I've been wondering if there will be a demand for developers/architects who have a good idea about how Sun's Liberty Alliance spec works. I had forgotten about it until I just ran across this overview of the system:
I was forced to go through the Liberty Alliance details because of a presentation I was asked to do. During my investigation I came across several points:
- End users don't give a monkey about digital identity and Liberty per se. It's the companies who have chance to become identity providers (actually banks according to Gartner), who care about this and who might be ready to pay for the fun
- Because Liberty enables completely new type of business relationship that span across, at minimum, three entities, the legal issues involved are huge
- Business issues - how to get service providers signed up, what will be in it for them, what benefits Liberty will going to bring to everybody is another critical issue
- At the end of the day, the bill presented to potential identity providers for legal and business work will be probably higher than the one for technology services which will still be higher than the one for software and hardware (good morning Sun!). The question is if anybody is in fact prepared to pay for this (as opposed just to talk about) in the climate focused almost entirely on cost reduction
- Liberty v1 has some serious usability issues. In most of its deployment scenarios, it will not be possible to get automatically signed-on just by typing URL directly into browser
- Account federation is an awful expression. No user will understand that. Even when using "account linking" is a bit awkward to get in terms with. The whole thing with getting consent with federation will put off most of the users. The option to "automate" the consent may not be legal.
- Large parts of the v1 specification are optional. Will software vendors get to agree on what how to use the optional parts and stay interoperable?
Couple of other points that appeared in the lively dicussion that followed after the presentation.
- Liberty (or something similar) is definitely a way forward, especially in multi-device environment
- V1 is just first stab at how the eventual solution will look like
- Powerful "user" organisations (MasterCard, banks etcs) is one of the reasons why Liberty is not just a PKI v2 - a brilliant technology vision without real world execution
- Internal Liberty deployments will be the first ones to appear because they don't have to deal with difficult legal stuff and thus can bring benfits faster
[Via Scott Loftesness]
Hmmm... not high marks, but it may become the standard anyways. It's better than Passport at least... Even Microsoft is abandoning their SSO it seems since even the new XBox Live site doesn't support it.
P.S. Thanks Scott, also, for this great link to the Permanent Absentee Status info! I hadn't seen that before, though I don't know if it counts for overseas expats, I'll have to explore.