February 24, 2004

Sun Defines Infinite Access Security Model

All Software Products to Integrate Support for Java Card Authentication, Cross-Platform Identity Management and Strong Containment.

SAN FRANCISCO, RSA Conference 2004 - Booth # 1021, Feb. 24 /PRNewswire-FirstCall/ -- Sun Microsystems, Inc. (NASDAQ:SUNW) , the creator and leading
advocate of Java(TM) technology, today defined its new infinite access security model, helping businesses securely open up their enterprise to the
network and extract more value from the Internet. Sun plans to invisibly integrate multi-factor authentication, identity management and containment
support into all of its software products and platforms. Sun's Java Desktop System, an affordable, secure and open standards-based alternative to
Microsoft Windows, will be Sun's first product to integrate complete out-of-the-box support for Java Card multi-factor authentication technology.

"Network security is not the oxymoron our competitor would like you to believe. But it's time the industry admitted that the defensive approach to PC
security with bigger moats, taller walls and memos from the CEO have clearly failed," said Jonathan Schwartz, executive vice president of software,
Sun Microsystems. "It's time we went on the offensive by proactively authenticating and differentiating service to the good guys, instead of always
hunting the bad. This approach is more befitting a limitless internet -- spanning all network devices and services, not just PCs -- and the products
and technologies already in deployment by some of the highest security yet most open and interoperable network operators in existence. Infinite
possibility requires infinite access based on simplicity, integration and automation."

Sun's new infinite access security model is designed to make security integrated, invisible and infinite for customers. It helps create a managed risk
environment that allows access to be appropriate and acceptable to the service providers in enterprises, consumer and governmental organizations.

-- Integrated: Systems integration across physical and virtual access,
infrastructure integration between enterprise and consumer services
(employee lifecycle management, single-sign-on), and business
integration between partners, and suppliers make the experience as
seamless as possible for users, and as cost-effective and scalable as
possible for providers.

-- Invisible: Security should deliver convenience with confidence. An
infinite access system lets users get what they want, when they want
it. It is visible enough to be comforting and allow individuals
confidence in privacy, regulatory confidence in compliance, and
business confidence in risk mitigation. It is invisible as much as
possible so that user experience does not disrupt security policy.

-- Infinite: Everything of value is connecting to the network. And as
more and more objects connect to the network, the world is accessing
more resources. Sun, along with the Java community and its open
standards and open source partners, is working to reveal the potential
of the infinite network while enabling the up-time and social mores
that protect business values. Collectively the doors to opportunity can
be opened, and the windows that create risk and fear can be closed.

Three architectural pillars underscore Sun's infinite access security model: strong authentication, identity management, and risk management through

-- Strong Authentication: multi-factor authentication assigns a
verifiable identity to a user, data, application or service. Once
authentication occurs, the identity management infrastructure can
authorize or refuse entry to or communication with the next tier of
access. Authentication opens the doors to services across many
different devices and ends the need for multiple passwords and token

-- Identity Management: the management of authenticated identities
delivers authorization control over role-based access to data, and
centralized provisioning and de-provisioning capabilities over user
access to data or applications. It also enables authorization
escalation, allowing the enterprise to set and enforce policy
authorizing what levels of access are allowed under pre-defined levels
of authentication, including federation. Federation of authentication
allows single-sign-on across services and allows seamless access to
multiple capabilities.

-- Containment: Strong containment and partitioning capabilities manage
the risk of infinite access, allowing authenticated and centrally
managed users or data to only interact with the data or application
contained within a specific partition. Even if unauthorized access is
achieved, the violation is restricted to a limited area of the network.
Sun's N1(TM) Grid Containers will deliver this functionality to the
next version of the Solaris Operating System.

Sun's expertise in the three core principles of infinite access security -- authentication, identity management and containment -- is unparalleled.
The world's leading government agencies, such as the U.S. Department of Defense, depend on Java Card(TM) technology for secure network identification
cards; Sun's Java System Identity Server is the industry's leading identity management platform and Sun is a founding member of the Liberty Alliance,
the inter-industry group dedicated to establishing open standards for federated network identity; and the next generation of Sun's Solaris(TM)
operating system will include N1 Grid Containers, one of the industry's most advanced containment and partitioning technologies.

Secure Authentication Across Every Area of the Network

Java Card technology is one of the best secure authentication technologies for trust, privacy and verification of identity on the network, deployed in
over 500 million smart card and mobile phone environments around the world. Sun is building on this success and applying its expertise to the Windows
environment though inclusion of Java Card technology support in its Java Desktop System and Java software systems. This model will not only secure
access to the device (mobile handset, desktop or infrastructure), but access to network services, and ultimately access to and distribution of
content. This guarantees authentication of the device, of the sender, and of content represented, helping reduce victimization through fraudulent Web
sites, and e-mail spam and viruses.

In addition to Java Card multi-factor authentication support, the next version of Java Desktop System will include the Java Desktop System
Configuration Manager, a tool for central management of user settings. This enables systems administrators to set security preferences and easily and
effectively manage them across the entire enterprise.

Security Innovation Through Open Standards

Sun believes in security through openness. Security standards should be open to being created, tested, analyzed and challenged by a huge community of
intelligent programmers, developers and security experts.

Today Sun also announced support for leading security and identity open standards efforts, demonstrating its continued commitment to building security
into the underlying standards defining the Network.

-- OASIS PKI Action Plan: Today, with Sun's strong participation and
endorsement, the OASIS Public Key Infrastructure (PKI) Technical
Committee released its PKI Action Plan. The OASIS PKI Action Plan calls
for clear and specific guidelines for using PKI in the most relevant
application types (document signing, secure email, and electronic
commerce); interoperability testing; improved educational materials;
best practices and other measures to reduce cost; and outreach to
software application vendors to increase PKI implementation. Sun is
proud to support expansion of PKI, an important security technology
used in many widely deployed standards (such as SSL and IPSEC) to
secure network connections.

-- Liberty Alliance: Sun strongly endorses the Liberty Alliance
announcement of its mobile business guidelines, the first set of
vertically oriented business guidelines, outlining near-term market
opportunities and business requirements for federated identity
deployments in the mobile space. Federated identity, which securely
links and manages identity information among different systems, has
particular application to the mobile industry.

About Sun Microsystems, Inc.

Since its inception in 1982, a singular vision -- "The Network Is The Computer" -- has propelled Sun Microsystems, Inc. to its position as a leading
provider of industrial-strength hardware, software and services that make the Net work. Sun can be found in more than 100 countries and on the World
Wide Web at http://sun.com/ .

NOTE: Sun, Sun Microsystems, the Sun logo, Java, Java Card, N1, Solaris, and "The Network Is The Computer" are trademarks or registered trademarks of
Sun Microsystems, Inc. in the United States and other countries.

Click Here!