Feeds

Friends of Sun rally for Passport-killer

They all agree it would be a jolly good thing

  • alert
  • submit to reddit

HP ProLiant Gen8: Integrated lifecycle automation

Sun has been hinting for weeks that it's rustling up support for an alternative to Microsoft's version of single-sign-on for web transactions, and it went public today.

The Liberty Alliance Project's mission is quite a mouthful: to create "an open, federated solution for network identity - enabling ubiquitous single sign-on, decentralized authentication and open authorization from any device connected to the internet, from traditional desktop computers and cellular phones through to TVs, automobiles, credit cards and point-of-sale terminals."

The initial roster of "charter members" is interesting: it includes none of Sun's server infrastructure rivals (IBM, Fujitsu-Siemens and Hewlett Paqard are missing, along with the PC OEM crowd) but has an impressive roster of wireless and cellular manufacturers: numbering handset manufacturers (Nokia and Sony), carriers (Sprint, Vodafone, Cingular) and NTT DoCoMo which is both. Smartcard manufacturers including Schlumberger and Gemplus are there, and a few Sun customers who we imagine thought they were signing up for a Free! Prize Draw! of some kind.

Most interesting on the list is the presence of O'Reilly, Apache Group and Collab.net: they're recruited as conscience-keepers, we guess.

The strong roster of phone interests indicates that Sun recognises that the payment platform is likely to involve a smartphone, not a PC. With smartphones set to outnumber PCs at some point in the next decade, that's a good bet. Even without Sun's server rivals, there's enough of the wireless lobby signed on (no pun intended) to give the initiative momentum.

If the announcement looks like it was hurried out, we suspect it was. Until a couple of hours ago spokesmen were stonewalling enquiries on the Charter List membership, after IDG had gotten an advanced copy. And some of the web pages are still titled "Liberty Template".

Quite what technology is to be used is up for grabs, but it's likely to be Java-based given Sun's role in the group's creation, and religiously standards-based: anything else would provide The Beast with a turkey shoot.

At Santa Clara three weeks ago, we spent much of the morning haranguing Greg Papadopoulos and Marge Breya that Sun's web services pitch was essentially meaningless without an open, industry-standard single-sign on.
And this delivers that. Or at least, is the best chance of such an alternative to Passport.

So why aren't we deliriously happy? Well, there's little emphasis so far on privacy. The word appears once in the 979 word FAQ, five words from the end. And privacy is central to consumer acceptance of any kind of digital ID: without essential privacy guarantees the digital ID that Project Liberty requires becomes a back door to all kinds of database pooling - by marketing departments and governments - that isn't possible today. It could even, if we aren't vigilant, become your token for digital content as envisaged by Senator Hollings' SSSCA.

But it's early days as we say, and apparently it's not too late to change the name, either.

The Liberty Alliance Project sounds like one of those fringe libertarian nut websites that are entirely written using huge blinking Times fonts, that advocate legalising smack and helping protect the unborn by issuing them with handguns.

"Liberty is a code name for this formative initiative," says the press release.

Phew. ®

External Link

Project Liberty

Reducing security risks from open source software

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.