http://seattletimes.nwsource.com/html/businesstechnology/2002831228_btibmsecure27.html
IBM leads challenge to Infocard / By Brier Dudley / Seattle Times technology reporter

An IBM-led coalition is announcing an open-source project today that will challenge Microsoft's new Infocard online identity-management system. IBM and Microsoft worked closely to develop industry standards for establishing online identity, a cornerstone of the new services they and other companies hope to deliver via the Internet in coming years.

Microsoft used those standards to build Infocard, which will be part of the Windows Vista operating system coming out later this year. Infocard will replace Microsoft's Passport identity system, giving users what's designed as an improved and more secure way to register and log into multiple Web sites.

Infocard is geared largely toward consumers. The IBM-backed Higgins system is primarily aimed at corporate technology users, where it could manage and process a variety of identity systems.

But because Higgins will be freely shared with anyone, a company such as Google could use it to develop a consumer-identity system that directly competes with Infocard, said Tony Nadalin, IBM's chief security architect. "I could see Google offering something, I could see Yahoo! offering something, what I would call these content-information providers," he said.

Higgins was conceived by Harvard Law School's Berkman Center for Internet & Society and a company called Parity Communications. They offered it to the open-source community for collaborative development, but it was unlikely to take off until IBM came looking for an alternative to Infocard, said Mike Neuenschwander, research director at the Burton Group consulting firm in Salt Lake City.

"IBM is coming to it and saying we need to develop something similar to Infocard. What Microsoft is producing, they can't get the source code to, and it's Microsoft-centric and where do we do that?" he said. "They've chosen Higgins, to go and expand it."

Novell, another Microsoft rival, is backing the project and participating in today's announcement, along with the Berkman Center and Parity Communications. Nadalin asked Microsoft to participate in the Higgins project, but he has not heard back. He said he discussed it earlier this month at the RSA security conference in San Jose, Calif., with Kim Cameron, Microsoft's chief identity architect. Cameron did not return a call for comment Friday.

IBM started working on Higgins after it learned of Microsoft's plans for a new authentication system to replace its controversial Passport system. Although Passport is widely used by Microsoft sites such as Hotmail, it was mostly rejected by other companies wary of Microsoft becoming a central repository for online identity credentials.

In 2001, Sun Microsystems organized a coalition of big companies to develop an alternative, decentralized approach. After that feedback, Microsoft developed Infocard as a more transparent successor to Passport that would be less centralized and more palatable to the industry.

Although Infocard is a more open system, Nadalin said, Microsoft has not yet shared all the details of how it will work. In particular, he's concerned the system will require Web sites to use Microsoft's Active Directory technology in their infrastructure.

As IBM envisions it, companies could use Higgins to process Infocards and the dozens of other authentication products being used online. It will begin adding Higgins technology to server products it plans to sell starting in 2007.

Neuenschwander said users will likely end up with different ways to manage their digital identities, but Microsoft's Infocard could be widely used if the company does a good job with the technology and developers appreciate it's widely available via Windows.

Brier Dudley: 206-515-5687 or bdudley@seattletimes.com