I am happy to announce that Project Aristotle won an award for “Best new or improved standard” at the European Identity Conference. The win is shared with the Open Authentication (OAuth) and the Information Card Foundation (ICF).

The European Identity Award for the category “Best new or improved standard” went to the Aristotle Project for ArisID, an important enhancement of IGF (Identity Governance Frameworks) and CARML, which enhances user-friendliness of these important standards for IAM and GRC. This particular innovation had been promoted and supported by Oracle. The standardization initiative OAuth (Open Authentication) receives an award for their streamlined approach for authentication standardization, which finds a lot of market interest. The last award in this category goes to the Information Card Foundation (ICF) for standardizing the important approach of Information Cards for future identity management.

Congrats to the contributors of openLiberty, the members of Liberty Alliance TEG, as well as my colleagues at Oracle, who all contributed to the effort. Congratulations to OAuth and ICF as the co-winners!

A special thanks to Kuppinger Cole for organizing the event and for taking the time to recognize the efforts of all the award winners and of standards development in general.

Thanks to all who attended the webcast on ArisID this morning!  It’s always great to talk about this stuff and share ideas!

A copy of the presentation can be obtained here.

Also, as promised, here is a video of the Sonic Records ArisID demonstration.  You can view it online here.  Or, you can download the full-size video here (24MB).

Phil

Re-post from independentIdentity.blogspot.com…

From Liberty Alliance:

ArisID, the first open source software implementing Liberty Identity Governance Framework (IGF) components, provides enterprise developers and system architects with a library for building enterprise-grade identity-enabled applications using multiple identity protocols, and lays the groundwork for allowing enterprises to manage and audit the identity requirements of business applications based on declarative IGF policy specifications. This webcast will provide participants with an overview of the ArisID API, discuss benefits for developers and enterprises, and review the project roadmap. Developers will understand how to begin using ArisID to build IGF-based applications and the identity community and vendors will gain insight into how the open source ArisID API and information providers help fulfill multi-protocol identity management requirements.

Registration

For those of you who have been following my blog, you’ll know I have been talking for sometime about IGF and the need for a declarative identity API in order to making identity services more relevant to developers. Here’s your chance to see more about what I’ve been talking about all this time.

Phil

For some time now, there has been a lot of work going on at OpenLiberty to design a new “declarative” API that enables application developers to write applications that consume, and manage identity information in a way that allows infrastructure components take care of all the nasty problems like
* Which protocol to use
* What data providers are appropriate for the current transaction
* How do I write robust code given that I don’t know the protocols or APIs very well?

Well, the answer is here. Release 1.0 of ArisId is now available at OpenLiberty.

The ArisID API implements the CARML (Client Attribute Requirements Markup Language) and Privacy Constraints IGF specifications Liberty Alliance released earlier this year. ArisID demonstrates how CARML and Privacy Constraints policies may be used by developers to create declarative identity applications. The open source ArisID declarative approach defines what identity-enabled transactions can be performed to ensure applications only use identity information required to complete a transaction. This allows developers to build secure identity-enabled enterprise applications that are easily auditable and protect the personally identifiable information (PII), such as a social security number or credit information, of people engaging in enterprise identity-enabled transactions.

Be sure to read the full press release here.

I would like to thank my Oracle colleagues who have contributed to the project, as well as the members of OpenLiberty for hosting this project. There is much more to come, stay tuned!

Further reading:
* Open Liberty Project Aristotle Wiki
* Liberty Alliance Press Release
* Frequently Asked Questions
* Oracle Provider for ArisID
* IGF Standards and CARML Specifications

There has been a lot of activity lately on the Attribute Services API (IGF). Since milestone 0.2 was published, we have recently checked in updates to reflect the new IGF-CARML-09 draft and checked in a first implementation of WS-Policy support for the API. Milestone 0.3 is well on its way to completion!

We still have yet to implement a provider to a full function protocol adapter like Higgins IdAS, but that should come in Milestone 0.4 or so.

For now, I’d like to encourage folks to check out the API. We’re looking for was to further simplify the developer’s experience and make it attractive. You’ll notice, after declaring the data used by the application that using the API is dramatically trivial compared to older APIs like JNDI or JDBC. Still there is more that could be done.

