Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Sun Microsystems Your Rights Online

Sun ONE Identity Server 6.0 87

scubacuda points to this article at The Register, about "what is believed to be the industry's first identity server based on Liberty Alliance Project specifications for federated network identity (date sheet here). Other reports of Sun's release: eWeek, Information Week, Computer World, & Y!"
This discussion has been archived. No new comments can be posted.

Sun ONE Identity Server 6.0

Comments Filter:

  • System Requirements

    Supported:

    Sun Solaris[tm] 9 and 8 Operating Environments for 32- and 64-bit UltraSPARC®
    Microsoft Windows 2000 Server, Service Pack 2 or later
    Microsoft Windows 2000 Advanced Server


    What? No Epoc? ;)

    (btw, FP?)
    • Re:supported (Score:1, Informative)

      by Anonymous Coward
      And it runs on linux.

      from the article:
      Platforms supported are Solaris 8, 9 and x86, Red Hat 7.2 (6.1 only) and Windows 2000

      So, I hope its clear to everyone that it runs on Red Hat 7.2 (6.1 only) too!
      • Re:supported (Score:3, Informative)

        by abdulwahid ( 214915 )

        So, I hope its clear to everyone that it runs on Red Hat 7.2 (6.1 only) too!

        I think you'll find they mean that only version 6.1 of the Identity server will be supported under Redhat Linux 7.2 and this version 6.0 doesn't actually support Linux at all.

      • Re:supported (Score:3, Insightful)

        by mcbridematt ( 544099 )
        Heck, you need to learn reading official product specs are the most reliable source of info on a product and if that ain't true, just call your lawyer. On the Sun Website [sun.com], it says and I quote:
        "Supported:
        * Sun Solaris[tm] 9 and 8 Operating Environments for 32- and 64-bit UltraSPARC®
        * Microsoft Windows 2000 Server, Service Pack 2 or later
        * Microsoft Windows 2000 Advanced Server
        ".
        No linux, no Solaris x86, no Windows Whistler/XP, no Longhorn XP Alpha, no FreeBSD, NetBSD, OpenBSD, no Minix, no MicroBSD, no IRIX, no OpenUNIX, no Windows 2003 RC1/2. The list goes on.
    • So it isnt supported on Micrsofts newest DDOS platform? Disappointing, really :)
  • Finally... (Score:3, Funny)

    by powerlinekid ( 442532 ) on Wednesday January 15, 2003 @04:33AM (#5086522)
    Umm... I'd like to order one new identity, supersized. Preferebly one with Bill Gates bank account and Hugh Hefners mansion.

    Oh wait... this doesn't serve identities?
  • Sun ONE (Score:2, Insightful)

    The Sun ONE Server is the first single sign-on server based on the liberty Alliance project. And its at version 6.0

    • "The Sun ONE Server is the first single sign-on server based on the liberty Alliance project. And its at version 6.0"

      Yeah, you can't trust version 1.0 software: look at Windows!
    • And its at version 6.0
      And your point is what? In case you're not aware, this is not the debut of Sun ONE Identity Server, it's simply the first version of it that is based on the Liberty Alliance Project specifications. Duh...
    • Re:Sun ONE (Score:2, Informative)

      by hummer ( 15382 )
      The SunONE identity server is a fork of Sun/iPlanet/netscape's directory (LDAP) server product. Identity server used to be called SunONE directory server 5.1, Access Management edition. Hence, the latest version number is 6.

      hummer
  • A month ago I read the same thing from novell "We're the first compliant to the Liberty Alliance specs !"

    But don't "fight" yourselfs Liberty Alliance guys, it's all about kick assing M$'s passport isn't it ? And that's a good reason, so go for it !

    We don't want M$ to master our digital identites ! We don't want any M$ at all !

    Sorry got slightly distracted by my anti-M$ part :(
  • So Wait? (Score:5, Insightful)

    by Jordy ( 440 ) <jordan&snocap,com> on Wednesday January 15, 2003 @05:34AM (#5086627) Homepage
    Why is this under your rights online? Do we not like this system for some reason?

    It seems like a perfectly sane system. Distributed login, no personal information swapping between services and even a global logout. All the specifications appear to be published as far as I can tell.

    I'm pretty surprised there hasn't been any progress creating an Open Source implementation of the specification. Kinda disappointing.
  • by Anonymous Coward on Wednesday January 15, 2003 @05:35AM (#5086629)
    Who's to say that Sun wouldn't use/abuse my personal information in exactly the same way a lot of us fear Microsoft would?

