Alliances of incapable

Anyone remembers United Linux? An attempt of few Linux distro makers to take on Red Hat, the market leader, by creating a common product core, it has become a spectacular failure.

Apparently
many didn’t learn the lesson. There are two other industry alliances,
both working in the information security space, that look very much
like the abovementioned failure.

The first one is called Liberty Alliance.
The stated goal is to create open standards for federated identity
management as well as business and deployment guidelines, and the best practices for managing privacy.
The real goal was to respond to Microsoft’s Hailstorm (or .Net My
Services). Microsoft’s initiative never meterialised but the Liberty
Alliance drags on, without focus and with really good and viable alternatives
available
. They even release specifications – as useful as Microsoft® .NET My Services Specification, also available (from $0.01).

The other alliance is OATH – the Initiative for Open Authentication.
The stated goal is to address issues like theft of information and
unauthorised access with a set of open standards. OATH is taking an all-encompassing approach, delivering solutions that
allow for strong authentication of all users on all devices, across all
networks
. The real goal is to
counter RSA Security (and its really good proprietary one-time password solution) advances in the market.

Here’s
the issues with the alliances: they are created based on marketing
considerations; they try all-encompassing solutions and position
themselves as
best practice from the beginning, before gaining any credibility
outside of the alliance members and their customers; and their strategy
is dictated by their competition.

Grassroots movements with no obvious corporate alignment produce much more valuable outcomes. 

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>