Liberty Alliance Releases Business Requirements and Guidelines
Liberty Alliance Releases Business Requirements and Guidelines for Wide Scale Identity Federation
Business Consortium to Create 'Source Library' for Business Partners to Securely and Responsibly Exchange Identity Information Beyond Company Boundaries
San Francisco, California, USA. Burton Catalyst Conference. July 8, 2003.
The Liberty Alliance Project today demonstrated why network identity is more than a technology problem. At this week's Burton Catalyst Conference, the Liberty Alliance published a foundational document outlining business requirements necessary for the wide scale deployment of federated network identity. This document is the first in a series of documents the Alliance is developing to offer global businesses guidance they need to deploy federated identity beyond company walls.
"The early work of Liberty Alliance focused on the technical requirements needed to create a federated identity architecture. We introduced our first set of open federated identity specifications a year ago, and our second set of specifications is already out for public review. Now that our technical work is well under way, we must help facilitate adoption of federated identity across the industry," said Michael Barrett, president of the Liberty Alliance Management Board and vice president of Internet strategy at American Express.
"The real value in Web services will never be reached until companies can more securely and efficiently manage trusted relationship among partners, suppliers, employees and customers," continued Barrett. "Identity is the foundation of any trusted relationship, and there is a great deal of complexity in how businesses manage and share that identity information."
While identity federation holds much promise to advance Web services, it also requires that companies address the liability, risk and costs that arise with sharing information beyond company walls. The Liberty Alliance Business Guidelines document highlights four major business requirements to consider in the context of identity federation. They are:
Mutual confidence: the processes and tasks business partners must undertake to set minimum quality requirements, certify the other party has met those requirements, and manage the risk of exposure
Risk management: the best practices and procedures business partners must identity to guard themselves from the following risks:
- Losses due to identity fraud
- Losses due to the exposure of identity information
- Loss of business integrity due to insecure processes or data
Liability assessment: the process for determining in a networked environment what parties will bear which losses, under what circumstances and how to resolve disputes
Compliance: the alignment with agreed-upon standards, policies and procedures and how that compliance is governed, including compliance with local privacy requirements
For more information on these business requirements, please see the Business Guidelines document found at:
"Because of its broad makeup of end-users, vendors, governments and industry organizations, the Liberty Alliance is in a unique position to address the complex business issues of federation," said Dan Blum, vice president and research director at the Burton Group. "The range of business requirements and regulations companies must meet varies immensely depending on the industry and region within which they operate."
Analyst research firm IDC predicts that Web Services will be a $21 billion industry by 2007. However, until vendors and end-users collaboratively address the complex "identity" challenges that are currently slowing adoption of Web services, this prediction can't become a reality.
The Business Guidelines document Liberty Alliance released today provides baseline guidance on the business issues associated with wide scale inter-company federated identity management. It is also meant to solicit input from the industry at large, which may be incorporated into future documents.
Liberty Alliance plans to introduce future documents aggregating major business issues and informational sources that will guide federated identity implementations in vertical (i.e., healthcare, financial services), regional (i.e., Japan, Germany) and industry scenarios (i.e., B2B, B2C mobile). The next set of documents is expected to be available by end of 2003.
About the Liberty Alliance Project
The Liberty Alliance Project (www.projectliberty.org) is an alliance of more than 170 companies, non-profit and government organizations formed to develop and deploy open, federated network identification standards that support all current and emerging network devices in the digital economy. Federated identity will help drive the next generation of the Internet, offering businesses and consumers convenience and choice. Membership is open to all commercial and non-commercial organizations.
If you are interested in seeing the full list of Liberty Alliance members or are interested in becoming a member, please visit us at www.projectliberty.org.
Tiffany Van Gorder
Ketchum PR for Liberty Alliance
Tel: +1 415-984-6192
Ketchum PR for Liberty Alliance
Tel: +1 415-984-6159
Prepared by Robin Cover for The XML Cover Pages archive. See also the news story "Liberty Alliance Publishes Business Requirements and Guidelines for Identity Federation." General references in "Liberty Alliance Specifications for Federated Network Identification and Authorization."