SAN FRANCISCO — A gathering of companies looking to control the Web services
The Liberty Alliance, which is backed by major players like Sun Microsystems
unveiled version 1.0 of its long-awaited technical specifications for online “identity management” systems, backed by the Identity and Access Management Federation.
The group offered version 1.0 of its standards to the Massachusetts-based Organization for the Advancement of Structured Information Standards (OASIS). The goal is to get the standard approved as quickly as possible before sending it along to the W3C committee for final approval.
“What we will see with the adoption of the Federated Identity as a new phase of control for consumers and for enterprise,” said Sun Executive Vice President Jonathan Schwartz.
Schwarz said the standard would also make it easier for IT managers and system administrators because now they can just purchase a standards-based, cross-platform solution instead of building their own.
The group, which includes all the major credit card companies, telecoms and wireless players was founded about ten months ago with most of the work starting only this year. Currently the coalition has about 70 member organizations.
The Liberty specification offers op-in account linking, which lets consumers choose which Alliance partners they want to share their information with as well as how much information; a simplified sign-on for linked accounts to eliminate re-authentications; authentication context that lets business partners designate and communicate the different levels of information; a global log-out, which means that once you get out of a Liberty site you are out of all of them; and a client feature, which allows the same types of features for wireless devices.
Seven companies (Communicator, Entrust, NeuStar, Novell, OneName RSA Security and Sun) said they currently have products in production that will be available at the end of 2002.
The specs do not involve the exchange of personal information; rather they involve a format for exchanging authentication info between companies so the identity of the user is safe
The group hopes to use the standard for B2C applications, B2B applications, and mostly enterprise to employee applications, where most people would login form.
Liberty said it has already begun working on its next set of specifications for the standard. Version 2.0 is expected to extend the sign on information and filtering of user preference between separate Liberty partners.
One of the biggest stumbling blocks had been that single sign-on feature. Liberty’s identity management tools are designed to let consumers move from site to site without having to repeatedly identify themselves with a new password.
“We have to deal with this every day,” said Novell spokesperson Gary Hein. “It’s very complex, when you have a different user name for all of these different sites. The passwords are so confusing and complex that you have to write them down.”
Hein said the true security feature would be authenticating the user through password; secure ID tokens, or SmartCards.
The other major obstacle has been Microsoft’s Passport competing single sign-on product.
Microsoft is also moving forward with its own single sign-in expansion. The company announced a deal with Arcot Systems last week that will enable its Passport service to make it easier for customers to purchase items online with credit cards from Visa and MasterCard.
Both credit card companies are also members of the Liberty Alliance.
Despite Microsoft’s 14 million-user headstart over the Alliance, the next few years will reveal whether the Alliance’s open-system can attract enough users to catch up.
Although Microsoft has currently not joined the Alliance, sources say services built on Liberty’s technology could ultimately work with each other.
Liberty continues to talk to the Redmond, Wash.-giant about joining the group.