Open source project puts users in charge of online ID management

Armonk (NY) - An open source initiative led by IBM, Novell and Parity aims to provide users more control of how various tiers of their personal information is shared with different parties on the Internet. Named "Higgins," the project will compete with Microsoft's InfoCard, which will debut with Internet Explorer 7 and Windows Vista and will allow users to configure multiple ID tiers.

The initiative, which is expected to "spawn a new generation of security software," has been developed based on a concept developed by Harvard Law's Berkman Center. Replacing a current online security environment, in which mostly websites and organizations manage access and the distribution of personal information layers, the Harvard framework calls for a "user-centric" identity management. According to the Eclipse open source foundation, which manages the project, the idea will enable individuals to "actively manage and control their online personal information," such as bank accounts, telephone and credit card numbers, or medical and employment records.

Today's identity management is based in most cases on a virtually blind agreement to privacy policies, which leaves many users in the dark about which parts of their information is used for which purposes. And even if users care about active ID management, which for example is offered by Microsoft's Passport, there is little flexibility available: Typically, such solutions allow users to create only one specific set of data they are willing to share with certain parties on the Internet.

Higgins is designed to manage different contexts around multiple identities a user can assume while being on the Internet. IBM claims that users will be able to create information tiers that are different, for example, when communicating with an employer, a store on the Internet, the cable company or a physician. Under Higgins, the consumer is expected to take more accountability for his actions and decide which information he is willing which personal information in his "digital wallet" he is willing to reveal.

IBM believes that the concept will provide more online security, as less information will be released into the open space of the Internet. For example, merchants would be in contact with consumers in an "authenticated anonymity" relationship. While stores would know that they are dealing with a real person with a certain profile that includes clues what a person is looking for, users do not have to reveal who they are. Higgins also suggests different layers of trusted relationships: For example, a user can authorize another user to act on his behalf - which may be especially useful in family, legal or financial environments.

According to IBM, Higgins will work on every operating system, including Linux and Windows.

Microsoft recently outlined a similar technology, called "InfoCard," which will be part of Internet Explorer 7 and Windows Vista. The company expects that InfoCard will "greatly" reduce the possibility for someone's identity to be compromised on the Internet. InfoCard will be a Windows-only solution.