February 26, 2006 9:00 PM PST

Microsoft's InfoCard draws open-source response

Related Stories

Ending Microsoft's identity crisis

February 16, 2006

Gates: End to passwords in sight

February 14, 2006

Microsoft to flash Windows ID cards

May 18, 2005
IBM and Novell on Monday are expected to announce an open-source response to Microsoft's forthcoming InfoCard identity management technology.

The companies plan to contribute to an open-source initiative code-named Higgins Project. The project aims to help people manage their plethora of Internet logins and passwords by integrating identity, profile and relationship information used across authentication systems on the Net.

The initiative also includes the Berkman Center for Internet & Society at Harvard Law School and Parity Communications, a company developing "social commerce" software that has been operating in stealth mode.

The open-source project, managed by the Eclipse Foundation, is a response to Microsoft's InfoCard identity management technology, Anthony Nadalin, distinguished engineer and chief security architect at IBM, said in an interview.

"This is a move to help get identity management out in the open source. InfoCard is one user-centric identity system...but the implementation Microsoft has is not what I would call open," he said. "There are a lot of hidden elements." One example, he said, is how it interacts with Active Directory, Microsoft's identity management technology for businesses.

"I think we are really going to see the identity big bang--a whole wave of social and identity-aware applications that are suddenly becoming possible."
--Kim Cameron, identity architect, Microsoft

Microsoft has described InfoCard as a technology that gives people a single place to manage authentication and payment information, in the same way a wallet holds multiple credit cards. An InfoCard client on a PC will connect with Web sites that need information for authentication or transactions.

Yet, the Higgins Project is more than a rival to InfoCard, Nadalin said. "We are not here to create another identity system; we are here to aggregate the existing systems," he said. "We have invited Microsoft to participate...and we will continue to work with Microsoft to integrate with InfoCard. We think that has to happen."

The Higgins Project will complement InfoCard in providing client software for operating systems other than Windows, Nadalin said. Also, it will make existing identity management products, such as IBM's Tivoli software, work with InfoCard, he said. IBM is expected to support Higgins in its products sometime next year.

"Microsoft would be left out in the cold without Higgins; it allows Microsoft to participate in non-Windows environments," Nadalin said "Customers want choice. They end up voting with their pocket book. They don't want to be locked in."

The Higgins Project looks to be a step forward in solving the problem surrounding online identities, said Kim Cameron, identity architect at Microsoft. "From what I've seen, this is a very positive development," he said. "I think we are really going to see the identity big bang--a whole wave of social and identity-aware applications that are suddenly becoming possible."

But while Nadalin may have his mind set on where the Higgins Project is headed, nothing is set in stone, said Burton Group analyst Mike Neuenschwander. "It is open source; it is hard to tell exactly where it will head," he said.

There are other efforts to integrate identity information. But with IBM and Novell, the Higgins Project has attracted big-name support, Neuenschwander said.

"Everybody wants to be that central hub that integrates everybody else's stuff," he said. "Higgins is significant in that IBM and Novell have stepped up to say they are going to develop their client software under that project."

Neuenschwander doesn't expect to see anything tangible come out of the Higgins Project until at least the end of the year. "Then we can see with greater certainty where they are headed," he said. "Microsoft has made it much further down the road with InfoCard."

Microsoft plans to deliver InfoCard by the end of this year as part of Windows Vista, the next version of its flagship operating system. InfoCard will also be available for Windows XP, Microsoft has said.

See more CNET content tagged:
Microsoft Windows CardSpace, identity management, identity, Novell Inc., open source

5 comments

Join the conversation!
Add your comment
Higgins is no better than Passport.
Both want me to trust that some external operation can be trusted
with my passwords and my financial data. This is little more that
blessed spyware. Sorry guys. I can't trust Microsoft. And I'm not
about to trust anyone else. It's my job to keep my computer
operations secure, and I don't accept anyone's ideas of 'making it
easier' as an excuse for a bad idea.
Posted by Earl Benser (4310 comments )
Reply Link Flag
I think it's decentralized...
I'm still trying to figure all these systems out, but I think the idea with both InfoCard and Higgins is that it's a framework and there can be lots of different servers, unlike Passport which had only Microsoft's.
Posted by (54 comments )
Link Flag
Slight misunderstanding...
Both Higgins and InfoCard are different from
passport in that rather than having a
third-party store and validate the identity
tokens, the interaction is direct with the
authenticating party.

The credit card analogy is pretty apt. In that
the holder has three tokens - the encoded data
on the card, the data checksum digits, and a pin
code - which they can present to a third party
to perform a transaction. The third party
presents the tokens to the issuer in exchange
for a guarantee of payment which is granted or
denied.

Same thing here. Basically, you'd have your
issuer-created credentials along with the issuer
info (namespace), and your own personal code,
etc. The principle differences here would be
that the codes can be of arbitrary length, PINs
can be replaced with large cryptographic keys
(public/private), etc. and it would be
integrated with whatever software would want to
make use of it.

It's a glorified cross-between kwalletmanager
and GPG -- nothing at all like Passport.

The thing I'd like to see is to see it
standardize storing the cryptographic "wallet"
on a thumbdrive by default, and to have a
protocol for using your credentials to obtain
transient single-transaction credentials.
Posted by Zymurgist (397 comments )
Link Flag
There must be one standard otherwise the web is doomed
If Microsoft wins this, its the worst nightmare for the future of the web. Identity management is so important that its essential that there will be one standard supported by all players. Otherewise the web will be divided and walled.

Users will go only to website supported by their identity management standard.

IBM seemes more flexible, they say Higgins will support Microsoft and any other standard and make them compatible.

Linkadelic Magazine
<a class="jive-link-external" href="http://www.comagaz.com/webmagazine/" target="_newWindow">http://www.comagaz.com/webmagazine/</a>
Posted by nbdr (7 comments )
Reply Link Flag
There must be one standard otherwise the web is doomed
If Microsoft wins this, its the worst nightmare for the future of the web. Identity management is so important that its essential that there will be one standard supported by all players. Otherewise the web will be divided and walled.

Users will go only to website supported by their identity management standard.

IBM seemes more flexible, they say Higgins will support Microsoft and any other standard and make them compatible.

Linkadelic Magazine
<a class="jive-link-external" href="http://www.comagaz.com/webmagazine/" target="_newWindow">http://www.comagaz.com/webmagazine/</a>
Posted by nbdr (7 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.