IN SUPPORT OF AN
OPEN IDENTITY

The explosion of extranets and intranets, not to mention the emergence of web service deployments, confront business and technology managers with managing the authentication of digital IDs under the watchful eye of draconian legislation.

    
  by Sylvain Carle, CTO Messagia      
     
 

How many mailing lists are you subscribed to? How many friends have your Internet mail address? How many forms do you fill-in to order buy products on the web every year? How many passwords do you have to remember to log in to all those web sites you go? If you are like me, the answer is way too many!

If you are like me, the answer to these questions is way too many! Now, let’s imagine that you could conveniently manage your digital identity from one central location. Whom would you trust to do that? Microsoft? Sun? Visa? Hah! .... But wait: How about just doing it yourself?

As we present ourselves in digital form more and more often, it becomes more and more important that we manage our digital identity. This is the only way to ensure that none of the personal choice, privacy, security that we’ve come to expect is lost, changed, or abused in cyber space. And now PingID, newly launched by André Durand and some fellows from Jabber, promises just such identity-holder control.

The domain of security and identity is red hot this year, driven in equal parts by the growing number of Internet, extranet, and even intranet applications that need authentication services, the hype over web services, and the clamor surrounding Microsoft .NET and the Liberty Alliance Consortium. While the movers and shakers of the big companies are meeting and politicking, PingId is charging ahead at full speed with the creation of a digital identity platform that has a plan for an architecture, API, software implementation, and infrastructure services.

It's a project earmarked with a good mix of bottom-up design and development nurtured by critical thinking and a sharing approach. Doubtlessly you have heard the old canard about a horse designed by a committee? Well it sure applies here. On the other hand, the combination of the understanding of the “digital identity problem” and real development will surely lead to practical and useful application for end users and providers of those services.

  
         
 

While still under the radar of the tech industry, PingID continues to advance towards its goal of ensuring all of the rights and privileges that we enjoy with our real world identities are carried over to our digital identities.

   
     
 

The Ping Digital Identity Infrastructure (DII) is an end-to-end framework to build Digital Identities for people, businesses, governments, web services, and even devices so that these entities can engage in business transactions. Currently, the PingID platform is coalescing around an architecture, an API, a software implementation and infrastructure services. Nonetheless, the core contribution of the Ping Identity project is a philosophy and an open source community of great minds to shape the vision of an identity management system that ensures maximum control by you, the identity holder, and not some mega-conglomerate.

  
         
 

The ambitious nature of this project becomes clear when one considers the body of knowledge required to develop such a platform for digital identity management. A quick look at the system architecture reveals concerns like networking protocols, authentication mechanisms, encryption methods, infrastructure needs and constructs such as trust, privacy, security, and control.

For business developers and software vendors, key elements of PingID include: a vendor neutral standard, an open development process, and a hybrid license model featuring a free Open Source Community Edition along with commercial versions. Basic Ping DII components are written in C. Standard services include an XML cryptography engine, an encryption key handler, a SAML document handler, connectors for LDAP and Apache, along with core applications for auditing and diagnostics.

   
     
 

These building blocks can be used in corporate or public applications that need to manage or assert an identity, as distinct code modules or accessed as web services thru SOAP. My guess is that the network centric version is the one that will gain the most traction in the short term with rich clients being deployed over the years.

If you are developing a web application today—especially a large scale one—you will be confronted by many of the challenges the PingID project is tryng to solve. Wouldn’t it be nice if you could avoid reinventing the wheel? Even on a local network with common infrastructure technology, such as LDAP or Radius, you will always be confronted with new challenges. New regional offices, mergers, access to partners are all common scenarios that stresses today’s centralized network authentication architectures. Enterprise portals are another area where these core services would definitely be useful. By giving the control of their digital identity back to the users while maintaining levels of trusts and reputation in your system, you are able to create scaleable applications and prevent mishaps that could arise from unplanned use cases in your identity management framework.

The PingID project is still nascent and digital identity management is also fairly new. Vendors like Novell, Oblix and Ascio have offered solutions for a couple of years and others have begun to consolidate digital identity features into their offerings such as Microsoft with .NET and SUN with ONE. Nonetheless, the truth is that the domain is still just emerging. Keep an eye open on PingID and visit the Digital Identiy Weblog (http://weblog.digital-identity.info/), Digital Identity World (http://www.digitalidworld.com/), my weblog (http://afroginthevalley.weblogs.com/) and Open Mag for updates on this crucial piece of today’s Internetworked application puzzle.

—Sylvain Carle is CTO of Messagia, a Montreal-based company that focuses on digital messaging.