Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Liberty Alliance Grows Again

Posted by Hemos on from the now-if-they-would-just-do-something dept.

sempf writes "The Liberty Alliance, a Sun-backed open-specification alternative to the Microsoft platform's Passport system, has added two very powerful members, Oracle and Intel. Now over 150 members, one wonders at the future of a world where we have two single sign-on systems. With the three big IM platforms joining forces, is the identity standard of the world going to be Microsoft, or Sun? Is this going to be the next Browser War?"

30 of 111 comments (clear)

  1. No. by Morgahastu · · Score: 4, Insightful

    No. There won't be a war because no one wants it. MSN's passport has been around for a long time now and barely anyone uses it.

    1. Re:No. by 16K+Ram+Pack · · Score: 5, Interesting
      That's for a number of reasons.

      - You have to pay to use it for your site.

      - Lots of people don't trust Microsoft's security.

      - Some people are concerned about single platform/single corporation.

      I'd love to have a single ID.

    2. Re:No. by blowdart · · Score: 5, Interesting
      Yes, but is anyone actually using Liberty? It's all very well signing companies on, but what web sites actually use the damned thing?

      Reading the testimonials it's all fluffy, without implementation (excluding one company which seems to use it for internal enterprise authenication, which is a way different market to Passport)

    3. Re:No. by zimba-tm · · Score: 3, Interesting

      That really put the question :
      - Why they can't do a protocol without wanting to take it for them ? :p

      I mean, have you seen somewhere on the internet that all the emails have to be at hotmail ? :D

      ^^ This leads to :
      Developp a free sign-on protocol
      Use user@domain, so everybody can own it's informations (don't know if I expressed myself well enough)

  2. Single Sign In by dochood · · Score: 4, Insightful

    It's called Mac OS X's Keychain.

    1. Re:Single Sign In by TheRaven64 · · Score: 3, Interesting

      This may not have been an entirely serious suggestion, but it is a much better idea. I would much rather store passwords locally and trust my own security than trust anyone else's (it may not be more secure, but at least it's my fault if it isn't). The only thing I would like to see a specification for is labelling fields in HTML forms so that they can be auto-completed with information from my vCard. Safari does a good job of guessing at the moment, but it's not perfect.

      --
      I am TheRaven on Soylent News
  3. who cares? by castlec · · Score: 5, Insightful

    Who cares what company has the new identification standard? I'd rather keep my multiple passwords than rely on one breach of one system to lose my entire online life. I'd assume most geeks are the same and I've met some pretty paranoid non-geeks out there about having any information on the web. So unless we really believe that the information we need to have to exist in our online world won't be available outside of the authentication standards of a few companies, we have nothing to worry about.

    --
    When I tell an object to delete this, am I killing it or telling it to kill me?
    1. Re:who cares? by sim000 · · Score: 3, Interesting

      Except it won't be the geeks who have control over this. A single sign-on system is something 99% of the population would welcome. Surprisingly (not?) most people aren't really happy about having to remember dozens of obscure passwords. But a war? Nah. Fight, maybe.

    2. Re:who cares? by cmj · · Score: 5, Informative

      One of the points of the Liberty Alliance is that you, the end user choose whether to Federate your accounts or not, and you get to choose to break that Federation. Take a spin through the backgrounder paper on Liberty - there's a lot of tech, but there's also quite a bit of thinking about privacy and security there.

    3. Re:who cares? by sigaar · · Score: 3, Insightful

      Well I certainly don't want one password for everything, much less a very server which has the names of all the services that I use in. Right now I *can* have the same password for everything I use, and who would know. If someone breaks into my hotmail account, then that's about it, they broke into my hotmail account. They still don't know squat about any other services I might use.

      Let users choose for themselves. But having one password and links to all the services I log into, stored by the company who almost only ever make news when another of their security vulnerabilites is discoverd, or they get sued over improper business practises, or they're trying to lie themselves out of loosing more market share, that's not for me.

      --
      sigaar
  4. Sign-on War by bheer · · Score: 5, Insightful

    I'll believe there's a "sign-on war" the day Ebay locks people out for not having a passport/liberty alliance account. (Currently they support Passport+their own system.)

    Honestly, site-specific sign-on systems are easy to develop and most e-tailers have a powerful motive to offer their customers as many choices as possible. This is stark contrast to the one-or-the-other image a "war" connotes.

    --
    Go somewhere random
    1. Re:Sign-on War by iMMersE · · Score: 3, Insightful

      To get as many people using their system? I, for one, am often put off when having to fill in a form to gain access to some area of a site. If I just just sign in using some shared system, I would use more of these sites.

      --
      codegolf.com - smaller *is* better.
  5. How universal can it be? by frostman · · Score: 4, Insightful

    How universal can any kind of "identity system" be before it gets scary and/or illegal? (Illegal in countries with data protection laws anyway.)

    Nokia is on board with this, and as more and more of my personal information gets concentrated on my phone I'll probably end up using it.

    Eventually we'll probably all have a digital "passport" of some kind - and much better this way than the Microsoft way - but it's still a bit creepy.

