Slashdot Mirror
Sun ONE Identity Server 6.0
scubacuda points to this article at The Register, about "what is believed to be the industry's first identity server based on Liberty Alliance Project specifications for federated network identity (date sheet here). Other reports of Sun's release: eWeek, Information Week, Computer World, & Y!"
System Requirements
Supported:
Sun Solaris[tm] 9 and 8 Operating Environments for 32- and 64-bit UltraSPARC®
Microsoft Windows 2000 Server, Service Pack 2 or later
Microsoft Windows 2000 Advanced Server
What? No Epoc?
(btw, FP?)
According to their webpage:
.. and making it three times more insecure!
Enhanced User Experience - Web-based single-sign-on can help increase the usability of applications and services by simplifying the authentication and authorization process.
Umm... I'd like to order one new identity, supersized. Preferebly one with Bill Gates bank account and Hugh Hefners mansion.
Oh wait... this doesn't serve identities?
can't sleep slashdot will eat me
The Sun ONE Server is the first single sign-on server based on the liberty Alliance project. And its at version 6.0
Why not fork?
A month ago I read the same thing from novell "We're the first compliant to the Liberty Alliance specs !"
:(
But don't "fight" yourselfs Liberty Alliance guys, it's all about kick assing M$'s passport isn't it ? And that's a good reason, so go for it !
We don't want M$ to master our digital identites ! We don't want any M$ at all !
Sorry got slightly distracted by my anti-M$ part
n-e
Why is this under your rights online? Do we not like this system for some reason?
It seems like a perfectly sane system. Distributed login, no personal information swapping between services and even a global logout. All the specifications appear to be published as far as I can tell.
I'm pretty surprised there hasn't been any progress creating an Open Source implementation of the specification. Kinda disappointing.
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
Who's to say that Sun wouldn't use/abuse my personal information in exactly the same way a lot of us fear Microsoft would?
Although I really like the idea of not having to type in my personal details all the time, I don't trust a public company, which is primarily answerable to its shareholders (i.e. not potential users, such as myself), with this sort of information.
I wouldn't trust the US government with this info either. I wouldn't trust my own (Australian) government either.
In an ideal world, this sort of service could be hosted/provided by a United Nations-type, global "entity" and the details made available "only to the good guys". Nothing about the *real* UN would make me trust it with my personal info either.
However, if the information was held strongly encrypted *and* distributed so that nobody had access to vast amounts of user data for "market analysis" or other purposes, then I might be interested in signing over my details. A model something like Freenet's has much more appeal; nobody knows where the data is stored, so hopefully nobody could dig into my personal details without my consent. Having my personal data mixed in with everyone else's all around the world would make it impractical for marketing droids to perform their volumetric analysis on it. Add some decent encryption to the mix, and allow me to release only extremely specific details about myself to vendors, and I'd probably be pretty tempted to sign up. In particular, let ME be the traffic cop for my own data; don't tell me to trust somebody else to provide my personal info on request, since frankly there's hardly anyone I'd trust at that level.
As it stands, I can't see an offering from Sun being any more acceptable than one from Microsoft, or Novell, or Oracle, or any government body from any country. An open source solution is a mandatory starting point, as far as I'm concerned
I have an electronic ID card, which I haven't really found useful at all... I can in theory use it to identify myself in any kind of electronic transaction.
Now, if identity servers could interact with local registries of people already in existance the whole secure, verifiable electronic ID -thing would really be taken to the next level.
This is probably far to utopistic though...
.: Max Romantschuk
me too pal. looks like many of the rest have been sucked up into stock markup fraud/having to 'serve' themselves/mammon.
anything could happen though. lookout bullow DOWn under there. 3k is stable for the ao? va lairy? don't ask.
wait 'til you 'see' george & fuddle's acelleNT 'voting' machine. he (fuddles) has the patentdead version dough. i read it here on va.msn.?net? yesterdaze. it was postdead -15 troll, burIEd under the visual studio test drive ADs, or something.
If nobody knows where the data is stored, is there not a problem with recovery if some of the system goes down? Extending that, if part of the system only goes down, and only certain peoples information is unobtainable, all of a sudden people know where it's stored...
for a moment, I'm quite interested in what is going to happen within the opensource community?
Right now there is a move to create an opensource passport, however, it would be interesting if there was a lead by another group to create an opensource liberty project.
For me, it would be great to have a certain amount of information being shared over a number of services instead of needing to learn 101 passwords and user names.
Yes, I know I could use the same one over and over again, however, my experience has always been that there is some dimwit using my username, and it has ABSOLUTELY nothing to do with their proper name! GRRRR
maybe version "6.0" makes it sound more mature .
I'll be waiting for the XP version.
-mdew
Notice that Sun and the Liberty Aliance do NOT offer a centralized identity repository a la Passport. This is a distributed solution -- as a provider (internet store, etc.) you install an authentication server and decide yourself what other providers you can trust, so that if a user is logged in their site, he can be considered logged in yours as well (put simply).
The only requirement is that the server implements the Liberty Aliance protocol standards. I _think_ one can make an open source server that implements those standards as well.
You've rather dramatically missed the point.
Sun doesn't want to store your identity. Not having a single entity as a central point of failure for all account information is exactly why the Liberty Alliance was formed!
You might want to go and read the specs and learn about federated identity.
