Slashdot Mirror
Sun ONE Identity Server 6.0
scubacuda points to this article at The Register, about "what is believed to be the industry's first identity server based on Liberty Alliance Project specifications for federated network identity (date sheet here). Other reports of Sun's release: eWeek, Information Week, Computer World, & Y!"
Umm... I'd like to order one new identity, supersized. Preferebly one with Bill Gates bank account and Hugh Hefners mansion.
Oh wait... this doesn't serve identities?
can't sleep slashdot will eat me
The Sun ONE Server is the first single sign-on server based on the liberty Alliance project. And its at version 6.0
Why not fork?
Why is this under your rights online? Do we not like this system for some reason?
It seems like a perfectly sane system. Distributed login, no personal information swapping between services and even a global logout. All the specifications appear to be published as far as I can tell.
I'm pretty surprised there hasn't been any progress creating an Open Source implementation of the specification. Kinda disappointing.
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
Who's to say that Sun wouldn't use/abuse my personal information in exactly the same way a lot of us fear Microsoft would?
Although I really like the idea of not having to type in my personal details all the time, I don't trust a public company, which is primarily answerable to its shareholders (i.e. not potential users, such as myself), with this sort of information.
I wouldn't trust the US government with this info either. I wouldn't trust my own (Australian) government either.
In an ideal world, this sort of service could be hosted/provided by a United Nations-type, global "entity" and the details made available "only to the good guys". Nothing about the *real* UN would make me trust it with my personal info either.
However, if the information was held strongly encrypted *and* distributed so that nobody had access to vast amounts of user data for "market analysis" or other purposes, then I might be interested in signing over my details. A model something like Freenet's has much more appeal; nobody knows where the data is stored, so hopefully nobody could dig into my personal details without my consent. Having my personal data mixed in with everyone else's all around the world would make it impractical for marketing droids to perform their volumetric analysis on it. Add some decent encryption to the mix, and allow me to release only extremely specific details about myself to vendors, and I'd probably be pretty tempted to sign up. In particular, let ME be the traffic cop for my own data; don't tell me to trust somebody else to provide my personal info on request, since frankly there's hardly anyone I'd trust at that level.
As it stands, I can't see an offering from Sun being any more acceptable than one from Microsoft, or Novell, or Oracle, or any government body from any country. An open source solution is a mandatory starting point, as far as I'm concerned
I have an electronic ID card, which I haven't really found useful at all... I can in theory use it to identify myself in any kind of electronic transaction.
Now, if identity servers could interact with local registries of people already in existance the whole secure, verifiable electronic ID -thing would really be taken to the next level.
This is probably far to utopistic though...
.: Max Romantschuk
So, I hope its clear to everyone that it runs on Red Hat 7.2 (6.1 only) too!
I think you'll find they mean that only version 6.1 of the Identity server will be supported under Redhat Linux 7.2 and this version 6.0 doesn't actually support Linux at all.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10);'
If nobody knows where the data is stored, is there not a problem with recovery if some of the system goes down? Extending that, if part of the system only goes down, and only certain peoples information is unobtainable, all of a sudden people know where it's stored...
for a moment, I'm quite interested in what is going to happen within the opensource community?
Right now there is a move to create an opensource passport, however, it would be interesting if there was a lead by another group to create an opensource liberty project.
For me, it would be great to have a certain amount of information being shared over a number of services instead of needing to learn 101 passwords and user names.
Yes, I know I could use the same one over and over again, however, my experience has always been that there is some dimwit using my username, and it has ABSOLUTELY nothing to do with their proper name! GRRRR
Notice that Sun and the Liberty Aliance do NOT offer a centralized identity repository a la Passport. This is a distributed solution -- as a provider (internet store, etc.) you install an authentication server and decide yourself what other providers you can trust, so that if a user is logged in their site, he can be considered logged in yours as well (put simply).
The only requirement is that the server implements the Liberty Aliance protocol standards. I _think_ one can make an open source server that implements those standards as well.
You've rather dramatically missed the point.
Sun doesn't want to store your identity. Not having a single entity as a central point of failure for all account information is exactly why the Liberty Alliance was formed!
You might want to go and read the specs and learn about federated identity.
