1

Higgins

Higgins1: a species of Tasmanian long-tailed mouse

2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

Eclipse Higgins Project

Mission: Higgins is an open source Internet identity

framework designed to integrate identity, profile, and social relationship information across multiple sites, applications, and devices.

Higgins is not a protocol, it is software infrastructure to support a consistent user experience that works with all popular digital identity protocols, including WS-Trust, OpenID, SAML, XDI, LDAP, and so on

2

3

Features

Higgins features are packaged into seven Solutions in three categories Identity Selector Applications Identity ProvidersRelying Party Enablement

4

Components and Solutions

Higgins uses the term component to refer to a logical set of Eclipse projects. Components are assembled into entire solutions. Most of these components expose their own API (the exceptions are multiple plugins all supporting the same provider API)

Various components have been used by Novell in their “Digital Me” product and Identity Provider product. IBM has announced that they will deliver commercial products based on Higgins components

Oracle is considering using the IdAS API for their Identity Governance Framework project at Open Liberty, which is affiliated with the Liberty Alliance Organization

Serena has released a commercial solution called Serena

Business Mashups that uses the Higgins STS

5

Architectural Features

The Higgins architecture has evolved very rapidly and over multiple years

Whereas we are adding new layers and functional capabilities, the basic architecture has been stable for at least one year

There are multiple plug-ins in the java architecture: Data stores are adapted by “context provider” plug-ins New security token types are provided by plug-ins New relying party security languages can be plugged in Persistence of i-card objects is managed by “i-card

provider” plug-ins

6

Key Standards Used

WS-Security WS-Trust WS-Federation SAML Assertion 1.1 and SAML2 protocol XRI 2.0 XML Canonicalization, Digital Signature, and Ecryption LDAP OWL and RDF XRI XRDS

The Higgins data model and Identity Interchange Framework (X.IDIF) are being proposed for adoption by the ITU-T (The International Telecommunications Union’s Standards Sector)

7

Communities

Higgins has attracted and build an activity community with contributions from Parity, IBM, Novell, Google…with additional involvement from Microsoft, CA, Serena, Oracle, etc.

Committers - Higgins has 22 committers (three were just approved during the release process)

Contributions were also made by other members of the community

8

Em

ail

or IM

Comm

uniti

es

of In

tere

st

WebsitesBuddy ListsEnterprise

Apps

Virtual

Spaces

• Healthcare System• Corporate Directories

• eCommerce (e.g. Amazon, eBay)• Social Networking (e.g. LinkedIn) • Book club

• Family

• Professional networks• Dating networks

You

Multiple digital identities…

• Second Life• Croquet• WOW

9

Em

ail

or IM

Comm

uniti

es

of In

tere

st

WebsitesBuddy ListsEnterprise

Apps

Virtual

Spaces

• Healthcare System• Corporate Directories

• eCommerce (e.g. Amazon, eBay)• Social Networking (e.g. LinkedIn)

• Book club• Family

• Professional networks• Dating networks

You

…each in its own context (silo)

• Second Life• Croquet• WOW

10

A better way…

11

Introducing i-cards

I create (personal) I define a few personas Business “me”, web surfing “me”, dating

“me”

Others create (managed) Credit cards Membership, reputation in community 3D avatar (virtual identity) Governments (drivers license)

I co-create with others (relationship) My preferences, interests within community Might include shopping history and wishlists

12

You use them to

Sign-in to sites Exchange with friends; stay in sync Increase convenience and privacy (e.g. far

fewer passwords) Project my values, interests, preferences to

sites Support worthwhile causes Get introductions and offers that I find relevant

and compelling

Here’s how it works…

13

First, I need an identity agentI get one from any site that uses i-cards…

1. I download the Higgins browser add-on

2. Restart my browser

3. The wizard walks me through setting up my web “surfing” persona i-card

…That’s it.

14

Now I can sign in to sitesWithout passwords at each site

i-cards (digital “me”s) are displayed in my browser or mobile device

Click on a card

I-Card Selector User Interface

16

Higgins is an interoperability framework

Higgins FrameworkHiggins Framework

Plug-insPlug-ins

Higgins Browser

Extension

Higgins Browser

Extension

Eclipse RCP Apps

Eclipse RCP Apps

Identity ProvidersIdentity

ProvidersApps and ServicesApps and Services

CardSpace

CardSpace

Protocol Providers implement protocols for interacting with Relying

Parties

Protocol Providers implement protocols for interacting with Relying

Parties

OpenIDOpenID

CardSpace Managed (WS-

Trust)

CardSpace Managed (WS-

Trust)

RSS SSERSS SSE

I-Card Providers implement identity protocols

and card types

I-Card Providers implement identity protocols

and card types

CardSpace PersonalCardSpace Personal

SAMLSAML X509X509

Higgins Relationship

Higgins Relationship

KerberosKerberos

JNDI / LDAPJNDI / LDAP

Enterprise Apps

Enterprise Apps

Token Providers implement different kinds of security tokens

Token Providers implement different kinds of security tokens

IdAS Context Providers connect to different identity data sources

IdAS Context Providers connect to different identity data sources

HTML FormsHTML Forms

UN/PSUN/PS IdemixIdemix

RDF/OWLRDF/OWL Active Directory

Active Directory

Comms ClientsComms Clients

Relying PartiesRelying Parties

17

Higgins delivers

A consistent user experience based on i-cards Any identity protocol Any token data type Any kind of identity data Any identity data source Any platform