Higgins
Upcoming SlideShare
Loading in...5
×
 

Higgins

on

  • 1,037 views

 

Statistics

Views

Total Views
1,037
Views on SlideShare
1,034
Embed Views
3

Actions

Likes
0
Downloads
9
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Higgins Higgins Presentation Transcript

  • Higgins 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation
  • Sections
    • Higgins 1.0
      • What we released in Feb 2008
    • Higgins 1.1
      • What we’re working on (or in some cases just thinking about) for June 2009
    • Beyond Higgins 1.1
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Section One: Higgins 1.0 Released February 2008 Commercial products based on Higgins 1.0 have been announced by Novell, Serena, Computer Associates and IBM Copyright © 2008 Parity. Made available under EPL 1.0
  • Higgins is an Identity Framework Enables users and applications to integrate identity, profile, and social relationship information across multiple data sources and protocols. Copyright © 2008 Parity. Made available under EPL 1.0
  • End-users experience Higgins through the UI metaphor of Information Cards using an app called an Identity Selector Information Cards and selectors are just tip of the iceberg of what can be done with Higgins, but it’s a place to start… Copyright © 2008 Parity. Made available under EPL 1.0
  • Today you go from site to site filling in forms and passwords Copyright © 2008 Parity. Made available under EPL 1.0 Type, type, type. Click, click. Here a password, there a password. Everywhere a password. Here a form, there a form, ... Websites…
  • Information Cards Put You in Control Copyright © 2008 Parity. Made available under EPL 1.0 Each card is a slice of the digital you (or a friend of yours) held in some data silo. Any kind of information: your preferences, favorite songs, employee id numbers, drivers licenses, affiliations, your health plan id, ...you get the idea, can be accessed using a card. This wallet-like thing is an app called an Identity Selector
  • Higgins Identity Selectors Copyright © 2008 Parity. Made available under EPL 1.0 Identity Selectors Identity Attribute Service Identity Providers Relying Parties Client Apps, Web Services, Web apps Identity Services Identity Providers Identity Selectors Identity Selectors
  • How to Use I-Cards
    • By clicking on a card you can log into sites. No more passwords
    • You can share cards with friends and businesses you trust
    • Some [relationship] cards create permanent connections to your friends, communities and businesses
  • Identity Selector “Wallet” Click on a card to send it to a site Click Copyright © 2008 Parity. Made available under EPL 1.0 Higgins is interoperable with Microsoft CardSpace™ shown here
  • Identity Selector Card-based Sign-in
    • Per-site passwords are eliminated
    • Instead, the selector posts a security token that is validated by the relying site
    • Provides some anti-phishing protection
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Identity Selector Supported Card Types Copyright © 2008 Parity. Made available under EPL 1.0 Managed What some other entity says about you Personal What you say about you
  • Identity Selectors Three Flavors in Higgins 1.0
    • Firefox-embedded Selector (Javascript)
      • For Firefox on Windows, Linux, and OSX
      • Uses hosted I-Card Service Component
    • GTK / Cocoa Selector (C++)
      • For Firefox on Linux, FreeBSD, and OSX
      • Available as DigitalMe™ from Novell
    • RCP Selector (Java)
      • For Eclipse RCP Application
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Identity Selectors Cards and Tokens Flow Identity Selector Browser Extension & Client App Identity Provider Relying Party Website or App Cards are generated and downloaded from here. A local Token Service issues tokens as requested by Selector. Cards are stored and selected here Tokens containing claim data is requested and received here
  • Identity Selectors Cards and Tokens Flow Identity Selector Browser Extension & Client App Identity Provider Relying Party Some Higgins Identity Selectors rely on a hosted I-Card Service component
  • Identity Selector Component View Identity Provider Relying Website Token Service Browser Browser Extension Identity Selector Internet Key: Generic Technology Higgins Components RP Libraries Selector Selector Higgins Identity Selectors. Client apps for Windows, OSX and Linux I-Card Web Service User
  • Identity Selector Selector Selector – Component View Identity Provider Relying Website Token Service Browser Browser Extension Identity Selector Internet Key: Generic Technology Higgins Components RP Libraries Selector Selector Higgins includes a Higgins Selector Selector component (Windows-only) Provides an abstraction layer that decouples browser extensions from selectors. I-Card Web Service User
  • Architecture Identity Providers Copyright © 2008 Parity. Made available under EPL 1.0 Identity Selectors Identity Providers Relying Parties Client Apps, Web Services, Web apps Identity Providers Identity Selectors Identity Selectors Identity Attribute Service Identity Services
