Liberty Is All About Identification Control

Specifications are one thing. How they're implemented is another.

The initial specification for the liberty alliance—perhaps the fastest-growing technology-driven identification control plan ever—is just weeks away. The first ID management applications based on Liberty will be out soon, and by years end, well see the first implementations, probably in consumer Web sites.

ID management in the Internet age is as great as it is necessary. Were all aware of how time-consuming and inconvenient it is to manage our identifications and passwords. Every Web site has different log-in requirements, password restrictions and security levels. However, this "difficulty" is nothing compared with what we can expect in the future when Web service technologies come into greater use. Stronger authentication and authorization controls will be necessary. This is the goal of the Liberty Alliance. (Go to for more information.)

But liberty is an impalpable term. One persons liberty can be anothers oppression. The alliance is about controlling and managing identities as they traverse the Internet—the success of which is due in large part to users ability to remain anonymous.

The success of the Liberty Alliance from a corporate point of view is already proven. The success of the alliance from a consumer point of view depends on how well products based on the specification can protect anonymity while managing individual authentication and authorization. These products must give the perception that anonymity and privacy are top priorities. For example, ad-serving companies were perceived as infringing on privacy and inspired a cottage industry designed to block the ads. Meanwhile, Yahoo has its own tracking service, and people are happy to be part of that community.

After discussions with Sun and alliance officials, its clear that anonymity and consumer choice are just as important as the ability to pass ID requirements from one site to another. Instead of passing actual identity information, the specification will pass hooks so each organization can manage its own set of identities without losing control over its user base.

Specifications are one thing. How theyre implemented is another. The business climate is changing as fast as the technology. I, for one, hope my identity isnt that fluid.

Will Liberty liberate your identity? Write to me at