incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Recordon, David" <drecor...@verisign.com>
Subject RE: [PROPOSAL] Heraldry Identity Project
Date Sat, 24 Jun 2006 03:54:00 GMT
At the Berkman Identity Mashup Conference
(http://www.identitymash-up.org/) last week, there was a joint
announcement by Microsoft, Novell, IBM, SXIP, XRI, and VeriSign around
the future of OSIS (http://blogs.zdnet.com/BTL/?p=3229).  OSIS will
morph into a working group under Identity Commons with two goals:
1) To enable those projects to work independently, but aligned, so
overlap of work is avoided, and the parts developed by different
projects can fit 
2) To deliver an open-source identity selector as a joint effort of
multiple projects, which is intended to be at least as functional, and
fully compatible, with Microsoft's CardSpace (formerly known as
InfoCard) identity selector that will be shipped with Windows Vista.

>From the OSIS agreement (http://osis.netmesh.org/wiki/OSIS_Agreement),
the Heraldry project would focus, as far as its interaction with OSIS,
on developing relying party code, a light-weight identity provider, and
a STS for managed i-cards to integrate with Higgins.  The Eclipse
Higgins project will then focus on client code for both a browser based
and rich client identity selector as well as a STS for self-issued
cards.  In the end, this means that OpenID will integrate with Higgins
which will/does integrate with Microsoft's CardSpace technology.

This obviously has an impact on the original Heraldry project proposal
since one of the goals was a desktop component to this technology, with
the idea of working with the OSIS effort to produce it.  In the end, all
of this is good news.  It shows convergence within the space, Higgins
working with CardSpace, OpenID working with Higgins, and a working group
to provide a way to help all of these projects to work independently,
but aligned.

I've updated the Heraldry proposal on the wiki
(http://wiki.apache.org/incubator/HeraldryIdentityProposal) to reflect
this and look forward to meeting all of you in Dublin next week!

--David

-----Original Message-----
From: Recordon, David [mailto:drecordon@verisign.com] 
Sent: Monday, June 19, 2006 4:04 AM
To: general@incubator.apache.org
Subject: [PROPOSAL] Heraldry Identity Project

Proposal
------------------
This is a proposal to create a project within the Apache Software
Foundation to develop technologies around the emerging user-centric
identity space.

The project would start with Yadis [1] for URL/XRI-based service
discovery, OpenID [2] for web based single-sign-on and the basis of
exchanging profile data, and to create a desktop component with a
standard look and feel, ideally working with the Open Source Identity
Selector (OSIS) [3] project.  We are currently working with those
involved in the OSIS project to determine if it would be possible, and
they willing, to integrate their effort as a part of this one.  If not,
we still see the value of having a desktop component of this
infrastructure.  The project would be tasked with the further
development of these technologies as well as creating a bridge between
the light-weight URL/XRI based identity technologies and the desktop.

Yadis is currently being standardized within OASIS as part of the XRI
effort, OpenID has emerged as a de-facto specification, and OSIS does
not depend on a specification although the further development of its
architecture document would ideally be part of this project.


Rationale
------------------
While identity systems such as X.509 have existed for many years, and
more recently SAML and the Liberty Alliance framework, only within the
past two years has there been a true emergence of user-centric
technologies.  Pursuant to Kim Cameron's laws of identity, technologies
such as LID, Yadis, OpenID, and Sxip were defined to put control of a
person's digital identity back into their own hands.

Both Yadis and OpenID have reached a point where they have millions of
users and a strong community backing.  On May 28th 2006, Brion Vibber of
WikiMedia announced in a Google Tech Talk that WikiPedia would support
both of them within the following month.  This sort of broad adoption
and traction has not been seen with other technologies of this kind in
this space.

By bringing these technologies and ideally the OSIS effort to one place,
these communities will have a place to fully converge and continue the
development of interoperable implementations.  Additionally, by not just
focusing on light-weight URL/XRI based identity systems, ASF will be
able to provide a foundation where a person can use one or more digital
identities consistently across blogs, eCommerce sites, and portals as
well as even high-risk transactions via their desktop computer.

Currently Apache does not offer any project such as the one being
proposed.  Integration with projects such as Lenya would definitely be
encouraged.

Initial Goals
------------------
 - Expansion of Yadis and OpenID libraries into additional languages
beyond the existing Python, Ruby, Perl, and PHP libraries
 - OpenID authentication specification revision to fix known security
considerations, investigate compatibility with the DIX IETF proposal,
describe Yadis integration, and allow either an URL or XRI be used as
the End User's Identifier
 - Continue the development of a data transfer protocol on top of OpenID
to allow the exchange of profile data as well as other secure messages
 - Investigate existing mechanisms for profile exchange, namely Sxip 2.0
and SAML, and investigate how they would be layered atop OpenID
 - Development of an identity selector for Windows, OS X, and Gnome/KDE
including interoperability with Yadis/OpenID
 - Extension of OpenID to support non-browser based authentication use
cases.  ie authentication to a Subversion server using your OpenID
Identity without modifying the svn client-side tool

Known Risks
------------------
Commercial Interest
 - Many companies are currently working to build businesses supported on
top of these technologies.  As part of the code contributions, VeriSign
will contribute source to their Personal Identity Provider to provide a
complete base with both libraries and a sample application.  VeriSign
intends to continue development of the PIP and to contribute it within
ASF, although it hopes others will contribute to it as well.

