Novell takes Microsoft InfoCard technology open source

Novell is developing an open source implementation of Microsoft's identity card technology that is functionally equivalent to the Windows software but will run on both Linux and Macintosh.

The Novell software, for which the source code is already available, provides users with a "digital wallet" that holds any number of separate identity cards that can be used to authenticate to various Web sites or network resources, such as applications or databases, or to complete transactions online.

Novell tapped into Microsoft's InfoCard technology to develop what it is calling an InfoCard Selector, a graphical user interface that lets users select cards from their digital wallet.

Novell began work on the selector last September, long before its highly publicized partnership with Microsoft in November, but the work aligns nicely with the partnership's focus on interoperability.

To support the InfoCard Selector, Novell used technology on the back end from its >Bandit project, a sort of standard bus that identity-enabled applications and identity systems can plug into, and the Higgins project, a framework designed to integrate identity, profile and relationship data from across multiple systems.

Novell plans to turn its selector software into a licensed product, but has no timetable for doing so, according to company officials.

The promise of the technology is that users will have a standard and secure way to control their identity information and determine with whom to share it.

"The big picture here is the availability of a viable cross-platform identity selector," says Dale Olds, a distinguished engineer with Novell. "For the first time we have a functionally equivalent system to Microsoft's CardSpace that runs on Linux and Mac."

CardSpace, which shipped in November with Windows Vista, is Microsoft's implementation of its own InfoCard technology.

Novell's work is further validation of the integration between user-centric identity technologies such as Microsoft's InfoCard and OpenID, which is a simple authentication protocol.

At the RSA Conference in February, Microsoft pledged to integrate OpenID with CardSpace.

Novell's work comes with the blessing of Microsoft, which has been pushing for industry-wide acceptance of its InfoCard technology.

The biggest step came in September last year when Microsoft quietly released its Open Specification Promise (OPS), which gives developers access, without need for licenses or fear of legal action, to many of the Web services protocols Microsoft has developed over the past years.

OPS includes the current versions of protocols in the WS-* security stack, which form the foundation of Microsoft's InfoCard technology and its Identity Metasystem infrastructure, an architecture to support digital identity.

Novell used the protocols within OPS to develop its open source InfoCard Selector.

Page Break

While Novell's selector matches the features of CardSpace, it is unique in that Novell's technology can support multiple identity card stores, whereas the Microsoft technology will support only one.

During a demo of the software at last week's Brainshare conference, Novell used a general user identity card running on a Macintosh to access a Web site, browse items and store them in a shopping cart. The user signed off and then logged onto a separate Linux desktop, accessed the same Web site, and completed the transaction by using the Linux-based InfoCard Selector to pick an identity card from the card store on the user's cell phone, which communicated with the Linux desktop using Bluetooth.

The demo can be accessed (Slide the video player's toggle to the 40-minute mark to see the demo.)

While identity cards are encrypted in the card store on devices or desktops, the beauty of the InfoCard technology is its security. Identity data -- which in the Novell transaction demo is a credit card number -- is held by a third-party called an identity provider. The third-party -- in the Novell example it was American Express -- validates that the user has the funds to complete the transaction and sends that validation via secure token to the Web site, called the requesting party, which never receives the user's actual credit card number.

Users can have multiple cards with various levels of data that can range from just a simple name and password to more personal and sensitive data.

Novell's software is not the first cross-platform implementation of InfoCard, but it is the first that runs natively on the host operating system and that will eventually be packaged and sold.

Developer Chuck Mortimer has created a Java-based identity card selector that runs in a browser, and developer Kevin Miller has created an extension for Firefox to support CardSpace.