    Although I really like the idea of not having to type in my personal details all the time, I don't trust a public company, which is primarily answerable to its shareholders (i.e. not potential users, such as myself), with this sort of information.

    I wouldn't trust the US government with this info either. I wouldn't trust my own (Australian) government either.

    In an ideal world, this sort of service could be hosted/provided by a United Nations-type, global "entity" and the details made available "only to the good guys". Nothing about the *real* UN would make me trust it with my personal info either.

    However, if the information was held strongly encrypted *and* distributed so that nobody had access to vast amounts of user data for "market analysis" or other purposes, then I might be interested in signing over my details. A model something like Freenet's has much more appeal; nobody knows where the data is stored, so hopefully nobody could dig into my personal details without my consent. Having my personal data mixed in with everyone else's all around the world would make it impractical for marketing droids to perform their volumetric analysis on it. Add some decent encryption to the mix, and allow me to release only extremely specific details about myself to vendors, and I'd probably be pretty tempted to sign up. In particular, let ME be the traffic cop for my own data; don't tell me to trust somebody else to provide my personal info on request, since frankly there's hardly anyone I'd trust at that level.

    As it stands, I can't see an offering from Sun being any more acceptable than one from Microsoft, or Novell, or Oracle, or any government body from any country. An open source solution is a mandatory starting point, as far as I'm concerned
    • by Xrikcus ( 207545 ) on Wednesday January 15, 2003 @06:04AM (#5086686)
      If nobody knows where the data is stored, is there not a problem with recovery if some of the system goes down? Extending that, if part of the system only goes down, and only certain peoples information is unobtainable, all of a sudden people know where it's stored...
    • by Mindbridge ( 70295 ) on Wednesday January 15, 2003 @06:23AM (#5086721) Homepage
      Notice that Sun and the Liberty Aliance do NOT offer a centralized identity repository a la Passport. This is a distributed solution -- as a provider (internet store, etc.) you install an authentication server and decide yourself what other providers you can trust, so that if a user is logged in their site, he can be considered logged in yours as well (put simply).

      The only requirement is that the server implements the Liberty Aliance protocol standards. I _think_ one can make an open source server that implements those standards as well.
      • Sorry I didn't state my point a bit more clearly - long day in park, in the sun, with small children...

        The single sign-on approach that was proposed by Microsoft with Passport et al was, I think, a really good model in terms of what was promised as the end-user experience. The problem I had with it was that it was going to be provided by MS, an organization that I simply don't trust with that type of information. I believe MS would use my information for purposes that I personally would find undesirable, and I don't want to employ legal advice to get my head around their EULAs to try to satisfy myself that they won't be allowed to do anything I personally would regard as "naughty". From what I've read, most people seem to share this particular concern, and it's the real showstopper issue as far as a lot of people are concerned.

        That said, I would like a service of this type IF the provider was someone I trusted.

        The Liberty Alliance approach is a "watered down" attempt at a solution to the same problem. It seeks to address the privacy concerns by implementing a shared trust model between different vendors/providers, which doesn't address the above concern at all. If I won't give my details to a MS, why would I give them to another provider who could/will share them without my express consent?

        What I really want is the MS Passport model, but not run by a corporate or government (or other...) entity that might use this info for something I don't want. Note the distinction here between "don't want" and "didn't authorise" - again, I don't want to wade through EULA-type legalese with a vendor/provider.

        Give me a decentralised, highly encrypted solution where there's not piles of personal data sitting in a known repository, and that goes a long way to addressing my concern. Make it (nearly?) impossible for anyone to track down where MY data is stored, and encrypt it such that even if the source of my data is found, then nobody but me (and those I authorise) can decrypt it. Let ME decide who gets access to my info, not some 3rd party acting as my proxy; let ME nominate exactly what information I'm prepared to provide to each and any entity I want to do business with, and empower ME to remove or change my data whenever and wherever I see fit.

        The various components necessary to produce such a solution exist today and are already widely deployed in other products (e.g. gnutella et al, ssh and the various encryption protocols used within, FreeNet, ...); all that's required is for some enterprising souls to tie all the bits together as a coherent solution, release it as Open Source to let the world shake out the bugs, then everyone and his dog can sign themselves up.

        If a simple-to-implement interface spec is published, there's no reason why lots of specialised clients couldn't be developed, along the lines of the Jabber model. For example, I'd need a client to enter/maintain my own info, and if I had clients that could run on a phone/PDA/Web browser, etc. to the point where I could access and change my own info securely from just about anywhere, that might meet the reasonable usage requirements of just about any "connected" person. Similarly, a vendor looking for my details could access my info via a freely-downloadable, open-source API (e.g. JavaBean); if a collection of vendor-specific client interfaces was created, open-sourced and free for download, the reliability should be there and the vendors should all be happy to support such a solution.

