Dedicated to improving interoperability in the identity management systems space, an IT industry consortium has been consulting with the province of British Columbia, among others, on how best to standardize, streamline, and increase the interoperability of various authentication systems.
The Concordia Project was spearheaded by the Liberty Alliance, the network identity open standards organization, but now functions as an independent operation, according to Jason Rouault, CTO of identity management software for HP.
He has been participating in the Concordia Project’s discussions between industry executives and experts that have taken place at several of the large identity management conferences this year. Corporations that have representatives in the project include Oracle, Microsoft, Nortel, Intel, Sun, and the OpenID Foundation.
Rouault said, “To me, it’s important to make sure that there’s interoperability across the identity management space. Right now, there’s a lot of conflicting ideas, which stems from the different standards efforts that are often out of synch. What we really want is to get a pretty ubiquitous, interoperable privacy response layer for identities on the Internet. What we have now is a bunch of siloed identities, which is stymieing growth. To ensure greater productivity, we need interoperability—it’s the easiest way to bring them together.”
The group is currently concentrating on gathering use cases that will allow the Concordia Project to understand the issues companies are having with their identity management solutions. At the last gathering, several groups presented their quandaries, including AOL, Boeing, GM, and the province of British Columbia.
Rouault said that a lack of communication between companies has been the major stumbling block so far, but the Concordia Project is a great step toward interoperability because it allows vendors to lay out exactly what their products do. “Each might not know the expertise, background, or capabilities of the other products,” Rouault said. “All of them tackle the same problems, but from different angles.” Confusion about what different identity managers do has hampered uptake of the technology within the enterprise, according to Rouault.
Goals of the project include: tracking the requirements and strengths of each product; making the machinations of the identity systems transparent; and improving the user experience, and handling of session time-outs and log-offs. How to negotiate the business relations part of achieving interoperability is another task.
Roger Sullivan, president of Liberty Alliance’s management board and vice-president of Oracle’s identity management section, hopes to have a set of open standards by the end of the year, but Rouault thinks that the industry doesn’t need new standards to work better. He said, “We just need better profiles (of what the different products do), with deployment guidelines and best practices.”
Novell, meanwhile, announced last month the availability of an open-source information card selector that will allow users to manage their virtual identities across different platforms.
Ross Chevalier, CTO of Novell Canada, said, “the DigitalMeR information card selector is a re-recognition of the fact that people have way too many identities online.”
Novell already had some experience with online identity management through its earlier DigitalMe.com digital identity repository project, but the digital identity management capabilities of Windows Vista and, Chevalier predicts, Windows Server 2008, compelled Novell to pursue an open-source cross-platform product. It is included in openSUSER 10.2, and can be run, courtesy of a compiler, on Apple and other Linux systems.
The new product is similar to Microsoft’s CardSpace, which, said Chevalier, authenticates to the operating system to store your virtual identity cards. “It provides an ID selector, which is much more secure than having your browser remember them all,” he said. “But the drawback is that it only runs on Windows.”
Novell turned to its own Bandit Project—a group that works on open source identity services—to craft their own version. Said Chevalier: “The Bandit Project is the leader in continuing to develop an open source identity management framework. So we took code from the DigitalMe concept, and also made it available to the Eclipse Higgins Project so that (they could make it) not restricted to one operating system.”
The DigitalMe adds the digital identity repository. The Eclipse Higgins Project—an open source group that develops multi-platform identity frameworks—contributed the piece designed for a seamless Web experience. Chevalier said, “Programs usually have either a repository or automatic sign-on. For instance, with (Apple program) Keychain, you can’t feed Web applications. And with Gnome Keyring, it’s a great repository, but the Web aspect is not exactly intuitive.”
“People are not clamouring for this yet, but people are frustrated with the number of identities to manage. Now there won’t be an endless string of passwords,” said Chevalier.
According to Rouault, this is a valuable step. “This is an example of how you can be interoperable. What they (are) showing are some of the things we’re trying to accomplish,” he said.