| [higgins-dev] FW: Eclipse Foundation News Coverage January 30, 2007 |
|
All,
I
thought that you might be interested in seeing this. Our PR firm creates a
weekly digest of press articles on Eclipse. This week is about 80% Higgins.
Congratulations!
January 30 "Higgins, Bandit and Microsoft: Open Source for Tight Privacy" LinuxInsider Also appeared in: TechNewsWorld, http://www.technewsworld.com/rsstory/55444.html January 29 "Vendors Begin Plugging Products for RSA Show" eWeek http://www.eweek.com/article2/0,1759,2088549,00.asp "Users See Potential in Lotus Apps, but Rollouts May Wait" Computerworld "Open-source identity projects connect with Microsoft" CNET http://news.com.com/Open-source+identity+projects+connect+with+Microsoft/2100-1029_3-6154094.html Also appeared in: ZDNet, http://news.zdnet.com/2100-1009_22-6154094.html Silicon.com, http://software.silicon.com/security/0,39024655,39165492,00.htm "Interesting developments in open source user-centric identity" IT-Director http://www.it-director.com/blogs/MWD/2007/1/interesting_developments_in_open_s_.html "Novell's Identity 'Bandit' in Cahoots with Microsoft" Internetnews http://www.internetnews.com/dev-news/article.php/3656636 Also appeared in: DevX,
http://www.devxnews.com/article.php/3656636 Enterprising Network Planet, http://www.enterprisenetworkingplanet.com/netsp/article.php/3656716 "Higgins: A ' "Open source projects to showcase identity integration" NetworkWorld http://www.networkworld.com/news/2007/012907-open-source-higgens-bandit-rsa.html] "Eclipse, Novell near 'Big Bang' for identity" InfoWorld http://www.infoworld.com/article/07/01/29/HNeclipsebandit_1.html Also appeared in: CSO Online as "Open
Source Novell, Eclipse Identity Services Project Hits Key
Milestone" http://www2.csoonline.com/blog_view.html?CID=28443 Also appeared in: LinuxWorld, http://www.linuxworld.com/news/2007/012907-rsa-eclipse-novell-near-big.html TechWorld, http://www.techworld.com/applications/news/index.cfm?newsID=7888&pagtype=samechan "Eclipse Launches Data Tools Platform" Application Development Trends http://www.adtmag.com/article.aspx?id=20108 "Eclipse Foundation and Novell Collaborate on Open Source ID-Services Integration" Application Development Trends http://www.adtmag.com/article.aspx?id=20107 January 28 "IBM Touts Unified Comms Infrastructure For Partner Development" CRN http://www.crn.com/sections/special/reports/sellingsmb.jhtml?articleId=197001140 January 27 "IBM develops 'identity mixer'" BizReport http://www.bizreport.com/2007/01/ibm_develops_identity_mixer.html January 26 "IBM's Invisibility Cloak" Forbes "IBM tool makes online purchases anonymous" SearchSecurity.com http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1240857,00.html "IBM's 'Need to Know' Software" Dark http://www.darkreading.com/document.asp?doc_id=115639&WT.svl=news2_1 "Can open source lead to better identity?" ZDNet http://blogs.zdnet.com/open-source/?p=920 "Anonymous IBM" Internetnews http://www.internetnews.com/security/article.php/3656136 "IBM software hides consumer data trail" InfoWorld http://www.infoworld.com/article/07/01/26/HNibmdatapriv_1.html "New IBM Software Lets Consumers Shop Online Anonymously" InformationWeek http://www.informationweek.com/story/showArticle.jhtml?articleID=197000899&cid=RSSfeed_IWK_All "IBM Software Aims to Prevent Online Identity Theft" eWeek http://www.eweek.com/article2/0,1759,2087843,00.asp?kc=EWRSS03119TX1K0000594 "IBM Donates Privacy Code to Open Source Project" LinuxInsider http://www.linuxinsider.com/story/linux-security/55408.html "It's Jaw-Jaw and War-War for Java and NetBeans" The Register http://www.regdeveloper.co.uk/2007/01/26/eclipse_jcp_netbeans/ "Aperi stalled, dead even?" TechWorld http://www.techworld.com/storage/blogs/index.cfm?entryid=378&blogid=3 "Eclipse Project Higgins Demos Interoperability" ComputerWire January 24 "Eclipse Releases Data Tools Project 1.0" ComputerWire January 24, 2007 "Give Me openLiberty" Internetnews http://www.internetnews.com/dev-news/article.php/3655671 Also appeared in: DevX News, http://www.devxnews.com/article.php/3655671 January 23 "Eclipse Data Tools Platform offered" InfoWorld http://weblog.infoworld.com/tcdaily/archives/2007/01/eclipse_data_to.html "Macraigor joins Eclipse" InfoWorld http://weblog.infoworld.com/techwatch/archives/009842.html "IDEs for Web services - Eclipse" SearchWebServices http://searchwebservices.techtarget.com/tip/0,289483,sid26_gci1240284,00.html January 19 "Cool Coder Creates Eclipse App for the http://www.adtmag.com/blogs/blog.aspx?a=20058 Higgins, Bandit and Microsoft: Open Source for Tight
Privacy
LinuxInsider By Chris Maxcer January 30, 2007 At next week's RSA Conference in When it comes to security there is no such thing as good enough. That's why BlackBerry has the most widely security accredited wireless solutions in the world. Before choosing a wireless solution, visit www.blackberry.com/select/get_the_facts to get the facts on BlackBerry Business Solutions. The open source Latest News about open source Bandit and Eclipse Higgins projects, both of which are working toward providing an open and consistent approach to identity management, have announced they have created a reference application that showcases open source identity services that interoperate with the Microsoft (Nasdaq: MSFT) Latest News about Microsoft Windows CardSpace identity management system. In addition, the reference application enables Liberty Alliance-based
identity federation via Novell's (Nasdaq: NOVL) Latest News about Novell Access
Manager. It's noteworthy because it's a first-of-its-kind open source identity
system that features interoperability with leading platforms and protocols. The
Bandit and Higgins teams plan to showcase the application at next week's RSA
Conference in Multiple Perspectives The Bandit and Higgins projects focus on developing cross-platform open source identity services to help organizations and individuals to manage identity information. From an individual perspective, Higgins is a project within the Eclipse Foundation that focuses on providing application frameworks for building software that helps individuals securely control who has access to their online personal information, such as bank accounts, credit card numbers, medical information, and employment records. While the Bandit and Higgins projects both work on developing identity standards, the Novell-sponsored Bandit project tends to focus more on enterprise identity management challenges. For example, an employee in a large organization might need to access a variety of enterprise applications that reside on different server platforms and require different user names and passwords. Another example might be an organization that offers Web portals to supply chain businesses partners, all of which require secure identity-based access. Any time someone forgets their login information, they immediately start losing productivity Get the Facts on BlackBerry Business Solutions. It only gets worse if someone's login information is stolen. "For better or worse, we have an identity infrastructure in place today -- the user name and password. Unfortunately we've discovered that this infrastructure is less than ideal with regards to security and manageability," Dale Olds, distinguished engineer and Bandit Project lead for Novell, told LinuxInsider. "That's why there are a number of new initiatives, including the work underway through Bandit and Higgins, to design, develop and implement a new identity infrastructure." The reference application leverages parts of both Bandit and Higgins to
create the interoperability with Microsoft's CardSpace identity management
system, which ships with the Identities in Transition "If you look at the protocols of the Internet Free How-To Guide for Small Business Web Strategies - from domain name selection to site promotion., like TCP/IP, that make it the common standard and open communications infrastructure Barracuda Spam Filter - Free Evaluation Unit that it is -- and that's the essence that gives it its power -- those protocols aren't owned and controlled by any one vendor," Jamie Lewis, CEO and research chair of Burton Group, told LinuxInsider. "They aren't a patented product that you can only buy in one place. It's just sort of baked in, you can rely on it, and you know it works. Well, identity is far from that, and we are in a current transitional mode to that level of standardization and openness around identity." Lewis likened the current position in the evolving world of identity management to that of a football team on its own 30 yard line -- there's still 70 yards to go to get a touchdown. "There are two basic requirements for translating the potential of recent identity infrastructure developments into real-world benefits for users: interoperability and a consistent means of developing identity-aware applications," Lewis said. "First, vendors must deliver on their promise to enable interoperability
between different identity systems serving different needs," he continued.
"Second, developers need a consistent means of creating applications that
leverage identity while masking many of the underlying differences in those
systems from the programmer. The Bandit and Eclipse Higgins interoperability
demonstration shows progress on the path toward these goals. And the fact that
they are open source software projects increases the potential that the identity
infrastructure will emerge as a common, open system for the Internet."
