Newsmaker: Liberty Alliance is alive and kicking

REDWOOD CITY, Calif.--Launched in 2001 to outflank Microsoft's Passport service for checking people's online identities, the Liberty Alliance is alive and kicking while Passport is mostly history.

In fact, prime time is just around the corner for the Liberty Alliance, according to Roger Sullivan, the group's newly appointed president. The entire planet is finally coming around to the notion that identity information needs to be shared securely, just what Liberty's protocols enable, Sullivan said in an interview.

But even though Microsoft's Passport fizzled, there are plenty of other identity efforts under way. Attracting the most attention are IBM and Novell, which have put their weight behind an open-source effort called Higgins. Also, Microsoft is back in force: Windows Vista includes a feature called CardSpace meant to let people control identity information.

The multitude of options and rivaling standards remains an obstacle to broad acceptance of any of them, Sullivan said. It confuses the people who need to buy into the idea of federated identities--a world in which somebody only needs to log in once and bits of personal information can be securely shared between trusted applications.

Sullivan, an Oracle vice president who became president of the Liberty Alliance this month, sat down with CNET News.com earlier this week.

Q: What is the simple four-line definition of Liberty Alliance today?
Sullivan: Liberty Alliance is an assembly of both enterprise customers as well as vendors from all around the world. We have come together to develop open standards for identity management. Historically, all of those standards have focused on federation protocols, one enterprise interacting with another enterprise in a secure way and being able to exchange identity credentials from one enterprise to the other.

I don't want to get hit by a bus and die because nobody has permission, but on the other hand I don't want the government in my knickers when I want to share photographs.

Q: Liberty Alliance launched a little over five years ago. Has the objective changed?
Sullivan: No, it has always been the same mission. Over those years, what Liberty has accomplished is establishing a technical infrastructure through protocol development as well as business and policy guidelines.

Q: How has the Liberty Alliance's work progressed over the past years?
Sullivan: I think it has taken a little bit longer than a lot of folks anticipated in the early days. Four or five years ago, folks imagined that there was a real pent-up demand for this kind of federation work. But I think that the growth and acceptance in the marketplace has been slower because there has been confusion.

Q: What's at the core of this confusion?
Sullivan: There's confusion about when complete control of identity information is appropriate for an individual versus a business relationship. Some folks have said they want to control information themselves. That's admirable in some applications, but let's say you get smacked by a bus, all your identity information is on you and you need to provide somebody access right there and then. Those kinds of questions about the business practices, but also when strong authentication is appropriate versus single-factor authentication--all of those issues, Liberty has grappled with for years.

Q: Sounds like a negotiation between people who are for privacy rights and people who want to enable whatever they can.
Sullivan: Very much so, you have privacy rights organizations on the one hand, you have folks who are trying to enable business, or provide services to those businesses, and then you've got the individuals themselves who are saying, "Just tell me what the heck I need to do to control this because I'm confused, I don't want to get hit by a bus and die because nobody has permission, but on the other hand I don't want the government in my knickers when I want to share photographs."

More Newsmakers

[mh20932]

This will fail...

for exactly the same reason that Passport failed. Even if it can be done securely (which I doubt), users DO NOT WANT identity information to be shared across sites or among organizations. If online businesses try to force users to use this, they will lose business.

[privacychick]

you don't get it

the whole notion of liberty alliance is to be privacy friendly. today's online environment requires the sharing of way too much information with way too many people. liberty's approach is to minimize those issues and put control back in the end users' hands. doesn't that address your concern?

[lcromwell34289]

I agree, nobody wants this

Except maybe American Express and eBay and big companies like that.

[idbabe]

this will not fail if...

people recognize there are alternatives to the way idenityt and personal info is handled today. When people and businesses recognize that liberty alliance and federated id methods in general let individuals take at least some level of control back of their identity, and also demand it then it and the principals it is based on should succeed.

[Identi-girl]

Open actions are good actions

Liberty is making effort to be inclusive and reach out the the community to make the best forward progress in this space. Saying 'this will fail' is burying one's head in the sand. The OpenLiberty (<a class="jive-link-external" href="http://www.openliberty.org/" target="_newWindow">http://www.openliberty.org/</a>) announcement is evidence of that effort and we should all be sharing think space to push forward rather than trying to tear good efforts down.

get together people!

[mh20932]

The problem is...

...that this is not something that web users are asking for. It's something that's being pushed by commercial interests. Why do you think that Passport failed? Because the technology wasn't good enough, because people don't trust Microsoft, or because people fundamentally do not want an organization managing their online profile?