Liberty Alliance to unveil technical spec

The Liberty Alliance Project will today (15 July) reveal its long-awaited technical specifications to help companies set up...

The Liberty Alliance Project will today (15 July) reveal its long-awaited technical specifications to help companies set up systems that will let users sign on just once to gain access to a host of password-protected Web sites and services.

The fact that the 40-member-plus consortium, led by Sun Microsystems and United Airlines, has finally produced something tangible, may impress some industry observers more than the details about the technical specifications it backs.

"A lot of people had been sceptical and didn't really understand what this Liberty Alliance was about," David Smith, an analyst at research organisation Gartner, said.

Founded last September, the Liberty Alliance Project promised to create technical specifications that would permit single sign-on and decentralised authentication based on openly available technologies.

The initiative is creating an alternative to Microsoft's Passport system, which authenticates only users who access sites that support Passport. However, both the Liberty Alliance and Microsoft have taken great pains to stress that they are not in competition.

The Liberty specification is based on SAML, an XML-based security standard for exchanging authentication and authorisation information, but it will also define extensions to SAML, according to James Kobielus, an analyst at Burton Group.

Kobielus said the Liberty specs use the basic formats and protocols of SAML and add extensions to support account linking, or "identity federation".

"Opaque identifiers" traverse the Internet, serving as anonymous IDs to permit users to access other sites, but they do not contain personal account information, he said.

For instance, a user might book a flight on one site and link to other sites for car and hotel reservations but all of his unique account information would be managed separately by the airline, rental car and hotel companies, Kobielus said.

"Liberty makes it difficult to aggregate personal data across linked accounts," Kobielus said. But users can opt to link their accounts, he added.

Phase 1 of the Liberty specification deals strictly with authentication sharing. Phase 2 is currently under discussion, but no details are yet available.

Sun, Novell and other companies today are expected to pledge to support the Liberty specifications in their respective products. Around a dozen companies, including Novell, Sun and IBM's Tivoli division, are also scheduled to demonstrate SAML-enabled technology.

Gartner's Smith said corporate IT departments will probably want to make their existing systems work in the Liberty environment rather than throw out what they have and buy new products. However that could require custom coding work by developers, he said.

Read more on IT risk management