Vendors Begin Plugging Products for RSA
Show eWeek By Matt Hines January 29, 2007 http://www.eweek.com/article2/0,1759,2088549,00.asp The avalanche of new security products launched for the RSA Conference 2007 has already begun, even though the show itself does not kick off for another week. A collection of security companies introduced new products, or announced other news, on Jan. 29 in an effort to get ahead of the crowd, as dozens of additional products and services will be rolled out over the coming week in expectation of the event, and during the show itself, which will run from Feb. 5-10 in San Francisco at the Moscone Center. Among the firms getting news out the door before the increasingly popular conference begins were Vontu, SPI Dynamics, eEye Digital Security, ScriptLogic, NitroSecurity, Novell's Project Bandit and Extreme Networks. Vontu, based in Dubbed Vontu 7, the package boasts an array of upgrades over previous iterations of the company's software, including the ability to monitor USB storage devices and other removable media, along with expanded reporting tools. Among other capabilities, the Vontu software claims the ability to protect data whether it resides on servers, desktops and laptops, and to block sensitive data from being sent out via e-mail, Webmail or file-sharing systems. The product also boasts new coverage for Asian languages, and will hit the market in late March 2007 with a base price of $25,000. Atlanta-based SPI Dynamics introduced a new Web application security
assessment platform, labeled As many companies build new Web applications on emerging technologies
such as In addition to improving its ability to test such programs, SPI said that
SPI also released its first product built on the new architecture, its
WebInspect 7 applications security testing package, which boasts a new tabbed
interface and integrated support for end users, along with the inclusion of the
Software maker eEye Digital Security, based in In addition to the new anti-virus tools, which the firm developed through a partnership with Norman Data Defense, eEye is touting the ability of the software to fend off phishing attacks, monitor firewalls, manage group user policies, protect data from being saved to removable storage devices and test for local vulnerabilities. The package, available immediately, also offers attack and security event reporting through a revamped security management console. Boca Raton, Fla.-based ScriptLogic launched its newest security
management platform for Microsoft's Windows products, dubbed Security Explorer
6.0. The network administration specialist is touting a redesigned user
interface, new systems controls, and support for Microsoft's new Benefits of the new interface, according to company officials, include faster performance and greater flexibility for administrators running the program to manage different versions of Microsoft's Windows workstations and servers, along with centralized management of file security for such devices. Security management applications maker NitroSecurity, Labeled as NitroView ESM (Enterprise Security Manager), the device claims advanced network-based threat mitigation capabilities, combining security event management and network behavior analysis into a single platform. By embedding its relational database (NitroEDB) on the appliance, the company said it has boosted the product's ability to provide real-time traffic analysis and security event management, including deep packet aggregation and correlation for an extremely large volume of files at one time. The product is available immediately. Officials with Novell's Project Bandit open-source authentication effort, and the Eclipse Higgins Project, which backs development of open-source tools, announced the achievement of a key milestone in their ongoing joint development of identity services. The two groups are working to create standards-based tools that allow companies to better integrate IT systems authentication capabilities, in the name of allowing such systems to work together more smoothly and with less customization. Based on working code provided by the two projects, along with submissions from other developers, the teams announced that they have created a reference application to show off the promise of open-source identity services that are interoperable with Microsoft's Windows CardSpace identity management system, that also allow for ID federation via Novell's Access Manager platform. The research groups are touting the application as the first of its kind and will demonstrate how it works at the RSA show in early February. Infrastructure specialist Extreme Networks, The company is specifically touting the ability of the software to
strengthen security policy enforcement to ward off attacks via switch-based
enforcement, and allow network administrators to install NAC systems more
securely. The updated ExtremeXOS OS is being made available by the company
today.
Users See Potential in Lotus Apps, but Rollouts May
Wait Computerworld By Todd R. Weiss January 29, 2007 Users interviewed at the conference generally agreed that the promised additions to IBM's Lotus product line could help improve their collaboration processes. But some said it might be a while before their organizations take advantage of the new tools. For example, an IT administrator at an East Coast utility said its business units use different applications and systems, posing collaboration challenges. Processes could be improved by using some of the new features coming in Version 8 of IBM's Notes and Domino applications, said the administrator, who asked to remain anonymous. The Notes 8 client is based on the Eclipse open-source development framework and will look like a native application on Windows, Macintosh and Linux desktops, according to IBM. The IT administrator said that should make the software "system-independent" while also making it easier for end users to access data. But he added that his company's 20,000 users probably won't see the new tools for several years. The utility is still upgrading its systems to Version 7 of Notes and Domino and won't be ready for another upgrade right away. Two Lotus Tools Debut In addition to announcing plans to release Notes and Domino 8 for public beta-testing next month, IBM introduced two new Lotus products: an information-sharing tool called Connections, and a collaborative content-sharing program called Quickr. Hugh Roddick, director of application development at Health
Currently, many of the users are forced to rely on paper-based communication or "cobbled-together" electronic tools, Roddick said. Health Roddick added that Connections could allow Health "One of the problems we're trying to solve is that there's too much information," Roddick said. "You've got all this corporate information, but it's in little silos." But Geert Van de Steen, a Notes and Domino consultant at TechTeam A.N.E.
NV in Zwijnaarde, Belgium, said his customers "would laugh at me" if he
suggested they deploy IBM's new tools. "We are professionals," he said. "We
don't need these fancy things."
Open-source identity projects connect with
Microsoft CNET By Joris Evers January 29, 2007 http://news.com.com/Open-source+identity+projects+connect+with+Microsoft/2100-1029_3-6154094.html The Higgins and Bandit open-source projects are claiming a milestone in the development of open-source identity services with a link to a new Microsoft identity system. At next week's RSA Conference in San Francisco, backers of Higgins and Bandit plan to demonstrate an early version of an application that shows open-source identity services that are interoperable with Microsoft's Windows CardSpace and can enable Liberty Alliance-based identity federation via Novell Access Manager, a commercial Novell product. "The key point here is that open-source components are providing the ability to integrate these identity systems and products," Dale Olds, a distinguished engineer at Novell, said in an interview. Novell is a contributor to Higgins and created Bandit. Both open-source efforts were launched last year. Higgins was presented as an open-source response to Microsoft's Windows CardSpace, formerly known as InfoCard. Like the Microsoft effort, Higgins is meant to give people more control of their data when they do business online. However, it also promises to provide interoperability between various identity systems used on the Internet. The Bandit project aims to create a set of open-source components for services that use identity data in online transactions, whether corporate or consumer. Liberty Alliance was formed in 2001 to outflank Microsoft's now largely defunct Passport initiative and develop standards for federated online verification of identity. People working on Higgins, which is backed by Novell and IBM, plan this summer to deliver a first version of what's called the Higgins Trust Framework. The interoperability with Microsoft that is being shown off at the RSA Conference is a major step towards that, said Mary Ruddy, a Higgins project leader. "It is a technical milestone on our way to the 1.0 release," Ruddy said.
"Higgins is a The early version of the application to be shown next week allows an
individual to use different digital identity "I-Cards" to gain access to online
sites and services, according to Higgins and Bandit. This is the metaphor
Microsoft uses in CardSpace, which ships with the Developers on the open-source projects got help from Microsoft in making the interoperability happen, Ruddy said. Microsoft is pleased that its ideas are finding a following in the open-source world, said Kim Cameron, architect for identity and access at Microsoft. "It's rewarding to see the Bandit and Higgins projects, as well as the
larger open-source community, embracing this concept and delivering on the
promise of identity interoperability," Cameron said.
Interesting developments in open source user-centric
identity IT-Director By Neil Macehiter January 29, 2007 http://www.it-director.com/blogs/MWD/2007/1/interesting_developments_in_open_s_.html A couple of interesting stories related to open source user-centric identity came my way, courtesy of CNET. The first concerns a donation to the Higgins Project from IBM and the second is about some important interoperability announcements to come at this week's RSA Conference. The Higgins Project, which I have been following closely for the last
year or so, is under the auspices of Eclipse and sets out to provide
a platform- and identity protocol-independent software framework to aid in the
development of user-centric identity management solutions. IBM has donated the
results of some work, the Identity Mixer, carried out by its Research Lab in
This will necessitate changes to the way that service providers and credit card issuers work. However, I think the potential barriers to adoption will reduce as user-centric identity initiatives mature. As more immediate problems, such as the proliferation of usernames and passwords and inconsistent user experiences, are addressed then issues such as privacy assurance will take on a higher profile and individuals will come to demand it. On a related note, I came across this post from Bill Barnes (a product manager for Microsoft's CardSpace) discussing another potential barrier to adoption of such privacy enhancing techniques: the fact that they introduce additional transaction steps. Bill discusses how CardSpace could help to address this. When a CardSpace user selects an information card associated with their credit card issuer, a credential representing the credit card could be sent to the service provider alongside other information required for authentication and authorisation. The second story also concerns Higgins, together with the closely related
Bandit Project (which I first discussed here). The story is a little light on
details but it seems that there will be some demonstrations of interoperability
scenarios involving CardSpace and the Liberty Alliance protocols. Definitely
something to watch out for.