  • Identity Providers Component View Identity Provider Relying Website Token Service Browser Browser Extension Identity Selector Internet Key: Generic Technology Higgins Components RP Libraries Selector Selector Higgins Token/IdP Service is used by the Identity Provider website User
  • Identity Providers Two Flavors
    • WS-Trust Security Token Service / IdP
      • Java WS-Trust Identity Provider
      • Web service
      • Sample web site
    • SAML2 IdP
      • Java SAML2 Identity Provider
      • Web service
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Architecture Relying Party Website Copyright © 2008 Parity. Made available under EPL 1.0 Identity Selectors Identity Providers Relying Parties Client Apps, Web Services, Web apps Identity Providers Identity Selectors Identity Selectors Identity Attribute Service Identity Services
  • Relying Party Website Component View Identity Provider Relying Website Token Service Browser Browser Extension Identity Selector Internet RP Libraries Selector Selector Higgins RP Website provides code to validate tokens from Identity Selectors Key: Generic Technology Higgins Components User
  • Relying Party Website Multi-Protocol Support
    • Multi-Protocol Relying Party Website Enablement
      • Information Card authentication
      • OpenID authentication
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Architecture Identity Services Copyright © 2008 Parity. Made available under EPL 1.0 Identity Selectors Identity Attribute Service Identity Providers Relying Parties Client Apps, Web Services, Web apps Identity Services Identity Providers Identity Selectors Identity Selectors
  • Architecture Extensible Identity Services Copyright © 2008 Parity. Made available under EPL 1.0 CardSpace Protocol Provider-Plugins Implement RP protocols OpenID Managed I-Card Provider-Plugins Implement card types Personal SAML X509 Relationship Kerberos Token Provider-Plugins Implement security tokens UN/PW Idemix Plug-ins Identity Services Login (un/pw) Key: Beyond Higgins 1.0 Higgins 1.0
  • Architecture Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 Identity Selectors Identity Attribute Service Identity Providers Relying Parties Client Apps, Web Services, Web apps Identity Services Identity Providers Identity Selectors Identity Selectors
  • Architecture Extensible Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 Identity Attribute Service (IdAS) LDAP XML File IdAS Context Providers-Plugins Connect to existing data sources RDF Google Contacts Others… Plug-ins Key: Beyond Higgins 1.0 Higgins 1.0
  • Identity Attribute Service
    • The Context Data Model is implemented by Identity Attribute Service
    • Contexts may be accessed using IdAS may employ a variety of authentication approaches
    • The contained Entities may be inspected, navigated and or modified based on authorization policy of the Context
    • IdAS is extended by Context Providers (plugins)
    • Context Providers map existing data sources into the Higgins Context Data Model
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Identity Attribute Service Context Data Model (CDM)
    • Data sources are called Contexts
      • E.g. enterprise directories, social networks, RDF repositories
    • Contexts contain objects called Entities
      • Entities represent people, organizations, etc.
    • Entities have Attributes ; Attributes have values
    • The core semantics of the model are based on RDF & OWL
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Identity Attribute Service CDM extends RDF
    • Globally linked data
      • Higgins uses UDIs not just HTTP URIs
      • Some EntityId UDI ids may be globally resolved into a global object graph
    • Supports protocols beyond HTTP
      • Uses XRDS discovery of UDI endpoint metadata, including protocol for data access
    • Read and write access
      • Access Control management & enforcement
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Architecture Interoperability Points Copyright © 2008 Parity. Made available under EPL 1.0 Identity Selectors Identity Attribute Service Identity Providers Relying Parties Client Apps, Web Services, Web apps Identity Services Identity Providers Identity Selectors Identity Selectors
  • Interoperability Event Participants RSA 2008 Copyright © 2008 Parity. Made available under EPL 1.0
  • Interoperability Event Participants RSA 2008 Copyright © 2008 Parity. Made available under EPL 1.0
  • Section Two: Higgins 1.1 June 2009 Copyright © 2008 Parity. Made available under EPL 1.0
  • AIR-Based Selector
    • Based on Adobe AIR
      • Integrates with Firefox, IE, and Safari
      • Runs on Windows, OSX and soon Linux
      • More secure
    • Replaces the Firefox-embedded selector
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Identity Attribute Service Access Control Enhancements
    • Policy query API
    • Policy management API
    • Policy semantics modeled directly as Policy Entities and attributes
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Identity Attribute Service New Context Providers
    • Google Contacts
    • Open Social
    • Facebook F8
    • Wrappers for various ID-WSF services (maybe)
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Identity Attribute Service XDI Protocol Support
