In the next few years, network identity is going to transform governments in powerful new ways. Jeff Veis, senior director of Sun's Public Services Sector, weighs in on how this next frontier in network computing will affect just about everything we do.

BOARDROOM MINUTES: GOVERNMENT: Jeff, give us a quick overview of how you see the need for network identity.

JEFF VEIS: Network identity makes it easier to do business with the government, and interact with it and for the government to bring benefits to the society it serves. It's also about making government seamless. Government has already automated a lot of its services—there are plenty of government Web sites out there—but information is still in silos. We've simply paved the cow path, enabling you to get a hundred times more information from a hundred more agencies.

If I need information about starting a new business, veteran's health benefits, or getting a campground reservation, where do I call? The state government? The federal government? And when I'm accessing these services, what role am I playing? Am I the businessman or the family man on vacation? It's all about having identity-enabled, citizen-centric services that take into account the context of who's being served—that's what makes these services meaningful.

BMG: How does federated network identity fit in?

JV: You have to realize that all this information about citizens is stored in legacy systems in a decentralized ecosystem. And that's good—it's more secure that way, and no single organization has control over it. Your healthcare information should be with your doctor, your financial information with your bank, etc. We make this ecosystem work by federating. Federation means you can share information on terms that are acceptable to and have the consent of citizens or participating government agencies. This is a well-proven model—after all, it's how the international banking system works and how overseas telecommunications happens.

Sun wants the same thing to happen with network identity. And the only way to build any federated system is with an open standard. That's what enables all these systems that are running on different hardware and storing data in different ways to dynamically interact. It enables the links to be inherently intelligent and inherently secure. You could have all the resources in the world and work forever and still not build links like that in a one-off way. Instead, you need everyone to subscribe to the open standard, and then federation can happen dynamically.

BMG: Isn't that what the Liberty Alliance Project is all about?

JV: Exactly. It's not a technology alliance; it's a business alliance that has a simple deliverable: providing an open standard that's royalty-free, that anybody can use to have an intelligent, secure way to federate any information.

BMG: How do you see the difference between network identity solutions for a government portal and those that might be used by groups of agencies or individuals responding to a major crisis such as September 11?

JV: Federation addresses the need to structure and anticipate cooperation. Say I want to go camping with the family—so I go to Reserve America to book a site. But we might also want to take in some sights of historical interest. With an intelligent federation, by my revealing a few things about my family and myself, the camping Web site could share that information with the government tourism site, and they could help me plan my vacation. That can be anticipated; it's a logical link.

Obviously, that's very different from the way government would respond to a suspected bioterrorism outbreak. A person comes down with an illness and goes to the hospital—is this the flu, or is it terrorism? Or SARS? Governments have to dynamically link together all sorts of data. A federated system could bring together information in ways that could never be predicted. This is especially important in mission-critical, homeland security, or serious medical emergencies.

BMG: So what do you see as government's role in federated network identity?

First, it's important to distinguish between authentication and authorization—too often they're seen as the same thing. Authentication is validating who I am. Sometimes it's necessary—such as when I'm boarding an airplane—and sometimes not—like when I'm accessing the weather report over the Internet. Authorization is when a company or government takes the business or security risk of giving access to information, rendering a service, or shipping a good. My airline will always authorize my ticket, but authentication may come from my bank or my government.

Authentication can often be accomplished better by one party—such as the government—and leveraged by others. For instance, every Web site wants you to create a unique login and password, but we all know that everyone uses the same password over and over. So if a hacker gets your password from a Web site, it's a good bet he's got your online banking, or corporate e-mail password. In a federated system, there'd be cooperation concerning authentication at graduated levels.

If a government authenticates you through a smart card, that's far superior to anything a bank is using today. That's a very logical goal for a government—to provide authentication that can be trusted across an ecosystem.

BMG: You mentioned smart cards—do you see them playing a big role in network identity?

JV: Oh, absolutely. Today we have multiple cards doing just one thing—our wallets are getting thicker and thicker. Smart cards can do it all: authenticate me for a network computing environment, be a payment vehicle, get me into my building, get me on an airplane. A smart card with a picture on it, that requires a password, is a powerful piece of network identity technology.

BMG: So how do you see Sun's network identity solutions stacking up against the competitors'?

JV: It's one thing to be a steward of an open standard and quite another to deliver something that people can use—if you don't deliver, you've completed only half of the obligation. For example, in January 2003—six months after the first Liberty Alliance specification was completed—we delivered the first commercial production version of an identity server that fully supports the specification. We have real products that do real work, today.

And basically, Sun's value proposition is being able to deliver a systemswide solution—from the embedded chip on a smart card to the biggest data center systems, delivering open systems and standards and eliminating lock-in. It's a very pragmatic approach. We're here to transform governments by taking their legacy investment, folding it into a network-centric environment, and enabling them to deliver central functions such as authentication and a federated network identity system. This is a huge opportunity for government to bring its services to the people in a much more elegant, useful, cost-efficient way.