Who do you trust more than Microsoft?

Summary:IBM and Novell announce donations of code and support for the Higgins open source identity management framework.

Microsoft's project Hailstorm promised single sign-on and selective sharing of personal information stored at a central location. However it withered on the vine because a) central information stores are juicy targets for thieves, and b) nobody quite trusted Microsoft to keep their deepest secrets safe from prying eyes.

Today Novell and IBM threw their weight behind a framework that uses completely different approach: project Higgins. First, it's an API that aggregates trust providers from many different vendors. For example IBM is planning to use it in its commercial Tivoli identity management software. Programmers can write smart secure applications using these calls and not be locked in to any particular technology or provider.

Second, it's designed mainly for local trust stores under control of the user. Thus in order to get a million credit card numbers, an identity thief would have to compromise a million computers instead of just one central server.

Although some vendors (*cough*Microsoft*cough*) would have you believe security by obscurity is best, open source code provides the ability to audit the code for yourself to make sure. A good hacker with a disassember can pretty much see any code anyway, so don't kid yourself otherwise.

When asked if Higgins was intended to be competition for Microsoft's latest initiative, InfoCard, Anthony Nadalin, chief security architect at IBM said:

"We are not here to create another identity system; we are here to aggregate the existing systems. We have invited Microsoft to participate...and we will continue to work with Microsoft to integrate with InfoCard. We think that has to happen."

So far Sun hasn't been mentioned, but if Sun and Microsoft join the project, I'll eat my blog.

Topics: Microsoft

About

Ed Burnette has been hooked on computers ever since he laid eyes on a TRS-80 in the local Radio Shack. Since graduating from NC State University he has programmed everything from serial device drivers and debuggers to web servers. After a delightful break working on commercial video games, Ed reluctantly returned to business software. He... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.