Update: Sun, others form MS Passport alternative

Sun Microsystems Inc. said today that it has brought together a host of companies in an alliance to offer an alternative to Microsoft Corp.'s Passport online authentication service.

The group, code-named the Liberty Alliance Project, aims to create a ubiquitous single sign-on and decentralized authentication system for online services that would be accessible from any device connected to the Internet. The charter members of the alliance expect to finalize an agreement on organization and joint technology development within 60 days, according to a statement on the project's Web site. The group will hold its first meeting for charter members in October and plans to announce more details in the coming months.

"This is an alternative to Passport and HailStorm. Project Liberty will allow users to decide what information to pass on, and customer data won't be controlled by one party," said Hans Appel, Sun's chief technology officer for Northern Europe.

The Liberty Alliance Project intends to create a universal digital identity service based on open standards. Users should be able to log in once on a given Web site and be authenticated for all of the online services supporting the Liberty standard. Customer data such as phone numbers, addresses, credit records and payment information will be secure, according to the statement.

While the alliance has not decided on the exact technologies it will use for the authentication process, the group plans to allow each company involved to store user information on its own servers, said Marge Breya, vice president of Sun One marketing.

A health care provider, for example, would set high levels of security for user information stored on its site. When a user goes from the health care Web site to a retail site, only the information needed to purchase retail goods such as credit card information would be transferred.

"There will be handshakes between the two companies that the user will authorize," Breya said.

The user would permit one company's server to talk to another company's servers when visiting a new Web site, Breya said.

Smart cards or biometrics technology could be two of the possible means of authentication; however, the alliance maintains it will not decide on specific technologies for some time.

Businesses benefit because they will need to adopt only one technology to give access to all users, no matter which device is used, the group says. The alliance envisions users signing on with cellular phones, portable computers, televisions, cars, point-of-sale terminals and the traditional desktop computer.

Participation is open to all commercial and noncommercial organizations. Among the initial supporters are IBM Corp., Nokia Corp, General Motors Corp., NTT DoCoMo Inc., Koninklijke Philips Electronics NV, and Bank of America Corp. IBM and Philips, along with Telstra Corp. Ltd, Visa USA Inc., SAP AG and Eastman Kodak Co.

They are included in a list obtained by the IDG News Service, although they are not listed on the alliance announcement. Breya said some of the companies involved did not want to go public at this time, and would not confirm any names. There are unspecified fees for membership at various levels.

The announcement comes exactly one week after Microsoft surrendered to mounting legal and industry criticism and said it would consider handing over the management of Passport to a federated group made up of rivals and corporate partners (see story). Microsoft also said it would open Passport to work with similar, competing services.

The alliance hopes companies such as Microsoft and AOL Time Warner Inc. that are working on similar technologies will join the Liberty program, Breya said. A Web site could have multiple types of authentication available such as Passport and the Liberty protocol.

Privacy advocates said it's hard to judge the proposed system, since there are no technical details yet about how it might function.

"It's still a sort of vaporware at the moment," said Ian Brown, a spokesman for London-based watchdog group Privacy International. "It very much depends where they go, how deeply they embed privacy into this. It is possible, if you have privacy as one of your most important criteria, to build it in. Whether Sun will do that remains to be seen."

The proliferation of single sign-on systems could lead operators of Web sites to collect users' identities for market research purposes, Brown cautioned.

"Four or five years ago, when the Web just started up, a lot of sites required some sort of log-in just to read the site. But most of them eventually gave up on that, and it would be a shame if it went back in the other direction," he said.

A competitor to Passport would be welcome, according to Maurice Wessling, director of Amsterdam-based privacy group Bits of Freedom.

"To have an open, multivendor system instead of the Microsoft-controlled Passport service is probably a very good thing for consumers. Passport gives Microsoft too great a power over privacy, price and quality," he said. "This is presented as a decentralized system with a single sign-on; from a privacy standpoint, that's good, as there is no need for one central database."

A coalition of privacy groups led by the Washington-based Electronic Privacy Information Center lodged a complaint against Microsoft with the U.S. Federal Trade Commission in July, alleging that Passport is a deceptive attempt to force consumers to store their personal data with the company.

Microsoft representatives were not immediately available for comment.

Rick Perera of the IDG News Service contributed to this report.

Related stories:


Copyright © 2001 IDG Communications, Inc.

Shop Tech Products at Amazon