The US DoD and the GSA Join the Liberty Project

An anonymous reader writes "The Liberty Alliance Project announced today that the U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance in its pursuit to develop open and interoperable standards for electronically managing identity information."

The problem with universal standards

[ObviousGuy]

The instant someone finds a security hole in this authentication system, everyone is vulnerable.

The opportunity for fraud in a universal system like this is just waiting to be exploited.

Re:The problem with universal standards

[gmuslera]

Security by obscurity?

If they have a security hole, do not suppose that a simple non-standard format will stop knowing the data content. Feeling safe with the format of the file (at least, if it don't have strong encription) is in fact another vulnerability.

The main problem with not using a open, universal standard is that you tie you information (that should last teorically at least, forever) to some vendor format, if the vendor don't support that standard anymore, or the vendor is gone, then you data simply becomes inaccesible (specially if you have to thank DMCA to give you the inability to make alternative programs to open that format). And losing all your data is a major security problem, and is a risk you have if you don't use an open standard or at least a format that you own.

Umm, is this a Good Thing?

[offpath3]

I just watched the flash demo on their website. Their demo was all about being able to link up your data on various websites. Their example was linking your airlines account to a rental car account. This really just sounds like improved data mining couched in convenience to the consumer.

Re:Umm, is this a Good Thing?

[Flower]

The DoD and GSA have joined as affilates. They get to read stuff, attend All Participant meetings twice a year to get updates and make comments on proposals. They have no vote on any technology, PR or policy decisions.

I don't see what the brouhaha is all about here. Not like they couldn't get their hands on the technology anyway. It is supposed to be an open spec.

Alright!

Now we can make sure the all of our information from the government's Total Information Awareness project are available in a compatible format to any corporation who pays enough. Okay, I'm half joking.

With a name like that...

[skinnydskitzo]

Who can't wait to signup? I'm filing this in league with the PATRIOT Act. Everyone needs federally regulated standards on network indentification. I'm envisioning a future where my permanant v6 ip address is on the back of my living/driving/working/eating license, and I can thank the LIBERTY Alliance for that!!! Ahh, I can taste the freedom.

Government is getting a clue

[jonsmirl]

I'm glad to see the US government supporting an industry consortimum instead of endoring the single vendor solution from Microsoft (Passport). I hope MS' stock gets knocked down on Monday.

Why is everyone talking

[MoThugz]

about Liberty Alliance as something like it's some sort of individual tagging system? I thought it was some sort of alternative cross-site authentication system to challenge Microsoft's Passport technology?

Please correct me if I'm wrong.

Re:This is a good thing.

If the police are shooting at me, I'd like the opportunity to shoot back.

Maybe that's just the lover of Liberty in me speaking, though.

this is ironic

[Stanley+Feinbaum]

Ironic that they would call a "tracking system" the "Liberty Project". If anything this REMOVES personal liberty.

Identity information basically means "government tracking".

Re:Great!

[terraformer]

Actually, the standards created by the Liberty Alliance could make a viable private option work so the Gov't does not need to get involved in the daily operational issues (No, I am not a privatization nut). The gov't only needs to be a consumer of those standards and decide to trust the authentication of any number of private partners in the aliance. Then, the citizen only needs to create an ID with any one of those competing partners.

Think Kerberos cross realm authentication. If school x enters into a agreement with school y that students from each school will be able to use network resources on the other campus, the easiest way to manage that is to set the KDC to allow cross realm authen (using a shared secret) and then set up ACLs to allow any UID from the other school access to those resources that are to be shared.

It could be MUCH worse

[Xtifr]

To all the people who are freaking out about this "evil" technology, please keep in mind, the Liberty Alliance is developing an OPEN alternative to Microsoft's own "Passport" system. So, the gummit getting behind Liberty Alliance is a Good Thing(tm), relatively speaking. They could be getting behind Passport instead. And then, instead of just needing to have your Liberty Alliance ID tatooed on your forehead, you would have to have your MS-Passport ID tatooed on your forehead, and you would be legally forbidden to run anything but MS-Winders, since only MS-Winders would come with the proper drivers to scan and process the information tatooed on your forehead.

Re:It could be MUCH worse

[SN74S181]

You know, you're right.

All we have to do is make sure Microsoft isn't involved in it, and it's bound to be free and wonderful.

Right.

Re:It could be MUCH worse

[version5]

The thing about 'OPEN' standards is that they don't prevent anyone from selling consumer's digital identities down the river for a quick buck. Instead of just Microsoft being in control of our online identities, we have a hundred smaller but equally evil companies in charge. Wow! That's a lot better!

The thing that really bugs me is that its being sold to us as an open standard, so of course we support open standards. It's ridiculous, especially since this technology has NO BENEFIT to the consumer whatsoever. The vast majority of internet users simply don't log out of their websites. How many people have you seen with MSN messenger set to remember the password, giving access to the contents of their email? Not the most secure choice, obviously, but when you're trading cookie recipes, its hardly much of an issue at all.

Re:This is a good thing.

[CommandLineGuy]

Folks like Rosie O'Donnel, Diane Feinstein, Sarah Brady, and the lady who heads up the Million Mom March are all right. They know that guns are the true problem and not the people that illegally use them.

Wait... Rosie O'Donnel has armed guards... Feinstein has a concealed carry permit... Brady bought her son a rifle... what was it with the lady heading up the Million Mom March ? It has nothing to do with making anything safer, geesh, more people die from prescription errors and drowning in swimming pools. It has to do with making only an elite being able to have them. Nice hypocritical, anti-freedom company you want to keep, AC.