Novell's Identity 'Bandit' in Cahoots with
Microsoft Internetnews By Sean Michael Kerner January 29, 2007 http://www.internetnews.com/dev-news/article.php/3656636 In the emerging race to create identity systems that span the Internet, there are proprietary and open source systems. The two are no longer mutually exclusive: Novell's (Quote) Project Bandit
and Eclipse's Project Higgins next week will show how their identity systems
interoperate with Microsoft's (Quote) Windows CardSpace ID metasystem at the RSA
Conference 2007 in Windows CardSpace, one of the key new technologies included in Microsoft's Windows Vista operating system, securely stores and transmits personal identities. The open source Bandit Project is a similar effort, leveraging other open source efforts, including Eclipse's Project Higgins. The Bandit Project was born February 2006, though it was not officially announced until June of the same year. There has been a lot of refinement in Bandit since it first got started, according to Dale Olds, distinguished engineer at Novell. That refinement has had a lot to do with actually defining what it is that Bandit actually does. "This has always been a difficult thing to explain to people," Olds told internetnews.com. "Identity is a vague notion and how to take that and distill it into code and then make that into a sound bite and explain to somebody what Bandit is has always been one of our biggest challenges." "There has been a lot of refinement in the last year," Olds continued. "Now we just focus on saying that Bandit will provide components for authentication, authorization and audit." While some Novell programmers spent 2006 refining Bandit, other Novell executives inked a interoperability and patent agreement with Microsoft. But Olds there is no direct benefit to Bandit as a result of the deal. "We worked with the Microsoft guys well before the Novell Microsoft agreement on a thing called the open specification promise," Olds explained. "[For] anything that we implement as part of Bandit or Higgins, the intellectual property must be fully cleared before we implement it in open source." That said, Olds did admit that there may be some indirect benefits from the deal in the sense that Novell will be able to do more testing and receive better tech support for interoperability issues. Even with the potential indirect benefits and the open specification promise from Microsoft, getting Bandit to interoperate with CardSpace still requires a good deal of work. Olds indicated that when dealing with interoperability issues, it's very difficult to get current accurate and good specifications. Olds thought Microsoft did a better job working with Bandit than most, though there are still some issues that cropped up. "Things that are not suppose to matter like where the white space is in the XML, sometimes it's a bug in the original implementation," Old said. "If there was a bug in CardSpace with the white space parsing of the XML
data in Vista and it gets shipped to millions of customer you just have to code
around that regardless of what the spec says."
Higgins: A ' ITBusinessEdge By Lora Bentley January 29, 2007 When we think about identity management in the open source space, two names immediately come to mind: Bandit and Higgins. Both are projects that we have kept an eye on since their inception, both are at least supported by Novell, and both were begun in response to Microsoft offerings. (Higgins was the open source response to Windows CardSpace, formerly known as InfoCard; Bandit was intended to circumvent the nearly defunct Microsoft Passport program.) silicon.com reports today that backers of both projects are preparing for the upcoming RSA Security Conference, where they will debut an early version of an app that will interoperate with Microsoft's Windows CardSpace and allow Liberty Alliance-based identity federation. Microsoft worked with Higgins and Bandit programmers on the interoperability. In fact, a company spokesperson says Microsoft is pleased that the "open source community . is delivering on the promise of interoperable identity." A Higgins project lead points out that the interoperability to be demonstrated at the RSA conference is just a first step toward the 1.0 release of the Higgins Trusted Framework. Microsoft and the Liberty Alliance are just "examples of identity projects that we're interoperating and integrating with," she told silicon.com. And, for now, it seems ID management is an example of another space in
which Microsoft is willing to cooperate with open source.
Open source projects to showcase identity
integration Higgens and Bandit projects aim to demonstrate at RSA how
disparate identity platforms can be integrated. NetworkWorld By John Fontana January 29, 2007 http://www.networkworld.com/news/2007/012907-open-source-higgens-bandit-rsa.html] The leaders of two open source projects next week plan to showcase how they are using their services to integrate common identity platforms and provide developers with hooks to link their applications to those platforms. The nearly year-old Higgins project, founded by IBM, Novell and a group of academics, and the Bandit project, started by Novell in mid-2006, plan to use next week's RSA conference to show a reference application that uses open source identity services to tie together Microsoft's CardSpace user identity system in Vista, and Liberty Alliance-based identity federation technology in Novell's Access Manager. The goal is to provide corporate users and others with a common way for disparate identity platforms, protocols and services to integrate with each over both public and private networks. In addition, the open source advocates hope to provide developers with tools to easily tie their applications with corporate identity management systems. "By working with a number of open source products and components, we are
going to show that we can tie together a Higgins is a framework designed to integrate identity, profile and relationship data from across multiple systems. The framework has interface and middleware components, such as the Identity Attribute Service, that act as a layer on top of identity repositories. The framework includes both code and an API that developers will use to link their applications into the Higgins identity services. The goal is to support applications whose front-ends can be a browser, rich client or Web services-based. Bandit, introduced in June 2006 by Novell, is an open source set of services that incorporate existing protocols such as WS-*, the Liberty Alliance standards and Higgins. Bandit is seen as a sort of standard bus that identity-enabled applications and back-end identity systems can plug into. Applications would basically need only to hook in via a generic adapter, say for authentication, and then IT could plug in whatever authentication mechanism it wants. Olds also mentions other open source projects such as XMLDAP, which supports a browser-based digital identity card selector on Linux, and the Pamela Project focused on PHP plug-ins for CardSpace to enable identity services on such applications as wikis and blogs. At RSA, the Higgins and Bandit project teams will show how an identity card from CardSpace can be used to authenticate a user to Novell's Access Manager. They also will demonstrate how a user account in Access Manager can generate a card using Higgins components that can be used to authenticate through CardSpace and a Linux-based card selector to wikis and blogs. Bandit's contributions to the reference application include multiple "context providers" that plug into the Higgins Identity Attribute Service and provide access to identity information from disparate identity stores. It also highlights the role engine and audit reporting capabilities the Bandit project is developing. "This is a development milestone," says Mary Ruddy, one of the project
leaders on Higgins. "We have a path of milestones leading to a 1.0 release
sometime near the end of this summer. We have been very encouraged with the work
being done not only with Higgins and Bandit, but the work that is happening in
this space in general. Some of the things with CardSpace and identity cards
provide a [user interface] that is very useful for people having a consistent
user experience with identity."
Eclipse, Novell near 'Big Bang' for
identity Will divided vendor allegiances keep us in the
dark? InfoWorld By Paul F. Roberts January 29, 2007 http://www.infoworld.com/article/07/01/29/HNeclipsebandit_1.html Two open-source identity management projects said on Monday that they had achieved a key milestone in the development of open-source identity services that connect products regardless of maker or platform. Developers from Novell's Bandit open-source project and Higgins, part of the Eclipse Project, said a new "reference application" created by the two groups is a working example of open-source identity services that interoperate with Microsoft's Windows CardSpace identity management system and Novell's Access Manager, which uses identity federation based on specifications from the Liberty Alliance. The application shows that it is possible to link different identity systems using open-source components, according to Dale Olds, project manager for Bandit at Novell. The integration, which has been under development for over a year, will
be on display next week at the RSA Conference in The vendors involved in the integration are working to realize a common vision of seamless identity layers that can be accessed from systems running on Apple OS, Microsoft Windows, or Linux, using a variety of protocols from the Liberty Alliance, OpenID, OASIS, or other groups. "That's the Big Bang. An identity metasystem, and we're making tangible progress toward that vision," Olds said. In contrast to current systems for linking identity systems, the technology on display at RSA will also be more "user-centric," by virtue of integration with Microsoft's CardSpace, Olds said. "The user will have a meaningful and convenient access to identity information, and it will be clear to them when it's being released," he said. Microsoft's CardSpace -- and the Infocard architecture that underlies it -- is an important development because it provides an easy way for users to store and manage identity information and because CardSpace and Infocards will be widely available through Windows Vista. Microsoft provided open specifications for CardSpace and helped manage intellectual property issues that were raised when implementing the Infocard technology as open source, Olds said. Engineers from IBM also played a part in the solution, building token services for the project, said Paul Trevithick of Parity Communications, technical lead on the Higgins Project. But optimistic "interoperability" demonstrations of federated user identities have been de rigueur at RSA for years now without any measurable decline in the number of user identities and passwords that users manage or the tangle of identity stores within enterprises, Olds and Trevithick admit. One problem in realizing the vision of an open-source identity layer is that tends to commoditize existing identity management products, creating a perverse incentive for companies that are in a position to make interoperable identities work, Trevithick said. "That may be the reason you hear about interoperability but still haven't seen it," he said. "Companies like Oracle and IBM and even Novell have no incentive to do it." Olds said that previous attempts at interoperability have been premised too much on one set of protocols by groups like the Liberty Alliance "winning out" over others. "It was kind of 'If only we could get everyone to adopt these protocols!'" Olds said. The open-source nature of the Higgins and Bandit integration and a critical mass of CardSpace users may finally overcome those obstacles, however. "This is an evolutionary approach," said Olds. "We all have 100 user
accounts. With Higgins and Bandit and open-source technologies, maybe we'll get
it so it's more manageable and we're down to 50 user accounts in a year, and
we'll be better off. "
Eclipse Launches Data Tools
Platform Application Development Trends By John K. Waters January 29, 2007 http://www.adtmag.com/article.aspx?id=20108 The Eclipse Foundation has released the first version of its much anticipated Data Tools Platform (DTP), a collection of extensible frameworks and tools designed specifically for developing data-centric applications in the Eclipse environment. "DTP 1.0 provides a rich set of frameworks that solve real-world issues related to the development of data-centric applications," Mike Milinkovich, the foundation's executive director, said in a statement. Aimed at application developers who need to leverage existing data sources, the DTP comprises three major components: a connection-management and data-access framework, a set of model-driven development tools, and a set of SQL development tools. Milinkovich credited the growth and momentum of the DTP to the efforts of committers from such Eclipse member companies as Sybase, Actuate, and IBM. Big Blue developed the original Eclipse codebase and released it as an open-source project. The Eclipse Foundation's own Eclipse Web Tools Platform project is adopting the DTP in its 2.0 release, code named "Europa." A "functional release" of the DTP was actually included as part of the Callisto multi-project roll out in 2006. Sybase Sybase, the Dublin, Calif.-based provider of information management solutions, is already leveraging the DTP in its WorkSpace 1.2 Web-app development environment, said John Graham, a Sybase software engineer who chairs the Project Management Committee for the DTP. In his blog posting on the 1.0 release, Graham observed that, with this version, the project moves from incubation to mature status. "[It's] one move forward along the DTP path," he wrote. "We have a number of exciting ideas for DTP in 2007, not the least of which is participation in the Europa coordinated release. Also, there are a number of DTP presentations scheduled for EclipseCon, many of which will explore these directions." The SQL editing/debugging framework and the connectivity layer in DTP in particular will provide Sybase's customers with greater support for heterogeneous server environments, the company says, and enhance the overall ease of use and productivity of WorkSpace's Data tooling. Actuate, the South San Francisco-based maker of enterprise reporting applications, is utilizing the GTP for its "rich and extensible data-access capabilities," the company says. Actuate originated the industry's first open source Business Intelligence and Reporting Tools Project (BIRT), which was approved as a top-level Eclipse project in 2004. In BIRT 2.1, the DTP's Open Data Access (ODA) and Connection Profile frameworks are providing heterogeneous data access services, the company says. Both the BIRT report designer and report engine are ODA hosts that consume any ODA designers and runtime drivers. Data access and management tools are becoming priority concerns of many developers; 53 of those responding to a recent Evans Data survey characterized them as "extremely important." "Developers see data access and management tools as an integral part of their arsenal in data-centric application development," said John Andrews, CEO of Evans Data. "Eclipse will meet an important requirement of developers by providing data-centric tools and frameworks." More information on the Eclipse DTP Project is available on the Eclipse
data tools page.
