“Like dueling superpowers, Sun Microsystems and Microsoft appear to be facing two choices in promoting their respective Web security initiatives: detente or a state of constant conflict. Sun CEO Scott McNealy on Thursday renewed his push for the Liberty Alliance Project, a multi-company attempt to counter Microsoft’s Passport identity-authentication system. In a keynote address at the Oracle OpenWorld conference in San Francisco, McNealy trumpeted the recent addition of major partners to the alliance.” Read the rest of the story at ZDNews.
Liberty Alliance Getting More Attention
2001-12-09 Oracle and SUN 8 Comments
Could you imagine if everyone was on a single standard (like Passport)? It’d be a disaster. If one hole was found, no one would be secure. Having only a single standard (or target, depending on your view) compromises security, and it’s a bad thing. I hope neither project end up dominating.
A single standard… you mean like HTTP? Or email?
Competing sides could still compete when following a common standard… it’s all in the implementation. Look at IIS vs. Apache for example. When someone finds a hole in IIS, it doesn’t mean people can crack into Apache, or vice versa.
I think gtada has a very good point. The analogy you bring up is not valid, as passport is definitely all based on the same implementation (though that could in theory be changed).
However, I think it is very important for all authentication services to work together to set up a standard way of passing auth information. This way, no matter which auth service you used to log in, all nodes could support your ID seamlessly. Of course you would want the ability to decide which sites could figure out what information from your auth db (defaulting to none, nothing).
Oh yeah, and this article was pretty heavily MS biased. Did anyone else pick that up? The writer doesn’t seem to like Sun very much. It always irks me when supposedly neutral reporters allow their personal bias to shine through in their stories.
I apologize for my inaccuracy. But I think that my point is still valid. Of course there has to be standards like HTTP and email. Without standards, we wouldn’t get very far. But because of semantics (my bad), you’ve missed my argument. There needs to be competition in this arena! I hope Liberty becomes a serious competitor to Passport.
Pardon my cynicism, but isn’t all of this Passport/Liberty Alliance stuff only relevant to people too lazy to type in their user name and password and who, again, are too lazy to key in their address and CC info when making a purchase? When these systems get cracked, I’ll have a hard time feeling sorry for anyone that trusted them in the first place.
As your bank/build socity/cc/fav news site might end up using passport/Liberty.
mlk wrote: “As your bank/build socity/cc/fav news site might end up using passport/Liberty.”
It doesn’t really factor in yet. For example, all of those above named entities may do business through Visa or Mastercard, but I don’t have to rely upon Visa or Mastercard to do business with them.