IBM to Open Source Novel Identity Protection Software

coondoggie handed us a link to a Network World article reporting that IBM plans to open source the project 'Identity Mixer'. Developed by a Zurich-based research lab for the company, Identity Mixer is a novel approach to protecting user identities online. The project, which is a piece of XML-based software, uses a type of digital certificate to control who has access to identity information in a web browser. IBM is enthusiastic about widespread adoption of this technology, and so plans to open source the project through the Eclipse Open Source Foundation. The company hopes this tactic will see the software's use in commercial, medical, and governmental settings.

a novel approach

[User+956]

Developed by a Zurich-based research lab for the company, Identity Mixer is a novel approach to protecting user identities online.

which novel? I hope not 1984.

The right hand does't know what the left is doing

[Ceriel+Nosforit]

Anyone remember maybe a year or two ago when IBM was doing something with rather intrusive software to mine data on people?

It seems IBM doesn't really have a clear policy on whether to be Good or Evil. They seem to try doing both at the same time...

Guess we need to label IBM as Chaotic Neutral...

ms passport

[dcskier]

what, you mean people don't like ms passport?

What's really new?

[neonux]

I mean what's new in this compared to current LiveJournal's OpenID ?

Haven't We Seen This Before?

[VorpalRodent]

From what I read in the article (and I could be wrong, I admit), it sounds like people are simply controlling the amount of personal information that goes to the third party. So, I want to buy something, and only the pertinent information goes to the vendor.

How is this different from things that have been tried in the past? Furthermore, how is this different from the various other situations we hear about occurring at financial institutions and the like, where a database is inadvertently printed or placed outside a firewall (or whatever)?

What makes this better than me simply typing my credit card number into the secure web site of an online store (or have I missed the intended purpose)?

Re:The right hand does't know what the left is doi

[Xtifr]

IBM's been like that for a long time. Remember when the PC division refused to sell the company's own operating system? (Of course, the PC division ended up being sold to a Chinese company, so I guess the OS/2 developers got the last laugh, but a bit too little too late.)

Big, diverse companies often seem to be going in several directions at once, and in this industry, pretty much nobody is bigger or more diverse than IBM (still).

Re:Open source simple?

[Xtifr]

Yeah, 'cause clearly, nothing is more secure than a closed source solution. Security by obscurity is the ONLY ANSWER! And advice on computer security by random slashdot posters is far more trustworthy than anything from a company that's been making secure systems for longer than most of us have been alive.

more details on the project

[ivar]

can be found here.

Patented?

[SiliconEntity]

idemix which is the software in question appears to be covered by a number of patent applications submitted by the inventor, Jan Camenisch. What's the point in open-sourcing it if IBM has half a dozen or more patents covering the technology being used? Or will this process grant use of any IBM-owned patents necessary to run the code? And if so, what happens as people start modifying the code; how far can they go and still be indemnified against IBM patent infringement?

Patents and open source don't mix well. I don't see how this is going to work.