Building on the Power of the Directory with Novell's digitalme Technology
Articles and Tips: article
Novell Developer Information
01 Dec 1999
Get the inside scoop on digitalme, Novell's new directory-enabled showcase technology for helping everyday users control their digital identity on the Internet.
Think of the last time you logged on to your Internet-based e-mail account, your online bank account, online shopping sites, or any place on the 'Net that requires entering a username, password, or private personal information to access services or information. If you're like me, it was probably earlier today; and if you're even more like me, it was likely a painful task to recall your unique IDs and passwords for the various sites you regularly visit.
Now, imagine entering that information only once, when you first sign up at a site or for a service, and having a secure agent log you on to any site that requires your unique identity to access personal information or privileges. The skeptical may think, "Maybe in a few years... until then I'll just have to keep remembering my ever-growing list of usernames and passwords." But you don't have to wait years for this to happen, thanks to a new service and technology called digitalme. Based on the power of Novell Directory Services (NDS), digitalme is capable of remembering and securely recalling your multiple identities across the Internet whenever you need them.
First introduced at BrainShare '99, digitalme is essentially two separate entities: a technology that Novell partners can develop to, and an Internet service provided by Novell that anyone can use. The Internet service portion of digitalme, called digitalme.com, was made available to the public in October 1999; the technology portion is currently being prepared for release to Novell's DeveloperNet community.
This AppNote describes the benefits and features of digitalme.com and explains why Novell chose to create this service. It also looks at digitalme from the technology perspective, describing how it works and how it will evolve in the months to come.
For additional information about digitalme and to create your own digitalme identity, visit http://www.digitalme.com.
In a relatively short time, the Internet has evolved from a simple means of communication to a complex center for business transactions, communication, and information. The speed of Internet evolution continues to grow as new technologies are introduced and as more people around the world interact digitally. As the influence of the Internet increases and technologies improve our capabilities, our lives become more assimilated with our online, digital identities. In this environment, protecting and managing our digital identities becomes just as important as securing our homes, wallets, and other personal identities in the physical world.
While the Internet has permitted users to conveniently participate in online communities, shopping, banking, and other forms of information sharing, it hasn't allowed them complete ownership of their identities. Currently, engaging in certain online transactions that require the divulgence of sensitive, personal information (name, age, address, e-mail account, social security number, credit card numbers, and so on) can be precarious. You don't know who else can see your information as it is transmitted; you're uncertain whether you can trust the receiver not to give it away, lose it, or share it with someone untrusted; and you have no idea how to retract information once it leaves your computer. Interacting on the Internet today is similar to nailing a sign on your front door for anyone to see with critical information that you would never choose to expose to those you didn't trust.
To allow more interaction on the Internet and give users peace of mind that they are in control of who knows what about them, the next logical step is digitalme. Powered by NDS, digitalme uses standard directory authentication and authorization methods to give users secure control over their data. Taking advantage of NDS not only allows digitalme users to control, update, and customize what information is shared with others—like an electronic business card, it also allows users to merge several identities into one—like an electronic wallet. The following section describes the benefits of the digitalme Internet service and how to use it.
Benefits and Features of digitalme.com
The Internet is all about identity, and digitalme changes the way your personal information is managed on the Web. Your digitalme identity can consist of information about the people you interact with online, Web sites you visit, computer devices you use, bookmarks, cookies, files, or any other type of digital information you choose to store. The digitalme technology will soon allow users to manage that information as it relates to people, devices, and events. The digitalme Web site is a free service available from Novell. Because it is Internet- based, the only requirement for its current use is a connection to the Internet. Following is a brief look at some of the digitalme benefits and features.
Because everyone interacts on the Internet for different or multiple reasons (such as personal, family, business, work, shopping, casual, or social), digitalme allows users more than one identity. Based on the concept of business cards, a digitalme identity provides you with meCards that organize your various identities and allow you to share information with others based on which meCard you share.
For example, you could have a meCard for work that contains your work address, title, e-mail address, and phone and fax numbers that you share with clients or associates. Your personal meCard could contain more private information like home address and phone, birth and anniversary dates, and so on, that you share with family or friends. There are many possibilities in the meCard concept, and you are in control of who knows what. Figure 1 shows an example of how a meCard might look.
Figure 1: A sample view of the meCard management, creation, and design page at digitalme.com.
Based on the meCard identities or profiles you create, digitalme can automate the process of filling out forms on Web sites you visit. For example, you could configure digitalme to identify you and log you on to amazon.com each time you go to that site, without you having to remember and enter your username and password. You enter this login information only once within your digitalme identity. Once you have found that favorite novel, you could check out without having to enter your address and credit card number, because you also included your shopping information within that meCard profile.