        That all sounds very simplistic, but the problem of identity verification is very large and a good solution would be adopted very quickly by lots of people. Consider ssh's history; a problem of insecure data transfer existed, a solution was produced and open-sourced, and some time down the track it's a no-brainer solution to an entire class of problems. You want secure access, whether it's a Web portal or a sys admin working from home; you use ssh and don't even think about it. *That's* how people need to regard identity verification; if I need it, I use XXX and it just works...

        The problem of identity verification is a classic "build a better mousetrap" situation; once a solution is created that meets peoples' requirements, the take-up rate will be enormous. That solution isn't going to come from a commercial vendor as a closed-source, boxed product; if it was, then frankly MS would have been able to provide it (face it, most people trust MS, even these days...). An open-source solution, with widespread vendor buy-in, is the only likely way that such a thing is likely to succeed.

        All IMHO, of course ;->
      • There is an open source implementation of distributed login here [sourceid.org] [sourceid.org].
      • The only requirement is that the server implements the Liberty Aliance protocol standards. I _think_ one can make an open source server that implements those standards as well.

        If Sun were really smart, that is exactly what they do: impliment a free software/open source reference of the protocol.

        In fact, they would be well advised to GPL such an implimentation? Why?

        The GPL would prevent competitors *cough* Microsoft *cough* from incorporating Sun's code into their proprietary products without first negotiating and obtaining a separate license under whatever terms Sun wishes to impose (they get all the negotiating power with proprietary vendors that they have now).

        The GPL would allow its inclusion in any free software products. Perhaps, under FreeBSD and Apache as a separate module, to avoid licensing collisions. This would give the free software community a decentralized authentication framework, and would mean widespread adoption by anyone and everyone not firmly in the MS IIS camp (most reasonably savvy people).

        While I do not believe anyone is entitled to obtaining privately funded and written software for free, I do think a move like this by Sun would be strategicly brilliant in getting their standard quickly and widely adopted, quickly and widely enough to prevent Microsoft from owning online authentication. I suspect if Sun doesn't do this (or spin off a well funded group to do this), their liberty alliance will fade much like java has ... where many java websites fail to work with anything other than Internet Explorer under Windows because the java they run relies on Microsoft's jvm, and Sun's jvm isn't really any less of a hassle for developers and surfers to obtain.

        (As an aside: based on Sun's treatment of Java, I doubt they are that smart. Having to click through license agreements to download and install a jvm, vs. simply having to type 'emerge somejdk' for everyone elses jvm, means most people install someone else's jdk if at all possible due to the hassle factor alone. Not good when you're trying for widespread adoption.)
        • If Sun were really smart, that is exactly what they do: impliment a free software/open source reference of the protocol.

          Then they must be really, smart because that's exactly what the IPL implementation is - except under an Apache style license. At least, I think it's called the IPL.

          Don't expect to just download it and get single sign on though. Liberty doesn't work like that.

      • .
        IIRC - there *are* centralized repositories, it's just that it's not a single repository.

        IE: You sign up with Sony, and get to use that authorized trust ID with Sony's partners, deciding which of Sony's partners get what level of information.

        So Sony or some other big mean corporations will own your ass instead of Microsoft or Sun.

        Feel better now?
        .
    • You've rather dramatically missed the point.

      Sun doesn't want to store your identity. Not having a single entity as a central point of failure for all account information is exactly why the Liberty Alliance was formed!

      You might want to go and read the specs and learn about federated identity.
    • Yeah, but then you'll start getting hippy, peace-promoting spam. But it beats opening your mail and finding a message that tells you to prepare for war with a Dell.
  • by Max Romantschuk ( 132276 ) <max@romantschuk.fi> on Wednesday January 15, 2003 @05:39AM (#5086633) Homepage
    I have an electronic ID card [sahkoinenh...okortti.fi], which I haven't really found useful at all... I can in theory use it to identify myself in any kind of electronic transaction.

    Now, if identity servers could interact with local registries of people already in existance the whole secure, verifiable electronic ID -thing would really be taken to the next level.

    This is probably far to utopistic though...
    • Policy (Score:3, Insightful)

      by 4of12 ( 97621 )

      Well, for the cases where identity needs to be unambiguously established for an individual, I'm happy to see technology available to support it.