Eclipse Foundation and Novell Collaborate on Open Source
ID-Services Integration Application Development Trends By John K. Waters January 29, 2007 http://www.adtmag.com/article.aspx?id=20107 Two open source identity-services projects are set to announce a jointly produced reference application designed to enable multi-platform, multi-protocol open source identity services. The Higgins Trust Framework Project, sponsored by the Eclipse Foundation, and the Bandit Project, sponsored by Novell, are both seeking to provide a consistent approach to managing digital ID information, regardless of the underlying technology. Based on working code from the two projects and the larger community of open source developers, the reference application features interoperability with leading platforms and protocols including Microsoft's Windows CardSpace identity management system and Liberty Alliance-enabled products. The reference app leverages the information card metaphor, explains Dale
Olds, Bandit project lead, which allows an individual to use different digital
identity "I-Cards" to gain access to online sites and services. This is the
metaphor used in the Window's CardSpace identity management system that ships
with the Sybase "Higgins comes from a consumer-centric ID space," Olds says, "while Bandit comes from a more enterprise ID management space. But the two worlds are blurring rapidly. The firewall is dissolving, you might say, and we need to give people the ability to make intuitive choices-convenient, but clear choices-about their ID information. And the card metaphor is particularly useful for that." Microsoft supports the developments."Windows CardSpace is an implementation of Microsoft's vision of an identity metasystem, which we have promoted as a model for identity interoperability," said Kim Cameron, architect for identity and access at Microsoft. "It's rewarding to see the Bandit and Higgins projects, as well as the larger open source community, embracing this concept and deliveringis on the promise of identity interoperability." In a related announcement, the Liberty Alliance unveiled last week the
openLiberty Project, a global open source initiative formed to provide OSS
developers with tools for integrating the privacy and security capabilities of
Liberty Federation and Liberty Web Services into a variety of new identity-based
services. The The Olds, who is a distinguished engineer in Novell's Identity and Security Management Group, applauds the Liberty Alliance news. "We find it very encouraging and wonderful," he says. "The more people in the ID space that participate in open source, the easier it is to build components that interoperate. We look forward to working with those components." The jointly developed Higgins-Bandit reference application currently provides Liberty Alliance-based identity federation via Novell's Web access management product, Novell Access Manager. "There are lots of standards out there," Olds adds. " Members of the two open source projects are scheduled to demo the
reference app at next week's RSA security conference in IBM Touts Unified Comms Infrastructure For Partner
Development CRN By Barbara Darrow January 28, 2007 http://www.crn.com/sections/special/reports/sellingsmb.jhtml?articleId=197001140 IBM partners were in Amid the social networking buzz at Lotusphere, IBM Software also talked up a version of its latest portal software for smaller companies. Trilog Group is integrating its ProjExec collaboration software with a full boat of IBM Lotus collaborative wares, including the new IBM Lotus Connections social networking wares, QuickR file-sharing software and WebSphere. "We offer online project collaboration delivered as SaaS. We already integrate with Sametime 7.5 and will integrate with QuickR documents and with connections so people can search out expertise they need," said Alex Homsi, CEO of Woburn, Mass.-based Trilog. The solution provider also uses IBM/Lotus Eclipse-based Expeditor toolset to help customers continue their work in disconnected mode. With all of that capability, Trilog solutions can compete with Microsoft Project solutions, Homsi added. "We also integrate with the Project desktop but as a solution we think we're five times cheaper than Microsoft Project," he noted. Alphalogix, a The solution provider has done WebSphere-based portals for large companies including Twentieth Century Fox, but the price point of Express -- $39,999 per processor or $2,300 per 20-user pack-- is more palatable than the other versions for smaller companies (it is limited to use to 1,000 users). By contrast, the high-end Portal Extend SKU weighs in at $130,000 per processor; Portal Enable at $95,000 per CPU; and Portal Server at $50,000 per processor or $2,500 per 20-user pack. McCandless said partners building atop Portal Express can offer solutions that compete effectively with Microsoft SharePoint-based offerings. Taken in the aggregate, the Lotusphere offerings present an alternate platform to Microsoft's stack for building collaborative and "unified communications." Unified communications is the melding of e-mail, voice-mail and instant messaging. Microsoft's Office Communications Server, will converge VoIP, IM and web conferencing. The happy irony for IBM, and especially its Lotus software group, is that "the world has come back to groupware," said Dana Gardner, principle with Inter-Arbor Solutions, a Gilford, N.H.-based consultancy. "Eight years ago, there was a notion that the world had moved away from groupware-and so from [Lotus] Notes, Domino and that the Web, portals and SaaS would sidestep all that," he said. Now, Gardner continued, "social networking and Enterprise 2.0, where you take social networking things like blogs and wikis and collaboration and apply them to an enterprise environment, you actually see a lot of convergence." IBM Lotus execs at the show in Orlando last week, pitched the array of social networking tools as a great opportunity for VARs and solution providers to enhance and extend both those applicatoins htemselves but also build out from Domino-based infrastructure. And as customers continue to need both synchronous and asynchronous (aka real-time and non-real-time) communications and as voice messaging moves to IP networks, "for-real" unified communications is coming to the fore. At Lotusphere, IBM highlighted partners Nortel and Cisco, in its video presentations. Nortel and Cisco are publicly front-and-center in Microsoft's communications game plan. But most observers say Cisco, in particular, has its own strong ambitions in unified communications that put it at loggerheads with these other players. The question then becomes: Which tech giant from the previous era--
Microsoft, IBM, Cisco, or other-- will seize this bull by the horns and win the
battle?
IBM develops 'identity
mixer' Researchers at IBM's laboratory in BizReport By Som Patidar January 27, 2007 http://www.bizreport.com/2007/01/ibm_develops_identity_mixer.html The software will enable consumers to purchase goods and services on the Internet without disclosing personal information. "When people don't have to disclose their personal information on the
Web, the risk of identity theft is dramatically reduced," says John Clippinger,
senior fellow at the "The ability to anonymize transactions using Identity Mixer has the potential to bolster consumer confidence, opening digital floodgates to new forms of Internet commerce." IBM will contribute Identity Mixer software to Eclipse Higgins Projects, an
open source effort dedicated to developing software for 'user-centric' identity
management.
IBM's Invisibility Cloak Forbes By Lisa Lerer January 26, 2007
IBM on Friday said it had developed software that will allow consumers to make purchases and other sensitive transactions on the Web without disclosing their identity. In theory, the software could help spur e-commerce, but IBM and several partners are most interested in using it as a first step toward creating a secure universal identification system. The software, called Identity Mixer, masks the standard information exchanged during online shopping, like names and credit-card numbers. "One of the biggest security and privacy issues is personal information getting exposed," says Tony Nadalin, IBM's chief security architect. "This is a set of technology that allows you to blind or use a pseudonym to mask that data." The software, which hasn't been formally released yet, could theoretically work for online retailers as well as financial institutions and health-care providers. A complex set of algorithms will allow Apple's iTunes to verify the authenticity of a credit card without requiring a consumer to actually hand the information over to Apple. Idemix is the first release from Project Higgins, an open source project that aims to create a secure universal ID. If Higgins succeeds, users will be able to show the same ID for their e-mail as for their bank or change an address across all their online accounts with a single keystroke. The project's backers say that would increase an individual's control over their identity. For instance, they could grant their insurance company broad access to their records while limiting the amount of information available to their cable company. IBM, Novell, Parity Communications, the Eclipse open source foundation,
and the Higgins partners say they will create the code to power the new ID format and then to offer it for free. Ideally other technology companies will build their applications off of Higgins tools, allowing them to share the identity information authorized by the user. "To move online security to the next level, there has to be fundamental resolve among consumers, government and business to quickly adopt a system where the individual has more control over how information about them is managed and shared," said John Clippinger, senior fellow for The Berkman Center. Why would for-profit companies, like IBM and Novell, offer a service for
free? In part to block Microsoft, which recently developed its own ID management
system called CardSpace. Originally name "InfoCard," Microsoft's new ID system
gives users a common ID that will work across any Windows application.
