Alliances of incapable

Anyone remembers United Linux? An attempt of few Linux distro makers to take on Red Hat, the market leader, by creating a common product core, it has become a spectacular failure.

Apparently many didn’t learn the lesson. There are two other industry alliances, both working in the information security space, that look very much like the abovementioned failure.

The first one is called Liberty Alliance. The stated goal is to create open standards for federated identity management as well as business and deployment guidelines, and the best practices for managing privacy. The real goal was to respond to Microsoft’s Hailstorm (or .Net My Services). Microsoft’s initiative never meterialised but the Liberty Alliance drags on, without focus and with really good and viable alternatives available. They even release specifications – as useful as Microsoft® .NET My Services Specification, also available (from $0.01).

The other alliance is OATH – the Initiative for Open Authentication. The stated goal is to address issues like theft of information and unauthorised access with a set of open standards. OATH is taking an all-encompassing approach, delivering solutions that allow for strong authentication of all users on all devices, across all networks. The real goal is to counter RSA Security (and its really good proprietary one-time password solution) advances in the market.

Here’s the issues with the alliances: they are created based on marketing considerations; they try all-encompassing solutions and position themselves as best practice from the beginning, before gaining any credibility outside of the alliance members and their customers; and their strategy is dictated by their competition.

Grassroots movements with no obvious corporate alignment produce much more valuable outcomes. 

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>