Liberty Alliance: 2003 will bring products, services

While lacking specifics, a poll of Liberty Alliance Project member organizations indicates that 2003 will see the emergence of new technology that applies identity management and user authentication standards developed by the industry consortium.

On Tuesday the Alliance released the survey results along with examples of projects that are currently under way using the 1.1 specifications and information on new Alliance members.

According to the Alliance, a poll of its members found that:

– Fifty-nine per cent of those members who responded planned to implement the Alliance’s 1.1 standards in IT projects or products released this year.

– Seventy per cent of those who responded planned to implement the Alliance’s standards, though not necessarily in 2003.

– Fifty-two per cent said that they would be deploying the Liberty Alliance specifications in services that benefit their own employees.

A number of ongoing projects that apply the 1.1 specifications were identified in the statement. Those projects included a plan by General Motors Corp. to use the Liberty 1.1 specifications on its employee intranet, MySocrates, and a project involving the Financial Services Technology Consortium (FSTC) to create a multibank network to securely exchange customer account, transaction and credential information.

In the product arena, the Liberty Alliance announced that Communicator Inc. will deliver a version of its Hub ID product line that uses the Liberty 1.1 specifications by the end of January and that SourceID, an open source development community, will release a Java toolkit for implementing Liberty-standard single sign-on features.

Twenty-two new Liberty Alliance member companies were also identified, including high profile companies such as Siemens AG, NEC Corp., and Computer Associates International Inc.

Despite the news, hard information was lacking from the industry group, including figures on how many member organizations responded to its request for information and an indication of what progress the vast majority of Liberty Alliance members are making towards products and services that use the consortium’s 1.1 specifications.

Although the 1.1 specifications were released in July, 2002, products and services that use those specifications have not been forthcoming. The Liberty Alliance Web site lists just 11 companies with products that implement or plan to implement the 1.1 specifications.

A second phase of specifications, version 2.0, is due out in the first half of this year with guidelines for site-to-site authentication and user-attribute sharing, according to the Alliance.

Industry experts attribute the slow pace of Liberty 1.1 adoption to uncertainty about the future of the Liberty standards and of its main competitor in the single user authentication and identity management arena, Microsoft Corp.’s Passport service.

The two services offer different approaches to many of the same technical challenges. Among the differences are Microsoft’s central management of user data vs. the Liberty Alliance’s decentralized approach.

In addition, Microsoft’s Passport service relies on proprietary protocols to handle user authentication tokens, whereas the Liberty Alliance specifications call for exchanging authentication tokens using the Security Assertion Markup Language (SAML) extensions.

Microsoft’s eventual shift to the Kerebos technology to handle authentication may open the door to more interoperability between Passport and Liberty Alliance member sites, but Microsoft has warned that migrating its 200 million existing Passport accounts to Kerebos will take time.

And, while Microsoft has indicated that it will support SAML assertions in its Windows server authorization infrastructure, no specific time table has been provided for that support.

In the meantime, corporate IT managers are left wondering whether the two federated authentication systems will battle for dominance or decide to join forces and interoperate.

Even if the decision is for cooperation between Microsoft and the Liberty organizations, technology that supports both standards may be years away.

Details about the Liberty Alliance Project can be found at