Do we believe in Liberty?
The recent RSA 2003 Conference revealed that the Liberty vs. Passport clash has more to it than Sun trying to put one over on Microsoft. Last year there was wide speculation that Liberty was dead in the water. This would appear to have been founded on pure rumour as the Alliance announced new members of its management board to include Ericsson, Fidelity Investments, Novell and VeriSign.
In addition to which, RSA 2003 saw Liberty Alliance's public interoperability demonstration that featured 20 hardware, software, mobile device and service companies showing how Liberty's Phase 1 specifications could be used for opt-in account linking and simplified sign-on.
However, it is not Phase 1 that is particularly interesting as we can do all this sort of stuff using SAML, as many of the 20 companies support, with or without Liberty. What is more interesting is the roadmap.
What might you ask, does Liberty add? Alongside all the show and tell you might be forgiven if you overlooked the announcement of Liberty's Phase 2, which is now in draft form.
According to IDC, the worldwide market for identity management software alone is expected to reach $3.2 billion by 2007, not including hardware or professional services. Which is one of the reasons why Liberty Alliance is a consortium of more than 160 organizations from across the globe formed to develop open standards for federated network identity management.
Among those participating in the interoperability showcase were companies such as Communicator Inc, Ericsson, HP, Nokia, Novell, Phaos Technology, SchlumbergerSema, Sun Microsystems, Trustgenix, Vodafone and Waveset.
At the moment they appear content to address the issues of not having to enter multiple passwords and to simplify management of multiple accounts.
The Phase 2 draft specification concentrates on addressing identity in a Web services world, including guidelines on security and privacy implementation. It also includes the introduction of the Liberty Identity Web Services Framework (ID-WSF) to support interoperability.
While Phase 2 starts to address some of the real interoperability issues, at the moment it is not clear how we are to use these to meet the bigger challenges of:
- How are organizations to develop the trust models that distinguish how they are to trust third parties in respect to specific activities?
- How to develop metrics by which organizations can assess the trustworthiness of a third party credential in the context of their own businesses?
- How to define rich policies that are machine readable to provide real-time decisioning?
It could be that Liberty is trying to address both the B2B market and the B2C market with the same framework. This might not necessarily be a good idea. After all, how are consumers going to be given tools to assess whether their trust requirements are met?
Standards are open to interpretation. Does the Alliance plan to have a police force to ensure consumer protection from poorly implemented Liberty applications? And how far would Liberty underwrite any such accreditations. Or does Liberty see consumers as sufficiently expert to be able to make their own decisions, unilaterally? I see no evidence that these issues have been thought through. Caveat emptor.
Copyright 2003 IT-Director.com provides IT decision makers with free daily e-mails containing news analysis, member-only discussion forums, free research, technology spotlights and free on-line consultancy. To register for a free e-mail subscription, click here.
For more information:
- Looking for free research? Browse our comprehensive White Papers section by topic, author or keyword.
- Are you tired of technospeak? The Web Services Advisor column uses plain talk and avoids the hype.
- For insightful opinion and commentary from today's industry leaders, read our Guest Commentary columns.
- Hey Codeheads! Start benefiting from these time-saving XML Developer Tips and .NET Developer Tips.
- Visit our huge Best Web Links for Web Services collection for the freshest editor-selected resources.
- Visit Ask the Experts for answers to your Web services, SOAP, WSDL, XML, .NET, Java and EAI questions.
- Couldn't attend one of our Webcasts? Don't miss out. Visit our archive to watch at your own convenience.
- Choking on the alphabet soup of industry acronyms? Visit our helpful Glossary for the latest lingo.
- Discuss this article, voice your opinion or talk with your peers in the SearchWebServices Discussion Forums.