Feeds

Do Androids Dream of Electric Single Sign-Ons?

Sun's Passport-killer six months away

  • alert
  • submit to reddit

High performance access to file storage

The first fruits of the industry-wide answer to Microsoft's single-sign-on initiative Passport, Liberty, should go live in six months, Sun said yesterday.

Sun provided an update on Liberty but didn't announce any new members of the consortium at its "Web Services Summit" (ie, MS PDC spoiler) in Santa Clara, Ca. yesterday. The most likely MIA from the original Liberty Alliance members list - AOL/Time Warner - is expected to join at any moment. Which will come as no great surprise as we've come to think of AOL as Sancho Panza to Scott's Quixote, only without Sancho's refuelling habits*.

Rising star Jonathan Schwartz, Sun's VP of corporate strategy and planning, sidestepped a question from The Register about wider industry support. With consumer demand ripe for an alternative to The Beast, wouldn't buy-in from IBM and HP give Liberty the same momentum that propelled Java from in-house novelty to de-facto standard development platform?

Er, well, maybe: Schwartz said Sun was continuing to talk to everyone he said, in a diplomatic non-answer. (Just one of many we heard yesterday morning. In fact, you could compile all the non-answers Sun gave yesterday into a great big bumper non-compendium of nonsense.)

At one point, Sun prez Ed Zander said that the company had 500 people "who spend every waking moment thinking about identity".

What? Every waking moment? Don't their thoughts stray every now and again? Have all the stray, impure thoughts, such as 'What time does the Emeryville IKEA close?' been expunged for good, only to surface in their dreams?

What do Sun employees dream about? We really don't want to know. (But in case we do - please make them original)

Private Parts

But nonetheless, this stuff matters. Sun has done an admirable job of corralling support for an alternative to Passport/Hailstorm, although there are more privacy holes in the Liberty proposition right now than there are security holes in IIS. And as we've pointed out before, consumers aren't going to sell themselves cheaply: they simply won't buy into a web service framework that pretty much guarantees them spam for life. That's the dark um, underbelly of web services that no one really likes to talk about: because with federated web services, there's no place to hide.

If you think junk email fucks up your day, you're in for a nasty surprise. In the future you'll be getting "cross-promotions" from "affinity partners" on your "personal portal", every time you check a movie time or make a funds transfer, and perhaps on every web page that you'll ever visit again. That's if the alliance between IT providers and their big-money Fortune 500 customers, each one of whom is itching to trade your personal profile, ever gets its way.

Chatting to the affable Schwartz later, he assured us privacy was a prime concern for Sun. He'd be loathe to see his Blockbuster video preference exchanged with anyone else, he told us. As well he should be: if you're a smoker or an AIDS patient, there's little guarantee that in spite of Federal Laws preventing such exchanges, that the information won't be aggregated into one evil, federated web services soup.

Now you could rightly suppose that this leaves plenty of scope for an emergent, cross-ideology privacy movement that could be as significant as the Labor movement. But right now the reins are held by a handful of moonshine libertarians - who number, alas, the droll McNealy along with his less droll compadres of the West Coast techno elite - and these folks will sell your indivisible rights for a buck if they can so much as sniff a supply chain sales opportunity. And at the "Summit" yesterday, Sun spent far more time alerting the attendees - its biggest customers and partners - to the marketing opportunities of promiscuous personal data exchange, then it did assuring us of our privacy rights.

So while the Liberty Alliance can raise a cheer right now by virtue of simply not being Microsoft, the long-term prospects for the rest of us are grim indeed.

We can clutch at one straw, however. Someone at Sun has twigged that Microsoft's decision to "open" Hailstorm authentication to open Kerberos standards means precisely diddly squat. That move gained a referential and fawning reception from the trade press recently, from everyone except your favorite curmudgeons at The Register. Who have been pointing out the very tedious, but very real difference between authentication ("You are who say you are!") and authorization ("And now you can do this!") for ages. That belatedly makes in onto a Sun slide, and we thank you folks for listening. ®

* Quixotic Bootnote: "Although he believes that Don Quixote is truly mad, he continues in the adventures because Don Quixote has promised him that he will one day win Sancho an isle to govern, or at least promote him to the status of nobility", you see...

Related Stories

Friends of Sun rally round Passport-killer
Web services marchitecture wars get personal

High performance access to file storage

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.