« Policy interoperability - a step in the right direction | Main | Microsoft drops virtualisation features »

Sun yesterday announced:

a new initiative around support for OpenID, a decentralized, web-friendly single sign-on mechanism that allows consumers to reuse a single login across different websites, tackling the "login explosion" problem. OpenID is currently limited to facilitating low-risk transactions such as blog comments. Through its new initiative, Sun is exploring what changes and practices are needed to make OpenID applicable to a broader spectrum of business and IT challenges. The company will actively encourage participation from customers and technology partners through a series of activities and real-life implementations that are initially driven by Sun's Chief Technologist's Office.

It would be all too easy to focus on vendor sports and discuss this announcement in the context of Microsoft's embracing of OpenID at the RSA Conference in February. But I will avoid the temptation (not least because I think the sport wouldn't be much of a spectacle).

I also don't want to join the ongoing debate (at least over at the Identity Gang) sparked by this statement in the press release:

People using Sun- based OpenID identifiers at an OpenID-accepting website can convey in this simple and secure manner that they are indeed Sun employees, a piece of information that can enable access to employee discounts and unlock other special services all across the web.

which confuses authentication with authorisation - contractors may be given OpenID identifiers to access particular services but they are not Sun employees; what happens in the future if Sun provides OpenID identifiers to partners in the future but a service provider is working on the assumption that OpenID identifiers have only been issued to employees?

No. It's this statement which captures my particular interest:

As enterprises increasingly open up access to data and services to wider audiences and improve usability, the use of a decentralized technology like OpenID will be an appealing way to manage account proliferation. Integration with existing deployments, which often involve enterprise-ready technologies like SAML and the Liberty Alliance's Identity Web Services Framework will become an essential consideration. Sun is working with customers and partners to combine and converge these technologies to maximize effectiveness.

I discussed the importance of convergence of user-centric and enterprise-centric approaches to identity in our report on identity management. Although there have been some very valuable discussions in the identity community, this has not resulted in much pragmatic guidance for enterprises assessing the implications of OpenID and other user-centric identity technologies behind the firewall. Sun's experiment should hopefully provide some valuable insight. I for one look forward to hearing more.

Posted by nmacehiter in Identity Management |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1819