IBM and Novell are joining forces on an open-source security project that promises to deliver identity-management technologies that will compete directly with Microsoft's forthcoming InfoCard technology.
Project Higgins, which also includes input from e-commerce startup Parity Communications and Harvard Law School's Berkman Center for Internet & Society, employs what the companies are calling "social commerce" for managing online personal information, such as bank accounts, credit-card numbers, and medical records.
As proposed, the technology would let users control the personal information that is shared with sites that employ the software. The project is managed by the Eclipse Foundation.
Controlling Online Security
As an open-source effort, Project Higgins will support Linux, Windows, other operating systems, and most available identity-management systems. The idea is to construct an open and accessible software framework that will foster better security online.
Higgins separates a person's identity into manageable pieces or services. Organizations using applications built with Higgins tools can share specific identity information, such as a phone number or buying preferences, according to rules established by the individual or by an authorized third-party service provider.
As with most Web services, companies can build support for Higgins in their own commerce applications, Web sites, and other online services.
The project arrives on the heels of Microsoft's launch of the InfoCard electronic-wallet technology, which will be featured in Vista and a forthcoming upgrade of the Internet Explorer Web browser. Microsoft claims InfoCard will give users greater control over the personal information they divulge when conducting transactions online.
When just browsing the Internet, for instance, the InfoCard would contain very little personal information. The card would contain a little more information for tasks such as reserving hotel rooms or rental cars. For the most sensitive tasks, like online banking, the card would contain financial information or a Social Security number.
Higgins would do much the same thing as InfoCard, enabling users to change their contact information across all their online accounts or determine who can see what elements of their medical records.
"This project, like the InfoCard concept, represents a more sophisticated approach to identity management and is similar to work being done by the open-source Liberty Alliance and the Shibboleth project," said Yankee Group senior analyst Andrew Jaquith.
The Liberty Alliance is an identity-management consortium formed as a result of concerns over Microsoft's original Passport effort. It includes Sun Microsystems, Hewlett-Packard, Computer Associates, and Ericsson. The Liberty Alliance is creating specifications that will let users sign on to multiple networks by entering information -- such as a username and password -- only one time.
Jaquith suggested that, while choice might be a good thing for businesses looking to improve their security, the identity-management space might become overcrowded with so many new technologies. "With more people getting involved, identity management is getting more complicated instead of simpler," he said. "A single solution would simplify the process, and all of these offerings do the same things."
Still, IBM, Novell, and Parity contend that the open-source approach will draw other business participants that can help create a stronger product through their expertise. IBM plans to incorporate Higgins technology in its Tivoli identity-management software.
"There could be demand for the technology developed through Higgins, because there are those enterprises that have no interest in adopting a Microsoft solution and want a viable alternative," said Jaquith.