      And if the technology is open, I like it more.

      But I'd really feel a lot more comfortable if there were fundamental changes in identity policy to permit anonymity and privacy of varying degrees.

      There are far too many circumstances today where I have to establish my individual identity as a person, where it would suffice to identify me as "an individual capable of giving X amount of money for this particular transaction".

      I've grown to like the Slashdot model where you can create your own identity and it stands only for the cumulative comments you make, nothing more.

      But governments and corporations don't want to lose any bit of control, so we probably won't see this model extended into public life. By the time average citizens become cognizant that their every action, speech and deed is instantly and perfectly recognized by the authorities, it will be too late to change the policy.

    • This identity server (and the defined protocols behind it) are a method of doing exactly what you are describing. The point of the Liberty Alliance and its working groups are to interact with local registries of people already in existence (or yet to be created) and coordinate their authentications and authorizations.

      It is not a service like Passport. It is a product and protocol suite so you can run your own centralized identity system (as a company or personally).
  • for a moment, I'm quite interested in what is going to happen within the opensource community?

    Right now there is a move to create an opensource passport, however, it would be interesting if there was a lead by another group to create an opensource liberty project.

    For me, it would be great to have a certain amount of information being shared over a number of services instead of needing to learn 101 passwords and user names.

    Yes, I know I could use the same one over and over again, however, my experience has always been that there is some dimwit using my username, and it has ABSOLUTELY nothing to do with their proper name! GRRRR
  • by Anonymous Coward
    maybe version "6.0" makes it sound more mature .

    I'll be waiting for the XP version.

    -mdew
  • If I understand this whole thing, I'm trying to understand why any manjor company would want this on their ecommerce site. As a CEO, I would say, "Let me understand this. We will no longer keep detailed customer information. Some service provider will?." I'd hit the roof. Ask my employees what were they thinking. Giving up one of our most precious resources, information on our customers. I'd fire the whole group, and get new people with more intelligence. Quite frankly, I don't see this being accepted by major corporations. And I seriously doubt "Mom and Pop" operations, which wouldn't want the trouble of maintaining such data, is a big enough market to support these efforts.
    • You can give the customer a choice: buy using your Liberty id or enter all the personal info like they do now. If the customer prefers Liberty like him its just like a customer paying cash in a regular store... and you might scare him off if that choice wasn't there.
    • Well,

      and as a share holder or Chairman I would likely fire you and get your staff back.

      a) its likely cheaper to outsource those informations

      b) you likely can trust those informations

      c) you can process e-commerce transactions faster and mroe secure and with better privacy

      Of course: you give up power.

      I'magine:

      Company Market Customer

      And now the company has no, absolutely no, data about the customer. The Market handles the identity, financial security and delievery adress.

      The customer can trust into the "Market" not to disclose informations to the company where the customer is ordering at.

      The company can trust the "Market" that this order is conducted by a real identyty with real money.

      angel'o'sphere
    • You don't understand this. Liberty enables a company to decide what information it wants to keep about its customers and what information it will rely on Identity Providers for. From the CEO's perspective this is great - he doesn't have to wear the risk of holding sensitive information (eg. credit card numbers) but gets to hold onto the stuff that is important for maintaining a relationship with the customer. The customer gets to decide which organisation it will trust to hold identity-related data. I trust my bank to keep my credit card number, since they have it anyway, but I don't trust every merchant with it, therefore I would be happy to deal with a merchant which uses my bank as an Identity Provider. The merchant would never get to see my credit card number, nor any other information held about me unless I approve it. Likewise, my bank would never know the complete details of my transaction with the merchant. Liberty gives the consumer and the company the best of both worlds, unlike Passport, which gives Microsoft the whole world.
  • One Server to rule them all
    One Server to find them
    One Server to bring them all
    And in the darkness bind them
  • (date sheet here)

    What the hell is a date sheet? Is this a list of single women's names and their phone numbers? No, that would a potential date sheet. So, again, I ask, what is a date sheet?

    Kent
  • by Russ Steffen ( 263 ) on Wednesday January 15, 2003 @10:47AM (#5087895) Homepage

    Just what I need - software to tell me who I am.

    Server: You are number six.
    Me: I am not a number, I am a free man!
    Server: Haven't read /. lately, huh? You are number six.
    Me: Fine, number six it is. Who's number 1?
    Server: That would be telling. You, however, are number six ...

  • ``what is believed to be the industry's first identity server''
    First? Don't we have Kerberos and MicroSoft Passport already?

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Working...