Successfully reported this slideshow.
Higgins
1: A species of Tasmanian long-tailed mouse

2: An open source identity framework being
    developed at the Eclip...
Sections
1. Higgins 1.0
   – What we released in Feb 2008
2. Higgins 1.1
   – What we’re working on (or in some cases
    ...
Section One: Higgins 1.0
                           Released February 2008

         Commercial products based on Higgins
...
Higgins is an Identity
                      Framework
        Enables users and applications to
      integrate identity,...
End-users experience Higgins
        through the UI metaphor of
      Information Cards using an app
          called an I...
Today you go from site to site filling in
       forms and passwords
         Websites…




           Type, type, type. C...
Information Cards Put You in Control




Each card is a slice of the
digital you (or a friend of
yours) held in some data
...
Higgins Identity Selectors
                        Client Apps, Web Services, Web apps

                       Identity
  ...
How to Use I-Cards
• By clicking on a card you can log into
  sites. No more passwords
• You can share cards with friends ...
Identity Selector “Wallet”
             Click on a card to send it to a site




                                Click

  ...
Identity Selector
                              Card-based Sign-in
• Per-site passwords are eliminated
• Instead, the sele...
Identity Selector
                         Supported Card Types


                                   Managed
             ...
Identity Selectors
                    Three Flavors in Higgins 1.0

• Firefox-embedded Selector (Javascript)
   – For Fir...
Identity Selectors
              Cards and Tokens Flow
Cards are generated and                       Tokens containing cla...
Identity Selectors
              Cards and Tokens Flow
              Some Higgins Identity
            Selectors rely on a...
Identity Selector
                      Component View
                         I-Card
                          Web      ...
Identity Selector
          Selector Selector – Component View
 Higgins includes a        I-Card
                         ...
Architecture
                                  Identity Providers

                        Client Apps, Web Services, Web ...
Identity Providers
                      Component View
Higgins Token/IdP Service
                                      To...
Identity Providers
                                      Two Flavors
• WS-Trust Security Token Service / IdP
   – Java WS-...
Architecture
                              Relying Party Website

                        Client Apps, Web Services, Web a...
Relying Party Website
                    Component View
   Higgins RP Website
provides code to validate           Token
 ...
Relying Party Website
                         Multi-Protocol Support
• Multi-Protocol Relying Party Website
  Enablement
...
Architecture
                                    Identity Services

                        Client Apps, Web Services, Web...
Architecture
                               Extensible Identity Services

  Key:

    Higgins 1.0


     Beyond           ...
Architecture
                           Identity Attribute Service

                        Client Apps, Web Services, Web...
Architecture
                 Extensible Identity Attribute Service




                            Identity Attribute Ser...
Identity Attribute Service
• The Context Data Model is implemented by
  Identity Attribute Service
• Contexts may be acces...
Identity Attribute Service
                      Context Data Model (CDM)
• Data sources are called Contexts
   – E.g. ent...
Identity Attribute Service
                                CDM extends RDF
• Globally linked data
   – Higgins uses UDIs n...
Architecture
                              Interoperability Points

                        Client Apps, Web Services, Web...
Interoperability Event Participants
                                          RSA 2008




Copyright © 2008 Parity. Made a...
Interoperability Event Participants
                                          RSA 2008




Copyright © 2008 Parity. Made a...
Section Two: Higgins 1.1

                                        June 2009




Copyright © 2008 Parity. Made available un...
AIR-Based Selector
• Based on Adobe AIR
   – Integrates with Firefox, IE, and Safari
   – Runs on Windows, OSX and soon Li...
Identity Attribute Service
                    Access Control Enhancements


• Policy query API
• Policy management API
• ...
Identity Attribute Service
                              New Context Providers

•   Google Contacts
•   Open Social
•   Fa...
Identity Attribute Service
                             XDI Protocol Support

• XDI Engine provides a new binding for
  th...
Relationship Cards


                                   Relationship Card
                                   What you and ...
Relationship Cards
                Human Friendly Data References

                                                       ...
Relationship Cards
                        Data Location and Authority




•   Best Buy issued card
•   Entity is stored i...
Relationship Cards
                                       Data Model




• The Entity is described by the Higgins
  Contex...
Other New Card Types
• Username/Password Card
   – To log in to traditional un/pw sites
• SAML Card (aka S-card) [maybe]
 ...
Selector as an OpenID Service
OpenID 2.0 OP      OpenID
                                I-Card
                           ...
ID-WSF Support (maybe)
• There have been some recent, focused
  discussions on the integration of Higgins and
  ID-WSF
• H...
IdAS Client Component (maybe)




                                46
Section Three:
                  Beyond Higgins 1.1
                                   Mobile Higgins
             Higgins...
Target Platforms
•   Symbian
•   RIM
•   Windows Mobile 6
•   iPhone
•   Android
•   Etc.




