Liberty offers Web 2.0 open source security

Liberty Alliance offers an open-source version of its privacy and security tools for Java developers working on Web 2.0 applications.

This week Liberty Alliance is releasing OpenLiberty-J, open source code to allow Java developers to add the Liberty Web services standards for privacy and security to Web 2.0 applications.

Saying a Java-based security library is useful for SOA and Web 2.0 is much like saying a better hammer is good for building skyscrapers and bridges.
Jason Bloomberg
Senior AnalystZapThink LLC.

The Liberty Web Services (ID-WSF 2.0) client library for Java is download-able under the Apache 2.0 license from the OpenLiberty.org website. The Liberty Alliance has a roadmap to add versions for coders working with .NET, PHP and Ruby, said Brett McDowell, executive director, Liberty Alliance.

"The Liberty Web services standards bring enterprise grade privacy and security as well as interoperability to Web 2.0 applications," he said. "This is about enabling Web 2.0 with enterprise privacy and security features not yet available to the Web 2.0 developer."

However, Jason Bloomberg, senior analyst with ZapThink LLC., cautioned that while this release provides a tool for Java developers, Web 2.0 and service-oriented architecture (SOA) are not just about tools.

"Saying a Java-based security library is useful for SOA and Web 2.0 is much like saying a better hammer is good for building skyscrapers and bridges," Bloomberg said. "True, yes, but there is far more to implementing SOA, or various Web 2.0 applications like mashups, than leveraging better Java-based security."

McDowell said the Liberty open source release, which is aimed at Web 2.0 developers in the enterprise as well as the consumer space fills a need for security and reliability standardization that is missing in social networking applications.

"This implementation of OpenLiberty-J is specifically designed for consumer facing service providers and what we call relying parties in an enterprise scenario," he said. It provides "permission-based attribute sharing, which is sort of geek speak, but what it really means is bringing privacy and security around the identity infrastructure for Web 2.0," he added.

Current Web 2.0 applications tend to be for social networking with "low risk or low value transactions," McDowell said. "If we want to take the next step, we need a more robust infrastructure that really meets the highest bar of requirements."

Financial Web 2.0 applications where money is changing hands, and healthcare Web 2.0 applications involving sensitive patient data would be to examples where the added security would be important, he said.

OpenLiberty J as with the Liberty Web services framework is based on the WS-Security standard, he explained, but leaves developers free to select the specific authentication method for their applications.

"As far as specific authentication technology, our framework is designed almost as a meta-security framework," McDowell said. "You can articulate exactly the authentication mechanism used and convey that in a way that the other parties in the transaction will understand and know to what level of assurance to trust it. So it's not a specific authentication technology. It's designed to consume the best available authentication technology and be able to convey that in appropriate semantics."

The press release announcing the OpenLiberty-J headlined its uses for Web 2.0 with SOA mentioned only in passing.

Asked about the emphasis of Web 2.0 over SOA, McDowell answered: "From my perspective service-oriented architecture is a concept that immediately resonates and gives you a vision of applications if you're an enterprise architect. Web 2.0 gives you a vision of applications that are taking the Web by storm. What we wanted to use is the term that's going to convey the correct expectation of what this framework is meant to enable."

For more information
Microsoft, Liberty join for Web services identity interop

SAML 2.0 meets Web 2.0

That doesn't mean OpenLiberty-J doesn't have a role to play in SOA, the executive director said.

"It absolutely enables the identity bus for SOA," he said. "But I think a broader audience understands the vision of Web 2.0."

ZapThink's Bloomberg said McDowell's view of the relationship between SOA and Web 2.0 is technically correct, but the emphasis of the latter appears to be more about marketing strategy than technology.

Dig deeper on PHP

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close