Liberty Alliance: An interesting project
that has all the right ideas, but so far is pure vapourware from what I can
tell. There is no reason why we should not join this project if allowed, but I
dislike it's entirely commericial viewpoint. The aim of the LA seems to
be entirely getting access to even more information on consumers. The term
"user" is not mentioned on its front page, only "business" and "consumer".
Email wasn't built for mass marketing, IM wasn't built for market research.
Identity shouldn't be built for companies either. It should be built for the
people.
[Max Metral] Not only is this project commercial vaporware, it's
total "contraryware". The only reason this project exists is because
Microsoft has something. I don't think Sun would care about identity and
privacy if you hit them over the head with it. In fact McNealy is
(in)famous for his comment about telling people "get over it, you don't have
privacy online".
Kerberos: Wasn't designed for the web at
all. Also very very complex, I looked into this in depth recently. It's also a
not-quite-standard as there is an "enhanced" (cough) version that MS uses, and
then the MIT version that everyone else uses. However, it's beginning to look
like Kerberos will act as the glue between different systems, allowing them to
at least partially interoperate.
[Max Metral] Yeah, I was rereading the standard the other
day and scratching my head as to how they equated Kerberos with
federation when it's pretty straightforwardly centralized from a trust
perspective. It can work for sure, but just
strange.
DCE: I tried to find information on it, all I got
was a page written in 1995. I've never seen a Windows implementation either.
Perhaps this software solves all, but I remain to be
convinced.
To answer Scott Cote: obviously the final
implementation would be decided in the JIG. But it would probably be based on
the jabber network. So for instance, to login to a website/service you would
provide your Jabber network address ( i suggest this as a more user friendly
name JID ) and then your jabber server would be contacted to
authenticate.
However, like I've said before, we should
recognise that this is bigger than Jabber. If we define a protocol, it should
be sufficiently abstracted to allow bindings to other protocols as well,
therefore allowing interoperability.
[Max Metral] We definitely agree here. I still wonder
whether Jabber/JIG is the right place to address this given what you say here,
but there are a lot of people interested so far be it from me to try to
stop progress. :)
