The Liberty Alliance Grows Again
sempf writes "The Liberty Alliance, a Sun-backed open-specification alternative to the Microsoft platform's Passport system, has added two very powerful members, Oracle and Intel. Now over 150 members, one wonders at the future of a world where we have two single sign-on systems. With the three big IM platforms joining forces, is the identity standard of the world going to be Microsoft, or Sun? Is this going to be the next Browser War?"
- You have to pay to use it for your site.
- Lots of people don't trust Microsoft's security.
- Some people are concerned about single platform/single corporation.
I'd love to have a single ID.
So they're all finally joining forces.
.NET hardware independent toolset will allow MS to move away from x86 at will and set up their own chip division. MS can't grow their software division much more in a saturated market, but if they use their own chipset (or licence it to a couple of 3rd party suppliers) they can take over all of Intel's current profit.
Intel is terrified that Longhorn's
Oracle is of course competing against SQL Server.
All these large IT companies have known for years that MS is going to eat their lunch, but they couldn't work out what to do about it.
The penny has finally dropped - the only way to combat MS is for them all to work together using common standards : hence, their support for Linux, the Liberty Alliance, J2EE and so on.
Liberty is a pretty good standard, it allows federated and distributed authoring instead of Microsoft's "only we know who you are" approach.
It's a shame that everything this alliance has produced up to date is just a pile of PDF specifications. Hope it will change soon.
Except it won't be the geeks who have control over this. A single sign-on system is something 99% of the population would welcome. Surprisingly (not?) most people aren't really happy about having to remember dozens of obscure passwords. But a war? Nah. Fight, maybe.
There a can be no indentity standard, because there can be no indentity.
IPs can be spoofed, mail foraged, add to that proxies and firewall... There is no way of telling who is really on either end of the connection. Now, add single signon security, without forced timeout of passwords and without heavy forced editing preventing reuse and dictonary attacks.
Look to windowsupdate.microsoft.com. Are you connecting to truly to microsoft? No, you are not. So you are taking a SECURITY download from a site, that may have an associtation with MS but not MS itself. Boy are we trusting.
So where does that leave the rest?
Reading the testimonials it's all fluffy, without implementation (excluding one company which seems to use it for internal enterprise authenication, which is a way different market to Passport)
That really put the question : :p
:D
:
- Why they can't do a protocol without wanting to take it for them ?
I mean, have you seen somewhere on the internet that all the emails have to be at hotmail ?
^^ This leads to
Developp a free sign-on protocol
Use user@domain, so everybody can own it's informations (don't know if I expressed myself well enough)
This may not have been an entirely serious suggestion, but it is a much better idea. I would much rather store passwords locally and trust my own security than trust anyone else's (it may not be more secure, but at least it's my fault if it isn't). The only thing I would like to see a specification for is labelling fields in HTML forms so that they can be auto-completed with information from my vCard. Safari does a good job of guessing at the moment, but it's not perfect.
I am TheRaven on Soylent News