FSTC Report on SAML and Liberty Alliance Specifications for Financial Services
Report Finds Liberty Alliance Standard Helps Financial Institutions Extend Trusted Relationships and Enable New Online Businesses
Independent Study Sponsored by Leading Banks and Industry Vendors Demonstrate SAML and Liberty Alliance Ready to Meet Banks' Business Needs
San Francisco, CA, USA. Burton Catalyst Conference. July 09, 2003.
The Liberty Alliance specifications for federated network identity are the subject of an independent report issued today by the Financial Services Technology Consortium (FSTC) examining how financial institutions can best make use of identity management and today's leading open standards.
The report concludes that the Liberty Alliance specifications and OASIS' Security Assertion Markup Language (SAML) provide financial institutions with a standardized way to extend trusted relationships with customers and employees to third-parties, thus enhancing protection from fraud, network attack, and scrutiny compared to other proprietary solutions. It also concludes that the two leading open standards, SAML and Liberty Alliance, can enable new types of online businesses and streamline access to existing Web-based products and services.
FSTC's Identity Management in Financial Services: An assessment of the Liberty Alliance and SAML specifications report provides an introduction to Liberty Phase 1 and SAML, and assesses their ability to meet business requirements of common financial service scenarios. The report details scenarios for employee single sign-on (for outsourced employee services), business-to-business single sign-on (for supply chain management), and account aggregation. It also provides general recommendations on the future of identity management and open standards in financial services.
"Identity management is an important priority for financial institutions," said Mike McCormick, a contributor to the FSTC report and Wells Fargo systems architect. "Single sign-on is just the beginning. Deploying SSO functionality will drive additional requirements for attribute sharing in order for banks, insurance companies, brokers or others in the industry to deliver more personalized services to their users. Liberty's first set of specifications and future work is playing an important role this area."
Beyond the technology discussion, the study references Liberty's work in mitigating common business problems associated with establishing circles-of-trust, such as providing guidance on bilateral business agreements, which vary extensively among companies.
"As the Liberty Alliance expressed in our recent Business Guidelines paper, network identity is just as much about business considerations as it is about technical specifications," said Michael Barrett, president of the Liberty Alliance management board and vice president of Internet strategy at American Express. "Hammering out privacy and regulatory compliance, service level agreements, business roles and best practices is critical as we reach the deployment stage of identity-based services. This study supports Liberty's commitment to understanding the complex nature of identity deployment, especially in a trusted industry like financial services."
Sponsors of the report include Citigroup, Fidelity, JPMorgan Chase, University Bank, Wells Fargo, Digital Resources Group, eONE Global, Niteo Partners (an NEC Company), Hewlett- Packard, Sun Microsystems and Yodlee. An executive summary of the report is available on the FSTC web site at:
About Liberty Alliance Technology
The Liberty Alliance Phase 1 specifications were developed by a global consortium of businesses, government entitities and technology vendors. The Phase 1 specifications focus on interoperability between systems to enable opt-in account linking (account federation), simplified sign-on functionality and simple session management. The open specifications were made available in July 2002 and can be downloaded at www.projectliberty.org. As of July 2003, there are more than 20 Liberty-enabled products and services available, and at least 14 more companies have publicly announced they'll have Liberty-enabled products and services by 2004. The Liberty Alliance Phase 2 specifications were made available in draft form for public review in April 2003.
FSTC is a financial industry research organization comprised of banks, financial service firms, industry partners, national laboratories, universities and government agencies. Its goal is to bring forward interoperable, open-standard technologies for the financial services industry that makes possible new products and services. FSTC projects push the envelope of financial services technology, focusing on areas where industry collaboration is possible, and needed, to enable new products, reduce costs and risk, or expand market reach. FSTC provides a unique forum for financial institutions and vendors to work together on taking ideas from concept to pilot to the marketplace. For more information visit www.fstc.org.
About the Liberty Alliance Project
The Liberty Alliance Project (www.projectliberty.org) is a consortium formed to develop open standards for federated network identity management and identity-based services. The Alliance is made up of 170 members, representing a worldwide cross-section of organizations ranging from educational institutions and government organizations, to service providers and financial institutions, to technology firms and wireless providers. Federated identity will help drive the next generation of the Internet, offering businesses and consumers convenience and choice. Membership is open to all commercial and non-commercial organizations.
Tiffany Van Gorder
Ketchum PR for Liberty Alliance
Tel: +1 415-984-6192
Ketchum PR for Liberty Alliance
Tel: +1 415-984-6159
Prepared by Robin Cover for The XML Cover Pages archive. See also "FSTC Evaluation Report on Identity Management in Financial Services."