Sun pushes for more Liberty on the Web

Nearly two months after announcing its Identity Management platform, Sun Microsystems Inc. made a stop in Toronto to recruit members for the Liberty Alliance group, and explain the need for a new way to handle user identity over the Internet.

The Liberty Alliance is a group of vendors and end-user organizations who are attempting to create specifications for single sign-on for both electronic commerce and Web services. Version 1.0 of the architecture is based on open standards such as security assertion markup language (SAML) and Java Authentication and Authorization Service.

Jeff Veis, the senior director, Sun One Business Alliance, said the cost to become a sponsor with Liberty is US$10,000 per month and US$1,000 per month as an associate and affiliate. A sponsor member is able to vote in all the expert working group meetings that focus on technology development and can participate in the development of draft specifications. Associates may review and comment on draft specifications and attend “all participants” meeting held twice a year, but are not at the full sponsorship level. An affiliate membership is offered only to non- profit organizations and government agencies. The fees are waved and members can review draft specifications before they are released to the public.

He argued in favour of the federated system because it would allow for authentication to happen in a co-operative way. He added that unlike traditional customer relationship management (CRM), where data is collected but never shared, in the federated system, the consumer or end user is aware that the data is being collected and shared with consent over the Internet. Thus the system fosters accountability to the service provider and users alike.

“But it’s about making sure the identity that is shared is only about you. So even if you get spam your identity provider is accountable for that,” Veis said.

The previously announced Sun One platform for Identity Management is aimed at creating standards and providing a way to manage user identities across the Web. The offering includes software, hardware and services, and has been updated with Liberty-enabled Sun One and Identity Server 6 and Directory Server 5.2.

Montreal-based Bell Canada Enterprises Inc. (BCE) joined the Alliance last fall. BCE has been active on the marketing, promotion and in the development of the technology specs. And although Veis pitched greater involvement to Canadian companies, BCE is currently one of but a few organizations that are involved. A company spokesperson said while it was “not the perfect simple spec,” the company is looking to see if the system can fit with its existing systems.

“Our interest is to ensure interoperability with authentication systems that we have internally and externally. We’re optimistic that we can deploy going forward,” said Norm Silins, general manager next generation services with BCE in Toronto.

The fight for Sun appears to be twofold. On the one hand, Sun needed a strategy to combat Microsoft Corp. in its attempt to establish a de facto network identity system and needed an alternative system that “appeared to be open and federated”, said David Schatsky, vice-president and research director at Jupiter Research in New York. And secondly, Sun wants its sponsored standards and technology to be adopted as the standard for single sign-on, he added.

Success for Sun and the Liberty Alliance hinges on the progress of an emerging technology.

“Increased adoption and influence of Web services technology is what’s going to enable the success of something like the Liberty Alliance and the technology that it’s based on,” he said.

A recent study conducted by Jupiter Research, found that of those companies with revenues in excess of US$50 million, 82 per cent already had some kind of Web services deployment in place.