FSTC Releases Evaluation Report on Identity Management in Financial Services

FSTC Completes Industry Assessment of Liberty Alliance and SAML Technologies

Report Identifies Opportunities for Financial Institutions to Extend Trusted Relationships with Customers and Employees Out to Third Parties

San Francisco, California, USA. July 09, 2003.

The Financial Services Technology Consortium (FSTC) today announced the completion of a six-month evaluation of current industry initiatives in identity management. The report, "Identity Management in Financial Services", is a critical assessment of how well the Liberty Alliance and SAML specifications meet the needs of the financial services industry as measured against common business use scenarios and known industry requirements.

"While both specifications are strong technical foundations for building network identity customer relationships, these technologies are only part of a complete network identity solution," said Zachary Tumin, FSTC executive director. "Financial institutions must pay as much attention, if not more, to traditional industry concerns such as risk exposure, liability, auditing, customer support, and compliance issues. We expect our findings to provide significant insights to FSTC members as well as standards setting organizations and consortiums, such as OASIS and the Liberty Alliance."

Results were based on an in-depth analysis of business and technology requirements for three typical financial industry use cases: employee single sign-on to enterprise partners, business-to-business single sign-on, and business-to-consumer account aggregation. The employee to enterprise partner scenario fits well with both technologies, and appears to provide a very suitable target opportunity for early industry adoption. For business-to-business use, Liberty and SAML are well suited to the support the needs of financial institutions attempting to support a business supply chain. In account aggregation, the report concludes that the use of SAML technologies would offer financial institutions an option to eliminate the sharing of confidential customer credentials.

FSTC members that contributed to the development of the report include financial institutions such as Citigroup, Fidelity, JPMorgan Chase, University Bank, and Wells Fargo. Technology vendors providing input include Digital Resources Group, eONE Global, Hewlett-Packard, Niteo Partners (an NEC Company), Sun Microsystems, and Yodlee.

"While both Liberty and SAML technologies provide much promise for our industry, standards bodies and technology vendors still need to make it easier for financial institutions to develop and deploy network identity solutions," said Jim Salters, director of technology initiatives and project development at FSTC. "Interoperability and performance, for example, are two areas of concern."

The review evaluated financial industry requirements against the OASIS Security Assertion Markup Language V1.0 specification (SAML) and Liberty Alliance Identity Federation Framework V1.1 specification (Liberty). The evaluation was done in the context of the North American financial services marketplace. The complete report is available to FSTC members now. An executive overview is available on the FSTC Web site at:

http://www.fstc.org/projects/liberty/executive-overview.pdf

For more information about this study, and opportunities to participate in a follow-on project, contact Jim Salters at +1 (513) 405 0717.

About FSTC

FSTC is a financial industry research organization comprised of banks, financial service firms, industry partners, national laboratories, universities and government agencies. Its goal is to bring forward interoperable, open-standard technologies for the financial services industry that makes possible new products and services. FSTC projects push the envelope of financial services technology, focusing on areas where industry collaboration is possible, and needed, to enable new products, reduce costs and risk, or expand market reach. FSTC provides a unique forum for financial institutions and vendors to work together on taking ideas from concept to pilot to the marketplace. For more information, visit http://www.fstc.org.

Prepared by Robin Cover for The XML Cover Pages archive. See also the news story "Liberty Alliance Publishes Business Requirements and Guidelines for Identity Federation." General references in: (1) "Security Assertion Markup Language (SAML)"; (2) "Liberty Alliance Specifications for Federated Network Identification and Authorization."

SEARCH Advanced Search ABOUT Site Map CP RSS Channel Contact Us Sponsoring CP About Our Sponsors NEWS Cover Stories Articles & Papers Press Releases CORE STANDARDS XML SGML Schemas XSL/XSLT/XPath XLink XML Query CSS SVG TECHNOLOGY REPORTS XML Applications General Apps Government Apps Academic Apps EVENTS LIBRARY Introductions FAQs Bibliography Technology and Society Semantics Tech Topics Software Related Standards Historic	FSTC Releases Evaluation Report on Identity Management in Financial Services FSTC Completes Industry Assessment of Liberty Alliance and SAML Technologies Report Identifies Opportunities for Financial Institutions to Extend Trusted Relationships with Customers and Employees Out to Third Parties San Francisco, California, USA. July 09, 2003. The Financial Services Technology Consortium (FSTC) today announced the completion of a six-month evaluation of current industry initiatives in identity management. The report, "Identity Management in Financial Services", is a critical assessment of how well the Liberty Alliance and SAML specifications meet the needs of the financial services industry as measured against common business use scenarios and known industry requirements. "While both specifications are strong technical foundations for building network identity customer relationships, these technologies are only part of a complete network identity solution," said Zachary Tumin, FSTC executive director. "Financial institutions must pay as much attention, if not more, to traditional industry concerns such as risk exposure, liability, auditing, customer support, and compliance issues. We expect our findings to provide significant insights to FSTC members as well as standards setting organizations and consortiums, such as OASIS and the Liberty Alliance." Results were based on an in-depth analysis of business and technology requirements for three typical financial industry use cases: employee single sign-on to enterprise partners, business-to-business single sign-on, and business-to-consumer account aggregation. The employee to enterprise partner scenario fits well with both technologies, and appears to provide a very suitable target opportunity for early industry adoption. For business-to-business use, Liberty and SAML are well suited to the support the needs of financial institutions attempting to support a business supply chain. In account aggregation, the report concludes that the use of SAML technologies would offer financial institutions an option to eliminate the sharing of confidential customer credentials. FSTC members that contributed to the development of the report include financial institutions such as Citigroup, Fidelity, JPMorgan Chase, University Bank, and Wells Fargo. Technology vendors providing input include Digital Resources Group, eONE Global, Hewlett-Packard, Niteo Partners (an NEC Company), Sun Microsystems, and Yodlee. "While both Liberty and SAML technologies provide much promise for our industry, standards bodies and technology vendors still need to make it easier for financial institutions to develop and deploy network identity solutions," said Jim Salters, director of technology initiatives and project development at FSTC. "Interoperability and performance, for example, are two areas of concern." The review evaluated financial industry requirements against the OASIS Security Assertion Markup Language V1.0 specification (SAML) and Liberty Alliance Identity Federation Framework V1.1 specification (Liberty). The evaluation was done in the context of the North American financial services marketplace. The complete report is available to FSTC members now. An executive overview is available on the FSTC Web site at: http://www.fstc.org/projects/liberty/executive-overview.pdf For more information about this study, and opportunities to participate in a follow-on project, contact Jim Salters at +1 (513) 405 0717. About FSTC FSTC is a financial industry research organization comprised of banks, financial service firms, industry partners, national laboratories, universities and government agencies. Its goal is to bring forward interoperable, open-standard technologies for the financial services industry that makes possible new products and services. FSTC projects push the envelope of financial services technology, focusing on areas where industry collaboration is possible, and needed, to enable new products, reduce costs and risk, or expand market reach. FSTC provides a unique forum for financial institutions and vendors to work together on taking ideas from concept to pilot to the marketplace. For more information, visit http://www.fstc.org. Prepared by Robin Cover for The XML Cover Pages archive. See also the news story "Liberty Alliance Publishes Business Requirements and Guidelines for Identity Federation." General references in: (1) "Security Assertion Markup Language (SAML)"; (2) "Liberty Alliance Specifications for Federated Network Identification and Authorization."