Eventually, Microsoft hopes to expand beyond Windows applications into adoption
by banks, credit cards and online retailers. CardSpace comes including in
CardSpace is Microsoft's second attempt at identity management. The first, Passport, was introduced in 1999. Passport aimed to simply shopping by allowing consumers to use the same sign-on across multiple sites. But the service never really caught on, as other companies failed to adopt the technology. Higgins hopes it will succeed where Microsoft has failed. But it's not
going to be easy. "People want to keep information about you," says Nadalin.
"Higgins will be a little bit of a paradigm shift in how people work online."
IBM tool makes online purchases
anonymous SearchSecurity.com By Robert Westervelt January 26, 2007 http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1240857,00.html If a new software tool goes mainstream, Web surfers could gain control over who has access to their bank account and credit card numbers when making a transaction online. New software developed by a team of IBM researchers eliminates the need to reveal personal information to an online merchant by using algorithms to confirm a bank authorization for purchases. Called Identity Mixer, the software eliminates the data trail left when making an online purchase by using artificial identity information or pseudonyms. IBM said the Identity Mixer works by allowing a computer user that has the software to get an anonymous digital credential, or voucher, from a trusted third party. A bank would provide a credential containing a credit card number and expiration date, and when an online purchase is made, the Identity Mixer software digitally seals the information by transforming the credential so the user can send it to the online merchant. "Identity management started from an enterprise point of view, but we're realizing that the next big wave is user-centricity," said Michael Waidner, manager of emerging technologies at the IBM Zurich Labs, where the software was developed. IBM researchers started developing the tool in 2001, Waidner said.
Waidner said the next step to make Identity Mixer viable is to convince big
enterprises such as financial institutions to use the systems that accept the
credentials. IBM plans to do its part by incorporating the Identity Mixer
technology into its Big Blue is also contributing the software to the Eclipse open source project, called Project Higgins. While the software is a step in the right direction for consumers it is far from being ready for primetime, said Andrew Jaquith a senior analyst at the Boston-based Yankee Group. Before consumer adoption could take place, enterprises must build systems that accept Identity Mixer credentials and developers must create easy to use tools that embed the Identity Mixer technology. "If you are requiring enterprises to adopt something like this then your putting a substantial barrier to acceptance in place," Jaquith said. The new tool is the first user-centric online payment method produced by
a large vendor, but Microsoft has deployed a similar technology in its new
"The problem is that customers really are only concerned about their privacy when they're exposed and the rest of the time they don't think about it so much," Jaquith said. "The fact that IBM is turning it over to Eclipse is an indication that it doesn't see this as being commercializable." The Eclipse Higgins project was announced in February 2006 by the
The project's goal is to develop software for consumers to actively control who has access to their online personal information, such as bank account and credit card numbers, or medical and employment records, rather than having institutions solely manage that information as they do today. Remaining anonymous to communicate on the Web is not difficult, according
to Jacquith. For example, Tor, an open source peer-to-peer network of routers
lets users keep their IP addresses private as they connect to Web servers. Web
proxies can also be used to keep Web surfing anonymous, he said.
IBM's 'Need to Know'
Software Dark By Tim Wilson January 26, 2007 http://www.darkreading.com/document.asp?doc_id=115639&WT.svl=news2_1 You've seen it before: A Website wants to verify that you're over 18, so
they require you to enter a credit card number. They want to prove that you're a
Can't Websites find a way to get the data they need without forcing you to input the very information that identity thieves crave? Later this year, some Websites may be able to do just that. IBM today
announced software that allows people to hide or make anonymous their personal
information on the Web. Developed by researchers at IBM's laboratory in
As consumers hand over personal details in exchange for downloading music or subscribing to online newsletters, they leave a data trail that reveals pieces of information about the size, frequency, and source of their online purchases. This can be traced back to the user, IBM observes. IBM's Idemix software eliminates that trail by using artificial identity information -- called "pseudonyms" -- to make online transactions anonymous. For example, the software allows people to purchase books or clothing without revealing their credit card number. It can confirm someone's spending limit without sharing their bank balance, or provide proof of age without disclosing date of birth. Essentially, Idemix is a cryptographic go-between, explains Nataraj
Nagaratnam, chief architect for identity management at IBM's With Idemix software, a user can get an anonymous digital credential, or voucher, from a trusted third party, like a bank or government agency, such as the Department of Motor Vehicles. A bank would provide a credential containing a credit card number and expiration date, and when an online purchase is made, the Idemix software digitally seals the information by transforming the credential so the user can send it to the online merchant. By using sophisticated cryptographic algorithms, the Idemix software acts as the middleman confirming bank authorization for the purchase -- so the real credit card numbers are never revealed to the merchant. The next time a purchase is made, a new, encrypted credential would be used. "When people don't have to disclose their personal information on the
Web, the risk of identity theft is dramatically reduced," explains John
Clippinger, senior fellow at the IBM will contribute its Idemix software to the Eclipse Higgins project, an open source effort dedicated to developing software for "user-centric" identity management. As Nagaratnam explains it, the goal is to create a "digital wallet" in which the user can establish various "tokens" of trust and authentication, such as credit cards, driver's licenses, bank accounts, and so forth. Depending on the online transaction, the user could supply one or more of these tokens to provide the necessary third-party verifications -- without actually giving the token to the merchant. IBM plans to deliver Idemix later this year, and it will probably be another year or two before the fruits of Idemix and the Higgins project will become widely available to consumers, Nagaratnam says. But technologies such as Idemix and Microsoft's CardSpace -- a function of Vista -- will eventually help end users build a secure way to store personal information while continuing to do business online, he says. "The market is finally going to have its chance to test the theories and
the hype behind the electronic information card," said Mike Neuenschwander,
research director for Burton Group's Identity and Privacy Strategies service, in
a report issued earlier this week. "With the appearance of Microsoft CardSpace,
user-centric identity technologies are moving off the discussion boards and into
products."
Can open source lead to better
identity? ZDNet By Dana Blankenhorn January 26, 2007 http://blogs.zdnet.com/open-source/?p=920 Folks have been working toward better online identity for over a decade. It was assumed there was a lot of money in it. (Swayspace, where this image lives, works on developing corporate identities, which is a profitable business.) Well, there is a lot of money to be saved in better identity. But it's increasingly unclear whether there is much to be made. For the second time in two days, a major identity project has gone open source. This time it's IBM's Identity Mixer software, donated to the Higgins Project at the Eclipse Foundation. Higgins is a response to Microsoft's InfoCard project. Yesterday, as I noted briefly in my story about Roboform, elements of the Liberty Alliance's identity technology went open source, under the Apache 2.0 license, as OpenLiberty. Identity has proven to be one of those chicken-and-egg problems that defy solution. A solution requires cooperation among merchants, individuals and transaction processors, as well as government entities, across all industries. Even making solutions open source may not be enough to
get everyone on board with a reliable Internet identity standard. Which means
your identity will remain as easy to steal as a phone number.
