For reasons that even I don’t completely understand, I have always had a soft spot in my heart for the Higgins project. Perhaps it’s because I am a bit of a closet libertarian. I strongly believe that control over your identity is a human right of the first order. The proliferation of my personal information captured beyond my control here and there by corporate and government interests on the internet is simply something that I find extremely distasteful.
So imagine my excitement after meeting a few years ago with the SocialPhysics team of John Clippinger, Mary Ruddy and Paul Trevithick and their interest in giving control of identity back to the individual. Here was a group of people thinking about two of the deep issues that are going to affect all of us in the future. (a) how will we maintain personal control over our identity in a web-based world and (b) how will we build, describe, and maintain the trusting relationships that each of us as humans build in our social networks?
Better yet, they were interested in doing their work at Eclipse. An interest that I am guilty of shamelessly encouraging. Shortly after that first meeting, the Eclipse Trust Framework (Higgins) project was proposed at Eclipse.
No one knows with certainty what the future holds. But I am sure that the internet is going to be a huge part of humanity’s social and cultural fabric. For many, our basic human needs for community — a desire for belonging and mutual support that is hard wired into the basic circuitry of the human heart and mind — are going to fulfilled by the connections we build and maintain over the web. And a hugely important question remains open: are those connections going to be defined and thereby controlled by Google or Microsoft or your national govenment or who knows who? Or are they going to be defined and controlled by the individual? Technology aside, those are the questions being addressed by Higgins and the broader community of interest around identity management of which it is part.
Higgins does not exist in a vacuum. Identity management is an area of huge interest and energy. The team collaborates with many in the industry, including The Identity Gang, OSIS, IBM, Novell, Oracle and (interestingly) Microsoft. The latter in that list deserves some special mention, as Kim Cameron of Microsoft is clearly one of the thought leaders in this space. His Laws of Identity are widely regarded as defining the basic requirements for systems which maintain personal control over identity. And in classic Canadian style, he denies any interest in the philosophical or ethical drivers for doing so. For him, its all about pragmatic compromise. In his own words: “…a system which does not put users in control of their own identity will — on day one or over time — be rejected by enough users that it cannot become and remain a unifying technology. The accordance of this law with our own sense of values is essentially irrelevant.” Ah, a perfect storm of pragmatism and philosophy.
As a lifelong sci-fi fan, I think of Kim’s laws as a real-life equivalent of Isaac Asimov’s Laws of Robotics: simple, concise and fundamental. I highly recommend that you read and reflect on Kim’s laws, and as a consumer and citizen of the internet demand that the systems you interact with reflect their values. My personal favourites of the laws are #1 and #6:
1. The Law of Control: Technical identity systems MUST only reveal information identifying a user with the user’s consent.
6. The Law of Human Integration: The universal identity management system MUST define the human user to be a component of the distributed system, integrated through unambiguous human-machine communications mechanisms offering protection against identity attacks.
Why Microsoft is investing in leading this space is a question that gets asked a lot. The company is an perennial lightning rod for distrust. However, I believe there are three very good reasons to give them some trust on this:
- Kim Cameron is there. I’ve actually never even met the gentleman. But his candor, thoughtfulness and gravitas is a credit to the company. (Read his blog, listen to this podcast and let me know if you disagree.) Every once in a while you run into someone whose personal credibility transcends their current employer, and Kim is clearly one of those people. Do I think that Kim would resign if he thought that the corporation he represents was acting against the principles he holds dear? In a heart beat. Kim is quite literally our canary in this particular coalmine.
- Identity is good business. Consumer-to-business transactions account for billions of dollars today and are growing rapidly. But if the internet gains a reputation as a dangerous place for consumers, that business is threatened. Clearly the existing metaphors for access, identity and security neither scale nor inspire confidence.
- This one is pure conjecture, but if I’m right is even more important. I believe that Microsoft is philosophically aligned with the notion of personal control of identity information. Recall that Microsoft was founded on the idea of the personal computer. Their raison d’etre was originally around the personal use of computing. The explosive growth of the internet has never really been captured by Microsoft (thank goodness, most likely). However, given their roots in empowering the individual computer user, I hypothesize that they have an institutional imperative that aligns with this initiative.
This past week marks a couple of major milestones for Higgins.
- IBM announced the contribution of its IdentityMixer code to Eclipse Higgins
- the team has issued a press release, along with Novell, announcing their upcoming demo at RSA of a “…a reference application that showcases open source identity services that are interoperable with Microsoft’s Windows* CardSpace* identity management system and enable Liberty Alliance-based identity federation via Novell® Access Manager…“.
An Eclipse-related press release with supporting quotes from Microsoft and the Liberty Alliance tells me that there is something special going on. Maybe Mickey won’t be the only famous mouse for much longer 😉