The Liberty Alliance Project on Wednesday added 30 members to its effort to create a standard for online authentication.
The infusion of companies and organizations adds first-time perspectives from both the healthcare and media industries, and from the consortium developing the next-generation Internet.
The new members come just over a month after the alliance released version 1.0 of its specification, which outlines a single sign-on mechanism for electronic commerce and Web services.
The specification would allow users to authenticate at one network access point and use that identity to traverse other sites. This so-called federated identity management is a key sticking point in developing secure electronic commerce and Web services for business-to-consumer and business-to-business interaction, although the alliance’s initial focus is on the consumer side.
“This goes a long way to showing the relevancy of the alliance specification,” says Justin Erbacci, senior network architect for United Air Lines Inc. and a member of the management board of the alliance, which now has 95 for-profit, not-for-profit, and government organizations worldwide. “We hope the diversity of the new companies will lead to multiple and diverse implementations of our specification.”
The alliance was originally started by Sun Microsystems nearly a year ago to counter efforts by Microsoft to create a similar authentication mechanism with its Passport service. The Alliance includes among its members Nokia, United Airlines, MasterCard and American Express.
The members added Wednesday include Baltimore Technologies, Bridgewater Systems, ePresence, Financial Services Technology Consortium, Healthcare Financial Management Association, Internet 2, Newspaper Association of America, Oblix, Quadrasis and Sprint.
“The addition of the Internet 2 consortium hopefully shows that the alliance has a strong future on the Internet,” says Erbacci.
Internet 2 is a consortium led by 200 universities that are working with industry and government on advanced network applications and technologies.
Last month, Internet 2 released OpenSAML, an open-source reference implementation of the Security Assertion Markup Language (SAML).
SAML is the cornerstone of the alliance’s 1.0 specification and is an emerging protocol for sharing user authentication and authorization data.
The alliance’s 1.0 specification adds a set of policies to SAML that govern how authentication and authorization data can be used.
Companies such as Entrust, NeuStar, Novell, Sun, Oblix, Netegrity and RSA Security have said they will ship SAML-compliant products by the end of the year.
Microsoft said last month it would deliver support for SAML as an add-on to the Windows.Net operating system, slated to ship at the end of this year. But the company has stopped short of joining the alliance.
“Discussions between the Liberty Alliance and Microsoft are ongoing – but it is not a question of if we will work together, but how,” says Erbacci. “It’s more important for us to work together than for them to be a member.”