- Related Stories
Liberty Alliance courts open-source projectsJanuary 22, 2007
What's behind open-source ID push?March 3, 2006
Microsoft's InfoCard draws open-source responseFebruary 26, 2006
Ending Microsoft's identity crisisFebruary 16, 2006
Microsoft to flash Windows ID cardsMay 18, 2005
Passport to nowhere?March 23, 2004
Sun reveals partners for online effortSeptember 26, 2001
In fact, prime time is just around the corner for the Liberty Alliance, according to Roger Sullivan, the group's newly appointed president. The entire planet is finally coming around to the notion that identity information needs to be shared securely, just what Liberty's protocols enable, Sullivan said in an interview.
But even though Microsoft's Passport fizzled, there are plenty of other identity efforts under way. Attracting the most attention are IBM and Novell, which have put their weight behind an open-source effort called Higgins. Also, Microsoft is back in force: Windows Vista includes a feature called CardSpace meant to let people control identity information.
The multitude of options and rivaling standards remains an obstacle to broad acceptance of any of them, Sullivan said. It confuses the people who need to buy into the idea of federated identities--a world in which somebody only needs to log in once and bits of personal information can be securely shared between trusted applications.
Sullivan, an Oracle vice president who became president of the Liberty Alliance this month, sat down with CNET News.com earlier this week.
Q: What is the simple four-line definition of Liberty Alliance today?
Sullivan: Liberty Alliance is an assembly of both enterprise customers as well as vendors from all around the world. We have come together to develop open standards for identity management. Historically, all of those standards have focused on federation protocols, one enterprise interacting with another enterprise in a secure way and being able to exchange identity credentials from one enterprise to the other.
Q: Liberty Alliance launched a little over five years ago. Has the objective changed?
Sullivan: No, it has always been the same mission. Over those years, what Liberty has accomplished is establishing a technical infrastructure through protocol development as well as business and policy guidelines.
Q: How has the Liberty Alliance's work progressed over the past years?
Sullivan: I think it has taken a little bit longer than a lot of folks anticipated in the early days. Four or five years ago, folks imagined that there was a real pent-up demand for this kind of federation work. But I think that the growth and acceptance in the marketplace has been slower because there has been confusion.
Q: What's at the core of this confusion?
Sullivan: There's confusion about when complete control of identity information is appropriate for an individual versus a business relationship. Some folks have said they want to control information themselves. That's admirable in some applications, but let's say you get smacked by a bus, all your identity information is on you and you need to provide somebody access right there and then. Those kinds of questions about the business practices, but also when strong authentication is appropriate versus single-factor authentication--all of those issues, Liberty has grappled with for years.
Q: Sounds like a negotiation between people who are for privacy rights and people who want to enable whatever they can.
Sullivan: Very much so, you have privacy rights organizations on the one hand, you have folks who are trying to enable business, or provide services to those businesses, and then you've got the individuals themselves who are saying, "Just tell me what the heck I need to do to control this because I'm confused, I don't want to get hit by a bus and die because nobody has permission, but on the other hand I don't want the government in my knickers when I want to share photographs."
15 commentsJoin the conversation! Add your comment