    --

    This Like That - fun with words!

  6. Microsoft or Sun? No... by Glock27 · · Score: 5, Insightful
    is the identity standard of the world going to be Microsoft, or Sun?

    With, as you point out, over 150 member companies the Liberty Alliance is scarcely just "Sun".

    --
    Galileo: "The Earth revolves around the Sun!"
    Score: -1 100% Flamebait
  7. They're all terrified of MS' power by Anonymous Coward · · Score: 5, Interesting

    So they're all finally joining forces.

    Intel is terrified that Longhorn's .NET hardware independent toolset will allow MS to move away from x86 at will and set up their own chip division. MS can't grow their software division much more in a saturated market, but if they use their own chipset (or licence it to a couple of 3rd party suppliers) they can take over all of Intel's current profit.

    Oracle is of course competing against SQL Server.

    All these large IT companies have known for years that MS is going to eat their lunch, but they couldn't work out what to do about it.

    The penny has finally dropped - the only way to combat MS is for them all to work together using common standards : hence, their support for Linux, the Liberty Alliance, J2EE and so on.

    1. Re:They're all terrified of MS' power by Ari_Haviv · · Score: 3, Informative

      Intel isn't just paranoid. Rumors have it that the Xbox2 will usee powerpc cpu's instead of intel or even AMD

      --
      Join Team Mozilla #38050 Folding@home
    2. Re:They're all terrified of MS' power by TheRaven64 · · Score: 4, Interesting
      Actually, I think Intel is more keen to ditch x86 than MS. They tried to with the i860. They are trying with the IA64. I recall a few months ago an Intel representative stating that they thought x86 only had a couple of generations left. Unfortunately, they can't jump ship if AMD doesn't. Hopefully Longhorn will ship for several CPU architectures (as NT did), and will include something based on VirtualPC for running legacy x86 code.

      Note that the only non-x86 architecture properly supported by Windows at the moment is IA64.

      --
      I am TheRaven on Soylent News
    3. Re:They're all terrified of MS' power by mikrorechner · · Score: 3, Interesting
      MS can't grow their software division much more in a saturated market, but if they use their own chipset (or licence it to a couple of 3rd party suppliers) they can take over all of Intel's current profit.
      Mind you, it's not so easy to design a new chip with a performance comparable to Intels' recent x86 processors (or AMDs', for that matter). It would take a few years at least, and that is with buying some technology from others.
      No, I think the only thing that might happen is a MS system based on PowerPC chips, as is happening with the next Xbox, AFAIK.
      --
      "Oh, a lesson in not changing history from Mr I'm-my-own-Grandpa." - Dr Hubert Farnsworth
  8. A pretty good standard by Cyberax · · Score: 5, Interesting

    Liberty is a pretty good standard, it allows federated and distributed authoring instead of Microsoft's "only we know who you are" approach.

    It's a shame that everything this alliance has produced up to date is just a pile of PDF specifications. Hope it will change soon.

  9. Single Sign-On by storem · · Score: 5, Informative

    Be sure that this will be the next big war. But it will most certainly not be fought in the open field. My guess is that this will mostly influence companies as they move more and more to single sign-on solutions.

    Article from Internet News

    June 30, 2004
    Single Sign-On Gains Liberty Support
    By Clint Boulton

    Although a lack of interoperability has threatened to hold Web services adoption back, Liberty Alliance, a group dedicated to forging an open identity standard, cracked that barrier by certifying nine single sign-in products this week.

    The group awarded Ericsson, Hewlett-Packard, IBM, Netegrity, Novell, Oracle, Ping Identity, Sun, and Trustgenix its "Liberty Alliance Interoperable" mark in a conformance test.

    The certification, which covers Liberty Alliance Identity Federation Framework (ID-FF) version 1.1 and 1.2 for single sign-on services, involves a rigorous testing process that gauges identity federation, authentication, session management and privacy protection. Vendors must demonstrate interoperability with two other randomly selected participants.

    Secure single sign-on services are a key ingredient for Web services, a high-flying concept for distributed computing that allows applications to talk to one another to perform tasks. But customers are afraid to "sign-on" without a secure brand, because crackers can swipe their personal information if the site is not safeguarded properly.

    According to a Liberty statement, the products are interoperable out-of-the-box, which pares deployment schedules and saves costs. This is key, as customers are loathe to license technology if it isn't supported by a validated standard, according to Gartner analyst Ray Wagner.

    Customers who are thinking about federation projects need some reassurance that there won't be a huge amount of manual integration necessary between partners with different infrastructures," Wagner told internetnews.com. "Requiring compliance with Liberty, SAML, WS-Federation, and WS-I Basic Security Profile, or a subset of the above, will provide some assurance that systems have the capability to work together."

    Wagner said he believes most vendors who make identity management products will provide compatibility with specs or standards in the short term, noting that Federation protocols in particular (SAML, Liberty, WS-Federation) will likely converge in the medium term.

    With Liberty's certification, companies can say that their products are compliant with the Liberty identity standard, making their identity management software more appealing to customers looking to shore up their Web services platforms with authentication via single sign-on services.

