Mon, 27 May 2002

Will we have a single network identity?

Zatni Arbi, Columnist, Kuala Lumpur, zatni@cbn.net.id

Today, when accessing several different and unrelated Web sites that require authentication, we will be asked to type in our user name and enter our password each time. Currently, it is the only way these Web sites can make sure that no one other than us can sign on with our user names and use their services.

Certainly, this is not the most convenient way to use the Web services. We might have used different user names and different passwords for different Web sites, and trying to remember which one to use to access a particular site may become an exercise for our memory power.

If we are accessing these Web sites using our desktop or notebook computers, the multiple sign-ons may not be too challenging as we have the keyboard to type in our entries.

However, with the growing spectrum of devices that we use to access the Internet, the sign-on procedure may become very tedious. What is the best way to enter our user name and password on the computer inside our cellphone, for example?

An initiative from Sun Microsystems, which was launched late last year, may be able to change it, although it will have to compete with another similar initiative called "Passport" from Microsoft. Sun's Liberty Alliance Project promises to enable us to sign on only once and then move from one Web site to another without having to go through the authentication procedure again as long as the Web sites that we are accessing still belong to the Liberty Alliance.

So far, Sun, which is most known for its servers, Solaris operating system and Java technology, has been able to enlist really big names such as Citigroup, American Express, MasterCard International, NTT DoCoMo, Sony, Nokia, AOL Time Warner, Hewlett- Packard and United Airlines as fellow founding members of the alliance. In addition, there are already sponsor members such as Cisco Systems, Bank of America, Visa International and Intuit, as well as a number of associate and affiliate members.

The project is expected to come up with its first set of specifications in mid 2002, which will leverage the best security products from its members.

Identity Directory: Why is this single sign-on standard becoming increasingly important? Industry leaders, such as Microsoft, IBM and Sun, are convinced that the next major business opportunity lies in services that are delivered through the Web.

As our lives become more and more dependent on the Internet -- think of how isolated you would feel without the ability to access your e-mail just for a day -- the notion of Web services makes quite a lot of sense. However, having to sign on repeatedly as we jump from one Web service to another is not really an interesting proposition, as mentioned earlier.

Yet, we do not want our privacy to be compromised. We want to have our identity -- all the specific information about us including our KTP (ID card) number, address, phone numbers, birth date and credit card records -- securely protected. Identity theft, where someone poses as someone else using exactly the same information as the second person, has become a reality and is no longer a movie theme.

Single Sign-on: The Liberty Alliance Project aims to define a set of specifications that will allow for user identities to be stored and maintained in secured locations called Identity Directories. These identities will then be used by the users and businesses to expedite authentication and authorization to make online transactions much easier.

Another expected result from the project is an open standard for a "federated, single sign-on identity solution". Such a solution is expected to further boost the growth of e-commerce as well as the demand and availability of a wider range of Web services.

An open standard will also be required to enable users of pervasive computing devices-such as the computer in today's cars- to access the Web services as easily as the user of a desktop computer. This is the third objective that this project is trying to achieve.

If this project succeeds, and if Sun can garner support for it faster than the acceptance of Microsoft's Passport, online consumers will be able to log on to the Internet once and then use services such as movies-on-demand, e-banking, e-payment and e-shopping without having to enter their password again and again.

Certainly, this initiative will require a strong collaboration among players in the online world in order to come up with a standard. It will be a tremendous challenge, but perhaps a lot of people will believe it is better to leave the creation of such a standard to a federated community rather than to a single giant company that may end up being a monopoly.

What the project also promises is that we, the users, will always have the ability to control our personal profiles, history of purchases, buying habits, etc. and determine which businesses can have access to them. In other words, although it is a federated community (Sun calls it a federated commerce), the privacy and security of our network identity will be maintained.

One of the possible ways in which a single sign-on solution can be implemented is by using smart cards. Again, this will require a lot of cooperation between industry players before we have a common method of storing information on the card's chip.

The Identity Alliance Project is just one of the current initiatives by Sun Microsystems. On May 20 and 21, this company held its 9th South Asia Press Symposium in Kuala Lumpur, and next week we will take a brief look at some of the most interesting topics presented during the event, including the launch of its Solaris 9 Operating Environment.