Liberty 1.0 launch hints at OASIS merger

The Liberty Alliance -- the Sun-led group that was formed to create an open alternative to Microsoft's Passport online authentication service -- has released version 1.0 of its specification. Alongside publication of its specification, the group on Monday announced 24 new members, and hinted at a future merger with another open standards group, the Organization for the Advancement of Structured Information Standards (OASIS). However, it is still failing to attract the backing of software giants IBM and Oracle, and there is no sign of an alliance with Microsoft. The specification was released at the Burton Group's Catalyst conference and is available for download from the Liberty Alliance Web site. Liberty was set up in September 2001 in response to Passport, a Microsoft-run authentication service with a claimed 14 million users. The group hopes to create a specification which will support multiple authentication services, and its early members include Bank of America, Fidelity Investments, Sprint, Vodafone, Nokia, eBay, American Airlines and VeriSign. More recently, American Express, America Online, Hewlett-Packard and Visa International joined. The 24 new members announced today include Netegrity, Neustar and Xerox. Microsoft has said it might join Liberty if the Alliance moves on from criticising Microsoft, and when it has more concrete proposals. The version 1.0 specifications are, apparently, not enough to immediately bring Microsoft on board. The group is considering saving money by a potential merger with another open standards pressure group, OASIS, which has done work on Web services security. "We have heavily used their resources for our 1.0 specification," said Timo Skytta, Nokia's representative on the Alliance. "We have a very close relationship and are looking at making it official in phase 2. We would not want to reproduce any OASIS work." As with the work of OASIS, which concentrates heavily on XML, the Liberty specification is not a product or service, said Skytta. "It is up to other companies to make products and services based on it." Services built on the specifications will allow "simplified sign-on", so that logging into one account at, say United Airlines, will authenticate a user for other sites, so that he or she will not need to log in again at, say, the Hertz online car rental site. Users will "opt-in" to this -- at each new site which subscribes to such a service, they will be asked whether they would like the log-in to link to previous sites. Then on subsequent visits they will only need to log in at one of the sites. Future versions of the specification will allow sharing of information such as account information or credit card details, with the user's permission. As yet, no products or services that comply with Liberty have been launched, and it seems most likely that it will appear as an upgrade to existing services, said Skytta. Liberty services will not generate revenue themselves, said Mike Walker, the Vodafone representative at Liberty, but will be a way to use authentication information, which companies such as the mobile operators have, to generate more business. "It is the first time we have enough information embedded in the browsing architecture to enable us to carry out intelligent decisions on behalf of user preferences," said Skytta.

---