Licensing, Patents, Miscellaneous Legal
 - The OSIS community currently works with Microsoft to have a covenant
not to sue around the InfoCard identity selector look-and-feel
 - We are still in the process of discussing with the OSIS community if
they would be involved in this project

Criteria and Warning Signs
------------------
This proposal is not the result of an orphaned or abandoned project, but
is the result of the continued emergence of a strong community around
these technologies.  Many of the initial contributors have a strong tie
to the Open Source community and do not rely on their salaried position
to continue contributing code.

The OpenID and Yadis communities have both been built on a foundation of
meritocracy with open discussions to shape the technologies.  The
initial committers certainly see the value in the Apache brand and
believe the emerging community will benefit from further widespread
collaboration as well as give the existing developer community a place
to converge and create a community that will outlive the founders.


Initial Source
------------------
OpenID has been in development since the summer of 2005.  It currently
has an active community (over 15 million enabled accounts) and libraries
in a variety of languages.  Additionally it is supported by
LiveJournal.com and is continuing to gain traction in the Open Source
Community.

Yadis has been in development since late 2005 and the specification has
not changed since early 2006.  Like OpenID, it has libraries in various
languages and there is a large overlap between the two communities.  The
specification is currently being incorporated in the XRI Resolution
Working Draft of the OASIS XRI TC (which operates under a 100%
royalty-free IPR mode as detailed in the XRI TC charter at
http://www.oasis-open.org/committees/xri/charter.php.)

OSIS is a project committed to the development and distribution of
non-Microsoft implementations of Microsoft's "InfoCard" technology. OSIS
stands for "Open Source Identity Selector", and is a collection of
interested parties including but not limited to: Red Hat, Novell, IBM,
VeriSign, XDI and of course Microsoft. The goal of the community to
develop a common, open source code base and software practice for
implementing "InfoCard" technology on disparate operating platforms
(Mac, Gnome, KDE, PalmOS and others) as means to providing a uniform
user experience in choosing, managing and deploying identity resources
for internet users.


Source and Intellectual Property Submission Plan
------------------
Initial Submissions
 - The OpenID specification and content on openid.net from Brad
Fitzpatrick of Six Apart, Ltd. and David Recordon of VeriSign, Inc.
 - The domains openid.net and yadis.org from Brad Fitzpatrick of Six
Apart, Ltd. and Johannes Ernst of NetMesh, Inc.
 - OpenID libraries in Python, Ruby, Perl, PHP, and C# from JanRain,
Inc.
 - Yadis libraries in Python, Ruby, Perl, and PHP from JanRain, Inc.
 - OpenID and Yadis test suites from JanRain, Inc.
 - OpenID libraries in Perl from Brad Fitzpatrick of Six Apart, Ltd.
 - OpenID Consumer Ruby on Rails plugin from VeriSign, Inc. and
EastMedia Group.
 - PHP based OpenID Identity Provider from JanRain, Inc.
 - Patch to enable OpenID and LID support in MediaWiki from NetMesh
 - Yadis conformance test suite from NetMesh and VeriSign, Inc.

We will also be soliciting contributions of further plugins and patches
to various pieces of Open Source software.

Additional Submissions
 - Source of the Personal Identity Provider from VeriSign, Inc. and
EastMedia Group, Inc. ideally by August 1st, 2006.
 - XML DSIG libraries in Perl, PHP, Python, and Ruby from VeriSign, Inc.
and Sxip Identity, Corp. in mid-July, 2006.  We realize that it may make
more sense to contribute these libraries to a different ASF project such
as the TSIK subproject of Apache Web Services.


Resources
------------------
We foresee only standard Apache developer resources to be created.

Mailing lists:
 - heraldry-dev
 - heraldry-commits
 - heraldry-user

Subversion repository:
https://svn.apache.org/repos/asf/incubator/heraldry
Overtime, it may be worthwhile to split the project into multiple
repositories to make branching/tagging easier while developing plugins,
libraries, and full applications.

Jira project


Documentation
------------------
[1] Information on Yadis can be found at:
http://yadis.org
http://www.openidenabled.com

[2] Information on OpenID can be found at:
http://www.openid.net
http://www.openidenabled.com

The mailing list for both OpenID and Yadis is located at:
http://lists.danga.com/mailman/listinfo/yadis

[3] The OSIS mailing lists are located at:
http://mailman.netmesh.us/pipermail/osis-general/
http://mailman.netmesh.us/pipermail/osis-dev/

The OpenXRI mailing lists are located at:
http://mail.idcommons.net/mailman/listinfo/openxri

Initial Committers
------------------
David Recordon (drecordon@verisign.com)
Andy Dale (andy.dale@ootao.com)
Brad Fitzpatrick (bradfitz@sixapart.com) Brian Ellin (brian@janrain.com)
Dan Lyke (danlyke@flutterby.com) Dan Quelhorst (dan@abtain.com) Drummond
Reed (drummond.reed@cordance.net) Johannes Ernst (jernst@netmesh.us)
Jonathan Daugherty (cygnus@janrain.com) Josh Hoyt (josh@janrain.com) Les
Chasen (les.chasen@neustar.biz) Matt Pelletier (matt@eastmedia.com)
Michael Graves (mgraves@verisign.com) Paul Trevithick
(paul@parityinc.net) Steve Churchill (steven.churchill@ootao.com)
Trotter Cashion (cashion@gmail.com) Wil Tan (william.tan@neustar.biz)


Apache Sponsor
------------------
We respectfully request that The Board of the Apache Software Foundation
sponsor this project.


Apache Champion
------------------
Ben Laurie (benl@google.com) - Champion


Contact
------------------
David Recordon, Innovator for Advanced Products and Research
VeriSign, Inc.
487 East Middlefield Road
M/S MV6-2-1
Mountain View, CA 94043

Email: drecordon@verisign.com
Phone: +1-650-426-4424

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message