Cross-posted from independentidentity.blogspot.com

Over the past few months, a good deal of progress has been made around IGF and the open source implementation around it. In particular, last fall, Liberty Alliance ratified the IGF 1.0 specification as final. In mid January we published ArisID 1.1, the first open source implementation of IGF 1.0. Finally in late January, we checked in the first implementation of an open source provider based on OpenDS 2.2 (more on that below).

ArisID is an API for accessing and managing personal or identity related information using CARML as an XML data model. In addition to being useful from a privacy perspective, CARML enables important new developer features:

• The ability to automatically generate a data model in the form of Java beans.
• The ability to use sophisticated data providers that can connect applications to personal information sources using multiple protocols and virtualization.

If the principles of using an XML data model sounds familiar, it should. ArisID follows very similar architecture to Java Persistence Architecture. The key difference is that use of the CARML data model does not assume the pre-existance of a particular database or LDAP schema. Instead, a developer is able to create an application specific data model and write code as if the data model were a straight forward database. Then, at runtime, the provider layers of the API can be configured to connect to many different types of data repositories and network configurations including multiple directories or databases. With little effort, developers are able to create sophisticated applications that have much greater deployment flexibility in the types of data sources and repositories they can support, including remote and third-party sources.

Starting with the Oracle Fusion PS2 release, Oracle began to integrating this technology into its own products, setting the stage for a new level of support for open protocols and scalable enterprise deployment scenarios. For more information on how Oracle is using IGF and ArisID in 11gR1, check out the whitepaper, “Oracle Identity Management 11gR1“.

As mentioned earlier, ArisID depends on “provider” modules to do the work of implementing data model requirements as expressed in application specific CARML declarations. At present there are now 2 implementations available:

• The Oracle OVD Provider for ArisID “Preview” is the first provider to support the ArisID 1.0 API. A developer preview is available here. Expect an update in the next quarter regarding ArisID 1.1.
• A brand new OpenDS 2.2 provider for ArisID is now available in the openLiberty sourceforge project repository. The new OpenDS provider allows developers to use OpenDS instead of OVD as a repository for applications using ArisID 1.1. The OpenDS Provider for ArisiD the first fully open source ArisID Provider implementation. For more information consult the readme file contained in the OpenDS Provider for ArisID distribution zip.

Project Aristotle is now moving forward with efforts to support integration into popular IDEs. As always, new contributors are always welcome, please see the OpenLiberty.org web site for more information. Also, feel free to subscribe to the igf-dev mailing list.

Finally, thanks to the OpenDS team (Ludovic, Bo, Matthew) for their assistance in helping to get the first open source implementation of a provider for ArisID done. In some respects, the Oracle/Sun merger delayed a lot of this work, but now that it is done, we can get back to work and contribute more to our respective projects. As Nishant Kaushik says, Sun + Oracle = Exciting Days Ahead! By the way, click here for webcasts about Fusion Middleware and in particular Identity Management.

Cheers,

Phil Hunt, Oracle

I am happy to announce that Project Aristotle won an award for “Best new or improved standard” at the European Identity Conference. The win is shared with the Open Authentication (OAuth) and the Information Card Foundation (ICF).

The European Identity Award for the category “Best new or improved standard” went to the Aristotle Project for ArisID, an important enhancement of IGF (Identity Governance Frameworks) and CARML, which enhances user-friendliness of these important standards for IAM and GRC. This particular innovation had been promoted and supported by Oracle. The standardization initiative OAuth (Open Authentication) receives an award for their streamlined approach for authentication standardization, which finds a lot of market interest. The last award in this category goes to the Information Card Foundation (ICF) for standardizing the important approach of Information Cards for future identity management.

Congrats to the contributors of openLiberty, the members of Liberty Alliance TEG, as well as my colleagues at Oracle, who all contributed to the effort. Congratulations to OAuth and ICF as the co-winners!

A special thanks to Kuppinger Cole for organizing the event and for taking the time to recognize the efforts of all the award winners and of standards development in general.

Thanks to all who attended the webcast on ArisID this morning!  It’s always great to talk about this stuff and share ideas!

A copy of the presentation can be obtained here.

Also, as promised, here is a video of the Sonic Records ArisID demonstration.  You can view it online here.  Or, you can download the full-size video here (24MB).

Phil

Re-post from independentIdentity.blogspot.com…

From Liberty Alliance:

ArisID, the first open source software implementing Liberty Identity Governance Framework (IGF) components, provides enterprise developers and system architects with a library for building enterprise-grade identity-enabled applications using multiple identity protocols, and lays the groundwork for allowing enterprises to manage and audit the identity requirements of business applications based on declarative IGF policy specifications. This webcast will provide participants with an overview of the ArisID API, discuss benefits for developers and enterprises, and review the project roadmap. Developers will understand how to begin using ArisID to build IGF-based applications and the identity community and vendors will gain insight into how the open source ArisID API and information providers help fulfill multi-protocol identity management requirements.

Registration

For those of you who have been following my blog, you’ll know I have been talking for sometime about IGF and the need for a declarative identity API in order to making identity services more relevant to developers. Here’s your chance to see more about what I’ve been talking about all this time.

Phil

For some time now, there has been a lot of work going on at OpenLiberty to design a new “declarative” API that enables application developers to write applications that consume, and manage identity information in a way that allows infrastructure components take care of all the nasty problems like
* Which protocol to use
* What data providers are appropriate for the current transaction
* How do I write robust code given that I don’t know the protocols or APIs very well?

Well, the answer is here. Release 1.0 of ArisId is now available at OpenLiberty.

The ArisID API implements the CARML (Client Attribute Requirements Markup Language) and Privacy Constraints IGF specifications Liberty Alliance released earlier this year. ArisID demonstrates how CARML and Privacy Constraints policies may be used by developers to create declarative identity applications. The open source ArisID declarative approach defines what identity-enabled transactions can be performed to ensure applications only use identity information required to complete a transaction. This allows developers to build secure identity-enabled enterprise applications that are easily auditable and protect the personally identifiable information (PII), such as a social security number or credit information, of people engaging in enterprise identity-enabled transactions.

Be sure to read the full press release here.

I would like to thank my Oracle colleagues who have contributed to the project, as well as the members of OpenLiberty for hosting this project. There is much more to come, stay tuned!

Further reading:
* Open Liberty Project Aristotle Wiki
* Liberty Alliance Press Release
* Frequently Asked Questions
* Oracle Provider for ArisID
* IGF Standards and CARML Specifications