Sun adopts security specifications

Sun Microsystems updates its Java System server software to comply with security and privacy guidelines set forth by the Sun-backed standards group Liberty Alliance.

Martin LaMonica Former Staff writer, CNET News

Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.

See full bio

Martin LaMonica

Nov. 12, 2003 8:11 a.m. PT

2 min read

Sun Microsystems on Wednesday updated its Java System server software to comply with security and privacy guidelines set forth by the Sun-backed standards group Liberty Alliance.

The Liberty Alliance Phase 2 specifications give Web site owners and end users the ability to share personal data such as network log on information and credit card numbers across several Web sites. That would eliminate the need to re-enter the information multiple times. The privacy controls will also let a person indicate how and when information will be shared online, according to Sun executives.

Sun said it will release an "early access" version of its Java System Identity Server with the latest Liberty Alliance software on Wednesday and make those enhancements generally available in the product in the first quarter of next year.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Sun was a founding member of the Liberty Alliance, which formed in 2001 to create security and privacy specifications for Internet transactions. Membership now totals about 150 companies, including corporations such as American Express and General Motors, as well as technology providers such as Sun, networking software maker Novell and mobile phone manufacturer Nokia.

The Liberty Alliance is focusing on what is called "federated" security systems, in which personal information is shared between network providers to streamline transactions for consumers. For example, Liberty-based software could let a person buy a book at Amazon.com, which could then share the buyer's shipping address with Federal Express rather than making the buyer key the information in twice. Federated security systems could also be used to share personal information between health care providers and insurance companies.

Although the Liberty Alliance has about 150 members, it lacks the participation of IBM and Microsoft, which have both been dominant in other Web services-related security standards. In fact, IBM, Microsoft, BEA Systems, RSA Security and VeriSign this summer introduced a specification called WS-Federation, which the companies proposed as a standard for federated security.

Liberty Alliance backers initially criticized WS-Federation because the proposed specification overlaps with Liberty's charter.



		Get Up to Speed on... Web services Get the latest headlines and company-specific news in our expanded GUTS section.

However, in a white paper it published last month, the Liberty Alliance called on the backers of WS-Federation to merge the two specifications.

Sun's group business manager of network identity, Sai Allavarpu, said Sun will support other security standards that are ratified through other standards groups. He noted that the Liberty Alliance Phase 2 specification makes use of the WS-Security standard and Security Assertion Markup Language, both of which were developed at the Organization for the Advancement of Structured Information Standards.