Now that the Liberty Alliance is gaining momentum, Sun Microsystems says it wants to take more of a backseat role...
in its further development.
At the end of the year, the alliance, which is working on an "open" network identity scheme for the Internet that will enable single sign-on for consumers and business users, signed up seven more founding members. They included American Express, France Telecom, General Motors, Hewlett-Packard, MasterCard and AOL, along with "a major commercial bank" that doesn't want to reveal itself at this stage.
The other founders of the Alliance and members of the management board are Bell Canada, Global Crossing, Nokia, NTT DoCoMo, Openwave Systems, RealNetworks, RSA Security, Sony, Sun Microsystems, United Airlines and Vodafone. Eric Dean, chief information officer of United Airlines, has taken on the role of chairman and president of the management board. The next meeting of the founders takes place next week in Orlando, Florida.
The new members look likely to give Liberty the momentum it needs to establish what it's been planning so far: a network identity service based on an open, federated model, as opposed to the single identity operator the group says is Microsoft's model with its .NET Passport initiative. And the combined muscle behind Liberty must have Microsoft chief Steve Ballmer reconsidering his original opinion that Liberty "has absolutely zero probability of mattering to the world."
It's important for the alliance to be considered as more than a reaction by Sun to Passport. Sun was instrumental in kick-starting Liberty, but its motive, according to Sun's Mark Herring, director of corporate strategy and planning, is only "to sell a boatload of infrastructure," including its LDAP directory technology from the iPlanet division. What it doesn't want to do -- as Microsoft apparently does -- is to host the service and tie in its own services, which would mean competing with its own customers, says Herring.
The model Liberty has its eye on is the one already set up by banks and credit card companies for ATM authorization through electronics payment networks such as Star and Cirrus. These networks are run independently from the industries they serve, and share only the information they need to share to establish identity, authentication and authorization. That why you typically can't see your bank balance from ATM machines not directly owned from your bank. Using standards such as the security assertion markup language (SAML), this basic data can be propagated among the participants. Individual single-sign-on systems will be able to be federated to work together. That way, individual companies can retain the ownership of their customer profiles but still gain the ease-of-use benefits of a single-sign-on model.
The alternative -- data controlled by a single vendor -- is worrying on a number of counts, such as security, customer ownership and policy management. Microsoft has policies in place, but they are generally regarded as weak, and there's nothing to stop it from changing those policies at any time.
Sun's interest is not so different from Microsoft's in that it wants to sell its technology, and in that the process gains more momentum for its SunOne Web services strategy. Microsoft wants to do the same, but also wants to host the service. Sun's products in this area, roughly equivalent to Passport, include the iPlanet LDAP directory (originally from Netscape), with identity and policy server and certificates for policy and security. The part it hasn't yet developed is the federated services architecture. And of course it wants to sell the servers and storage this software runs on.
An initial specification is expected by the end of this quarter, with APIs so that applications can be "Liberty-enabled" and a set of policy guidelines for Liberty operators. A fully federated system, and the formation of independent organizations to control the system, is still some way off, however.
And there are plenty of arguments to come. Currently, there are too many standards covering identity (a representation of data) and authentication (the guarantee of the validity of that representation), and none at all covering authorization (the provisioning of services or activities based upon an authenticated identity).
Microsoft remains Liberty's major competitor, but there's still a chance that Microsoft will eventually join the alliance. Although Microsoft has signed up millions of users for Passport through existing services such as Hotmail, there's little evidence to date of it being widely used for commercial transactions of any value.
Meanwhile, Liberty could pose a threat to identity management specialists such as Identrus and Netegrity. And it could be a boon to other struggling directory services firms, such as Novell.
Liberty can no longer be dismissed as a competitive move designed to create fear, uncertainty and doubt in the Microsoft camp. It's clear enough that Microsoft's model is causing unease among large corporations that don't want to lose touch with their customer bases, and with consumers worried about security. The level of support building at Liberty may ultimately be enough to change Microsoft's mind.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.
Dig Deeper on Web Services Security and SOA Security