The Liberty Alliance has announced the availability of ArisID and Project Aristotle. In a recent Webcast, Oracle’s Phil Hunt presented ArisID and demonstrated its usefulness to software developers. This innovation makes it easier to develop applications that are becoming increasingly less dependent on where identity information is stored, making applications easier to deploy in an identity management infrastructure.
At the same time, governance of identity data is simplified by creating an open and interoperable framework that can be harnessed for controlling and auditing identity information flow. Traditionally, this was virtually impossible, as applications tended to be more or less opaque with regards to their use of identity data and information about users.
The goal of the Aristotle Project is to create an open source programming interface that provides a standardised access to identity service libraries also known as "ArisID providers". It can be understood as a comprehensive framework for applications to declare their identity requirements and have them fulfilled without having to worry about looking up individual identity attributes from specific sources.
Every application has the same problem: it needs particular information about individuals (identity attributes), and there are many ways to get them. One of the most common protocols to look up identity information is LDAP, and many attributes about users are stored in LDAP directories. But not always. Identity information can just as well be stored in relational databases. In a collaborative or distributed environment, information can come from many other sources, SAML assertions, web services lookups. Nowadays it is becoming increasingly commonplace that business processes cross traditional boundaries and involve many different companies and partners. Cloud computing and SAAS (software as a service) are yet another example of how the old assumption is obsolete - that all identity information can be fetched through a LDAP lookup.
The Aristotle Project and ArisID grew out of the Identity Governance Framework (IGF). About a year ago, Oracle has spearheaded the IGF in the auspices of the Liberty Alliance. ArisID now puts two key aspects of the IGF in practice: a declarative way for applications to make their requirements known and have them catered for, plus CARML - the Client Attribute Requirements Markup Language that defines how this declaration is done.
The purpose of the IGF is to provide an open architecture that addresses governance of identity related information. That is a proud statement, but does not exactly to help to understand the value that is actually contained within the framework.
For one, Identity Governance is definitely a problem, but not one that is seen to be very urgent - there are typically many other open problems that have the focus and attention of IT professionals. This may be short-sighted however, because regulation is certain to become tighter and relate more directly how identity information is being treated and handled. The advantage of embracing ArisID is that its benefits in terms of Identity Governance come "for free" with the additional advantages that the framework brings.