The Liberty Alliance Project (http://www.projectliberty.org), a consortium of technology firms, credit card providers, and merchants, has released the initial specifications for its "federated" scheme to simplify transactions among consumers and vendors. The Liberty Alliance was formed in September 2001 to "establish an open standard for federated network identity." It hopes to provide a framework in which consumers and merchants would easily be able to determine each other's authentic identity, and, when consumers so choose, allow information to flow easily to other trusted vendors.
As an example, today a customer might book a flight and, following a link from the airline's Web site to a partner car rental agency, then rent a car online and from there go to a partner hotel chain for online reservations. But in today's world the customer might be forced to enter data redundantly, such as credit card information, name and address, dates and times of the rental and hotel stay, etc. Liberty Alliance proposes a scenario whereby, with the customer's informed consent, information about the trip would be shared among the trusted partners, averting a need for the tedious re-entry of data.
This first set of specifications, version 1.0, was officially released on July 15. The companies announcing specific product plans are Communicator, Inc.; Entrust, Inc.; NeuStar, Inc.; Novell, Inc.; OneName Corp.; RSA Security; and Sun Microsystems.
Liberty Alliance says the version 1.0 specifications provide the following functionality:
Liberty Alliance cites advantages for business-to-consumer, business-to-business, and business-to-employee kinds of relationships and transactions.
- Opt-in account linking—Users choose which accounts are linked among firms within the "circle of trust" as defined by established business relationships.
- Simplified sign-on for linked accounts—Once a user's accounts have been "federated" the user can log into one trusted vendor and move to another without the need for logging in again.
- Authentication context—Companies that link accounts can communicate what authentication should be used when a user logs in.
- Global log-out—Logging off one account severs all logins.
The initial specification does not provide for how personal information will be shared across vendors, but rather offers ways that cooperating vendors can share identity once it has been authenticated. A user might maintain separate identities with different vendors but still gain the single sign-on advantages.
Microsoft has a head start in the online identity game. Its Passport scheme was in service before the Liberty Alliance was born. Microsoft is aggressively signing up vendors, such as online auction house uBid.com, and Windows XP has Passport functionality built in.
Sun Microsystems was a leading force in the formation of the alliance. The New York Times quotes a company executive, Jonathan I. Schwartz, as saying, "Would any of you be here if it wasn't for Microsoft?" at a meeting last January. A Liberty Alliance spokesperson was more ecumenical on the topic. When asked whether the Liberty Alliance scheme or Microsoft's Passport will eventually achieve dominance, he said: "Regarding whether it's Liberty or Passport that gets us there ... Liberty [Alliance] version 1.0 specifications focus on interoperability between systems to enable opt-in account linking and simplified sign-on functionality. So you could say that we hope that it's both Liberty and Passport that bring simplified sign-on functionality to the world."
Members of the Liberty Alliance have stepped forward to praise the progress. Glen Salow, executive vice president and CIO of American Express, said: "The Liberty Alliance today takes a major step forward on the promise to deliver a consumer-focused solution for easily connecting to the array of services available via the Web. We will press ahead with our partners in this cross-industry, global effort to offer consumers a seamless, secure passageway to the online sites and services they choose."
It will be interesting to watch the Liberty Alliance move from specifications and press releases to working code and systems implemented by multiple vendors, and to observe the extent to which it competes with—or interoperates with—Microsoft's Passport and .NET technologies. The world has already seen Sun Microsystems lead an impressive alliance of companies against Microsoft when Java was launched as an open standard programming language for the Web. At that time, Sun officials brashly proclaimed the death of its Redmond, Washington, rival. So far, the Liberty Alliance isn't proclaiming anyone's demise and instead is touting the advantages of its open, federated online identity scheme.