Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] Question about Higgins 
Agreed. 

Let me think about your use case using Higgins-defined URICards: The card
itself is just a pointer to a Digital Subject in some Context (i.e. a
ContextId and a SubjectId). Providing a card to someone else (as you
described) in consists of giving them this pointer. So that part is easy.

Their ability to get read access to your email address attribute is
controlled by the Context Provider's authorization logic. The logic could
allow/disallow access based on who that other person is. One could easily
envision a CP with a simple policy expression and engine that could handle
giving access only to the "other" person you intended. 

We decided long ago that authorization was outside of the scope of IdAS for
1.0, but I look forward to moving into that area, XACML, etc. as soon as we
have cycles for it.

-Paul 

Mike wrote:
> 
> I think this thread is a good openning for a topic I'd like us to start to
> look into...
> 
> We have a paradigm for managing cards representing our own identities. We
> need to extend that to allow us to provide cards representing our own
> identity to another party to be used in a specific context. For instance,
> I'd like to be able to provide a card/identifier to someone that allows
> them to send me an instant message/email.
> As an extension of that, I'd like to have the property that they could not
> forward this card to someone else and have it work.
> 
> Thanks,
> Mike
> 
> higgins-dev-bounces@xxxxxxxxxxx wrote on 04/20/2007 06:14:20 PM:
> 
> > Mike,
> >
> > Here is the thread so far (3 msgs):
> >
> > Ed,
> >
> >   From what I been able to dig out, Higgins project is not planning to
> > provide UI for managing or matching identities and it is more focused on
> > managing identities for the current user.
> >
> >   For use cases I mentioned we need to manage or collect identities of
> other
> > users. So, managing passwords is not needed for such purpose, but the
> key
> > feature is to link ids of some arbitrary user in different systems. I
> think
> > task is quite trivial. Practically map of maps kind of structure that
> can be
> > maintained locally, or trough some kind of data provider (maybe even
> > Higgins). The only issue is how to standardize such API and UI that can
> be
> > used by all consumers.
> >
> >   regards,
> >   Eugene
> >
> > ----------------------------------------
> > Ed Merks wrote:
> >
> >     Eugene,
> >
> >     Yes, managing all these identities is a big pain!   At IBM we have
> > multiple such things too and tomorrow a bunch of my passwords expire,
> which
> > happens every three months.  So it's time to start changing passwords
> again.
> > And of course different systems have different password rules, so it's
> hard
> > to get one password that works for all the systems.  And that means you
> have
> > to write them down, which kind of defeats their security, and undermines
> the
> > very reason for making them expire so often and for defining rules to
> > restrict your choice of password.  It's such a joy to be told that a
> > password no one would ever guess is nevertheless trivial by some
> > undocumented algorithm. Are you aware of the Higgins Trust Framework
> > project?
> >
> >         http://www.eclipse.org/higgins/
> >
> >     I don't know much about it, but I think it's trying to address
> exactly
> > this type of problem and I suppose it could be used by other projects at
> > some point in the future.
> >
> > ------------------------------------
> >     Eugene Kuleshov wrote:
> >
> >         Hi,
> >
> >          I am not sure how to address this issue and looking for advice.
> >
> >          In development process we usually have several identities for
> each
> > developer and each identity is managed in its own system, such as
> version
> > control systems (CVS, SVN, etc), issue tracking systems (Bugzilla, JIRA,
> > etc), instant messaging systems (icq, xmpp, gtalk, yahoo, skype, etc)
> and
> > regular email. In IDEs each of those those identities is managed by its
> own
> > plugin. For example in Eclipse, CVS and SVN identities are known by team
> > version control providers, issue tracking systems are managed by Mylar
> or
> > specialized plugins, and instant messaging identities are managed by
> ECF.
> >
> >          As a result, we don't really have links between those
> identities.
> > For example, we can't open an entry in the CVS History, Synchronize view
> or
> > CVS annotation (aka "blame" thing) in the editor and send an instant
> message
> > to the user who committed that change (say when he did something
> outstanding
> > or if he did something terrifying) or see if person who made comment to
> the
> > bug report is online.
> >
> >          We need some kind of address book or roster UI and correspond
> > backend that would allow to manage multiple user identities and would
> allow
> > 3rd party components to interact with those identities. The closest
> piece
> > Eclipse have right now is the Roster view from ECF, but it still quite
> far
> > from supporting such feature and it is unclear if it even in scope of
> the
> > ECF project.
> >
> >          IBM Jazz project choose different approach to this issue. since
> > they built their own issue tracker, version control system and even
> instant
> > messaging system they got unified identity across all those systems.
> > Unfortunately in the real world we have to deal with number of existing
> > legacy systems.
> >
> >          Does anyone have thoughts on this and what is the best way to
> > address this need?
> >
> >          regards,
> >          Eugene
> >
> >         PS: you can also comment to my blog post at
> > http://jroller.com/page/eu?entry=multiple_identies
> >
> > Mike wrote:
> > >
> > > Can someone please send the question to this list?
> > > I don't know which user id/password it wants but even if I did I
> wouldn't
> > > enter it since it doesn't use SSL.
> > >
> > > Thanks,
> > > Mike
> > >
> > >
> > > higgins-dev-bounces@xxxxxxxxxxx wrote on 04/20/2007 12:15:34 PM:
> > >
> > > > Curious if anyone from the Higgins team can answer the question
> here:
> > > > http://www.eclipse.org/newsportal/article.php?id=14&group=eclipse.
> > > > board.committer.reps#14
> > > >
> > > > Thank you.
> > > >
> > > > Cheers,
> > > >
> > > > ---
> > > > Chris Aniszczyk | IBM Lotus | Eclipse Committer | http://mea-bloga.
> > > > blogspot.com | +1 860 839
> > > 2465_______________________________________________
> > > > higgins-dev mailing list
> > > > higgins-dev@xxxxxxxxxxx
> > > > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> > >
> > > _______________________________________________
> > > higgins-dev mailing list
> > > higgins-dev@xxxxxxxxxxx
> > > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> >
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> 
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

Back to the top