    Copyright © 2008 Parity....
Project Co-leads
                     http://higgins-project.org




      Paul Trevithick                                ...
Appendix
                            Original Project Goals




Copyright © 2008 Parity. Made available under EPL 1.0   50
Goals: 1 of 5
• Provide a consistent user experience
  based on card icons for the management
  and release of identity da...
Goals: 2 of 5
• Empower users with more convenience
  and control over personal information
  distributed across external ...
Goals: 3 of 5
• Provide an API and data model for the
  virtual integration and federation of
  identity and security info...
Goals: 4 of 5
• Provide plug-in adapters to enable
  existing data sources including
  directories, communications systems...
Goals: 5 of 5
• Provide a social relationship data
  integration framework that enables these
  relationships to be persis...
Upcoming SlideShare
Loading in …5
×

Higgins Overview 2008 [Compatibility Mode]

567 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Higgins Overview 2008 [Compatibility Mode]

  1. 1. Higgins 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation
  2. 2. Sections 1. Higgins 1.0 – What we released in Feb 2008 2. Higgins 1.1 – What we’re working on (or in some cases just thinking about) for June 2009 3. Beyond Higgins 1.1 Copyright © 2008 Parity. Made available under EPL 1.0 2
  3. 3. Section One: Higgins 1.0 Released February 2008 Commercial products based on Higgins 1.0 have been announced by Novell, Serena, Computer Associates and IBM Copyright © 2008 Parity. Made available under EPL 1.0 3
  4. 4. Higgins is an Identity Framework Enables users and applications to integrate identity, profile, and social relationship information across multiple data sources and protocols. Copyright © 2008 Parity. Made available under EPL 1.0 4
  5. 5. End-users experience Higgins through the UI metaphor of Information Cards using an app called an Identity Selector Information Cards and selectors are just tip of the iceberg of what can be done with Higgins, but it’s a place to start… Copyright © 2008 Parity. Made available under EPL 1.0 5
  6. 6. Today you go from site to site filling in forms and passwords Websites… Type, type, type. Click, click. Here a password, there a password. Everywhere a password. Here a form, there a form, ... Copyright © 2008 Parity. Made available under EPL 1.0 6
  7. 7. Information Cards Put You in Control Each card is a slice of the digital you (or a friend of yours) held in some data silo. Any kind of information: your preferences, favorite songs, employee id numbers, This wallet-like thing is drivers licenses, affiliations, an app called an your health plan id, ...you Identity Selector get the idea, can be accessed using a card. Copyright © 2008 Parity. Made available under EPL 1.0 7
  8. 8. Higgins Identity Selectors Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 8
  9. 9. How to Use I-Cards • By clicking on a card you can log into sites. No more passwords • You can share cards with friends and businesses you trust • Some [relationship] cards create permanent connections to your friends, communities and businesses 9
  10. 10. Identity Selector “Wallet” Click on a card to send it to a site Click Higgins is interoperable with Microsoft CardSpace™ shown here Copyright © 2008 Parity. Made available under EPL 1.0 10
  11. 11. Identity Selector Card-based Sign-in • Per-site passwords are eliminated • Instead, the selector posts a security token that is validated by the relying site • Provides some anti-phishing protection Copyright © 2008 Parity. Made available under EPL 1.0 11
  12. 12. Identity Selector Supported Card Types Managed What some other entity says about you Personal What you say about you Copyright © 2008 Parity. Made available under EPL 1.0 12
  13. 13. Identity Selectors Three Flavors in Higgins 1.0 • Firefox-embedded Selector (Javascript) – For Firefox on Windows, Linux, and OSX – Uses hosted I-Card Service Component • GTK / Cocoa Selector (C++) – For Firefox on Linux, FreeBSD, and OSX – Available as DigitalMe™ from Novell • RCP Selector (Java) – For Eclipse RCP Application Copyright © 2008 Parity. Made available under EPL 1.0 13
  14. 14. Identity Selectors Cards and Tokens Flow Cards are generated and Tokens containing claim data downloaded from here. is requested and received here A local Token Service issues tokens as requested by Selector. Identity Selector Relying Party Website or App Browser Extension & Client App Identity Provider Cards are stored and selected here
  15. 15. Identity Selectors Cards and Tokens Flow Some Higgins Identity Selectors rely on a hosted I-Card Service component Identity Selector Relying Party Browser Extension & Client App Identity Provider
