Finally, it is at least a bit clear what Liberty Alliance is up to. Rather than fighting over control over user details in Passport-like infrastructure, they will go for basic interoperability covering userid and passwords. In Sun's Jonathan Schwartz's words:

"That will allow you as a customer of CitiGroup and United Airlines--if both choose to actually deploy Liberty--to login to both and link the two accounts. Then, magically, every time you log into CitiGroup, you can go look at your United Airlines Mileage Plus Account."

Sounds a lot like SAML multi-domain single sign-on, doesn't it? The question is, "How easy it would be to SAML enable deployed systems? Will SAML scale up in the future? If not, they might looking to use of SAML with Kerberos or attribute certificate modifications.

I said LI wouldn't resolve anything and I was probably wrong; still I am curious if they suceed beyond basic single sign-on.

Schwartz suggests that banks should become the administrator of user details because they enjoy the biggest trust amongst the commercial organisations. This, however, is true in the US and perhaps in other Anglo-Saxon countries, but in European countries people are more used to rely on government-issued identity. Government will perhaps never run this type of infarstructure, but banks may not as well. Also big businesses associated in Liberty Alliance will not like the fact that design would give anybody else than themselves an an advantage to control user details. The only way remaining is to design the specs in such a way that any organisation can become a controller of user details. Or design it as a P2P system.

9:57:20 PM