To make online business transactions easier and more secure, digitalme will also soon support memberCards. Similar to meCards, memberCards can be used by businesses to identify you as a member of their clientele in order to establish a trusted, online relationship. MemberCards are generated and distributed by companies, organizations, or individuals to convey identity information that permits members to access additional digitalme services.
With digitalme, you have the power to terminate relationships as easily as you create them. You simply cancel the access rights of that business to your information. This is the idea behind meBusiness, to give consumers more power to control their personal information. Suddenly, real customer service is a viable option on the Web.
Like the many community-type Web sites currently available on the Internet, digitalme offers membership to digital communities. Communities are organizations based on common interests where members can share resources, exchange information, download the latest upgrades to products, and so on. As a digitalme user, you can join the digitalme.com community, create your own community, or join communities created by other individuals or businesses.
An additional advantage to digitalme membership within communities will be the ability to detect when another member is online or using a digitalme-related communication device, similar to AOL's Instant Messaging service. We call this ability to tell, at a glance, who is connected presence. When integrated with the dynamic address book (discussed next), presence helps you determine the most appropriate communication method (chat, e-mail, or phone) to contact other community members.
Dynamic Address Book
Each digitalme user has a dynamic address book (see Figure 2 for a graphical representation). The dynamic address book is different from any address book you have likely ever used, because it is derived from NDS. NDS is similar to a phone directory that stores users' information in one self-maintaining place. The address book you currently use probably requires you to keep track of not only other people's correct contact information, but also to ensure that your information is accurately maintained in others' address books. By contrast, the directory requires that users only be responsible for their own information because, like a phone book, the information is contained in only one place. So, each time your contact information needs updating, you update it only once in the directory and all inquiries to your contact information are referred to the directory, not outdated information in someone's computer address book.
Figure 2: An Example of what the digitalme dynamic address book looks like.
You also have complete control of who is included in your own address book and of which users have your contact information in their address book. Your identity or personal data can be distributed to other users and contacts to grant access to identity information. When you receive identity data (such as meCards) from others, you can accept, reject, or choose to share your own meCard with them. Once you accept or exchange identities, that contact displays in your dynamic address book to identify, track, and manage the granted information access. Since you control who you share your information with and can log what information you share, you can track who has access to what personal information.
Privacy and Security
The digitalme concept was conceived because of the lack of user-controlled privacy and security on the Internet. With digitalme, you own your own identity. Novell offers the digitalme service, but you are the only one who has direct access to your information, through your proper login. Because digitalme is NDS-based, it offers all the secure, policy-based management that is fundamental to NDS. Also, when you send or receive information using digitalme, it passes through a firewall with up to 128-bit encryption (based on the user's browser setting) using secure socket layer (SSL).
Within digitalme, NDS stores the data a user enters within an identity vault. A vault is a secure area where your personal information at digitalme.com is stored. Like a network administrator in charge of your own data, you are in control of what goes into the vault (your various meCards and memberCards are stored here) and what you share with others.
Novell's Role in digitalme.com
Now that you have seen a little bit of digitalme from the perspective of an Internet user, you can undoubtedly see the value of this Internet service. But you might be wondering what Novell is doing in this role. Novell has been and will continue to be a technology supplier. The digitalme Web site is simply a free service that Novell offers for its partners and for the general Internet audience to demonstrate how the digitalme technology works, to allow them to feel comfortable with its capabilities, and to provide Novell's partners and customers a platform upon which to further develop the digitalme concept, as integrated with NDS.
Once an ISP (Internet Service Provider), an ASP (Application Service Provider), or general retailers see this technology in action at digitalme.com, they can determine how to best customize the digitalme and NDS technologies to build and provide services that will increase their own business value.
The digitalme Technology
The digitalme technology is probably best described as the "face" of NDS. It gives users the ability to control information about themselves, allows them to establish relationships on their own terms, and allows users to control access to data associated with those relationships. digitalme differs from the traditional view of NDS in that the information is not proprietary to a certain company or organization that you belong to, such as your NDS identity at work. With digitalme, you own and manage your body of data entirely. digitalme is just the face or vehicle that extends ownership to the individual user.
If you know how NDS works, the design of the digitalme technology will look familiar to you. The sections that follow take a look at how the digitalme technology works and what its future direction and development goals are.
How It Works
Understanding how digitalme works as a technology helps understand the many possibilities of NDS as a powerful directory in almost any setting, including the Internet. In fact, the design of digitalme is very similar to a typical NDS tree organization within a company, which provides the most appropriate metaphor.
