Posted by rstephe
on June 13, 2003 at 7:44 PM PDT
A number of talks at JavaOne dealt with one aspect or another of creating a secure, persistent digital identity for individuals and groups. As more and more aspects of civil society -- like community, privacy, trust, politics and citizenship -- move online, how do we handle this critical issue?
Several talks I attended this week touched on the important issue of online identity. A talk by Bill Yeager in the JXTA BOF Wednesday night described Virsona, a Sun research project to build a JXTA-based system of presence with ironclad security and privacy. Every individual has complete control over who can learn what about their location and activities. Virsona is targeted to the enterprise.
On Thursday afternoon, Matthew Schmidt and Matthew Porter described the Javalobby Community Platform (JLCP) , an open source portal architecture for community sites. In order to offer a single signon across a federation of community sites, the individual servers form a JXTA peer group to share member login information seamlessly and securely. They acknowledged, however, that corporate firewalls might block this mechanism. They didn't mention whether individuals can determinel which organizations their identity is shared with.
Although I didn't see any presentations addressing it directly, the Liberty Alliance Project , in which both Sun and Java play prominent roles, is offering single signon and profile sharing based on a number of interchangeable and interlinked "identity providers." Microsoft, of course, offers the notorious Passport service, a single vendor solution to persistent identity. Both Liberty and Passport represent global solutions to persisting and sharing our personas as consumers. They are primarily designed to facilite e-commerce and satisfy the needs of large enterprises, and have raised some concerns about individuals' privacy.
Academia, too, faces issues of digital identity. For example, the National Science Foundation's Digital Library Project (NSDL) wants students and researchers to be able to browse seamlessly through a federated library of online collections, many of which require users to be authenticated. The NSDL is handling user identity through the Shibboleth protocol developed for Internet2. From my point of view as an individual, none of these large projects will help me discover and interact with other individuals and groups of my choosing.
At the PlaNetworks conference in San Francisco last weekend, issues of digital identity were addressed more broadly. In a seminal paper: The Augmented Social Network: building identity and trust into the next-generation internet , Ken Jordan, Jan Hauser, and Steven Foster make a compelling case for the need to build a public, open source infrastructure for identity and trust that will allow our social relations and democratic institutions to grow and flourish on the Net. As a result of the PlaNetworks conference, an effort is underway to design and build this infrastructure.
Current plans are to start building this Augmented Social Network (ASN) infrastructure on top of the XNS/XRI/XDI standard, under development in an Oasis committee for several years. An XRI is anExtended Resource Identifier, a generalization of the URI. In this way, user identity and trust can be represented in a standards-based manner, and exchanged via established protocols like HTTP and HTTPS. A key part of this infrastructure would be trusted identity brokers, such as the Identity Commons . A short-term goal is to build an Apache module to handle the XRIs. Although I'm not closely involved in this work, my understanding is that skilled collaborators are probably welcome.