Who do you trust more than Microsoft?

Who do you trust more than Microsoft?

Summary: IBM and Novell announce donations of code and support for the Higgins open source identity management framework.

TOPICS: Microsoft

Microsoft's project Hailstorm promised single sign-on and selective sharing of personal information stored at a central location. However it withered on the vine because a) central information stores are juicy targets for thieves, and b) nobody quite trusted Microsoft to keep their deepest secrets safe from prying eyes.

Today Novell and IBM threw their weight behind a framework that uses completely different approach: project Higgins. First, it's an API that aggregates trust providers from many different vendors. For example IBM is planning to use it in its commercial Tivoli identity management software. Programmers can write smart secure applications using these calls and not be locked in to any particular technology or provider.

Second, it's designed mainly for local trust stores under control of the user. Thus in order to get a million credit card numbers, an identity thief would have to compromise a million computers instead of just one central server.

Although some vendors (*cough*Microsoft*cough*) would have you believe security by obscurity is best, open source code provides the ability to audit the code for yourself to make sure. A good hacker with a disassember can pretty much see any code anyway, so don't kid yourself otherwise.

When asked if Higgins was intended to be competition for Microsoft's latest initiative, InfoCard, Anthony Nadalin, chief security architect at IBM said:

"We are not here to create another identity system; we are here to aggregate the existing systems. We have invited Microsoft to participate...and we will continue to work with Microsoft to integrate with InfoCard. We think that has to happen."

So far Sun hasn't been mentioned, but if Sun and Microsoft join the project, I'll eat my blog.

Topic: Microsoft

Ed Burnette

About Ed Burnette

Ed Burnette is a software industry veteran with more than 25 years of experience as a programmer, author, and speaker. He has written numerous technical articles and books, most recently "Hello, Android: Introducing Google's Mobile Development Platform" from the Pragmatic Programmers.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • That 'd be a sight

    Hmmm, Ed eating his blog... You are just looking for an excuse to start up a new blog. :-)

  • well to your question

    who do i trust more that microsoft, everybody i would put more trust into my local shylock is making me a fair deal that put 2 once of trust into microsoft .....

    as far as eating your blog here a few recipe that coudl be nice

    Blog with hollandaise sauce top with white truffle
    blog with balsamic vinegar with liver
    Blog with salt and fried rapini
    blog with anything you like with a lots of beer (help pass the rough corner )
  • You guys eat too much

    After spending the last 4 weeks reading tech blogs from all sorts of media I've come to the following conclusion.

    If the world of technology, as ruled by the hated evil empire in Redmond, were even close to the picture portrayed in the tech media/blogs, the world would have come to a grinding halt a few years aqo.

    I'd be sitting here with pencil and paper thinking how god-awful my handwriting is and wondering how long this letter-to-the-editor would take to get to Ziff Davis Magazines.

    I'd probably be writing/complaining how the information age had given way to a re-birth of the industrial age. I wonder how Bill Gates would look with handlebar moustache, slicked back hair, a vest and pocket watch.

    You guys eat way too much of your own dogfood.