TORONTO — Enterprises are ready to develop federated networks that manage individual identities over the Internet, according to the man largely responsible for the Liberty Alliance project.
Sun Microsystems of Canada Monday hosted
a seminar where it encouraged Canadian businesses to join the Liberty Alliance, a consortium trying to create a standard way to validate user information on the Web. Though Sun’s senior director of Sun One Business Alliances Jeff Veis said the group stopped aggressively recruiting once membership passed the 100 mark last month, there is still room for others to participate.
“”I’d love to see additional Canadian companies involved,”” Veis told the audience, which included executives from the Canadian Imperial Bank of Commerce and Telus, among others.
Sun spearheaded the Liberty Alliance late last year as a response to concerns that Microsoft’s Passport service would allow one company to control the single sign-on for potentially thousands of Web services. In July, the group released its first specification after it was ratified at a quarterly meeting in Vancouver. Next month, Sun will officially release its Sun One Identity Server 6, based on the spec, which will be an example of the building blocks necessary to create a “”federated”” identify management platform. Unlike a centralized system where user profiles, buying habits and histories are administrated by users and shared with other organization without consent, Veis said a federated system shares this information only with organizations of the user’s choosing. He described these organizations as “”circles of trust”” which will be more open than Microsoft’s proprietary Passport solution.
“”You never want to put anyone between you and your customers,”” he said. “”It’s one thing to be part of a distribution chain, but you don’t want to create a broker where you have to pay someone every time you want at your customer.””
Veis said that with Liberty Alliance’s simplified sign-on approach, companies would be able to authenticate consumers’ identities online and then use their information only as they have been authorized. Some organizations, like banks and post offices, may emerge as primary identity providers (IDPs), Veis said, acting as the gateway within the circle of trust partners.
Shawn Willet, an analyst with Current Analysis in Sterling, Va., said privacy concerns could stall the development of network identities, even though the Liberty Alliance has already published a guideline recommending companies acquire consent for use of customer information.
“”I think that needs to be filled out a little bit more,”” he said. “”As we know from the Internet, there’s all kind of tricky ways companies have to take your private information and give it to other sources.””
The Liberty Alliance is run by a management board, with three administrative working groups — focused on technology, marketing and public policy — which report into it. There are several levels of membership. Sponsorship membership, which costs US$10,000 a month, gives organizations voting rights, but other levels with fewer privileges cost much less.
Bell Canada is one of the few Canadian companies to join the Liberty Alliance so far, though the consortium has also attracted General Motors, Wells Fargo and other large corporations.
Norm Silins, general manager of Bell’s next generation services unit, said the company was attracted to the idea of working on a standard with other carriers and peers in the business community.
“”Really it’s come out in under eight months from time it was first worked on,”” he said. “”If you look at the fact that you’ve got a League of Nations, a league of international companies that have been able to agree on spec, we’re really pleased with the progress that we’ve made there.””
Veis said many enterprises were starting their network identity projects by using their own employees as guinea pigs before offering it to customers. Widespread rollout to customers is probably several years away, he said.
Silins agreed the process would take some time.
“”If you look at the three to five-year time frame, that’s when you’re going to have meaningful progress with common identity standards and a federated methods that our customers will be comfortable in adopting,”” he said.
Comment: [email protected]
