The Liberty Alliance has finally released a version 1 spec. This coalition, lead by the likes of Sun, Visa, MasterCard, Nokia, and United Airlines, intends to counter Microsoft's Passport with an open standard for "identity management" that doesn't put all consumer information into the hands of any one company -- specifically, not Microsoft's. Press coverage of the Liberty Alliance release was widespread, but genuine comprehension was in short supply.
The 70 or so companies that make up Liberty, and many others besides, hold out the hope that identity management may be a "next big thing" that could ignite Net commerce. The idea is to give consumers simpler ways of getting around the commercial Net -- without having to track scores of separate site log-ins and passwords -- while enhancing security and safeguarding privacy. Wired stood alone in providing some anti-hype to the pervading next-big-thingism, citing a Gartner study that concluded that "many consumers are simply not interested in authentication services" because of concerns about those selfsame issues, security and privacy.
In the year since the Liberty Alliance formed, the press has had little to write about it except to cover the jockeying and specsmanship among Liberty, Microsoft, IBM, and others. Most outlets that covered the v1 release went light on the technology itself and continued to play up the competitive angle. The Register's ComputerWire coverage nicely summarized this history. InfoWorld was an exception, filing two stories that dug more deeply into Liberty's technology and its relation to underlying standards such as XML and the new SAML (Security Assertion Markup Language).
The San Jose Mercury News separately covered the release of SAML's version 1.0, at the same conference that saw the unveiling of Liberty v1, quoting a techie who described SAML as "the common language that defines how different systems can communicate safely." The Merc correctly noted that the Liberty spec uses SAML only in its provision for wireless compatibility. Other outlets, such as CNET's news.com, blandly asserted that the Liberty spec is "based on" SAML.
Here is an example of how little most of the press, and even most of the analysts they rely on, grok the subject of digital identity. The Liberty v1 spec defines a standard for "federated identity" that incorporates pseudonymity as a central feature. When a number of Web sites have implemented this spec, you will be able to move among them after a single log-in, but none of the sites will be able to track your movements or build up a profile of your actions. Of all the Liberty coverage Unspun reviewed, only two pieces so much as mentioned pseudonymity. One was InfoWorld's; the other appeared in a specialist organ, Digital ID World, which offered pieces on how pseudonymity might operate and -- you guessed it -- another identity infrastructure protocol, XNS. - Keith Dawson
Liberty Alliance proposes Web security standards (ComputerWire)
Liberty Alliance details network identity specs
Liberty trumps Passport agenda
Sun Shines Light on ID Alliance
Group to unveil sign-on technology
OASIS Demos SAML 1.0
Sun sends forth first version of Liberty
Liberty Release 1.0 - Elegant Simplicity, Great Significance
XNS Gets Free