Sun Releases Open Source Tool for Project Liberty

ruisantos writes "After submiting the technical specifications for the project , Sun has finally launched an open source tool for its upcoming Sun ONE Identity Server version 6.0, the news can be found on CNET news."

Uh

[yem]

Why not just tell your browser to remember the login? Frankly I trust my computer a lot more than some corporation - Microsoft or otherwise.

Re:Uh

[Diabolical]

Yes... if that is the only computer you work with. But i have my personal systems at home, a system at work, when i'm visiting relatives i use their computer same when i visit friends. When i am on vacation i use a system in a cybercafe etc. etc. etc.

It would be nice if i could use the info on a centralized system. Mind you, i'm just talking about the info. Not about data accumulated from online buying etc.

This is where this system comes in, it allows to store information about a person on a central place while allowing online shops to hold on to their own info. MS Passport tries to gather all the info in one place, prefferably on their own servers.

Re:Uh

[awol]

It's not just about allowing you to login, but one of the fundamental problems of the "internet" is the proof of identity. As more and more important services become online, it becomes more and more important to be confident that Jo Public is actually a) Jo Public and not Mary Citizen and b) The Jo Public of 23 Main Street Bigtown.

In meatspace, you prove identity by a "collection" of evidence from relatively trusted sources, a bank account, a gas bill and something with a photo. In the on line world being able to go to an online vendor and do a similar thing where you can prove that BANK A, utility co B and Company X all know about a Jo Public of 23 Main Street obviates the need for a "central" repository of identity, which, if you ask me, is a good thing (TM) (ie not having one is a good thing :-)

So in addition to the peoples points about using multiple machines (an excellent point by the way), proof if identity is the killer app INM(NS)HO.

Re:Uh

[Sunnan]

With this, you can do a lot of stuff you can't do with just browser remembrance. You're at a travel page booking a flight, and it can book the bus trip for you as well without you having to log in to the bus company.

But I agree that there are trust issues.

The other day, me and my friend Kreiger was thumbing through some dumb "technical" magazines while we were in a waiting room, and I saw the news that some phone company had joined the liberty alliance. "Cool," said I and began talking about how this could make sites easier to use, how it was more trustworthy and less evil than Hailstorm. He was saying kinda the same things you are, and I said "It's good for users".

Just minutes after that, we came upon an article about Intels new DRM-iniative. It was totally slanted! "Intel builds in protection against virii and hackers." What the...? I'm totally against DRM and the slant pissed me off! I began complaining loudly about it. Kreiger just looked at me, and said sarcastically:

"It's good for users."

What an eye opener. Paranoia against corporations is my philosophy from now on.

Re:Open source...

[passthecrackpipe]

Well, not to start a flamewar or anything, but, as another poster pointed out, the SISL is an OSI approved license. Now, I quite agree with you that the GPL is the ultimate in Free Software licenses, but the provision of the GPL are not to everybodies taste. I too would be happier with the GPL, but as things stand today, this is bit better then no OSS license at all.Also, would you care to point out where the SISSL is incompatible with the GPL? or do the words "Commercial Use" just get your panties in a bunch?

Can I run my own personal identity server?

[goingware]

So would this mean I can run the server on my home linux box, and store all my private information only on my own machine, in my own house, so that websites would query the server I am operating when I want to log in?

If so, then I might have some enthusiasm for it, and I imagine lots of others would as well.

If my identity data is to be stored by some commercial service, even a Liberty Alliance member, I'm afraid I have no plans to participate.

I won't use any website that requires me to sign up for Passport. I've done a lot of Windows development the last couple years, and I can well imagine it would be to my benefit to pay for M$' developer program, but my understanding is that it requires Passport to participate, so I won't have any part of it.

Even if I had my own personal server storing my identity, you can bet I will configure my firewall so it will only accept queries from sites I consciously want to have the information.

Hello point.... you missed it.

[MosesJones]

This isn't just about browsers, its about mobile phones, PDAs, servers, TVs, Set-top boxes, smart cards etc etc.

And its not just about Web content, its about authorisation systems as a whole.

A browser is just one very very small part of what Liberty could be used for. And while a browser remembers a password, it doesn't know who you are and cannot prove that you are that person.

Misconceptions

[finkployd]

There seems to be alot of misconceptions about Liberty. As I understand it, the framework allows you to "assert" your identity to a remote location by a trusted third party. Perhaps your trusted third party is your bank, or your University, or your ISP. You authenticate with them, then a packet of data asserting who you are is digitally signed by this trusted third party and sent to where ever. If the remote location trusts the third party to assert identities, then you are in.

This does not seem to be about having the same password on every site, or even having ANY password on a site. It is federated authentication (and possibly authorization, but I don't know how they would do that, possibly with SAML assertions).

Finkployd