Sun has let it be known that they are going to start supporting OpenID, the increasingly popular, distributed identity solution. However, they aren’t making a consumer offering (just yet), it’s only for their employees. As Tim Bray puts it:
What’s more interesting is that we’re rolling out an OpenID provider, but with a twist: You can’t get an OpenID there unless you’re a Sun employee, and if someone offers an OpenID whose URI is there, and it authenticates, you can be really sure that they’re a Sun employee. It doesn’t tell you their name or address or anything else; that’s up to the individual to provide (or not). The authentication relies on our Access Manager product, and it’s pretty strong; employees here have to use those crypto-magic SecureCard token generators for serious authentication, passwords aren’t good enough.
As Tim reveals they are also using it as a test case for some of their software:
The technology is pretty interesting too. Our Access Manager product is a big, mature, enterprise-scale offering, but that group really hadn’t imagined an application like this, so there was quite a bit of engineering involved in getting it to talk OpenID to the Web at large. But it works now, and I’m hoping one of the developers will blog the details. It’ll be open source, of course.
More info can be found at on Sun’s developer site.
A lot of companies have started supporting OpenID one way or another (Radar post — Microsoft supports it in Vista, Yahoo’s Authentication APIs can be made to support OpenID, and AOL will be an OpenID provider). However, Sun is the only one to make it more of an employee tool instead of a consumer one.
Phil Windley has a thoughtful post on whether or not it is sensible for an OpenID provider to encode information like your employer. In this case, I think that it makes a lot of sense; it’s designed for use as an employee. It certainly would be handy for using externally hosted enterprise apps (like Basecamp for instance). I would never use an employer provided OpenID for anything other than official business; it would be like using your ISP-provided email address.
Sun has long history with digital identity. They were one of the founders of the Liberty Alliance, an early standards body that focused on digital identity (Wikipedia article). It’s identity standard SAML has made great strides in the enterprise. I wonder if this move will be the beginning of OpenID going behind the firewall.
(thanks for the tip, David)