    Forrester analyst Randy Heffner said using Identity Web Services Framework (ID-WSF) requires Liberty's ID-FF and offers an interoperable path to Web services as long as users start with Liberty's ID-FF.

    "There is a test suite to ensure broad testing coverage of the technical interfaces," Heffner told internetnews.com. "But successful operation of the tests is sort of on the honor system -- except that a vendor who wants the Liberty logo must participate in an interoperability event and successfully connect with a couple of other randomly chosen products."

    "This is better than a simple, pre-planned interoperability event, which only proves that there is 'at least one' configuration by which products can work together -- but not that this is the configuration that any given user might need," Heffner concluded.

    Web services have been slow to take off over the last few years, due to obstacles such as interoperability, security and manageability. But this is changing, owing in part to the steady work companies have been putting into the matter and the increasing acceptance of the more broad service-oriented architecture approach to software services.

    The following products are now Liberty compliant: the Ericsson User S

    --
    StarTrek.org Free Webmail
  10. What Standard? by jackb_guppy · · Score: 3, Interesting

    There a can be no indentity standard, because there can be no indentity.

    IPs can be spoofed, mail foraged, add to that proxies and firewall... There is no way of telling who is really on either end of the connection. Now, add single signon security, without forced timeout of passwords and without heavy forced editing preventing reuse and dictonary attacks.

    Look to windowsupdate.microsoft.com. Are you connecting to truly to microsoft? No, you are not. So you are taking a SECURITY download from a site, that may have an associtation with MS but not MS itself. Boy are we trusting.

    So where does that leave the rest?

    1. Re:What Standard? by Tim+C · · Score: 3, Funny

      mail foraged

      Yeah, I hate it when people forage through my email - it's bad enough that my girlfriend goes through my phone sometimes, but my email? No way!

      --
      It's official. Most of you are morons.
  11. I think claiming by Anonymous Coward · · Score: 4, Funny

    that something is the 'new browser war' is the new black.

  12. How about this... by danheskett · · Score: 4, Insightful

    ...Single sign-on outside the corporate network (aka, the Internet at large) is a problem that doesn't need much solving..

    ..and both MS and Sun will fail at solving a problem that doesn't really need solving.

    A better approach would be for either MS or Sun to develop multi-langauge, multi-platform products that will help web developers implement standard password requirements, username/password schemes, etc.

    Forcing a lame implementation of bad technology isn't going to work.

  13. This would be like fighting over... by Anonymous Coward · · Score: 3, Funny

    ...who gets to give you herpes.

  14. Summary is misleading by CdBee · · Score: 3, Insightful

    The big IM providers are NOT joining forces, they're just making a tidy sum providing Microsoft with a way of routing messages between networks. IM convergence would mean being able to send a message to a user on another network directly, that still is not on the cards.

    I'm just waiting for Google to offer a Messenger service, using a gMail account as a login. I think they could bring great things to the IM market, especially if the based an offering on an OSS project like Jabber, for which other IM software providers could then incorporate support.

    Passport is already tied closely to Messenger and Windows XP in particular, I don't see the opposition gaining ground without going the same way.

    --
    I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
    1. Re:Summary is misleading by sempf · · Score: 4, Insightful

      ... IM providers are NOT joining forces ... IM convergence would mean ...

      Note that I did NOT say IM convergence. I DID say they are joining forces. They are. Despite all of the vitrol, reality has forced them to hold hands and play nice. I'm sure the ability to send a message from one platform to another using a common P2P platform is not far off, despite your claims.

      How exactly is Google making a gMail messenger any different from MSN mesenger, or Yahoo messenger? All great brands, all good technology. Will it be better because you like Google more? Don't get me wrong, I like Google too, but how will a fourth standard make it any better?

      --
      /usr/bin/grep -i -E meaning life.txt
  15. Liberty Alliance is not the same as Passport by Anonymous Coward · · Score: 5, Informative

    The Liberty Alliance is not a single signon like Passport. It doesn't put all your data in the hands on one organisation. It basically allows you to link logins and share data between them.

    It's a tricky concept to grasp but I've found these two introductions helpful:

  16. Neither? by blanks · · Score: 3, Insightful

    How about I just keep my identity and NOT have any single company owning my personal data? Yes convince is what America is all about, but there are still many steps needed to be taken in the real world to prove your identity, why do we need one system that everything will be required to use (think about the future). With something like this, I can see something bad happening. The US government (world government too) has been trying to remove the ability to be anonymous on the internet, with a system like this INFORCED at many different levels, the ability to be anonymous would no longer exist, the moment you connect your pc to the internet (LAN?) you would be authenticated.

    --
    TruePunk | Games
  17. Re:Why stop at just two by Samari711 · · Score: 3, Informative

    actually despite what the person who posted this article implies, LA is not a monolithic sign on like Passport. LA basically provides a protocol for a person's identity to be authenticated via a third party and the token from that third party server passed to different sites that trust the third party. The standard does not however stipulate that there can be only one company capable of identity verification, but rather lets sites choose who they trust the information from.

    --

    I never said I was smart, I just said I was smarter than you