Liberty Alliance Poised for Single Sign-On

Microsoft and Sun , who have been
battling it out in the Web services arena, are both moving forward in the
race to provide a secure single sign-on system for Web services.

Monday, The Liberty Alliance, a
Sun-backed group, plans to unveil its long-awaited technical specifications
for online “identity management” systems.

Identity management tools are the foundation upon which companies can build
services that allow consumers to move easily among Web sites without having
to repeatedly identify themselves with a new password. This concept plays a
significant role in the Web services arena envisioned
by both Sun and Microsoft, as it enables private information to be securely
transmitted to numerous entities without the halting delays of redundant

Michele Rosen, a program manager from IDC, however, warns that single
sign-on systems may not prove useful in the Web services arena for many years
to come.

“A lot of attention is being paid to [Microsoft’s] Passport and Liberty
Alliance with regards to Web services, and I think that their impact is much
further off than some of the other issues surrounding Web Services,” says
IDC’s Rosen. “Liberty Alliance and Passport are both primarily targeted at
consumers and it will be awhile before there will be significant web
services use by consumers. Right now we see (Web services) as an internal
business integration technology.”

The Liberty Alliance, however, is pushing forward with its vision for an
open-system single sign-on, which officials describe as a federated-view
solution. Through the specifications to be announced Monday, the Alliance
plans to have personal information controlled completely by the user, yet
able to be securely shared with the organizations of the users choosing,
thus preventing any one, centralized entity from garnering personal or
proprietary information, and erecting toll booths or impediments to
interoperability or service delivery.

Although Microsoft has currently not joined the Alliance, according to a
report by the Wall Street Journal, services built on Liberty’s technology
could ultimately work with Microsoft’s Passport single sign-on service, and
Liberty continues to talk to the Redmond, Wash.-giant about joining the group.

Microsoft, along with IBM and Verisign ,
its own set of security specs
for Web Services, known as WS-Security, to
the OASIS standards body last month. Sun, who initially had shown little
interest in the standards, actually threw in its support at the last minute.

Bob Sutor, director of e-business standards strategy at IBM, sees that as a
good sign.

“We’re actually very pleased that Sun joined in with (Microsoft) on
WS-Security,” said Sutor. “I personally see that as a good sign that we’re
redirecting a lot of the security work back into a standards organization.”

The IBM exec, in fact, hopes that the current efforts of the Liberty
Alliance will be consolidated into the security program at OASIS.

“(Joining OASIS) would allow lots of people beyond the Liberty folks to
contribute and it would really be a place to funnel a lot of similar efforts
into a single effort,” he said.

While much of the WS-security specs were not specifically targeted at the
consumer-end of Web services, Microsoft is also moving forward with its own
single sign-in expansion. On Tuesday, the firm announced a deal with
Arcot Systems
that will enable its Passport service to make it easier
for customers to purchase items online with credit cards from Visa and

Both credit card companies are also members of the Liberty Alliance.

Despite Microsoft’s 14 million-user headstart over the Alliance, the next
few years will reveal whether the Alliance’s open-system can attract enough
users to catch up.

“Liberty Alliance has gotten quite a few partners because of the project
being alliance oriented, and that’s a very positive thing for them,” said
Rosen. “Microsoft is going at this as much more of a corporate negotiation.
It’s two different approaches to capturing market share and it’s going to be
a year or two before we have any sense of which one is more effective.”

More than 40 companies have pledged to
the Liberty Alliance specification when it becomes available,
including Sun, AOL, United Airlines, Time Warner, American Express, General
Motors, Nokia, Cisco Systems, and eBay. Once the Liberty Alliance
specification is released, many of those companies are expected to begin
releasing products and services that implement the specification.

News Around the Web