• United States

Who needs specs from the Liberty Alliance?

Dec 14, 20053 mins
Access ControlNetworking

* Is the Liberty Alliance still relevant?

Longtime readers know I blow hot and cold about the Liberty Alliance. While I’m a great believer in federating identity data (such as through a virtual directory that conjoins data from disparate datastores), I’ve yet to be convinced that Liberty’s “Circles of Trust” is much more than serially constructed point-to-point solutions.

The alliance may also feel that way as most of its announcements over the past year or so have failed to talk about “Circles of Trust” but have moved further and further afield from the circle of trust paradigm which required each organization within the circle to complete off-line agreements with all other members of that circle. The idea was that one member of the circle could “pass through” identity tokens to other circle members on behalf of enrolled users. In reality, it was a way for retailers to share customers – at least as described by United Airlines, American Express and other founding members of the group.

The latest release from Liberty, though, has nothing to do with retail or circles. It’s all about “social networking” – the phenomena exemplified by Web sites that facilitated social interaction such as shared bookmarks, blogging, photo sharing and instant messaging. The newly announced Liberty Alliance People Service is an “open framework” (according to the Liberty folks) for allowing enterprises and service providers to deploy a wide variety of social applications to consumers and enterprise users based on a consistent view of those user’s social networks. It provides users with tools for managing all of their online social relationships within an open federated network environment.

Nowhere in the press releases, white papers or FAQ documents, though, does Liberty talk about why this service needs to be separate from the retail-anchored circle-of-trust style federation it’s been preaching about for four years.

Another recent announcement from the organization was the formation of The Strong Authentication Expert Group (SAEG), which it describes as “a global, cross-organizational expert group focused on developing open specifications for interoperable strong authentication.”) Surprisingly, most of the members of this group are also members of OATH, The Initiative for Open Authentication, a group formed to promote “Open Strong Authentication” according to its press releases. Could it be that the Liberty Alliance doesn’t want strong authentication to be “open”? Or is it simply one more bit of evidence that this group, which has more failures than successes, is once again creating non-existent problems in hopes of winning praise for its non-needed solution. Time will tell.