The ArisID API implements the CARML (Client Attribute Requirements Markup Language) and Privacy Constraints IGF specifications Liberty Alliance released earlier this year. ArisID demonstrates how CARML and Privacy Constraints policies may be used by developers to create declarative identity applications. The open source ArisID declarative approach defines what identity-enabled transactions can be performed to ensure applications only use identity information required to complete a transaction. This allows developers to build secure identity-enabled enterprise applications that are easily auditable and protect the personally identifiable information (PII), such as a social security number or credit information, of people engaging in enterprise identity-enabled transactions.
ArisID is the first release from the Aristotle Project, an open source community working within OpenLiberty.org focused on developing a single open source API for existing identity technologies. The goal of the project is to create an open source multi-protocol programming interface and multiple ArisID information providers to allow developers to access, update, and use identity data leveraging any identity protocol and IGF privacy and security policies. With today's release, developers can use ArisID to begin working with applications leveraging SQL databases and LDAP Directories, with additional releases planned for federation protocols such as SAML, Liberty Identity Web Services (ID-WSF), OpenID and WS-Trust.
"The release of the declarative ArisID API is an important development in the evolution of open source identity-enabled systems based on IGF security and privacy policies," said Brett McDowell, executive director, Liberty Alliance. "With the ArisID API, system architects and enterprise developers now have open source enterprise-grade software to begin building IGF-based applications and products."
Collaboratively Fostering Declarative Identity Services and Providers
The growing Aristotle Project community is working under the philosophy that storage of identity information in a single repository or by a specific vendor will not meet the needs of all applications. In the real world, there may be multiple valid sources of identity information that must be accessed by one or many identity service protocols, often chosen by the end-user or the enterprise running the application. The multi-protocol ArisID API allows developers to create a single declarative application that can leverage all of the identity sources across the extended enterprise. This simplifies the development process, increases flexibility and allows enterprises to evaluate the use of identity information for both privacy and network service requirements.
"Qualcomm leverages a mix of commercial, open source and home-built applications to support multiple businesses and advanced engineering processes. Applications must be flexible, process integrated and highly collaborative, but also subject to sophisticated and uniform security policy," said Steven Polaski, senior director of information technology and chief architect, Qualcomm. "We view uptake of Liberty's IGF and availability of open reference implementations as necessary steps to reduce the expense and complexity of 'identity wiring' applications to identity services and enterprise policy."
With today's news, Project Aristotle has made a preview of an ArisID information provider available at OpenLiberty.org. Members of the Aristotle Project are also working with the open source community, the global identity industry and identity vendors to develop additional ArisID information providers. All individuals and organizations interested in collaborating on the further development of ArisID information providers and declarative open source identity systems are encouraged to join the Project Aristotle community at OpenLiberty.org.
"The ArisID API can address a number of identity issues plaguing IT architects, application developers, and auditors," said Gerry Gebel, vice president and service director at Burton Group. "CARML and the other IGF components offer more transparency regarding the use of potentially sensitive data, moves application architecture toward an approach that externalizes security from the business logic, as well as providing a services-style interface that abstracts away the complexity of underlying identity repositories."
About the December 11 ArisID Webcast Hosted by Phil Hunt, Aristotle Project lead with OpenLiberty.org, the one-hour public session will provide participants with an overview of the ArisID API, discuss benefits for developers and enterprises, and review the Project Aristotle roadmap. Developers will understand how to begin using ArisID to build IGF-based applications and the identity community and vendors will gain insight into how the open source ArisID API and information providers help fulfill multi-protocol identity management requirements. More information and registration for the webcast is available at http://tinyurl.com/62g8gr
About the Liberty Identity Governance Framework
The Liberty Identity Governance Framework is the industry's first programmatic and auditable open standards-based initiative designed to help organizations better govern and protect identity-related information. The IGF helps organizations meet regulatory requirements such as the European Data Protection Initiative, Gramm-Leach-Bliley Act, PCI Security Standard and Sarbanes-Oxley by allowing enterprises to more easily determine and control how identity information is used, stored and propagated across diverse systems, helping to ensure the information is easily auditable and not abused, compromised or misplaced. IGF is being developed within the Liberty Alliance Technology Expert Group and by the OpenLiberty.org community to ensure the widest possible collaboration in the development of IGF specifications.
OpenLiberty.org is an open community of developers formed in January 2007 to coordinate synergies among global open source initiatives and to identify and deliver the open source libraries developers need to build applications that take advantage of the features in Liberty Alliance standards. While Liberty Alliance sponsors many of its activities, OpenLiberty.org is a self-governing community operating independently of Liberty Alliance. More information is available at OpenLiberty.org.