I think they mean from version 6.1 of the indentity server Redhat 7.2 will be supported. Crap way of saying it though
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10);'
Yeah, but then you'll start getting hippy, peace-promoting spam. But it beats opening your mail and finding a message that tells you to prepare for war with a Dell.
Live life to the fullest. It's not that life is short, but that you are dead for so long.
So it isnt supported on Micrsofts newest DDOS platform? Disappointing, really :)
Not Buzzword 2.0 compliant. Please speak english.
If I understand this whole thing, I'm trying to understand why any manjor company would want this on their ecommerce site. As a CEO, I would say, "Let me understand this. We will no longer keep detailed customer information. Some service provider will?." I'd hit the roof. Ask my employees what were they thinking. Giving up one of our most precious resources, information on our customers. I'd fire the whole group, and get new people with more intelligence. Quite frankly, I don't see this being accepted by major corporations. And I seriously doubt "Mom and Pop" operations, which wouldn't want the trouble of maintaining such data, is a big enough market to support these efforts.
I've heard of this before. What good does the text services by simplifying the authentication and authorization process. do when from a users point of view, it sounds like Enchanced User Experiance - Web Based single sign on so I don't have to have multiple logins for one web site. /etc/passwd file, NIS or LDAP or Samba (configured to imiate NT) and xdm/kdm/gdm. I wonder why IT admins waste their time when free and out of the box solutions already exist?
But doesn't Passport virtually do the same thing, just have Passport or something simular do the authentication then simply create references against passports (or something simular) in a database.
But I remember, this is meant for the enterprise. Nothing does better than an
The only requirement is that the server implements the Liberty Aliance protocol standards. I _think_ one can make an open source server that implements those standards as well.
... where many java websites fail to work with anything other than Internet Explorer under Windows because the java they run relies on Microsoft's jvm, and Sun's jvm isn't really any less of a hassle for developers and surfers to obtain.
If Sun were really smart, that is exactly what they do: impliment a free software/open source reference of the protocol.
In fact, they would be well advised to GPL such an implimentation? Why?
The GPL would prevent competitors *cough* Microsoft *cough* from incorporating Sun's code into their proprietary products without first negotiating and obtaining a separate license under whatever terms Sun wishes to impose (they get all the negotiating power with proprietary vendors that they have now).
The GPL would allow its inclusion in any free software products. Perhaps, under FreeBSD and Apache as a separate module, to avoid licensing collisions. This would give the free software community a decentralized authentication framework, and would mean widespread adoption by anyone and everyone not firmly in the MS IIS camp (most reasonably savvy people).
While I do not believe anyone is entitled to obtaining privately funded and written software for free, I do think a move like this by Sun would be strategicly brilliant in getting their standard quickly and widely adopted, quickly and widely enough to prevent Microsoft from owning online authentication. I suspect if Sun doesn't do this (or spin off a well funded group to do this), their liberty alliance will fade much like java has
(As an aside: based on Sun's treatment of Java, I doubt they are that smart. Having to click through license agreements to download and install a jvm, vs. simply having to type 'emerge somejdk' for everyone elses jvm, means most people install someone else's jdk if at all possible due to the hassle factor alone. Not good when you're trying for widespread adoption.)
The Future of Human Evolution: Autonomy
One Server to rule them all
One Server to find them
One Server to bring them all
And in the darkness bind them
Would that be a ID that is requied to buy, sell, or rent products which does not exclude food? This "next" is something I rather avoid.
You'd have to be blind to a LARGE percentage of the net to be without your info.
(date sheet here)
What the hell is a date sheet? Is this a list of single women's names and their phone numbers? No, that would a potential date sheet. So, again, I ask, what is a date sheet?
Kent
Well, for the cases where identity needs to be unambiguously established for an individual, I'm happy to see technology available to support it.
And if the technology is open, I like it more.
But I'd really feel a lot more comfortable if there were fundamental changes in identity policy to permit anonymity and privacy of varying degrees.
There are far too many circumstances today where I have to establish my individual identity as a person, where it would suffice to identify me as "an individual capable of giving X amount of money for this particular transaction".
I've grown to like the Slashdot model where you can create your own identity and it stands only for the cumulative comments you make, nothing more.
But governments and corporations don't want to lose any bit of control, so we probably won't see this model extended into public life. By the time average citizens become cognizant that their every action, speech and deed is instantly and perfectly recognized by the authorities, it will be too late to change the policy.
"Provided by the management for your protection."
Just what I need - software to tell me who I am.
Server: You are number six. /. lately, huh? You are number six. ...
Me: I am not a number, I am a free man!
Server: Haven't read
Me: Fine, number six it is. Who's number 1?
Server: That would be telling. You, however, are number six
``what is believed to be the industry's first identity server''
First? Don't we have Kerberos and MicroSoft Passport already?
Please correct me if I got my facts wrong.
Then they must be really, smart because that's exactly what the IPL implementation is - except under an Apache style license. At least, I think it's called the IPL.
Don't expect to just download it and get single sign on though. Liberty doesn't work like that.
IPL is available from http://liberty.sunsource.net/ and the code is under the SISSL (you can see the license on opensource.org).
The license is not Apache style--it's fairly unique. (I should know--I am the IPL author.)
Do I exist? Is this all a dream?