Give Us Liberty or Give Us .NET

December 6th, 2001 by Doc Searls in

Sun is leading the fight against Microsoft's Passport by putting together the Liberty Alliance Project. After balking awhile, AOL just signed up. Suddenly there's a war going on. Are you feeling better already?
Your rating: None

Microsoft makes a big deal about its "right to innovate" and gets pounded for failing to do exactly that. There can be little doubt, however, that the company's Passport authentication system filled the bill (pun intended). It promised users a simple and easy way to authenticate themselves to the commercial world, without having to remember countless conditional logins and passwords, while also sparing users the hassle of entering credit card numbers over and over again. Of course, it was all part of Microsoft's own .NET system. It also was tied in with a project Microsoft first called Hailstorm, but later rebranded as .NET My Services.

From the beginning the system was attacked as a lock-in scheme. At the O'Reilly Open Source Summit this past summer, Clay Shirky challenged Microsoft's Craig Mundie and Dave Stutz by asking, "Can I use a Hailstorm schema to have a Palm Pilot communicate with a Linux server, without contacting a Microsoft server during that transaction?" When Shirky pressed for a clear answer, Dave Stutz replied, "I'll say...yes?"

This kind of waffling did not reassure the rest of the software industry. In October 2001, Sun rallied a bunch of other companies together to create the Liberty Alliance Project to "support the development, deployment and evolution of an open, interoperable standard for network identity. It will require collaboration on standards so that privacy, security and trust are maintained." The idea is to give every individual control over his or her own federated identity. They explain it this way:

Federated identity represents the natural evolution of the next generation of the Internet. The first waves of the Internet, namely communications, global access, commerce, and community identity, gave us a pervasive user medium that has largely been relegated to one-to-one, customer-to-business relationships and experiences. The inflection point starting the Internet's next wave will be marked by an era of open, federated identity with promises of bold new business taxonomies and opportunities, coupled with economies of scale that, until recently, were simply unimaginable. Federated identity will enable the next generation of the Internet: federated commerce. In a federated view of the world, a person's online identity, their personal profile, personalized online configurations, buying habits and history, and shopping preferences are administered by users, yet securely shared with the organizations of their choosing. A federated identity model will enable every business or user to manage their own data, and ensure that the use of critical personal information is managed and distributed by the appropriate parties, rather than a central authority.

What this project lacks in market share and brand awareness (not to mention Passport's baked-in support with every new copy of Windows XP), it makes up for in PR. "Liberty Alliance Project charter members currently represent over a billion network identities", the same home page claims.

The unveiling of this project attracted relatively little notice back in October, but at that time AOL still wasn't involved. Now it is.

Of course this plays into the natural tendency of press folks to enter war coverage mode. Suddenly it's AOL vs. Microsoft again.

But is it really? Do we need yet another alliance to save us from yet another Microsoft intermediation play? Is the Liberty Alliance yet another monolithic solution to yet another monolithic problem? And do our federated selves really sense any of this is a huge problem (including our lack of individual federation)?

Let us know what you think.

Doc Searls is Senior Editor of Linux Journal.

email: doc@ssc.com

__________________________

Doc Searls is Senior Editor of Linux Journal

Reply

Please note that comments may not appear immediately, so there is no need to repost your comment.
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <pre> <ul> <ol> <li> <dl> <dt> <dd> <i> <b>
  • Lines and paragraphs break automatically.

More information about formatting options

Newsletter

Each week Linux Journal editors will tell you what's hot in the world of Linux. You will receive late breaking news, technical tips and tricks, and links to in-depth stories featured on www.linuxjournal.com.
Sign up for our Email Newsletter

Featured Videos

Set up a secure virtual host in Apache

December 22nd, 2008 by Elliot Isaacson in

Setting up an https server in Apache is easy. This tutorial covers how to create and sign your ssl certificate as well as how to configure the web server.

See more Linux Journal Videos

From the Magazine

January 2009, #177

It's a battle as old as time: good vs. evil. Fortunately, Linux and FOSS are on our side as we wage the battle against those who try to steal our secrets and invade our systems.

Checking your system's security is best done sooner rather than later. Test the locks with our article on security verification; find out how to use PAM to help secure your systems; use MinorFS and AppArmor to implement discretionary access control; learn more about Samba security in part III of our series; use Darknet to help detect bots and secure your systems; use the Yubikey to increase your site's security; and don't forget to lock the doors, because a cold boot attack could render your security useless if somebody has physical access to your computer.

But, we're not just about sowing the seeds of fear. We also show you how to use memcached in Rails, how to manage multiple servers efficiently, how to deploy applications easily with Capistrano, how to manage your videos with MythVideo, how to mix it up a bit (your audio that is), and even play a few games.

Read this issue