Enjoy.

The initial code-drop for IGF Attribute Services API has been checked in. This drop is based on igf-carml-08 schema (and is included in the project code repository).

In SVN you can either download the head version (under trunk), or the milestone0.2 version under branches.

Within each of trunk and branches/milestone0.2 you will find two eclipse projects:

• org.openliberty.igf.attributeServices
• org.openliberty.igf.attributeServices.test

The latter project is the JUnit code that tests the API in the first project. The JUnit code is currently the best way to see examples of how to use the API at this time.
Note: I don’t see any reason why these projects shouldn’t work in NetBeans or JDeveloper. However, I must confess I haven’t tested them. I was following the id-wsf client project’s example by using Eclipse. Since this release is still an early release, no build files have been constructed yet. This release is for comment and input.

Highlights for this check-in are:

• Basic implementation of the Attribute Services API including
• Carml Schema Declaration
• Simplistic WS-Policy support - policy is currently not interpreted at this time (see note below)
• Carml Transaction Declaration (Add, Authenticate, Delete, Modify, Read, Search)
• Transaction Implementation (for all above)
• IGF Stack Provider Interface - the interface that products like OVD need to implement to accept an IGF Attribute Service client.
• CARML document reader and writer methods
• JAAS LoginModule Implementation - rudimentary integration with platform/container security
• JUnit tests validating operations above. Note: the Write CARML step fails since XML is not done
• A Test provider that simulates a memory based repository.

There are still many items to implement, some of which are:

• Policy Assertions is still just a dumb object. And igf-appidpolicy and igf-deployid policy are not implemented. I’m still looking for a good open source implementation of WS-Policy - I found Apache Neethi, but it had some questionable dependencies that I still need to research.
• No server-side support such as AAPML
• IDE Integration Tools - this is another (much bigger) project that will happen likely after Liberty publishes IGF specs.
• There is no end-to-end demo. Next step is to write providers for Higgins IdAS and other possible connectors or attribute authorities.
• Deployment management - the API does not handle configuration management. This would be the job of the provider (e.g. OVD, Higgins) to decide how best to handle this.

The API description on the openLiberty site has been revised. The chief reason is we made some major changes after broader discussion:

• Separated schema from transactions. Now schema is declared on its own and transactions use schema….rather than the other way around. This is more friendly to enterprises who would like to use standardized schema or use enterprise standard schemas.
• Introduction of Roles and Filters
• Support for WS-Policy and the new drafts for (igf-appIdPolicy and igf-DeployIdPolicy)

Enjoy

A new draft of the IGF Attribute Services API (aka CARML API) has been posted. Also, a couple examples of uses of the IGF “stack” have been added to the wiki.

Your comments and feedback greatly appreciated!

Enjoy.

Prateek Mishra has contributed a new further reading section to the IGF Wiki. Check it out here.

This marks my first post, and the start of the IGF Project at openLiberty.

The Identity Governance Framework (IGF) is now the second project at openLiberty.org. IGF will help you enable your identity-consuming applications to bind governance policies (consent and constraints) to the identity data you receive and ensure those policies are enforced whenever any other IGF-enabled application tries to access that data at a later time.

From today’s press release…

“Consisting of nearly 50 subscribers with leadership and representation from HP, Intel, Internet2/Shibboleth and OpenSAML, openLiberty.org is an open source community open to everyone interested in advancing open source Liberty Web Services and now IGF implementations. openLiberty.org will develop a set of open source libraries and technologies based on the Apache 2.0 license that developers and vendors can use to build products that consume, provide and manage identity-related information based on the IGF protocols. Developers, individuals and organizations can get more information and join the openLiberty.org IGF community here.”

A brief overview of the market requirements use case document is available here.

For those of you wanting to follow updates to the IGF project, keep an eye on this blog. I will also continue to post more general articles over at the IdentityPrivacy blog.

I also want to thank all of the Liberty member organizations who have contributed to getting the Market Requirements Document done. Their contributions have really begun to crystalize the IGF requirements. Now we all have to work hard to make IGF “real” through actual implementation and standards definition!

Other sites of interest:

• Liberty Alliance - IGF Strategic Initiative
• Oracle Technology Network - IGF Draft Specifications & Overview

…/Phil