News

Sun ships Passport alternative

• By John K. Waters
• January 20, 2003

Sun Microsystems last week began shipping Version 6.0 of its SunONE Identity Server, said to be one of the first commercially available ID servers based on Liberty Alliance Project specifications for federated network identity. The server uses Version 1.0 of the Liberty spec, which was unveiled last July.

Sun officials describe the SunONE Identity Server (formerly iPlanet Directory Server Access Management Edition) as a Web access management server. The server is part of Sun's platform for identity management, which also includes its Directory Server, Meta Directory Server and Certificate Server. The identity server comes bundled with the SunONE Portal Server, and the company plans to integrate it with other server products (app, Web and messaging), as well as its Solaris operating system.

According to Sun, the Liberty Alliance spec was designed to let users create a ''federated'' network identity and authentication-sharing mechanism that is interoperable with existing identification systems. The spec defines a set of protocols and policies that enable consumers to protect the privacy and security of their network identity information; allows businesses to maintain and manage their customer relationships without third-party participation; and provides an open, single sign-on standard that includes decentralized authentication authorization from multiple providers.

The Liberty 1.1 spec, still in draft as of this writing, incorporates the Security Assertion Markup Language (SAML) specification and adds a set of usage policies. Sun told e-ADT that it would add support for the 1.1 version with a patch release when that spec is finalized, expected sometime in March.

The SAML 1.0 specification defines an XML framework for exchanging security assertions among security authorities. According to Sun, the main goal of SAML is to achieve interoperability across different vendor platforms that provide authentication and authorization services.

This so-called federated ID management is fast becoming a key technology for distributed e-commerce, e-business and Web services. According to John Barco, senior product marketing manager for SunONE, interest in establishing a cohesive identity management strategy in the enterprise is coming largely from upper management. ''We are seeing a trend of a top-down view of the business units, with this software used to secure those business units and cut costs,'' Barco said. ''As companies using Identity Server 6.0 start to gain interest in a federated identity model to use with their partners, they will already have the software deployed.''

Sun's ID server is seen as an alternative to Microsoft's oft-maligned Passport service. The Redmond, Wash.-based software maker claims approximately 14 million users of its authentication service, and has not shown an interest in joining the Liberty Alliance. Approximately 60 companies support the Liberty Alliance, including such heavyweights as America Online, Cingular Wireless, France Telecom, United Airlines, American Airlines, American Express, MasterCard and General Motors. Half-a-dozen software vendors, including Novell, RSA and Entrust, support Liberty, but both Oracle and IBM have remained neutral.

Identity Server 6.0 ships with a set of 15 agents that control authentication to enterprise systems such as PeopleSoft, Lotus Domino, IBM WebSphere, BEA WebLogic and Apache Web Server. Platforms supported are Solaris 8, 9 and x86, Red Hat 7.2 (6.1 only) and Windows 2000.

Pricing for Identity Server 6.0 starts at $10 per user.