IBM on Monday announced a new open-source initiative meant to boost security and give consumers more control over their personal online identity information.
Code-named “Project Higgins,” the initiative is a collaborative effort by Big Blue, Novell andParity Communications to develop security software for user-centric identity management. It is based on a concept developed by Harvard Law School’s Berkman Center for Internet and Society and is similar to Microsoft’s planned InfoCard.
Open, Accessible Framework
“To move online security to the next level, there has to be fundamental resolve among consumers, government and business to quickly adopt a system where [individuals have] more control over how information about them is managed and shared,” said John Clippinger, senior fellow for the Berkman Center.
“Our aim is to construct an open and widely accessible software framework that puts the individual at the center of the identity management universe. With this framework in place, it will be easier for society to begin the migration to more secure online environments, where trusted networks can not only be easily formed, but effectively enforced. In the end, security is not just technological, but social.”
Last year, the Federal Trade Commission received more than a quarter of a million complaints related to personal identity information being stolen or misused over the Internet, according to IBM. As a result, more companies are focusing on how consumers can better manage and control that information themselves.
Taking Responsibility
The Internet was not really designed with identity protection in mind, so people are responsible for making sure all of their scattered, fragmented information is accurate and protected, according to Clippinger.
“To give consumers power over what their information is and how it’s used and how it’s being protected — part of that is then creating almost a marketplace of … information providers or brokers that can act on their behalf,” he said.
“It’s a dual responsibility,” Clippinger explained. “It’s not just people doing this all by themselves but saying they’re really the parties that have the vested interest in getting it right.”
Higgins breaks up an individual’s identity into pieces — or services — and lets consumers dictate who can access various parts of their identity information. It allows them to change an address across all their online accounts with a single keystroke or change a password across online banking and brokerage accounts, according to IBM.
For example, a person can grant his insurance company broad access to his personal information and medical records but limit the amount of data his cable company can view. This allows businesses to create new channels of communication with customers.
Organizations using applications built with Higgins open-source tools can share specific identity information about customers, such as their telephone number or buying preferences, based on rules set by the customers themselves or by an authorized third-party service provider on their behalf.
“End-users [now can] actively control information and the problems surrounding it, so the end-user will be better off,” Nataraj Nagaratnam, chief architect for identity management at IBM, told LinuxInsider. “The obligation is on the people who have [control of] the information. I can decide who I trust to be the authoritative business source, so it gives me a good feeling.”
Staying Friendly With Microsoft
As with Web Services, companies will be able to build support for Higgins into their applications, Web sites and service offerings. It will support computers running Linux, Windows or any other operating system, and it will support any identity management system, including Microsoft’s InfoCard, Nagaratnam said.
Microsoft plans to deliver InfoCard by the end of 2006 as part of Windows Vista, the next version of its flagship operating system.
Higgins, meanwhile, is a software framework that is much more open and transparent than Microsoft’s offering, according to Clippinger. “This is what’s really neat about the notion of open security,” he said. “Sort of a contradiction — but, in fact, it’s the way you achieve it because you create transparency.”
Right now, it is too soon to determine which system will be better, because neither has shipped yet, but it seems they are headed in the same direction, Mike Neuenschwander, research director at Burton Group research and analysis firm, told LinuxInsider.
Ultimately, IBM and Microsoft want to remain friendly and therefore are playing down the competitive angle for now, Neuenschwander said.
“IBM’s more interested in enterprise use, but that’s because Microsoft has a more obvious path to the consumer,” he pointed out. “They’re just saying, ‘We’re doing something amazing. Don’t look at the politics behind the scenes. They’re trying to reduce the [feeling] that this is IBM’s alternative to InfoCard — but, ultimately, it will become an InfoCard with a difference.'”