  16. 16. Identity Selector Component View I-Card Web Token Identity Relying Service Service Provider Website RP Libraries Internet Higgins Identity Selectors. Client apps for Browser Extension Selector Selector Windows, OSX Identity and Linux Browser Selector Key: Higgins Components Generic Technology User
  17. 17. Identity Selector Selector Selector – Component View Higgins includes a I-Card Web Token Identity Relying Higgins Selector Service Service Provider Website Selector component RP Libraries (Windows-only) Internet Provides an abstraction layer that decouples Browser Selector browser extensions Extension Selector from selectors. Browser Identity Key: Selector Higgins Components Generic Technology User
  18. 18. Architecture Identity Providers Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 18
  19. 19. Identity Providers Component View Higgins Token/IdP Service Token Identity Relying is used by the Identity Service Provider Website Provider website RP Libraries Internet Browser Selector Extension Selector Identity Browser Selector Key: Higgins Components Generic Technology User 19
  20. 20. Identity Providers Two Flavors • WS-Trust Security Token Service / IdP – Java WS-Trust Identity Provider – Web service – Sample web site • SAML2 IdP – Java SAML2 Identity Provider – Web service Copyright © 2008 Parity. Made available under EPL 1.0 20
  21. 21. Architecture Relying Party Website Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 21
  22. 22. Relying Party Website Component View Higgins RP Website provides code to validate Token Service Identity Provider Relying Website tokens from Identity RP Selectors Libraries Internet Browser Selector Extension Selector Identity Browser Selector Key: Higgins Components Generic Technology User 22
  23. 23. Relying Party Website Multi-Protocol Support • Multi-Protocol Relying Party Website Enablement – Information Card authentication – OpenID authentication Copyright © 2008 Parity. Made available under EPL 1.0 23
  24. 24. Architecture Identity Services Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 24
  25. 25. Architecture Extensible Identity Services Key: Higgins 1.0 Beyond Identity Services Higgins 1.0 Plug-ins Protocol Provider-Plugins CardSpace OpenID Implement RP protocols I-Card Provider-Plugins Managed Personal Relationship Login (un/pw) Implement card types Token Provider-Plugins SAML UN/PW Kerberos X509 Idemix Implement security tokens Copyright © 2008 Parity. Made available under EPL 1.0 25
  26. 26. Architecture Identity Attribute Service Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 26
  27. 27. Architecture Extensible Identity Attribute Service Identity Attribute Service (IdAS) Plug-ins Google LDAP XML File RDF Others… Contacts Key: IdAS Context Providers-Plugins Higgins 1.0 Connect to existing data sources Beyond Higgins 1.0 Copyright © 2008 Parity. Made available under EPL 1.0 27
  28. 28. Identity Attribute Service • The Context Data Model is implemented by Identity Attribute Service • Contexts may be accessed using IdAS may employ a variety of authentication approaches • The contained Entities may be inspected, navigated and or modified based on authorization policy of the Context • IdAS is extended by Context Providers (plugins) • Context Providers map existing data sources into the Higgins Context Data Model Copyright © 2008 Parity. Made available under EPL 1.0 28
  29. 29. Identity Attribute Service Context Data Model (CDM) • Data sources are called Contexts – E.g. enterprise directories, social networks, RDF repositories • Contexts contain objects called Entities – Entities represent people, organizations, etc. • Entities have Attributes; Attributes have values • The core semantics of the model are based on RDF & OWL Copyright © 2008 Parity. Made available under EPL 1.0 29
  30. 30. Identity Attribute Service CDM extends RDF • Globally linked data – Higgins uses UDIs not just HTTP URIs – Some EntityId UDI ids may be globally resolved into a global object graph • Supports protocols beyond HTTP – Uses XRDS discovery of UDI endpoint metadata, including protocol for data access • Read and write access – Access Control management & enforcement Copyright © 2008 Parity. Made available under EPL 1.0 30
  31. 31. Architecture Interoperability Points Client Apps, Web Services, Web apps Identity Identity Selectors Identity Identity Identity Relying Selectors Providers Selectors Providers Parties Identity Services Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 31
  32. 32. Interoperability Event Participants RSA 2008 Copyright © 2008 Parity. Made available under EPL 1.0 32
  33. 33. Interoperability Event Participants RSA 2008 Copyright © 2008 Parity. Made available under EPL 1.0 33
  34. 34. Section Two: Higgins 1.1 June 2009 Copyright © 2008 Parity. Made available under EPL 1.0 34
  35. 35. AIR-Based Selector • Based on Adobe AIR – Integrates with Firefox, IE, and Safari – Runs on Windows, OSX and soon Linux – More secure • Replaces the Firefox-embedded selector Copyright © 2008 Parity. Made available under EPL 1.0 35
