Sun adds Liberty spec support to network ID server

Sun Microsystems Inc. on Monday will ship Sun ONE Identity Server 6.0, an upgrade to its network identity software that adds support for the Liberty Alliance specification, enabling users to authenticate to multiple Web sites outside a firewall.

The federated network identity functionality Sun is offering holds the promise of making it easier to access Web and non-Web applications by providing for a single authentication to multiple applications, according to Sun. Built on top of Sun ONE Directory Server, Sun ONE Identity Server integrates access management, delegated administration, directory, and federation services into a single product.

Sun’s offering appears to be the first shipping product to support the Liberty specification, said analyst James Kobelius, senior analyst at the Burton Group, in Alexandria, Va. But to get critical mass for Liberty, other vendors will need to support it in their Web access management products as well, he said. That support is expected during the next year, Kobelius added.

Liberty provides for a “circle of trust” among Web sites, said Kobelius. After a single sign-on, “the user can then log into any of the sites in that circle of trust and, transparent to him, he’ll be logged into all the sites simultaneously without having to re-enter a user name or password,” Kobelius said.

The identity server can play a role in the proliferation of Web services, according to Sun’s Andy Eliopoulos, director of business management for network identity at Sun ONE, in Santa Clara, Calif. Web services provides standard interfaces for system integration.

“The issue with Web services is the security around it,” Eliopoulos said. Having an identity management mechanism “opens up obviously a huge opportunity to deliver Web services,” he said.

Centralized administration is provided in Version 6.0 for identities, policies, and services. Administrators can delegate administration to enable users to manage their own profile attributes.

Also featured in the product is continued support of SAML (Security Assertion Markup Language), enabling for unification of log-ins within the corporate firewall, according to Sun. Version 6.0 also leverages Java and XML to provide for federated identity management and increased security and privacy, the company said.

Single sign-on is provided for Web-based resources and centrally controlled access services. Authentication mechanisms supported include LDAP, RADIUS, X509v3 certificates, SafeWord token cards, and Unix platform authentication services, according to Sun. APIs in C, Java, and XML enable customization and integration for policy, authentication, auditing/reporting, and client interfaces.

Sun ONE Identity Server 6.0 runs on Sun SPARC-Solaris systems. The company plans to port it to Linux systems, enabling it to run on various hardware platforms, in the latter part of this year, Eliopoulos said.

Sun ONE Identity Server 6.0 is priced starting at US$10 per user, with a tiered volume discount available in which per-user costs decrease as more users are added.