IBM software (along with interoperability with other identity systems like SXIP, LID, OpenID, etc), so we needed a framework with service interfaces that would allow this to occur and IBM believes its best if this is done in an open source community.

7 localhost commented Permalink

Since it seems unlikely that any one identity management system can attract enough participants (without a required legal basis), tools that allow for user choice for publishing,obfuscating, retracting, and subscribing to the various idmsolutions will be very useful. I've used the Eclipse toolsand am very impressed. I'd love to be able to plug in a module that would mediate between the various solutions. At one level IDM is a "singleton" for the end user. As such the control needs to exist at one interface, rather than many.That does not prevent that information from being combined in novel and useful ways after the end user uses that interface to determine which of the "yet another identity managementsolution" is most appropriate for the task at hand. I'd alsolike to see a risk analysis tool, that displays on a real time reputation basis what possible outcomes would take place as the data is "jettisoned" into the infosphere, with reporting back to the end user if the data is compromised. It seems difficult to maintain the security of any one IDM system, users should be able to react in real time to the misuse oftheir data rather than attempting to rely on complex protocols which only a few experts understand. A failure inASN1 of a protocol is not something that the end user will understand and would have systemic effects.Peter BachmanCequs Inc.

8 localhost commented Permalink

Bob,Thanks for the reply. That told me what I needed to know.

Add a Comment Add a Comment