Anonymous IBM Internetnews By Clint Boulton January 26, 2007 http://www.internetnews.com/security/article.php/3656136 Anonymizers have built up a strong following due to a flurry of
identity-theft cases that have plagued the industry. IBM's Identity Mixer is a piece of software that allows people to hide their personal information on the Web to protect them from ID theft and other foul play. Called Idemix for short, the software was written by researchers at IBM's
laboratory in When consumers enter personal details in an e-commerce storefront in exchange for a product or service, they leave behind a data footprint revealing the size, frequency and source of their online purchases. Idemix uses artificial identity information, known as pseudonyms, to eliminate the digital tracks, making online transactions anonymous so real identity information can never be intercepted or exposed. Specifically, the software lets people make purchases without revealing their credit card numbers, or their home addresses. Idemix users get an anonymous digital credential, or voucher, from a trusted third party, such as a bank. The bank provides a credential that includes a credit card number and expiration date. When an online purchase is made, the Idemix software digitally seals the information by transforming the credential so the user can send it to the online vendor. A new encrypted credential is used for subsequent purchases. The announcement comes ahead of the RSA Conference in Microsoft Chairman Bill Gates and other officials are expected to discuss the company's CardSpace ID management software and other security products during a keynote on Feb. 6. IBM said Idemix will form a new privacy layer for the Eclipse Higgins project, an open source movement to create ID management software and an alternative to Microsoft's CardSpace. Nataraj Nagaratnam, chief architect of identity management for IBM Tivoli, said Idemix could make the Higgins software a more palatable, if not potent alternative to CardSpace because it puts the control of personal information into the hands of the users instead of the organizations' the user is conducting business with. The "do-it-yourself" privacy represents a reversal of current trends, where banks, e-commerce shops and other companies are responsible for masking their customers' identity. But savvy Web users, as evidenced by the growing number of Web breaches in the last few years, are easily able to break through a business or service provider's computer defenses. IBM believes Idemix's user-centric approach will ultimately provide more reliable security for consumers; individuals can control who has access to their online personal information, rather than having companies manage that information as they do today. When Idemix is ready, IBM plans to add the software to the federated
identity management software in its IBM software hides consumer data
trail Idemix, part of Eclipse, will hide online
transactions InfoWorld By Paul F. Roberts January 26, 2007 http://www.infoworld.com/article/07/01/26/HNibmdatapriv_1.html IBM on Friday unveiled a new open source software project, IBM Identity Mixer, or "Idemix," that the company said will mask consumer information exchanged in Web transactions and helping to combat online identity theft. Idemix was created by IBM researchers in IBM plans to contribute Idemix to the Eclipse Open Source Foundation's
Project Higgins, an open source identity management framework backed by IBM,
Novell and Idemix will be a privacy layer for Higgins that will allow pseudonyms to be shared between Higgins-compliant systems. That will mean that sensitive information does not need to be replicated between multiple, third party systems in an identity management solution, IBM said. Trusted third parties (banks or government agencies) will issue vouchers to systems build using Idemix that contain the confidential information (say, a bank account number). When online purchases are made, Idemix seals the IBM will digitally sign and seal the information so that it can be transmitted online, the company said. That kind of secure transaction was the vision behind Higgins, the open source project that IBM and Novell announced in February, 2006 (infoworld/3935). Higgins, which also involves, Security for sensitive data is a pressing issue for consumers and companies alike. The theft of customer financial data from TJX Co. (infoworld/4964), OfficeMax, CardSystems Inc. and others has highlighted the problem of proliferating online data within and between companies. Higgins is just one effort to tackle that problem. In November, Oracle Corp. announced the Identity Governance Framework, an initiative to develop specifications for sharing identity data between applications. (infoworld/4965). In addition to providing the Idemix software to Eclipse, IBM will
incorporate it with its New IBM Software Lets Consumers Shop Online
Anonymously IBM's Identity Mixer software lets consumers use a
"token" to make purchases online without revealing personal
information. InformationWeek By Paul McDougall January 26, 2007 http://www.informationweek.com/story/showArticle.jhtml?articleID=197000899&cid=RSSfeed_IWK_All In the latest effort to stamp out the multibillion dollar problem of identity theft and electronic fraud, IBM said Friday it has created software that allows consumers to shop online without revealing key data like their credit card or social security numbers -- or in some cases even their name. With IBM's Identity Mixer security software, consumers wishing to purchase an item online can obtain an encrypted software 'token' from their bank or credit card company. The encoded token would confirm that the consumer has the necessary funds for the transaction, but would not reveal specific financial details or personal data to the merchant. The merchant would then reconcile the transaction with the bank, which would have to have software that works with Identity Mixer. The set-up could also be used by consumers wishing to prove to an online
site that they are of legal age without actually disclosing their birth date.
"The merchant would know you are old enough to enter their site, but nothing
else," says Jan Camenisch, a researcher on the project at IBM's research lab in
IBM has released the technology to the open source software community through the Higgins Project -- an industry wide effort sponsored by The Eclipse Foundation to create privacy technology based on open standards. It will be up to commercial developers to use the technology to create consumer-friendly tools, such as browser add-ons, that embed Identity Mixer. "It's not going to be too useful to consumers until someone comes along and builds a usable product that also has some major banks and merchants behind it," says Mike Neuenschwander, an analyst at Burton Group. There's also the question of whether online retailers will invest in the back-end computer technology required to accept the tokens. Camenisch thinks they already have a strong incentive to do so. "Having this system in place will limit their liability in the event of data loss," he says. Microsoft is developing its own so-called user centric privacy protection
software, raising the question of whether consumers will be faced with a
VHS/Betamax issue when it comes to choosing security tools for online shopping.
Microsoft's A Cardspace user can create a card that stores the minimum amount of data
required for, say, signing up for an online auction site. Clicking on the card
initiates the transaction. "The question is to what extent Microsoft will
incorporate the open standards into their own technology," says Neuenschwander.
IBM Software Aims to Prevent Online Identity
Theft eWeek By Brian Prince January 26, 2007 http://www.eweek.com/article2/0,1759,2087843,00.asp?kc=EWRSS03119TX1K0000594 Researchers at IBM have created a new shield for personal information in an effort to prevent identity theft online. Code named Identity Mixer, or Idemix for short, the software was crafted
by IBM researchers at the company's laboratory in To Jan Camenisch, the lead researcher on the project, it all makes perfect sense: minimize the number of parties with personal information, and the threat of the data being compromised diminishes. "I think that's the first step in safeguarding your data," he said. "If they have it encrypted, they can't lose it." Idemix works by allowing the consumer using the software to get an anonymous digital credential, or voucher, from a trusted third party, such as a bank. Government agencies can also serve as third parties, Camenisch said. . The bank would provide a credential containing a credit card number and expiration date that would be digitally sealed by the Idemix software when an online purchase is made. As a result, the real credit card numbers are never revealed to the merchant. A new encrypted credential would be used every time a new purchase is made. "When people don't have to disclose their personal information on the
Web, the risk of identity theft is dramatically reduced," said John Clippinger,
senior fellow at the IBM will contribute its Idemix software to the Higgins project, an open-source effort led by the Eclipse Foundation aimed at developing user-centric software to manage and protect user identities. A user-centric approach means individuals can actively and securely control who has access to their online personal information, such as bank accounts, credit card numbers and medical records rather than having institutions manage the information, IBM officials said. Currently, the software's code is going through the Eclipse Foundation's IP review process, IBM officials said. Once that's completed, the code will be available on Eclipse through the Higgins Project. The Idemix software will provide the required added layer of privacy to
the Project Higgins framework for true user centric identity management, IBM
officials said. IBM plans to incorporate the Idemix technology into its
Information security analyst Jon Oltsik said he is optimistic that the fact the software is open source would have a positive impact on the speed of its widespread adoption. "In the identity space, we've seen a lot of progress with open standards for federated identity," said Oltsik, of Enterprise Strategy Group, headquartered in Milford, Mass. "There is no reason why open source wouldn't follow suit. Also, this is being managed by the Eclipse Foundation, which is getting a lot of enterprise and industry attention." He added that the software has the potential to be effective in reducing the risk of personal data being compromised by businesses. "Idemix lets a user control who has access to what data," Oltsik said. "In addition, it can work as a trusted response. Rather than asking my bank for an exact bank balance, a mortgage company could ask a yes-no question, like, 'Does this person have a balance in excess of $25,' and get a trusted yes-no response. In this way, we can pass the information necessary for transactions while protecting other private data." Ron O'Brien, a senior security analyst with Sophos, said many people have become cautious online and are skeptical of e-commerce because of security concerns. This software, he said, can go a long way in giving online shoppers peace of mind. "I think this is a huge first step in terms of keeping people using the
Internet as it was intended," he said.
IBM Donates Privacy Code to Open Source
Project LinuxInsider By Erika Morphy January 26, 2007 http://www.linuxinsider.com/story/linux-security/55408.html The Higgins Trust Framework Project is the recipient of IBM code that may allow users to hide their personal information on the Internet. Identity Mixer, the donated software, permits consumers to enter anonymous digital credentials from a bank or government agency to buy a product or enter a Web site that asks for a birth date. IBM has donated code to Eclipse's Higgins Trust Framework Project that it could potentially develop into a tool that allow users to hide or make anonymous their personal information as they conduct business on the Web. Although a product release is about a year or more away, its potential is intriguing, especially as there are no other comparable products on the market at the moment, Mike Neuenschwander, vice president and research director for the Burton Group, told TechNewsWorld. Additionally, a Canadian firm is about to launch a similar product, he noted. Real World Applications The donated software, called "Identity Mixer," allows consumers to present anonymous digital credentials, or vouchers, from a bank or government agency such as the Department of Motor Vehicles to buy a product or enter a Web site that asks for a birth date. "Using the original provider as verification is what is unique about this process," Anthony Nadalin, distinguished engineer and chief security Barracuda Spam Filter - Free Evaluation Unit architect for IBM's Tivoli Software, told TechNewsWorld. For example, someone who wants to purchase music online would receive from a bank a credential containing a credit card number and expiration date. The Identity Mixer software transforms the credential so the user can send it to the online merchant. The real credit card number has not been revealed to the retailer -- just the confirmation that it was a legitimate purchase. There are any number of real world applications Get the Facts on BlackBerry Business Solutions for which this could be used. Certainly, shopping online is at the top of the list, especially because multiple retailers and other Web service providers continue to losing customer information through negligence or theft. Reveal Less Another use would be for a site that requires its users to be over 18. Normally, such sites ask for a birth date to prove that, Neuenschwander said, and that particular data Free Trial - Way Beyond CRM - Learn how Landslide can help you. is also useful to identity thieves. Using this new tool, the consumer would just present a certificate stating he or she was over 18. While it won't completely solve the burgeoning problem of identity theft, Neuenschwander said, a commercial release of the product would certainly help. "The less you reveal about yourself online the better and such a tool would let you do that," he stated. The Higgins project, an open source Latest News about open source initiative for "user-centric" identity management applications -- that is, applications that allow users to control who can access their own information -- was announced in February 2006 by IBM, Novell (Nasdaq: NOVL) Latest News about Novell, the Berkman Center for Internet and Society at Harvard Law School and Parity Communications. IBM also plans to incorporate the Identity Mixer technology into its
It's Jaw-Jaw and War-War for Java and
NetBeans New membership, old
rules The Register By Gavin Clarke January 26, 2007
http://www.regdeveloper.co.uk/2007/01/26/eclipse_jcp_netbeans/ It's business as usual between Eclipse and NetBeans, despite Eclipse's decision this month to join the Java Community Process (JCP). Mike Milinkovich, Eclipse executive director, told The Register that the Eclipse and NetBeans tools environments will continue to compete as separate entities. NetBeans uses the Swing Java toolkit that is developed through the activities of the JCP, while Eclipse is based on Single Widget Toolkit (SWT) Java architecture. Indeed, Eclipse is set to ramp up the competition in terms of technology and level of community support, with the simultaneous release this summer of 22 Eclipse projects for the first time under an initiative called Europa. This is designed to ensure a high degree of interoperability between different projects - spanning Aspect Oriented Programming (AOP), team-based programming, and rich clients - and increase reliability. That's intended to help Eclipse raise its game as a commercial platform, targeting independent software vendors and customers. "We have an amazing culture that values predictability. We are interested in more commercial adoption, and predictability is the value adopters are looking for. They want to know they can rely on the schedule coming from Eclipse," Milinkovich said. In recent months Sun has added many enterprise-class features to NetBeans from its Studio suite, a fact that last week earned NetBeans faint praise from the Burton Group, who politely told InfoWorld NetBeans has become a "more viable alternative" to Eclipse. The emphasis here is on "more". Instead, NetBeans has been dinged for not following Eclipse and reaching outside the IDE into broader areas of development and lifecycle management. While Milinkovich ruled out convergence between Eclipse and NetBeans, killing one very healthy piece of conjecture over possible outcomes from Eclipse joining JCP, it remains unclear why Eclipse signed up in the first place. There's already a lot of overlap between the two groups, as individual- and company level Eclipse members also participate in JCP activities. Officially, it's now all about giving back to the Java community, having taken advantage of its specifications and technologies since 2001. According to Milinkovich, Eclipse is "still looking to see what it would take for Eclipse committers to get involved in JSRs [Java Specification Requests] and expert groups." Issues around intellectual property are "very complex," he noted. For the record, Milinkovich - once again - extended his offer to Sun to
join Eclipse.
