The Liberty Alliance Grows Again 111
sempf writes "The Liberty Alliance, a Sun-backed open-specification alternative to the Microsoft platform's Passport system, has added two very powerful members, Oracle and Intel. Now over 150 members, one wonders at the future of a world where we have two single sign-on systems. With the three big IM platforms joining forces, is the identity standard of the world going to be Microsoft, or Sun? Is this going to be the next Browser War?"
Single Sign-On (Score:5, Informative)
Article from Internet News [internetnews.com]
June 30, 2004
Single Sign-On Gains Liberty Support
By Clint Boulton
Although a lack of interoperability has threatened to hold Web services adoption back, Liberty Alliance, a group dedicated to forging an open identity standard, cracked that barrier by certifying nine single sign-in products this week.
The group awarded Ericsson, Hewlett-Packard, IBM, Netegrity, Novell, Oracle, Ping Identity, Sun, and Trustgenix its "Liberty Alliance Interoperable" mark in a conformance test.
The certification, which covers Liberty Alliance Identity Federation Framework (ID-FF) version 1.1 and 1.2 for single sign-on services, involves a rigorous testing process that gauges identity federation, authentication, session management and privacy protection. Vendors must demonstrate interoperability with two other randomly selected participants.
Secure single sign-on services are a key ingredient for Web services, a high-flying concept for distributed computing that allows applications to talk to one another to perform tasks. But customers are afraid to "sign-on" without a secure brand, because crackers can swipe their personal information if the site is not safeguarded properly.
According to a Liberty statement, the products are interoperable out-of-the-box, which pares deployment schedules and saves costs. This is key, as customers are loathe to license technology if it isn't supported by a validated standard, according to Gartner analyst Ray Wagner.
Customers who are thinking about federation projects need some reassurance that there won't be a huge amount of manual integration necessary between partners with different infrastructures," Wagner told internetnews.com. "Requiring compliance with Liberty, SAML, WS-Federation, and WS-I Basic Security Profile, or a subset of the above, will provide some assurance that systems have the capability to work together."
Wagner said he believes most vendors who make identity management products will provide compatibility with specs or standards in the short term, noting that Federation protocols in particular (SAML, Liberty, WS-Federation) will likely converge in the medium term.
With Liberty's certification, companies can say that their products are compliant with the Liberty identity standard, making their identity management software more appealing to customers looking to shore up their Web services platforms with authentication via single sign-on services.
Forrester analyst Randy Heffner said using Identity Web Services Framework (ID-WSF) requires Liberty's ID-FF and offers an interoperable path to Web services as long as users start with Liberty's ID-FF.
"There is a test suite to ensure broad testing coverage of the technical interfaces," Heffner told internetnews.com. "But successful operation of the tests is sort of on the honor system -- except that a vendor who wants the Liberty logo must participate in an interoperability event and successfully connect with a couple of other randomly chosen products."
"This is better than a simple, pre-planned interoperability event, which only proves that there is 'at least one' configuration by which products can work together -- but not that this is the configuration that any given user might need," Heffner concluded.
Web services have been slow to take off over the last few years, due to obstacles such as interoperability, security and manageability. But this is changing, owing in part to the steady work companies have been putting into the matter and the increasing acceptance of the more broad service-oriented architecture approach to software services.
The following products are now Liberty compliant: the Ericsson User S
Re:No. (Score:3, Informative)
Liberty Alliance is not the same as Passport (Score:5, Informative)
The Liberty Alliance is not a single signon like Passport. It doesn't put all your data in the hands on one organisation. It basically allows you to link logins and share data between them.
It's a tricky concept to grasp but I've found these two introductions helpful:
Re:who cares? (Score:5, Informative)
A passport alternative. (Score:1, Informative)
Re:They're all terrified of MS' power (Score:3, Informative)
Re:Microsoft or Sun? No... (Score:2, Informative)
Any one can download the specs and do a client/server implementation just using apache projects. (Xerces, XML-SEC) and some DOM/servlets knowled to implement their
protocol.
Any how you can do it in c++/java/.NET or whatever languege you like.
RTFA (Score:2, Informative)
Re:Why stop at just two (Score:4, Informative)
Re:Single Sign In (Score:3, Informative)
Been done already, and most big commercial websites support it. It's a tag that goes on text entry fields denoting what they are, say "name", "e-mail", "phone" and so on.
Programs like Roboform, Google Toolbar and Gator (spit) use these to autofill your forms for you.
However, this misses the point; these identification are supposed to securely identify you. This identification may come with a list of addresses, so that when you sign up for a commercial service online, you can identify yourself in a way that they know you are a genuine person not scamming them with a dodgy credit-card number and drop address. Takes the validation responsibility away from the trader, which should reduce their costs and complexity of the initial setup.
Re:Why stop at just two (Score:3, Informative)
Re:How universal can it be? (Score:3, Informative)
In theory at least, it is the end user who chooses to 'federate' her different accounts so she has to log just into one of them.
Now that you mention Nokia, this issue is really hot in the mobile world, where the mobile network operator would play the role of Identity Provider, allowing Single-Sign-On to a number of mobile websites or even subscription data services. Authentication could be performed at a lower level in the network, when the mobile terminal is switched on, and the User ID can be linked to the mobile number.
Identity Commons (Score:2, Informative)
This would be a great start (Score:3, Informative)
In the spirit of FOSS - to wit, building a working one to back up your specifications - try this [w3.org]. If 50% of websites got a clean bill of health there, the world would be a better place. The error messages there recently got much better. See if you can spot which explicatory message I contributed to the list. The takeaway message is, don't just whine - fix it.
They may be a bunch of meeting-bound administrators, but W3C do produce working code to their own specifications.