    • XDI Engine provides a new binding for the IdAS Service
      • Allows any/all attribute data managed by IdAS to be exposed as an XDI data service
    • XDI Context Provider
      • Allows IdAS to read/write XDI-native data sources
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Relationship Cards Relationship Card What you and Best Buy say about you Copyright © 2008 Parity. Made available under EPL 1.0
  • Relationship Cards Human Friendly Data References
    • Card holds a UDI (URI) reference:
      • A ContextId that identifies a data source, and
      • A local EntityId object within the context
    • See http://parity.com/udi
    Copyright © 2008 Parity. Made available under EPL 1.0 Data object (called an Entity )
  • Relationship Cards Data Location and Authority
    • Best Buy issued card
    • Entity is stored in Best Buy’s data center
    • Best Buy is authoritative over some attributes
    • You are authoritative over some attributes (e.g. street address)
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Relationship Cards Data Model
    • The Entity is described by the Higgins Context Data Model
    • Can be accessed using the Identity Attribute Service
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Other New Card Types
    • Username/Password Card
      • To log in to traditional un/pw sites
    • SAML Card (aka S-card) [maybe]
      • Uses SAML protocol to retrieve token
    • Idemix card (aka Z-card) [maybe]
      • Support for a new privacy-enhancing token type based on zero-knowledge proofs
      • Improved support for selective disclosure
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Selector as an OpenID Service OpenID Provider Identity Provider Relying Website I-Card Web Service Token Service Browser Browser Extension Identity Selector Internet Key: Generic Technology Higgins Components RP Libraries Selector Selector OpenID 2.0 OP with associated Higgins Selector Service User
  • ID-WSF Support (maybe)
    • There have been some recent, focused discussions on the integration of Higgins and ID-WSF
    • Higgins I-Card Service could implement:
      • ID-WSF Discovery Service
      • ID-WSF Authentication Service (I think)
    • Higgins Context Providers would be written for various ID-WSF services
    • Integration with R-Cards and XRDS
    • Would rely on the OpenLiberty.org code base
    Copyright © 2008 Parity. Made available under EPL 1.0
  • IdAS Client Component (maybe) Higgins Identity Selector Local App Higgins I-Card Service Banking Site eCommerce or Community Site SAML Enterprise Directory Social Network Site Social Networks RDF Semantic Web Repository Social Network Site STS IdP RP STS IdP RP SAML2 IdP I dAS Client LDAP Server Linked Data Server OpenSocial OpenID Provider I dAS Client IdAS Client Other Local Apps & Bots IdAS Client Internet Extension Browser Key: K ey: O ther… R DF O pen Social L DAP Enterprise Directories Enterprise Directories Enterprise Directories Social Networks Linked Data Linked Data Linked Data Higgins 1.0 H iggins X.X 3 rd Party I dAS RDF Data Source LDAP Directory Browser Computer or mobile device LDAP Identity Providers Web apps CP XDI Service XDI4J Selector Selector RDF CP Personal Data Services Web 2.0 and Enterprise Apps Higgins Extension Data Contexts Identity Attribute Service
  • Section Three: Beyond Higgins 1.1 Mobile Higgins Higgins project is seeking project funding and/or contributions to develop a Higgins selector for mobile platforms Copyright © 2008 Parity. Made available under EPL 1.0
  • Target Platforms
    • Symbian
    • RIM
    • Windows Mobile 6
    • iPhone
    • Android
    • Etc.
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Project Co-leads http://higgins-project.org Paul Trevithick Mary Ruddy [email_address] [email_address] +1.617.513.7924 +1.617.290.8591 Copyright © 2008 Parity. Made available under EPL 1.0
  • Appendix Original Project Goals Copyright © 2008 Parity. Made available under EPL 1.0
  • Goals: 1 of 5
    • Provide a consistent user experience based on card icons for the management and release of identity data
    • This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems
    • See Higgins 1.0 Identity Selector
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Goals: 2 of 5
    • Empower users with more convenience and control over personal information distributed across external information silos
    • Provide a single point of control over multiple identities, preferences and relationships
    • See Higgins 1.0 Identity Selector
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Goals: 3 of 5
    • Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources
    • See Higgins 1.0 Framework
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Goals: 4 of 5
    • Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework
    • See Higgins 1.0 Identity Attribute Service and Context Providers (plugins)
    Copyright © 2008 Parity. Made available under EPL 1.0
  • Goals: 5 of 5
    • Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries
    • It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles
    • See Higgins 1.0 Context Data Model (CDM)
    Copyright © 2008 Parity. Made available under EPL 1.0