"The people have no legitimate need for guns but the various police agencies should be very well armed." -- Yes, this has worked very well in England, Australia, and New Zealand.

Just one quick question - why is it that anti-freedom folks try to put personal responsibility upon inanimate objects?

Mod me down, bad karma can't get much worse.

Re:My Identity Dream

sorry I forgot a few....

I dream that I can rent a private mailbox without registering 2 forms of ID with the US postal authority (not a PO box mind you). And that the next time the US post office faces competition from people who offer better service, they will try to compete on service rather than impose new federal postal regulations.

I dream that I can register my own domain name without exposing my personal home address to every pervert on the internet and email address to every spammer in existence.

I dream that I can get phone, gas, electric, and internet service - where paying for them is good enough - other forms and paperwork and ID not being neecissary.

I dream that the government can find a way to opperate without requiring plates on my car like they can find a way to survive without requiring a publicly displayed ID on 99% of the other stuff I own.

I dream that next time I rent an appartment, being able to pay and show respect for property will be good enough. No backgound checks, credit checks, listing everywhere you've lived for the last 7 years etc...

ok, that should be enough for now....

Re:MOD PARENT DOWN

[eidechse]

Of course, as we all know anyone with concerns about erosion of liberties is just crazy. Luckily it's easy to deal with those crackpots. Just say "Conspiracy". Maybe throw in a litte condescension for kicks. No need to check any facts, question anything, or even produce an argument. Just utter the magic "C" word and the tin foil hat crowd will run for their bunkers. Then you can sit back safe in the knowledge that everything is, and always will be, just peachy.

Re:This is a good thing.

[Melantha_Bacchae]

An AC wrote:

> The government needs to monitor the people to make
> sure they are obeying the law to prevent terrorism.

1) Monitoring an ordinary citizen's breaches of the law (downloading copyrighted media without permission/paying, speeding, and more serious crimes) is not going to prevent any terrorism, because most US citizens are not terrorists, but are rather the people you want to protect from terrorism.

2) Monitoring known terrorists (while meeting the requirements of the Fourth Amendment for those few who are US citizens) would help prevent terrorism. Pity the government, if it followed your advice, would not have the manpower to watch the terrorists if they were busy watching the citizens.

3) Most importantly, monitoring US citizens without warrants and such is against the Fourth Amendment, and therefore a crime. You don't want all those Revolutionary War heroes to have died in vain, do you?

> Of course this is all silly when they don't do the most
> common sense thing and ban the private ownership of
> guns.

Yeah, that would really help. Not only are guns not usually used in terrorism (they like bombs which private citizens do not own), but an armed citizen might be able to stop a terrorist before more people are hurt.

> The people have no legitimate need for guns but the
> various police agencies should be very well armed.

The people, not the police, are generally the ones present during a terrorist attack. All the arms of the police (who are very well armed, some in Florida with military hardware they have no training in how to use) are no good, if they are not present to stop an attack.

Anyway, the important thing is that the Second Amendment says that people have the right to bear arms.

You might want to read the Constitution and the Bill of Rights again. The USA you purpose bears no resemblance to the the one defined by those documents.

Databases (government or things like the Liberty Alliance), monitoring, disarming and stripping away the rights of US citizens are not going to solve the problem of terrorism. To stop terrorism for good, you have to look for its source: hatred and anger toward US foreign policy.

It's pretty simple. Pull the troops out of Saudi Arabia (and any other place in the Middle East where they are not wanted), and quit showing favoritism toward Israel (be chummy with Israel, but be just as chummy with everyone else), and you will have taken away Al Qaeda's main recruitment issues. Invade Iraq, and stir up a hornets' nest of angry terrorists.

Heck, being fair, impartial, and not sticking our troops where they aren't welcome would do wonders for our image worldwide. As for preemptive invasion, the last one to pull that was Hitler invading Poland. Boy did his foreign policy land him in a mess of trouble!

"Lola, kindness is not enough, look for the reason of hatred and anger.
When you find and understand that, love becomes the strongest power ..."
Belabera, "Mothra 3: King Ghidora Attacks"

Re:complainers

[Hope+Thelps]

I agree, it's like when there's a plague everyone complains but then when there's a famine, a credible alternative to plague, everyone complains about that too!

Why can't people just criticise Microsoft when they come out with a plan but cheer on others when they offer a near identical plan? It's like people these days value consistency more than hypocrisy.

Ask not what your government will do to you...

[donheff]

...ask what you can do for your government, to paraphrase a well known Fed. The US Government is not a monolithic block of Poindexters committed to stealing our personal liberties. Only a few want that and they are often just implimenting misguided legislation from the boneheads you and I elect. There are many more policy makers and technologists within Government who believe in the openess and freedom designed into the Internet. But if we don't find simple, effective ways to authenticate and secure our communications when they need to be secure, the open nature of the Internet is in jeopardy. That is because there are those in the Government (and a heck of a lot more in some of your corporations) who will point to the insecurity of their particular communications as an indictment of the Net in general. And from that point of view comes the increasing call for building structural controls into the fiber of the network - including the monitoring and oversight many of us dread.
The contingents from GSA and DoD participating in the Liberty ALliance are among the good guys. They believe in an open Internet and in open standards. They released their Certificate Arbitrator Module (CAM) under an open source license. They want to see the Internet work for everyone so it isn't hijacked for a few.