  36. 36. Identity Attribute Service Access Control Enhancements • Policy query API • Policy management API • Policy semantics modeled directly as Policy Entities and attributes Copyright © 2008 Parity. Made available under EPL 1.0 36
  37. 37. Identity Attribute Service New Context Providers • Google Contacts • Open Social • Facebook F8 • Wrappers for various ID-WSF services (maybe) Copyright © 2008 Parity. Made available under EPL 1.0 37
  38. 38. Identity Attribute Service XDI Protocol Support • XDI Engine provides a new binding for the IdAS Service – Allows any/all attribute data managed by IdAS to be exposed as an XDI data service • XDI Context Provider – Allows IdAS to read/write XDI-native data sources Copyright © 2008 Parity. Made available under EPL 1.0 38
  39. 39. Relationship Cards Relationship Card What you and Best Buy say about you Copyright © 2008 Parity. Made available under EPL 1.0 39
  40. 40. Relationship Cards Human Friendly Data References Data object (called an Entity) • Card holds a UDI (URI) reference: – A ContextId that identifies a data source, and – A local EntityId object within the context • See http://parity.com/udi Copyright © 2008 Parity. Made available under EPL 1.0 40
  41. 41. Relationship Cards Data Location and Authority • Best Buy issued card • Entity is stored in Best Buy’s data center • Best Buy is authoritative over some attributes • You are authoritative over some attributes (e.g. street address) Copyright © 2008 Parity. Made available under EPL 1.0 41
  42. 42. Relationship Cards Data Model • The Entity is described by the Higgins Context Data Model • Can be accessed using the Identity Attribute Service Copyright © 2008 Parity. Made available under EPL 1.0 42
  43. 43. Other New Card Types • Username/Password Card – To log in to traditional un/pw sites • SAML Card (aka S-card) [maybe] – Uses SAML protocol to retrieve token • Idemix card (aka Z-card) [maybe] – Support for a new privacy-enhancing token type based on zero-knowledge proofs – Improved support for selective disclosure Copyright © 2008 Parity. Made available under EPL 1.0 43
  44. 44. Selector as an OpenID Service OpenID 2.0 OP OpenID I-Card Web Token Identity Relying with associated Provider Service Service Provider Website Higgins Selector RP Libraries Service Internet Browser Selector Extension Selector Identity Browser Selector Key: Higgins Components Generic Technology User 44
  45. 45. ID-WSF Support (maybe) • There have been some recent, focused discussions on the integration of Higgins and ID-WSF • Higgins I-Card Service could implement: – ID-WSF Discovery Service – ID-WSF Authentication Service (I think) • Higgins Context Providers would be written for various ID-WSF services • Integration with R-Cards and XRDS • Would rely on the OpenLiberty.org code base Copyright © 2008 Parity. Made available under EPL 1.0 45
  46. 46. IdAS Client Component (maybe) 46
  47. 47. Section Three: Beyond Higgins 1.1 Mobile Higgins Higgins project is seeking project funding and/or contributions to develop a Higgins selector for mobile platforms Copyright © 2008 Parity. Made available under EPL 1.0 47
  48. 48. Target Platforms • Symbian • RIM • Windows Mobile 6 • iPhone • Android • Etc. Copyright © 2008 Parity. Made available under EPL 1.0 48
  49. 49. Project Co-leads http://higgins-project.org Paul Trevithick Mary Ruddy paul@socialphysics.org mary@socialphysics.org +1.617.513.7924 +1.617.290.8591 Copyright © 2008 Parity. Made available under EPL 1.0 49
  50. 50. Appendix Original Project Goals Copyright © 2008 Parity. Made available under EPL 1.0 50
  51. 51. Goals: 1 of 5 • Provide a consistent user experience based on card icons for the management and release of identity data • This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 51
  52. 52. Goals: 2 of 5 • Empower users with more convenience and control over personal information distributed across external information silos • Provide a single point of control over multiple identities, preferences and relationships • See Higgins 1.0 Identity Selector Copyright © 2008 Parity. Made available under EPL 1.0 52
  53. 53. Goals: 3 of 5 • Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources • See Higgins 1.0 Framework Copyright © 2008 Parity. Made available under EPL 1.0 53
  54. 54. Goals: 4 of 5 • Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework • See Higgins 1.0 Identity Attribute Service and Context Providers (plugins) Copyright © 2008 Parity. Made available under EPL 1.0 54
  55. 55. Goals: 5 of 5 • Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries • It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles • See Higgins 1.0 Context Data Model (CDM) Copyright © 2008 Parity. Made available under EPL 1.0 55

×