Liberty Alliance Federated Network Identity Architecture
Liberty Alliance Project Completes Federated Network Identity Architecture
Liberty Alliance Project. March 11, 2003.
The Liberty Alliance, a consortium formed to develop open standards for federated network identity, today released details outlining the Liberty Alliance Federated Network Identity Architecture, a complete infrastructure that the Alliance expects will resolve many of the technology issues currently hindering deployment of identity-based web services.
This new identity architecture outlines the direction the Liberty Alliance will follow to accomplish its vision of enabling a networked world in which individuals and businesses can more easily interact with one another while respecting the privacy and security of shared identity information.
The architecture and features of current and upcoming Liberty specifications are detailed in the white paper titled "Introduction to the Liberty Alliance Identity Architecture," now available on www.projectliberty.org.
"Federated network identity is more than just simplified sign-on, as illustrated by our direction," said Michael Barrett, President of the Liberty Alliance Management Board and Vice President of Internet Technology Strategy at American Express. "Establishing and sharing your identity is critical to any kind of reciprocal relationship. Just as you wouldn't typically begin a business relationship in the real world without an introduction, you wouldn't enter a business relationship in the online world without establishing and proving your identity."
A Foundation for Web Services
"Phase 1 of the Liberty architecture addressed the basic issues of federation and simplified sign-on," continued Barrett. "In Phase 2 and beyond we address the dynamics of the ongoing relationship that organizations have with their employees, partners, customers and citizens."
The complete Liberty Alliance federated network identity architecture provides an open, standards-based foundation for building and supporting identity-based web services. The architecture enables companies to increase the security of their information systems, lower infrastructure maintenance costs, and more easily adapt to new business models and new technology. Consumers and employees will also benefit by having more choice and convenience in how they share and manage personal information over the web.
"The Liberty Alliance is delivering its specifications in a phased approach, every six to nine months, to allow for quicker and easier implementation of identity solutions," said Jason Rouault, Chair of the Liberty Alliance's Technology Expert Group and Senior Architect at Hewlett-Packard. "Now that the first specifications are available and implementations are under way, it's imperative that we articulate the overall architecture so potential users can integrate upcoming specifications into their marketing and IT planning."
The Liberty Alliance Identity Architecture
The specifications released in Phase 1 in July 2002, and updated in January 2003, provide the plumbing for federated identity management. These specifications, called the Liberty Alliance Identity Federation Framework (ID-FF), provide standards for simplified sign-on and federation or "linking" among disparate accounts within a group of businesses that have already established relationships. Businesses, governments and other organizations can use this commonly accepted architecture to build their own interoperable products and services.
"The federated model helps increase security because it does not require that a user's personal information be centrally stored," said Phil Schacter, director of the directory and security strategies service at the Burton Group. "It also serves the needs of large corporations, whose administrative domains are managed by different divisions or outsourced companies, making enterprise-wide security more complex. Federations allow an IT manager to more easily and cost-effectively manage these various domains."
Phase 2 of the Liberty Alliance specifications, which are expected in mid-2003, will enhance Liberty's Identity Federation Framework and introduce the Liberty Alliance's Identity Web Services Framework (ID-WSF). This Web Services Framework outlines the technical components necessary to build interoperable identity-based web services that meet specific business needs and also protect the privacy and security of users' shared information.
Phase 2 also includes the introduction of Liberty Alliance Identity Services Interface Specifications (ID-SIS), a collection of specifications built on the Liberty Identity Web Services Framework. These specifications will provide a standard way for companies to build interoperable services like registration profiles, contact books, or calendar, geo-location or alert services. The first service interface specification to be introduced is the ID-Personal Profile, which will define a basic profile template that can be used to build a registration service.
The Liberty Alliance is not a service-provider, so these specifications will offer a method to standardize the interface for exchanging data between different systems, not to standardize the service itself.
About the Liberty Alliance Project
The Liberty Alliance Project (www.projectliberty.org) is a consortium formed to develop open standards for federated network identity management and identity-based services. The Alliance is made up of 160 members, representing a worldwide cross-section of organizations ranging from educational institutions and government organizations, to service providers and financial institutions, to technology firms and wireless providers. Federated identity will help drive the next generation of the Internet, offering businesses and consumers convenience and choice. Membership is open to all commercial and non-commercial organizations.
Prepared by Robin Cover for The XML Cover Pages archive. See the bibliographic reference for the document Introduction to the Liberty Alliance Identity Architecture. General references in "Liberty Alliance Specifications for Federated Network Identification and Authorization."