If I understand this whole thing, I'm trying to understand why any manjor company would want this on their ecommerce site. As a CEO, I would say, "Let me understand this. We will no longer keep detailed customer information. Some service provider will?." I'd hit the roof. Ask my employees what were they thinking. Giving up one of our most precious resources, information on our customers. I'd fire the whole group, and get new people with more intelligence. Quite frankly, I don't see this being accepted by major corporations. And I seriously doubt "Mom and Pop" operations, which wouldn't want the trouble of maintaining such data, is a big enough market to support these efforts.
Heck, you need to learn reading official product specs are the most reliable source of info on a product and if that ain't true, just call your lawyer. On the Sun Website, it says and I quote:
"Supported:
* Sun Solaris[tm] 9 and 8 Operating Environments for 32- and 64-bit UltraSPARC®
* Microsoft Windows 2000 Server, Service Pack 2 or later
* Microsoft Windows 2000 Advanced Server
".
No linux, no Solaris x86, no Windows Whistler/XP, no Longhorn XP Alpha, no FreeBSD, NetBSD, OpenBSD, no Minix, no MicroBSD, no IRIX, no OpenUNIX, no Windows 2003 RC1/2. The list goes on.
The only requirement is that the server implements the Liberty Aliance protocol standards. I _think_ one can make an open source server that implements those standards as well.
... where many java websites fail to work with anything other than Internet Explorer under Windows because the java they run relies on Microsoft's jvm, and Sun's jvm isn't really any less of a hassle for developers and surfers to obtain.
If Sun were really smart, that is exactly what they do: impliment a free software/open source reference of the protocol.
In fact, they would be well advised to GPL such an implimentation? Why?
The GPL would prevent competitors *cough* Microsoft *cough* from incorporating Sun's code into their proprietary products without first negotiating and obtaining a separate license under whatever terms Sun wishes to impose (they get all the negotiating power with proprietary vendors that they have now).
The GPL would allow its inclusion in any free software products. Perhaps, under FreeBSD and Apache as a separate module, to avoid licensing collisions. This would give the free software community a decentralized authentication framework, and would mean widespread adoption by anyone and everyone not firmly in the MS IIS camp (most reasonably savvy people).
While I do not believe anyone is entitled to obtaining privately funded and written software for free, I do think a move like this by Sun would be strategicly brilliant in getting their standard quickly and widely adopted, quickly and widely enough to prevent Microsoft from owning online authentication. I suspect if Sun doesn't do this (or spin off a well funded group to do this), their liberty alliance will fade much like java has
(As an aside: based on Sun's treatment of Java, I doubt they are that smart. Having to click through license agreements to download and install a jvm, vs. simply having to type 'emerge somejdk' for everyone elses jvm, means most people install someone else's jdk if at all possible due to the hassle factor alone. Not good when you're trying for widespread adoption.)
The Future of Human Evolution: Autonomy
Apparently, there was a version 5.1. To wit:
Sun[tm] ONE Identity Server 5.1: Installation and Configuration
-- Never hit a man with glasses. Hit him with a baseball bat.
Well, for the cases where identity needs to be unambiguously established for an individual, I'm happy to see technology available to support it.
And if the technology is open, I like it more.
But I'd really feel a lot more comfortable if there were fundamental changes in identity policy to permit anonymity and privacy of varying degrees.
There are far too many circumstances today where I have to establish my individual identity as a person, where it would suffice to identify me as "an individual capable of giving X amount of money for this particular transaction".
I've grown to like the Slashdot model where you can create your own identity and it stands only for the cumulative comments you make, nothing more.
But governments and corporations don't want to lose any bit of control, so we probably won't see this model extended into public life. By the time average citizens become cognizant that their every action, speech and deed is instantly and perfectly recognized by the authorities, it will be too late to change the policy.
"Provided by the management for your protection."
Just what I need - software to tell me who I am.
Server: You are number six. /. lately, huh? You are number six. ...
Me: I am not a number, I am a free man!
Server: Haven't read
Me: Fine, number six it is. Who's number 1?
Server: That would be telling. You, however, are number six
Then they must be really, smart because that's exactly what the IPL implementation is - except under an Apache style license. At least, I think it's called the IPL.
Don't expect to just download it and get single sign on though. Liberty doesn't work like that.