Liberty Alliance proposes Web security standards

R. A. Hettinga rah at shipwright.com
Tue Jul 16 00:06:19 EDT 2002 

http://www.theregister.co.uk/content/23/26183.html

Liberty Alliance proposes Web security standards
By ComputerWire
Posted: 15/07/2002 at 08:48 GMT

ComputerWire: IT Industry Intelligence
A set of Sun Microsystems Inc-backed web services security specifications
could soon pass to a standards-body backed by IBM and Microsoft, Gavin
Clarke writes.

Liberty Alliance Project members have discussed submission of their
specifications to the Organization for the Advancement of Structured
Information Standards (OASIS).

A Liberty spokesperson told Computerwire on Friday a decision has not been
reached but more information would be provided at a later date.

Liberty is expected to unveil the hotly anticipated XML-based
specifications at a press event today in San Francisco, California. The
specifications will provide federated, single sign-in to web services so
users do not require multiple passwords.

Submission to OASIS would help further ease months of standoff and tension
between Liberty co-founder Sun and IBM and Microsoft Corp.

IBM and Microsoft have shunned Liberty despite the group's considerable
vendor and customer backing. Microsoft announced a federated version of
Passport - called .NET Passport - last Fall.

The companies also pursued their own web services security roadmap outlined
in April with specifications for - among other things - federation,
authorization, privacy and policy. WS-Security, co-authored with VeriSign
Inc, is the first deliverable.

An easing of tensions was recently signaled when Palo Alto,
California-based Sun agreed to endorse WS-Security's submission to OASIS,
where the specification will receive broader industry input. Seventeen
companies have agreed to participate in WS-Security since that submission,
according to IBM.

IBM encourages submission of the Liberty specifications along with
WS-Security to OASIS. IBM's director of e-business standards Bob Sutor told
Computerwire this would help ensure elements of both are merged in an
atmosphere of co-operation. He said the biggest obstacle for web services
is not technical, but political.

"We think we could bring the industry under one roof and cut through the
politics which everyone is sick of," Sutor said. "The challenge is getting
past the politics."

A hint of stand-off remains, though, as IBM has no plans to join Liberty.
Sutor said that would not be necessary if Liberty's specifications passed
to OASIS.

Sutor welcomed today's publication of Liberty's specifications. He said
this meant IBM and others could read and possibly adopt the specifications.
"We want to know what their plans are," Sutor said.

OASIS is seen as an ideal location based on its track record in web
services security specifications. Members are building the Security
Assertion Mark-up Language (SAML) expected in November and due to be
demonstrated by IBM's Tivoli business and others today in San Francisco.

Sutor added other specifications in the joint IBM-Microsoft web services
security road map could also pass to OASIS. He said, though, planned
specifications for workflow, business process and transaction could
possibly go to other independent standards groups such as the World Wide
Web Consortium (W3C) or Object Management Group (OMG).
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list