Aperi stalled, dead
even? TechWorld By Chris Mellor January 26, 2007
http://www.techworld.com/storage/blogs/index.cfm?entryid=378&blogid=3 The initial Aperi storage system management code is ready to be used but is anybody actually going to do anything with it? The Eclipse web site states; "The Aperi initial code contribution has been approved by the Eclipse Foundation legal team and is now publicly available under the EPL license for download." Storage vendors can get the code and then develop their storage management facilities in its framework. NetApp's Jay Kidd, in charge of emerging technologies activities, wonders who is actually going to use it? He reckons most storage system management products make it easy for other products to view what is going on in the storage devices/software under control; the view APIs, but make it harder to control what's going on, the control APIs. My take on this is say, suppose an Aperi member, like Brocade, wants to make its Aperi product look after HDS TagmaStore devices. HDS isn't in Aperi. Then it would be relatively easy for the Brocade Aperi product to find out the status of those devices but hard for it to get those devices to actually do something. HDS, EMC, NetApp, Symantec, Sun, Qlogic, HP ... the number of storage suppliers not in Aperi has to exceed in market and customer coverage the ones inside Aperi: Brocade/McData, CA, Cisco, Emulex, Fujitsu, IBM, LSI Logic, NetApp and Novell. Kidd said: "Aperi will be a very good idea. Its adoption has been a little slow. EMC has said it's not going to invest in Aperi. We'll work with Aperi but others need to work on it to make it worthwhile." That's the kicker. The anti-Aperi group members won't invest. Will Aperi group members? NetApp and every other storage supplier knows that a heterogeneous storage monitor at this stage of events is a wished-for feature and not a product. So do we all. In effect, vendor's storage management products have open view APIs and closed or private control APIs. Even if Aperi members do produce fully-featured Aperi-compliant storage management products, meaning open view and control APIs, the non-Aperi members will not, and heterogeneous storage management will recede into the future like a mirage in front of a desert traveler. It might be that the Aperi exercise is a time-wasting diversion. Alternatively it would be better for customers if Aperi group members did produce a heterogeneous storage management product that worked with Aperi group member's products even if the great unwashed remained outside. Half a loaf is better than none. What is the point of the SNIA if, in the storage management sphere, it cannot get vendors to co-operate and produce storage management products that storage customers want? At the moment HP's Storage Essentials looks like the leading storage system management product because HP is putting resources behind it and the AppIQ team produced a great initial product. Whether Storage Essentials can overcome the control API inertia facing it though, that is the question. For now we may as well come out with it and say that, like Monty Python's Norwegian parrot, Aperi is stalled if not dead. Despite group members' assertions that this still-looking, non-moving,
non-breathing, silent creature is actually alive and well, the opposite view
says that the Eclipse Foundation project is actually only a nail holding the
dead beast upright on its perch.
Eclipse Project Higgins Demos
Interoperability ComputerWire January 26, 2007 With the RSA Conference coming up next week, the Eclipse foundation wanted to demonstrate that it actually has accomplished something with Project Higgins, an open source personal identity management project launched by IBM, Novell, and Parity Communications almost a year ago. There will be a demonstration of interoperability between Higgins and
Eclipse Project Bandit (a Novell-led effort to build authentication,
authorization, and auditing components) to enable a In the demo, identity data was taken from a Liberty-based source, using Bandit to abstract the authentication of identity data, and the Higgins API to integrate identity, profile, and relationship information across heterogeneous identity management protocols, and feed it to a Media Wiki, which used the Microsoft CardSpace protocol, to authenticate the requestor and provide the authorization to either reads, or read and modify the Wiki. In effect, Higgins would make it possible to create a In conjunction with the RSA demo, IBM has announced that it will contribute technology to obfuscate the Higgins identity token itself. While tokens themselves are intended to communicate the user's attributes without declaring the user's exact identity or other attributes, the obfuscation being proposed by IBM would add yet a second level of identity protection. IBM's contribution is still undergoing the standard IP vetting that all proposed Eclipse contributions undergo, so it is not yet an official part of the Higgins project., Ands it won't make the official first release. Project Higgins was named after an obscure Tasmanian mouse-like creature whose tail touches just about everything. It's designed to automate interactions between end users and online providers without requiring log-ins. At this point, the Higgins project is at the version 0.7 milestone, and,
with maybe a few exceptions here and there, has frozen most of the features
planned for the 1.0 release, which is tentatively set for late summer. With the
demo, Higgins is showing that the basic token service and identity attribute
layers are largely complete. The major remaining work is around the front end,
which is set for internal demo to committees shortly.
Eclipse Releases Data Tools Project
1.0 ComputerWire January 24, 2007 The Eclipse Foundation has released the first official version of the Data Tools Project. Led by Sybase, with backing from IBM, the project focused on three objectives: providing a toolkit for generating relational data structure mappings to objects and XML, and for extract/transform/load. The elements cover database drivers that are generated through templates,
database connection profiles, a database table explorer, and SQL tooling. In
other words, it simplifies connection to the back end database. In so doing,
this echoes the Data Window functionality pioneered in the client/server era by
PowerBuilder, which of course is now owned by Sybase.
Give Me openLiberty Internetnews By Sean Michael Kerner January 24, 2007 http://www.internetnews.com/dev-news/article.php/3655671 The Liberty Alliance wants open source developers to use its protocols, though it isn't about to open source the protocols themselves. The Liberty Alliance today announced the openLiberty Project, an open source initiative designed to offer developers tools for integrating the privacy and security capabilities of Liberty Federation and Liberty Web Services into identity-based services. The initial focus is to enable open source developers to take advantage of the ID-WSF Web Services Consumer (WSC) libraries, which were ratified in October. "Although the Liberty Alliance is sponsoring the launch of openLiberty, it is a distinct and separate effort from the Liberty Alliance," Jason Rouault, vice president of the Liberty Alliance Management Board and CTO of identity management software at HP, told internetnews.com. "openLiberty is strictly about developing code and toolkits based upon
the In short, Rouault said users who want to develop or use Liberty-based open source code should participate in the openLiberty community; to define specifications, users or organization should become a member of the Liberty Alliance. "The reason that this is happening now is to address the need for secure
and privacy-friendly, identity-based Web services, which is the main focus of
"Developers and implementers are getting past the initial stages of federation that deal strictly with single sign-on, and are now looking at the additional value of secure discovery and attribute sharing." Rouault also noted that openLiberty Project was created because there are no existing open source efforts addressing developer needs in this particular portion of the federation space. Rouault does not see the Eclipse Foundation's Higgins framework as a competitive effort. Higgins provides an open source framework for managing identity online; Rouault called Higgins' "complementary" to openLiberty. "I can envision an effort to develop an Eclipse Higgins plug-in taking place at openLiberty," Rouault said. Moreover, Rouault is hoping more application developers will take advantage of the security and privacy benefits of ID-WSF when identity-enabling their Web service applications. Associate membership in the Liberty Alliance will set you back $2,500,
though non-profit organizations can join for free.
Eclipse Data Tools Platform
offered InfoWorld By Paul Krill January 23, 2007 http://weblog.infoworld.com/tcdaily/archives/2007/01/eclipse_data_to.html The Eclipse Foundation on Tuesday released Eclipse Data Tools Platform (DTP) 1.0, which is an open source project featuring frameworks and tools for developing data-centric applications in the Eclipse environment, Eclipse said. Developers with DTP 1.0 can leverage existing data sources, such as enterprise databases, with the Eclipse Platform. "DTP 1.0 provides a rich set of frameworks that solve real-world issues related to the development of data-centric applications," said Mike Milinkovich, executive director of the Eclipse Foundation, in a statement released by Eclipse. "The growth and momentum of the Eclipse data tooling platform project has resulted from the efforts of committers from the Eclipse community, including many from Sybase, IBM and Actuate." DTP 1.0 simplifies development of data-centric applications in
heterogeneous environments by offing agile development tools. It features
components for model-driven development and connection management as well as a
data access framework and SQL development tools.
