Sun Identity Server Supports Liberty Spec

Enables organizations to share authentication with other Web sites.

Sun Microsystems Inc. last week unveiled its first new identity management product based on the Liberty Alliance specification it helped create.

Sun ONE (Open Net Environment) Identity Server 6.0 is not a breakthrough product, but customers, competitors and other Liberty Alliance members will be watching its progress closely. Identity Server is the first major product from an alliance member to hit the market with support for the Liberty specification. As such, it carries much of the hopes and expectations of the group with it.

The key enhancement in the software is its support for federated services. This lets organizations share their employees and customers authentication credentials with affiliated Web sites, eliminating the need for individuals to log on to each site separately.

This functionality is provided by the Liberty Alliance 1.0 specification, which is built on the SAML (Security Assertion Markup Language) 1.0 specification. Sun and the Liberty Alliances other members are counting on demand for this kind of federation to, in turn, drive demand for Liberty-enabled products.

However, some Liberty members say their customers have yet to ask for this functionality in any meaningful quantity. And analysts say its still too early to tell whether theres any real market for such services.

"Were still in the proof-of-concept stage with this, especially with companies that arent yet ready to automate their relationships with other companies," said Pete Hurwitz, an analyst at Spire Security LLC, in Malvern, Pa. "Its not an overwhelming kind of thank God feature."

The alliance began life as an effort to develop an alternative to Microsoft Corp.s Passport online identity service. However, Sun, of Santa Clara, Calif., has shied away from that characterization in recent months, preferring instead to discuss Libertys efforts as a unique authentication scheme in its own right.

Passport has all but wrapped up the consumer market for such services—more by default than anything else—and Sun and Liberty have begun to concentrate their efforts on the enterprise market.

Identity Server 6.0 includes several other new features, including one-click digital certificate requests and issuance via Sun ONE Certificate Server, digital signing of log files for nonrepudiation purposes and a Java-based management console.

The new version of Identity Server includes Suns new Java Authentication and Authorization Service framework, which is an open, extensible security architecture. The technology builds on the package in the servers software development kit, The Java Secure Socket Extension and Java Cryptography Extension. The service can be configured on a per-application, per-user, per-role and per-organization basis and uses resource-based authentication to enable every protected resource and authentication to have a configurable authentication level.

In addition to support for the SAML and Liberty specifications, Version 6.0 includes modules for integrating numerous authentication technologies, including LDAP, Remote Authentication Dial-In User Service, X.509v3 certificates, SafeWord token cards, and Windows NT and 2000 authentication.