Foundation gathering, open sourcing ID technology

Foundation gathering, open sourcing ID technology

Summary: The OpenID Foundation introduces a message bus with identity capabilities as part of plan to create venue where ID technology can be vetted, open sourced and made available to enterprises, Web site operators and others.

SHARE:
1

Vail, Colo. – The OpenID Foundation is quietly gathering technology and open source projects in hopes of establishing a neutral location where enterprises can get vetted identity resources separated from the financial interest of vendors.

The Foundation opened up on its plans Monday at the annual Cloud Identity Summit and introduced the newest open source project it is shepherding, a sort of Mash Up 2.0 with security built in via identity.

“Different parties of interest create a protocol and bring it to the foundation to open source it,” said Don Thibeau, executive director of the OpenID Foundation. “We are going to see more of that. ”

The Foundation’s goal is to create a place where technology that focuses on or incorporates identity can come to be poked, prodded and dissected by identity experts in order to prove its resiliency and true worth.

So far, Google has donated the intellectual property for a user interface it developed called Account Chooser, a simple, open standard log-in interface for the Web. There is also a corresponding Web site maintained by the Foundation that provides a place for users to manage their identities for use with Account Chooser.

On Monday, the Foundation showcased its newest addition, a message bus technology called Backplane, which was developed by Janrain and Echo. The code has been open sourced and made publicly available at github.

Backplane creates a behind-the-scenes secure framework that lets applications on a Web page share information, including log-in information. Application widgets listen for messages and pick up those that are relevant to the service it provides.

Say a user enters a comment, that message is put on the Backplane and picked up by other services, say a rewards app that calculates a user's activity.

Message authentication is based on OAuth 2.0, which standardized client registration on the Backplane and lets site operators control access to data for each individual widget.

“The widgets can get the identity or activity events, without knowing the details of who is providing that,” said Brian McGinnis, director of engineering for Janrain.

Without the Backplane, each widget would need to be secured and individually integrated into the Web site.

“Our goal is to make a better widget infrastructure,” says McGinnis. “We went to the OpenID Foundation because we are looking to standardize this protocol and a big portion of it is identity, OAuth 2.0 and portable contacts. The Foundation is made up of some of the smartest people in identity and we wanted that brain trust to help us expose issues in the protocol.”

A Backplane is unique to each Web site or group of sites and pulls together collections of application widgets that already have a trust relationship. Access to the Backplane is not available to apps outside the trust.

The Backplane includes a server-side installation, a set of APIs and a JavaScript library. The server can run locally or as an online service.

Janrain is currently hosting a free Backplane service used by the likes of the Washington Post, Sports Illustrated and Universal Music Group. A total of 500 sites are using Backplane today.

Geant, the European computer network for research and education, is developing a similar message bus capability called GEM Bus.

“People want a neutral body to control technology like this,” says Thibeau, the Foundation’s executive director.  “This shows the power of crowd sourcing this kind of technology, people have an incentive to push the protocols to their limits.”

(Disclosure: My employer is the lead sponsor of the Cloud Identity Summit).

See also:

Topics: Open Source, Security

About

John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • We like the neutral party

    We like the idea of a common place for technology that focuses on identity. As an IT Company, we are interested to see how this neutral body will play in controlling this technology.
    Mosaic Technology
    http://www.mosaictec.com
    ICEWorldwide