X

Sun reveals partners for online effort

Computing giant Sun Microsystems describes plans for Liberty Alliance, an online authentication service that will compete with Microsoft's Passport.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
See full bio
Stephen Shankland
6 min read
Sun Microsystems and several other computing giants have joined mainstream businesses such as United Airlines, General Motors and Fidelity Investments to outflank Microsoft's Passport service for saving and checking people's online identities.

As reported, the group, which goes by the name Liberty Alliance, intends to provide a neutral method for handling those identities. Sun Chief Executive Scott McNealy, along with executives from alliance founding members GM, Bank of America, Nokia, RSA Security and RealNetworks, described the group Wednesday in a teleconference from New York.

The effort will compete with Microsoft's Passport authentication service, a key part of the upcoming Windows XP operating system and Microsoft's .Net software-as-a-service strategy.

Microsoft already has 165 million registered Passport accounts. Sun started working on the effort a year and a half ago but started building the 33-company coalition only two months ago, Jonathan Schwartz, Sun's senior vice president of corporate strategy and planning, said in an interview prior to the conference call.

"Microsoft has been invited to join the alliance" but remains leery, Schwartz said in the conference call.

Microsoft, however, hasn't rule out some form of partnership.

"There may be an opportunity for us to work together, and we'd be very open to that," said Christopher Payne, vice president of marketing for Microsoft's services platform division.

Payne said that, to his knowledge, no one has yet invited Microsoft to join the Liberty Alliance, adding that perhaps Sun should join Microsoft rather than the other way around.

"Instead of starting from scratch with a new system," he said, "why not interoperate with Passport?"

The first effect of the Liberty Alliance, according to Gartner analyst David Smith, will be to force Microsoft to keep its promise to open up Passport so others can use it. The Liberty Alliance, in fact, probably spurred Microsoft to announce its plans to open Passport, he said.

"Pure vaporware"
But Microsoft, with a functioning system, has a "huge lead" over the Liberty Alliance, Smith said. "This stuff is pure vaporware at this point."

The alliance is working on a specification to simplify signing on to Internet services while making sure the appropriate businesses or computer users maintain control over their information, Schwartz said. The effort will include issues of business needs, public policy, privacy and technology.

"What the Liberty Alliance is all about is giving business the tools and standards they need to be able to work with others and share only that information they deem to be appropriate and their consumers deem appropriate," Schwartz said in the interview.

Technology companies and organizations in the alliance include Cisco Systems, Travelocity, Cingular Wireless, NTT DoCoMo, eBay, Gemplus, the Apache Software Foundation, Global Crossing, i2 Technologies, Intuit, Liberate Technologies, Entrust, VeriSign, Vodafone, Bell Canada, Sprint, Sony, OpenWave and ActivCard. Other companies include American Airlines and Dun & Bradstreet.

Conspicuous by their absence from the list are Internet powerhouses AOL Time Warner and Yahoo. Sun noted, though, that some partners still haven't been announced.

A source familiar with the alliance said that credit card giant American Express is one of those unannounced partners.

Some Liberty Alliance members already have relationships with Microsoft. eBay signed a deal to build Microsoft's .Net technology into its auction site. And Verisign is helping to develop authentication technology for .Net while incorporating .Net technology into some of its own products.

The Liberty Alliance effort will get bigger, Schwartz promised. "I would assume we'll see explosive growth in who will be a part of this," he said.

Sun hopes its software rival will join the effort, Schwartz added. "We have every interest to involve Microsoft in this. In fact, many of our parties have already called Microsoft," he said. "We feel it's best for them to recruit (Microsoft), given that Microsoft has a bit of a grudge toward us."


Gartner analysts David Smith and Daryl Plummer say the Sun Microsystems-headed Liberty Alliance represents the first attempt to create a truly open mechanism for handling identity over the Internet.

see commentary

Schwartz gave Microsoft grudging credit for spurring the simplification of sign-on procedures with its Passport service, currently used in Hotmail, Microsoft Developer Network and now also in Windows XP.

"Do I give Microsoft credit for galvanizing the industry? Sure. Fear is a great motivator," Schwartz said. "A variety of businesses are increasingly threatened by Microsoft's growing appetite--anyone in business of delivering Net services (or) anyone who sends a statement through the mail...has a problem."

Microsoft points to its planned Passport openness as a response. But Gartner's Smith believes that "those concerns are strong and still there."

Smith said he expects a single alliance to emerge, though many authentication systems will exist. "I don't see Passport as an alliance at this point," he said.

McNealy had similar hopes. "Unfortunately, you drive on the right-hand side in some countries and on the left in others," he said. But he said incompatibility can be headed off at the pass.

In any case, something needs to be done, said Tim Arnoult, Bank of America's head of technology and operations. "From Bank of America's point of view, the absence of an open, federated standard for identity authentication is a significant impediment to business in our world today," he said in the conference call.

Passport and the Liberty Alliance hold out the prospect of a future where people don't have to remember a multitude of passwords and where a company that sends digital music over the Internet knows that the proper paying customer is at the other end of the network.

Schwartz said that because technology already exists to deal with digital identities, the problem is one of business relationships and policy. "The technology behind the federation is trivial compared to the business and policy concerns," he said.

Technology suited to the task includes existing encryption software, the HTTPS secure method of transferring information over the Web and the Kerberos authentication system, Schwartz said.

He said one part of the authentication system could work similarly to the DNS system, a database distributed across thousands of Internet servers that collectively handles the task of pointing a computer to the correct computer for a Web site.

The DNS parallel would be analogous to basic username/password authentication, Schwartz said, but the Liberty Alliance also will accommodate other, more controlled services that use more secure sign-on techniques such as identity cards or fingerprints.

The alliance doesn't yet have a schedule for release of the draft or final specification, Schwartz said.

In fact, it barely even has a system of governance. The alliance will have a group of directors and a lower level of membership, with directorships changing periodically to ensure no single company exerts too much control, Schwartz said.

In the conference call, Schwartz added that submitting the specification to standardization groups such as the Internet Engineering Task Force is possible, but he said standardization groups aren't set up for managing business relationships, determining public policy, or certifying brand compliance.

The alliance will have a brand that indicates compliance with the specification, Schwartz said, but it's possible different terminology will be used than "Liberty Alliance," which already is affiliated with a Jerry Falwell Ministries Web site.

Sun's Java card technology can be used to authenticate computer users, and indeed Java card companies ActivCard, Schlumberger and Gemplus are part of the alliance. But Schwartz said the alliance won't be used to push a particular company's products.

The Java card makes it harder to fake an identity because it requires a user to have both a Java card and its password. Java cards are used in the Common Access Card identification system being distributed to the 4.3 million members of the U.S. armed forces, Sun has said.

McNealy said the initiative will affect all Sun products. First, Sun will keep track of its own customers using a "Liberty-compatible" approach. Second, the Sun One effort to power sophisticated services available over the Internet will incorporate the Liberty specification. And third, Sun's iPlanet e-commerce software products will incorporate the Liberty specification.