GSI and Liberty Alliancd Framework: Goals, Architectures and Feasibility Study for Integration

This paper looks at two ascendant solutions aimed at offering a single sign-on feature for a group of services offered by several, distinct service providers. The central assumption is that the group of service providers do not have neither bilateral agreements to h. each other's user agreements, nor do they have a common umbrella organization who is taking care of the user account management for them. In Grid research a concept of Virtual Organization describes this mapping of single credential to several service provider's resources. Originally the Grid has been developed for scientific computing that may deal with petabytes of data at multiple co-operating computing centers around the world. However, there is a clear call for this kind of distributed computing technology in other areas too. The Liberty Alliance approaches the same goal from different background. The most pressing need is to device a secure way for the end-user him-/herself to bundle into a single, user-controlled entity the existing group of several ``identities'' an avid user of Internet typically has. Typical sources of these Internet identities are banking, frequent flyer systems, online shops, online magazines, email and instant messaging systems and WLAN operator accounts. The members of the alliance see the inconvenience and security issues of this proliferation of identities as the limiting factor for generating revenue in the Internet. This paper looks in detail at the common features and differences of these two approaches in terms of goals, architecture and existing implementations. On a conceptual level the paper analyzes the effect of the differences in the assumptions of these two architectures, and points at areas of further study (especially in the field of privacy, which is probably the area where the approaches differ most in their central assumptions). Based on this analysis we try to form a coherent architectural concept that would allow these two architectures to work together, and try to outline some of the possible use cases this unified model might make possible.