Give Us Liberty or Give Us .NET

by Doc Searls

Microsoft makes a big deal about its "right to innovate" and gets pounded for failing to do exactly that. There can be little doubt, however, that the company's Passport authentication system filled the bill (pun intended). It promised users a simple and easy way to authenticate themselves to the commercial world, without having to remember countless conditional logins and passwords, while also sparing users the hassle of entering credit card numbers over and over again. Of course, it was all part of Microsoft's own .NET system. It also was tied in with a project Microsoft first called Hailstorm, but later rebranded as .NET My Services.

From the beginning the system was attacked as a lock-in scheme. At the O'Reilly Open Source Summit this past summer, Clay Shirky challenged Microsoft's Craig Mundie and Dave Stutz by asking, "Can I use a Hailstorm schema to have a Palm Pilot communicate with a Linux server, without contacting a Microsoft server during that transaction?" When Shirky pressed for a clear answer, Dave Stutz replied, "I'll say...yes?"

This kind of waffling did not reassure the rest of the software industry. In October 2001, Sun rallied a bunch of other companies together to create the Liberty Alliance Project to "support the development, deployment and evolution of an open, interoperable standard for network identity. It will require collaboration on standards so that privacy, security and trust are maintained." The idea is to give every individual control over his or her own federated identity. They explain it this way:

Federated identity represents the natural evolution of the next generation of the Internet. The first waves of the Internet, namely communications, global access, commerce, and community identity, gave us a pervasive user medium that has largely been relegated to one-to-one, customer-to-business relationships and experiences. The inflection point starting the Internet's next wave will be marked by an era of open, federated identity with promises of bold new business taxonomies and opportunities, coupled with economies of scale that, until recently, were simply unimaginable. Federated identity will enable the next generation of the Internet: federated commerce. In a federated view of the world, a person's online identity, their personal profile, personalized online configurations, buying habits and history, and shopping preferences are administered by users, yet securely shared with the organizations of their choosing. A federated identity model will enable every business or user to manage their own data, and ensure that the use of critical personal information is managed and distributed by the appropriate parties, rather than a central authority.

What this project lacks in market share and brand awareness (not to mention Passport's baked-in support with every new copy of Windows XP), it makes up for in PR. "Liberty Alliance Project charter members currently represent over a billion network identities", the same home page claims.

The unveiling of this project attracted relatively little notice back in October, but at that time AOL still wasn't involved. Now it is.

Of course this plays into the natural tendency of press folks to enter war coverage mode. Suddenly it's AOL vs. Microsoft again.

But is it really? Do we need yet another alliance to save us from yet another Microsoft intermediation play? Is the Liberty Alliance yet another monolithic solution to yet another monolithic problem? And do our federated selves really sense any of this is a huge problem (including our lack of individual federation)?

Let us know what you think.

Doc Searls is Senior Editor of Linux Journal.


Load Disqus comments