Higgins 1.0: Identity Management Solutions from the Eclipse Foundation

by R.J. Lorimer on Feb 28, 2008 |

Identity management for networked and distributed applications continues to present several unique challenges for users and developers. Protocols such as OpenID and WS-Trust have emerged as distributed identification protocols to help enable a more globally available authentication scheme.

Earlier this month, the Eclipse Foundation announced the release of Higgins 1.0. Higgins is a suite of identity management solutions from the Eclipse foundation, created with the intent of simplifying and adding consistency to online authentication. The software infrastructure provided by Higgins is specifically targeted at providing a consistent interaction for users with multiple authentication protocols:

Higgins is not another identity protocol like OpenID, SAML, or WS-Trust; it is a framework that allows software developers to integrate and leverage multiple protocols within their applications. Specific identity protocols, like OpenID, which is very important for solving password management for things like blog, wikis, etc., are popular with specific users for specific use cases; however, the Project Higgins community believes there will continue to be multiple identity protocols used to support differing identity scenarios. Instead of requiring a developer to become proficient in all protocols, they can now use Higgins to gain support for them all.

Higgins is built around the concept of information cards, which are simply visual representations of a digital identity. The various components of Higgins are centered around helping end users interact with information cards, as well as enabling developers to support identity cards as a form of authentication in their respective applications.

There are three components provided by Higgins for enabling information-card authentication:

First, it provides multi-platform “identity selector” applications that end-users can use to sign-in to web sites and systems that are compatible with the emerging user-centric “Information Card”-based (or “i-card”-based) approach to authentication. This approach promises people fewer passwords, more convenience, and better security.

Current end-user solutions available include:

A GTK/Cocoa selector, which includes a Firefox extension to launch the selection interface when a website requests i-card authentication.
An Eclipse RCP-based desktop application which supports integration with Internet Explorer 7 to prompt for i-card selection on website request.
A distributed, embedded Firefox-plugin-based selector -Where-as the first two solutions provide a local registry and selection service for managing information cards, this solution is an early representation of using a remote server to act as a distributed card registry.

Second, it provides complete “identity provider” web services as well as the “relying party” code necessary to enable websites and systems to be information card- and OpenID-compatible. Software developers can incorporate this "relying party” code into their applications to make it easier for their users to login to their site. There are currently two web-site developer solutions available:

STS IdP - An identity provider solution utilizing WS-Trust.
SAML2 IdP -An identity provider solution utilizing SAML2

Third, it implements the Higgins Global Graph (HGG) data model and the Higgins Identity Attribute Service (IdAS). Developers now have a framework that provides an interoperability and portability abstraction layer over existing “silos” of identity data. For the first time, IdAS makes it possible to “mash-up” identity and social network data across highly heterogeneous data sources including directories, relational databases, and social networks.

The HGG/IdAS layer of Higgins offers integration opportunities between several identification protocols such as OpenID, WS-Trust, SAML, and LDAP.

Higgins has received industry support from several companies that provide identity-management solutions including: IBM, Microsoft, and Novell.
Microsoft authored a similar technology to Higgins information cards with Windows CardSpace (initially released in 2006); Higgins identity selector solutions are compatible with CardSpace-enabled applications.

At the Eclipse project page, more information is available regarding Higgins identity solutions, and downloads are available for Higgins 1.0 solutions and components.

Related Editorial

Cloud Identity Buyer’s Guide: Managing Identity in the Cloud

APM Survival Guide from a Veteran Performance Geek

Getting Ahead in the Cloud: The Need for Better Identity and Access Controls

Identity in the Cloud: Use the Cloud without Compromising Enterprise Security

Impact of Java EE Frameworks on the Structural Quality of Applications

Hello stranger!

You need to Register an InfoQ account or to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Community comments

Higgins by Danny Fame Posted

Higgins by Danny Fame

Openid have great support from google. Higgins is another great ID management solution which need greater support from our internet giant search engine. Hopefully higgins will be widely used.

Danny - meteko