In NDS, the top of the tree (called the [Root] object) is similar to the identity vault in the digitalme architecture, the identity safe is similar to the container or organization object, and the vault or individual account is analogous to a subordinate container (see Figure 3).
Figure 3: The digitalme design is similar to the tree organization in NDS.
Figure 4: A server view of the digitalme architecture.
Note: At the time of this writing, the Identity Server runs only on NetWare 5, Service Pack 3a, but development to other platforms such as NT, Linux, and others is in progress.
Digitalme uses open standards in its communication architecture, including Java, LDAP (Lightweight Directory Access Protocol), XML (eXtensible Markup Language, an emerging standard which has the promise to become the lingua franca of information interchange), and SMTP (Simple Mail Transfer Protocol). This allows digitalme to be packaged as an identity server that is accessed via a Java client on the Internet or via a Windows-based client on the desktop.
On an installed digitalme client, rather than having the pages be generated by communication with the Web Server as in the 0-Byte client scenario, the pages are generated from data residing on the identity server (see Figure 5).
Figure 5: A more detailed view of the digitalme server to client communication architecture.
The digitalme of Tomorrow
The purpose of digitalme.com is to educate people about the digitalme technology. To foster widespread development by traditionally trusted brands or Web site operators who want to offer digital identity services, Novell will provide the digitalme client in open source to existing customers who want to leverage their NDS implementations, and to the broader Internet community who could use the technology for new forms of Web innovation. The goal is to let the Internet—its providers and users—take advantage of the power and convenience of the directory.
Because digitalme is based on open standards and because its code will be available to those with developmental ideas, the exact destination of digitalme will largely be determined by third-party developers. However, some of Novell's specific works-in-progress for digitalme.com that were announced at the digitalme launch include the following:
Instant Messaging. A co-branded instant messenger product, dubbed instantme, will link digitalme users to other members of the AOL Instant Messenger (AIM) community. Through instantme, digitalme users will be able to trade personalized and private online messages in real time with business associates as well as friends, family, and other members of the AIM network.
Secure E-mail and Authenticated Online Communities. Using digitalme memberCards, Novell and VeriSign will offer users a co-branded digital certificate that will enable authenticated online communities and secure e-mail. (Digital certificates are electronic credentials used for secure access and e-mail over the Internet.) digitalme will also use VeriSign's Secure Site services to encrypt the exchange of personal information between consumers and the digitalme service and will identify VeriSign Secure Sites listed at digitalme.com. Also available for enterprise customers, NDS directory services will be integrated with VeriSign's OnSite managed certificate services.
Online File Sharing. Partnering with JustOn Files, digitalme users will be able to share files on and over the Internet. This service allows you to store, manage, and share files from anywhere because it is also Internet-based. Through close integration of these services, digitalme users will be able to activate their JustOn Files accounts using their existing digitalme credentials without having to register with the JustOn Service.
Small Device Integration. Novell is in the process of developing digitalme for small devices such as Palm Pilots and digital phones. By storing your contact information in an online digitalme file, you can access, update, and share information from anywhere. This is helpful in that if you ever need to re-input or update the contact information you store in your small device, it is done with one click with digitalme. Integration and software for Palm V organizers are currently available at digitalme.com, with integration for other devices to follow.
Other Development Possibilities
Additional possible developments include enterprise users being able to create a digitalme site to facilitate exchange of employee and other information, both within and outside the company. Businesses could create policies to control access to different types of information and even implement a public key infrastructure (PKI) to further secure digitalme information. An ISP could use digitalme as a primary login mechanism. Since digitalme organizes personal information, e-mail, chat, presence, and account maintenance, extra software for integrating these functions would be unnecessary. e-commerce sites could also benefit from the privacy, simplicity, and customer-maintained identity information that digitalme provides.
But again, the greatest digitalme development possibilities come from third-party software developers. For example, such companies could produce software applications that use digitalme to offer single sign-on to integrate with other applications. Applications for vertical markets (such as medical or financial) could use digitalme with customized schemas for their particular market. Writing to the digitalme Access Method API, a programmer could manipulate the identity abstractions to create a secure, privacy-guarded, customized application.
The digitalme Web site and technology are some of the first services and products from Novell that harness the power of NDS for the Internet domain. These advances make life easier on the Net by enabling more control and security in e-commerce transactions and by offering a unified solution to all of the inter-relationships people have across the Internet. Visit digitalme.com and see the face of NDS, the only platform that can scale to the level and demands of the Internet.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.