Product Snapshot: Phaos Liberty Toolkit
Phaos Technology banks on the Liberty Alliance Project
November 8, 2002 — With its recent release of the Phaos Liberty Toolkit 2.0, Phaos Technology continues to demonstrate its commitment to the Liberty Alliance Project’s vision of network identity. Version 2.0 follows the Phaos Liberty SDK, which the company launched earlier this year. Phaos’s latest release introduces the industry’s first toolkit for implementing the Liberty Alliance Project’s initial set of specifications—Liberty Alliance Version 1.0, released in July—that enables opt-in account linking and simplified sign-on functionality across systems. The Liberty Alliance Project, a consortium of more than 95 technology and consumer organizations, seeks to establish an open standard for federated network identity.
The Phaos Liberty Toolkit helps Java developers build applications that allow single sign-on, support integrated enterprise authentication schemes, and enable migration from legacy systems to Web services. Version 2.0 extends the Phaos Liberty SDK with an integrated security library. The toolkit provides integrated XML digital signatures and XML encryption, and works with any XML parser.
Phaos has modeled its toolkit’s APIs after Sun Microsystems’ Java API for XML Parsing 1.1 conventions and the W3C (World Wide Web Consortium) Document Object Model 2. “So anyone familiar with programming in Java with the JAXP APIs or with the DOM conventions and idiom should find our APIs very familiar and easy to get up to speed with,” says Ari Kermaier, senior software engineer at Phaos Technology and the toolkit’s architect.
The tool does not manage the interactions between entities in a Liberty infrastructure, continues Kermaier. “We’re trying to provide a more flexible approach for our customers, instead of forcing them to implement a monolithic Liberty infrastructure in one go and forcing all their business models to fit it,” he says. “We’ve allowed our customers to roll their own message interactions so they can build this system into their e-business processes in an incremental fashion.”
With the exception of Sun—who has introduced Interoperability Prototype for Liberty, a validation solution—Phaos Technology currently is the only vendor that has officially released a Liberty-based toolkit. Other vendors including NeuStar, Novell, and RSA Security have announced plans to support the Liberty Alliance Project and are expected to release products in the coming months, which is good news for developers.
As Pete Lindstrom, research director at Spire Security, explains, security toolkits, such as Phaos’s offering, are generally better than developers’ home-grown solutions. “The do-it-yourself mentality has put us into the position that we’re in today, with security vulnerabilities run rampant,” he says. “Even the pros, Microsoft, for example, are not good at building security into applications. There are too many problems with it. The toolkit takes the problems away from the developer. It also standardizes your approach to security across applications and allows you to deal with new specifications and standards coming out in the industry.”
Companies who are heavily invested in business-to-consumer applications will want to look at such a toolkit, says Lindstrom: “Financial services, travel, and entertainment, those type of companies that really want to bring about a cohesive user experience through brokering deals and being a piece of the entire experience, but not necessarily doing everything themselves.”
Roger Sullivan, president of Phaos Technology confirms that one of the toolkit’s prospective customers represents a manufacturing consortium that deals with distributors, agents, or resellers, who in turn deal with consumers. “They want to create a model by which it is very easy for the consumer to obtain credit through this consortium,” he explains. “It becomes a competitive advantage for them to be able to quickly offer credit as opposed to having the consumer go to a bank or credit union.”
Sullivan expects the Phaos Liberty Toolkit to grow more relevant as Web services grow more popular. “People are becoming more aware of the security vulnerabilities involved with sending clear text credit card information across the Net,” he says. “And those consumers are beginning to ask questions. They’re becoming smart about the fact that when you type a credit card number into a clear text email, there are potentially a hundred hops along the way between you and me where that information could be compromised. As more and more businesses either force or drive people to the Web for business transactions, the need for security applications within a Web services environment is going to be the first consideration.”
But with the economic climate still chilly and companies still unsure about Web services, will corporations look seriously at investing in such technologies just yet?
“I can’t imagine that there’s a whole lot of activity going on currently,” acknowledges Lindstrom. “But assuming there’s some more economic turnaround for 2003, I expect that companies will need to start looking at this as a way to boost their business.”