Macraigor joins Eclipse InfoWorld By Paul Krill January 23, 2007] http://weblog.infoworld.com/techwatch/archives/009842.html Macraigor Systems on Tuesday announced availability of a free Eclipse-compliant debugging solution for embedded systems and is joining the Eclipse Foundation. The embedded debugging offering provides embedded systems engineers with a platform for development and debugging with the Eclipse platform. Macraigor also said it was joining Eclipse as an Add-In Provider. Macraigor will work with Eclipse projects including the C/C++ Developer Toolkit to boost embedded development. The debugging solution, called the Macraigor Eclipse + GNU Tools Suite, packages the Eclipse 3.2.1 IDE, open source GNU tools and a program called OCDRemote, to interface between Eclipse, the GNU debugger and a Macraigor On-Chip debug device. "Eclipse is rapidly becoming the development environment of choice for
building and debugging embedded systems," said Craig Haller, chief engineer of
Macraigor, in a statement released by the company. "By incorporating the free
GNU development and debugging toolset into Eclipse, we are making it possible
for embedded systems engineers to use the tools they are familiar with on a
platform that improves their productivity."
IDEs for Web services -
Eclipse SearchWebServices By William Brogden January 23, 2007 http://searchwebservices.techtarget.com/tip/0,289483,sid26_gci1240284,00.html Probably the best known open source IDE (Integrated Development Environment) is Eclipse. Originally developed by IBM starting in the late 1990s as a development tools platform in Java, it was released to open source licensing in 2001. An organization, the Eclipse Consortium, was created with support from IBM and eight other high tech companies. In order to dispel the impression that some developers had that Eclipse was too much under IBM control, a totally independent not-for-profit organization, the Eclipse Foundation, with its own staff and budget, was created in 2004. A number of well known software organizations contribute money, developer time and direction to the foundation. Developers can now choose from a large number of free and commercial plug-ins that build on the Eclipse architecture. These include commercial products from both IBM and competitors since many software tool vendors now use Eclipse as a stable base for specific toolkits and development environments. Because Eclipse and most of the plug-ins run on Java, this makes it easy for tool vendors to reach all major platforms. There are also a huge number of open source projects and sub-projects hosted by the Eclipse Foundation and an active community of Eclipse users contributing and extending plug-ins. For example, Groovy, the open source Java based scripting language now has a plug-in allowing you to edit, compile and run Groovy scripts. The Eclipse architecture Eclipse supporters feel that they have more than an IDE, they have a Rich Client Platform created by a core set of functions that runs plug-ins plus various useful tools such as text editors that can be used to construct an IDE for a specific set of tools. Although plug-ins can be written in other languages, it appears that most have been written in Java. Eclipse provides version support so that you can update specific plug-ins on a case by case basis directly with the update manager. The Eclipse user interface is organized as a "workbench" window that displays "views" (graphic diagrams, editors, resource lists, etc.) of a project and the resources in a project. The user can customize the location and behavior of the various views to suit each project. Integration with standard developer
tools Like NetBeans, Eclipse provides support for CVS (Concurrent Versioning System), an open source file management system that can facilitate cooperation between multiple developers on a project. The highly flexible Ant open source "build" tool created by the Apache Software Foundation is used to automate various Eclipse processes. You can even import projects that already have Ant build files. Starting with Eclipse 3.1, the popular JUnit toolkit is built in. If you favor Test Driven Development you will find it easy to create test cases in Eclipse. Web service support uses the Apache Axis project version 1.3 for SOAP-related methods and WSDL4J (Web Services Description Language for Java) version 1.5.1 for manipulation of WSDL documents. Note that this is not the absolutely latest version of Axis as there has been a major redesign for Axis2. The version of the Tomcat Web server provided with Eclipse is also several generations behind the latest. I suppose this sort of gap is inevitable as the various open source development teams go charging off in their own directions. One of the disadvantages of using Eclipse or NetBeans will be the potential for toolkit version conflict between the latest and greatest version and the one packaged with Eclipse. Web Tools Platform
package The Eclipse project has a single convenient download package for those who would like to investigate the tools for Web-related applications. The over 200mb zipped download includes the basic core platform plus a large number of preconfigured plug-ins. The Web Standard Tools collection of plug-ins contains tools for manipulation of documents related to specifications published by organizations such as the W3C. For example, there are tools for manipulating XML, XSD, DTD and WSDL documents. Tools for WSDL Eclipse has some cool tools for working with WSDL documents. I experimented with importing a published Web service WSDL file into a Web service client project in Eclipse as follows: 1. Launch the Web services explorer and go to the XMethods registry online. 2. Search for a service using the key word "math" - this found one service. 3. Use the import tool to import the WSDL file to the Eclipse workbench - the imported file now shows up in the list of project resources. 4. Select the WSDL file and choose the option to open with the WSDL graphic editor. This brings up a graphic display of all of the WSDL elements for the available operation. You can easily switch between the graphic and editing views. 5. Select the WSDL file and choose the "generate client" option. The Java source files required to execute the client are created and the library jar files required to execute are added to the project. Creating a Web service The Eclipse Web Service Wizard supports two approaches to creating a Web service called top-down and bottom-up. In top-down development you start with a service description as a WSDL document. Eclipse guides you through setting up the options which will control running the Axis toolkit to create Java code skeletons using the Axis toolkit and Ant tasks. Bottom-up creation of a service involves starting with a Java class that is coded with Java "bean" conventions. The Web Services Wizard can guide you though setting up the parameters needed by the automated process, which creates a WSDL file and Web service classes. Conclusion Eclipse, like NetBeans, enables the developer to take advantage of the
growing volume of high quality open source tools in an integrated environment
and with the support of an active user community. The support for these tools by
IBM, Sun and other major software companies has validated the open source
approach to software development.
Cool Coder Creates Eclipse App for the Application Development Trends By John K. Waters January 19, 2007 http://www.adtmag.com/blogs/blog.aspx?a=20058 Josh Reed recently spent three months in PSICAT, which Josh would like us to pronounce 'sigh-cat,' but which I can't help seeing in my head as ''pussycat'' (even the acronym blows), is an Eclipse Rich Client Platform (RCP) application that he customized to the task of working with stratigraphic columns. The application allows researchers to input core descriptions, and to store underlying information, such as the depths at which sand, ore, mud, fossils, and other materials were found. ''Before, scientists who were interested in particular aspects of the core-say, two- or three-meter sections that don't have any pyrite or don't have fractures-would have to search through 1286 meters of images,'' Josh explains. ''But now, because we have the data, I can type in a few things, and bam, spit out depth ranges for them to go to directly.'' Josh is a soft-spoken (at least on the phone) 24-year-old, studying for
his Masters in Human Computer Interaction at His academic advisor, Cinzia Cervato, is the one who recommended him for this gig. She's an associate professor in the Department of Geological and Atmospheric Studies, as well as a consulting scientist to the ANDRILL project. When she heard at a conference that the project's sedimentologists were logging core samples using bulky drawing tools, such as Corel Draw and Photoshop, she thought there might be a better way, and she thought of Josh. ''I thought that Josh was perfect for the project,'' she told the Iowa State University News Service. ''I had worked with him for a couple of years already and knew that he was a great coder.'' The drawing tools the ANDRILL scientists were using were providing them with pretty diagrams for publication, but they were unwieldy hunks of bloatware in this context. Josh's initial job was to come up with a leaner, more specialized tool with just the features the scientists needed. ''Once I started looking at the problem, I realized that the ultimate solution would be to get away from the images, which just displayed the data,'' Josh says. ''The real solution, for me, was to capture that data, so that they could do other things with it.'' Josh spent a year and a half working on the software, meeting with scientists, gathering requirements, and writing code. During that period, he worked closely with Dr. Chris Fielding, a sedimentologist on the ANDRILL project. He built the application with the Eclipse RCP because of the flexibility its plug-in architecture provided. ''From the beginning we felt that, though we were developing PSICAT for ANDRILL, this was an application that could be used by other projects,'' Josh says. ''Even within ANDRILL there are other groups of scientists who would want their data displayed along with the core log. Eclipse allowed me to develop the features I needed up front, but it also left the door open for new features as they were identified, and for customizations for particular groups.'' He also used the Eclipse Graphical Editing Framework, so he didn't have write any ''yucky'' graphics code. Josh blogged about his adventures in the frozen north, and his account is well worth checking out. Also, the Des Moines Register published some nice shots of Josh standing next to big hunks of ice. The pix on his blog are better. The next time it feels like you're working under harsh conditions, consider coding in temperatures that dipped to 40 degrees below zero. BTW: There has always been this weird intrastate rivalry between Josh's
school, Iowa State, and my alma mater, the University of Iowa-at least as long
as I can remember. When I mentioned that I attended UI about a million years
ago, Josh sort of groaned, so I guess that rivalry persists, at least a bit. He
didn't make a big deal out of it, of course, and neither did I. These kinds of
things are silly. |