Feeds

Do Androids Dream of Electric Single Sign-Ons?

Sun's Passport-killer six months away

  • alert
  • submit to reddit

Security for virtualized datacentres

The first fruits of the industry-wide answer to Microsoft's single-sign-on initiative Passport, Liberty, should go live in six months, Sun said yesterday.

Sun provided an update on Liberty but didn't announce any new members of the consortium at its "Web Services Summit" (ie, MS PDC spoiler) in Santa Clara, Ca. yesterday. The most likely MIA from the original Liberty Alliance members list - AOL/Time Warner - is expected to join at any moment. Which will come as no great surprise as we've come to think of AOL as Sancho Panza to Scott's Quixote, only without Sancho's refuelling habits*.

Rising star Jonathan Schwartz, Sun's VP of corporate strategy and planning, sidestepped a question from The Register about wider industry support. With consumer demand ripe for an alternative to The Beast, wouldn't buy-in from IBM and HP give Liberty the same momentum that propelled Java from in-house novelty to de-facto standard development platform?

Er, well, maybe: Schwartz said Sun was continuing to talk to everyone he said, in a diplomatic non-answer. (Just one of many we heard yesterday morning. In fact, you could compile all the non-answers Sun gave yesterday into a great big bumper non-compendium of nonsense.)

At one point, Sun prez Ed Zander said that the company had 500 people "who spend every waking moment thinking about identity".

What? Every waking moment? Don't their thoughts stray every now and again? Have all the stray, impure thoughts, such as 'What time does the Emeryville IKEA close?' been expunged for good, only to surface in their dreams?

What do Sun employees dream about? We really don't want to know. (But in case we do - please make them original)

Private Parts

But nonetheless, this stuff matters. Sun has done an admirable job of corralling support for an alternative to Passport/Hailstorm, although there are more privacy holes in the Liberty proposition right now than there are security holes in IIS. And as we've pointed out before, consumers aren't going to sell themselves cheaply: they simply won't buy into a web service framework that pretty much guarantees them spam for life. That's the dark um, underbelly of web services that no one really likes to talk about: because with federated web services, there's no place to hide.

If you think junk email fucks up your day, you're in for a nasty surprise. In the future you'll be getting "cross-promotions" from "affinity partners" on your "personal portal", every time you check a movie time or make a funds transfer, and perhaps on every web page that you'll ever visit again. That's if the alliance between IT providers and their big-money Fortune 500 customers, each one of whom is itching to trade your personal profile, ever gets its way.

Chatting to the affable Schwartz later, he assured us privacy was a prime concern for Sun. He'd be loathe to see his Blockbuster video preference exchanged with anyone else, he told us. As well he should be: if you're a smoker or an AIDS patient, there's little guarantee that in spite of Federal Laws preventing such exchanges, that the information won't be aggregated into one evil, federated web services soup.

Now you could rightly suppose that this leaves plenty of scope for an emergent, cross-ideology privacy movement that could be as significant as the Labor movement. But right now the reins are held by a handful of moonshine libertarians - who number, alas, the droll McNealy along with his less droll compadres of the West Coast techno elite - and these folks will sell your indivisible rights for a buck if they can so much as sniff a supply chain sales opportunity. And at the "Summit" yesterday, Sun spent far more time alerting the attendees - its biggest customers and partners - to the marketing opportunities of promiscuous personal data exchange, then it did assuring us of our privacy rights.

So while the Liberty Alliance can raise a cheer right now by virtue of simply not being Microsoft, the long-term prospects for the rest of us are grim indeed.

We can clutch at one straw, however. Someone at Sun has twigged that Microsoft's decision to "open" Hailstorm authentication to open Kerberos standards means precisely diddly squat. That move gained a referential and fawning reception from the trade press recently, from everyone except your favorite curmudgeons at The Register. Who have been pointing out the very tedious, but very real difference between authentication ("You are who say you are!") and authorization ("And now you can do this!") for ages. That belatedly makes in onto a Sun slide, and we thank you folks for listening. ®

* Quixotic Bootnote: "Although he believes that Don Quixote is truly mad, he continues in the adventures because Don Quixote has promised him that he will one day win Sancho an isle to govern, or at least promote him to the status of nobility", you see...

Related Stories

Friends of Sun rally round Passport-killer
Web services marchitecture wars get personal

Beginner's guide to SSL certificates

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
SCREW YOU, EU: BBC rolls out Right To Remember as Google deletes links
Not even Google can withstand the power of Auntie
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.