Commentary by Mark Wahl
Organizing principles for identity systems:
Higgins framework (2006/9/15)
The Digital ID World conference this week included a presentation by Anthony Nadalin (IBM), Dale Olds (Novell) and Paul Trevithick (Social Physics) on the Higgins Project titled On The Long Tailed Mouse Called Higgins: Identity And The Eclipse Project.
John Fontana, Senior Editor, Infrastructure for Network World magazine, wrote in his article Higgins lays out roadmap for open source identity project that
The Higgins group plans to release a middleware piece called the Identity Attribute Service that acts as a layer on top of identity repositories such as directories or applications. It can aggregate data from multiple sources in real-time and bundle them into a single identity credential. The idea is to link to data without having to move it around the network.
There are several ways of looking at these APIs. One is that they are conceptually similar to APIs such as Active Directory Service Interfaces (ADSI) or Java Naming and Directory Interface (JNDI), in that they provide an abstraction to enable an application to be independent of the API of a lower layer access protocol. In this view, Higgins would offer a higher level abstraction as well as a different set of supported protocols: OpenID, WS-Trust and LDAP instead of Novell Netware, NIS and LDAP. As with these earlier APIs, challenges to be faced will include:
- How should applications make use of features available from one or more of the underlying protocol modules that are outside of the least common denominator feature set?
- How to isolate applications from the data models of both the range of underlying protocol modules as well as the intranet and Internet services on which these protocol modules will rely?