Liberty Alliance demos technology

RSA: The online indentity project held its first public interoperability demonstration at the RSA Conference

Proponents of the Liberty Alliance Project, a group developing online identity standards, provided details on Tuesday of their Phase Two specifications and demonstrated new features.

Liberty held its first public interoperability demonstration at the RSA Conference in San Francisco with four different applications on display, built with Liberty 1.0 technology from some 20 vendors.

The group also released a draft of its Phase 2 specifications, which are expected to become finished standards later this year. "We've added permissions-based attribute sharing and other features," said Michael Barrett, president of the Liberty management board and vice president of Internet strategy at American Express.

The second version of the Liberty specification maps a way for Web users to exchange information with Web sites without revealing their identity. It is also designed to allow people to specify a set of affiliated sites onto which they can log.

The demonstrations of Liberty 1.0 technology focused on transactions between business and among employees. In one, led by Communicator, an employee was allowed access to several financial services after signing into a single identity server within his company. In another, led by Novell, an employee accessed her pensions and retirement information from external sites through the corporate intranet without having to repeatedly log in.

American Express is likely to launch this kind of service soon, hinted Barrett. "I won't preannounce anything, but we believe there are a number of opportunities."

By comparison, consumer-focused applications looked more fanciful, with one showing the registration process for to watching video on a personal digital assistant (PDA), and the other buying flowers via a Wi-Fi hot spot.

Timo Skytta, spokesman for Finnish cellphone company Nokia, said Liberty's potential to reduce keystrokes was a strength. "Mobile phones have limited data entry capabilities, a small keypad and a small screen," he said. "But mobile users want immediate access to personalised services."

Liberty has changed since its early days in 2001, when the programme to develop open, multivendor standards for authentication sparked ire against Microsoft's proprietary Passport product. Led by Liberty member Sun Microsystems, the "two protagonists were wasting no opportunity to take potshots at each other," said Barrett. "That contributed to the image that Liberty Alliance was anti-Microsoft. We were referred to as Sun-led, but in fact we are member-led."

"(The Microsoft-Liberty argument) was a non-issue all along," said Gerry Gebel, an analyst at the Burton Group. "If anything, it has given Microsoft cover for not joining."

Despite the new cordiality, there is clearly still a strong feeling within Liberty that Microsoft and IBM should be working with it.

"We would love it if IBM and Microsoft would become members," said Barrett. "They are working on stuff in the proverbial smoke-filled room, which could be useful to us." If they joined, Liberty would have no hesitation in using their ideas, he said. "We have no 'not-invented-here' syndrome."

One sign of cooperation was an agreement with the OASIS. Web services standards group, announced on 11 April. Under the agreement, OASIS will consider Liberty 1.0 specifications for inclusion in the next version of its SAML (security assertion markup language) specification, which outlines a way to exchange security information between disparate security systems. "We used SAML in Liberty 1.0 and enhanced it," said Barrett. "OASIS invited us to submit our additions back to them."

Last July, when Liberty launched the 1.0 specifications, it hinted at a potential merger with OASIS.

Beyond the Phase 2 specifications, there will be further enhancements to Liberty's online ID efforts, including more work on policy, said Barrett. In the future, its specifications will be linked more closely with Web services, which are applications that use Extensible Markup Language (XML)-based protocols to share information between disparate systems. "Identity is at the heart of the Web service story," he said.

In related news, the Liberty project announced several new members, including Ericsson, bringing the total up to 160. Interest in the specifications comes from all over the world, with companies from the Pacific Rim showing increasing attention, said Barrett. "The specification was intended to be global from the get-go," he said.'s Martin LaMonica contributed to this report.

More enterprise IT news in ZDNet UK's Tech Update Channel.

For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter.

Let the editors know what you think in the Mailroom.