Microsoft and the Liberty Alliance

Sun Microsystems and Microsoft are squaring off over identity authentication systems.

Microsoft Passport debuted in 1999 and is currently used by 200 million people. The Liberty Alliance Project, proposed by Sun Microsystems this past September, is merely an idea. And yet, as the two were pitted against each other last week—on opposite sides of a debate concerning the best way for users to identify themselves as they move from site to site across the Web—many major companies said they would side with the Liberty Alliance. Such is the enmity that Microsoft can inspire.

Last week, Sun CEO Scott McNealy announced, in his keynote address at the Oracle OpenWorld conference in San Francisco, that American Express and America Online had joined the Liberty Alliance, which already included such major names as American Airlines, Bank of America, eBay, Fidelity Investments, General Motors, Nokia, Sony, Sprint, and United Airlines. Collectively, these companies plan to develop a technology through which Internet users—consumers as well as businesspeople—can set up a single online account that will identity them across myriad different Web sites and, if need be, pass on certain personal information.

"The way Amazon stores identity is different from the way American Airlines stores identity, which is different from the way United Airlines stores identity," says Mark Herring, director of corporate strategy at Sun. "There needs to be a standard way for those sites to identify people."

Usually, when you visit a given site for the first time, youre forced to set up an online account specific to that site, keying in—seemingly for the hundredth time—everything from a login name and password to your mailing address and your credit card number. After setting up the kind of master account proposed by the Liberty Alliance, you could visit multiple sites and each would simply ask for your master account login and password, automatically pulling down your mailing address and credit card number.

Of course, Microsoft Passport has provided such technology for nearly three years. Echoing the opinions of many individual users and public interest groups, the backers of the Liberty Alliance want to make the Web as easy to use as possible, but they dont like the idea of a single company—particularly when its Microsoft—controlling the identities of so many different people. "The big scary thing for a lot of the founding members [of the Liberty Alliance] was that Microsoft owns all this customer data," says Herring. "What could they do with that?"

In Microsofts eyes, any control it has over a Passport users identity is largely nominal. When you sign up for Passport, Microsoft promises to keep your data secure and private and insists that, when you use Passport to log in to a third party site, Microsoft will not be able to track your behavior on that site. But Herring is skeptical. "You have one person who owns all the data promising not to share it," he says, "but a promise is just a promise and people break promises all the time."

And, as Microsoft announced this fall, the company does not see itself independently controlling all identity authentication. It sees Passport evolving into a system overseen by multiple companies or becoming one of several authentication systems that will work in tandem to facilitate use of the Web. "Were not suggesting that Passport should be any more than one implementation in a world of interoperating authentication systems," says Adam Sohn, product manager of Microsofts .Net platform strategy, of which Passport is a part. "We do believe in single sign-on, a way to do trusted interactions across organizations and domains, but we dont think any one company should or can be in control of that."

Even if Microsoft were aiming to unilaterally control identity authentication, the chances of success are slim. Chris Bergh, who helped develop Passport and holds a patent on the technologies foundations, feels that people naturally tend to have several different identities on the Web, just as they tend to wear multiple faces in day-to-day life, and that people ultimately wouldnt make the effort to bring all their identities under one umbrella. "Theres been a lot of noise about whos going to control your identity, but people will have and do have a whole multiplicity of identities on the Internet," says Bergh. "They have their work identities, their chat-room identities, their shopping identities, their naughty activities identities, and this wont change."

Any fears of Microsoft impropriety havent been so great as to prevent use of Passport. In addition to the 20 million users who have created Passport accounts, dozens and dozens of sites have begun accepting those accounts (for a partial list, see Using the service simply makes things easier. "We dont understand all the controversy surrounding Passport," says Rob Wight, CEO of, a site that helps other companies sell computers and computer equipment online. "This is something thats very practical and we need it."

In Sohns mind, since Microsoft has actually developed and implemented an authentication system, the Liberty Alliance should be asking the company for help. He feels that if Microsoft and the Alliance have the same goal—to make the Web easier to use—then the two should work together to reach that goal. "Theyre trying to solve problems we believe need to be solved," he says. "If theyre trying to have a discussion in earnest, we have a lot of technical experience and operational data that can be useful to that discussion." According to Suns Herring, Microsoft was recently asked to join the Alliance. As usual, Sun and Microsoft even like to disagree about their agreements.