Liberty Alliance Phase 2 Specifications
Liberty Alliance Releases New Specifications, Privacy and Security Guidelines to Drive Development of Identity-Based Web Services
Liberty Alliance Announces New Management Board Representatives Ericsson, Fidelity Investments, Novell and VeriSign, Inc. As Consortium Gains Momentum
San Francisco, California, USA. RSA Conference. April 15, 2003.
The Liberty Alliance, a global consortium formed to develop open standards for federated network identity, today unveiled drafts of its highly anticipated Phase 2 specifications -- an important step in creating a commonly accepted and more trusted way of building and managing identity-based Web services.
Drafts of security and privacy implementation guidelines as well as a "Privacy and Security Best Practices" document, were also introduced today with the Phase 2 draft specifications. These documents highlight global privacy laws and fair information practices, as well as provide implementation guidance for organizations using the Liberty Alliance specifications to build identity-based services.
The Phase 2 draft specifications and related Privacy and Security documents are immediately available at http://www.projectliberty.org for public review and comment. The Liberty Alliance expects to incorporate comments and finalize the specifications in Q3 2003.
Helping Companies Deliver Innovative Web Services
Earlier this year, International Data Corporation (IDC) predicted that Web services would become the dominant distributed computing architecture in the next 10 years and be a $21 billion industry by 2007 [1]. Web service implementation plans are already under way, with 80 percent of U.S. enterprises saying they will have some type of web services project in process by 2008. However, by end of 2002, only 5 percent of enterprises had completed their web services projects. [2]
"The opportunity for web services is enormous from both a vendor and implementer's perspective, and innovation in this space will drive the future of e-commerce," said Michael Barrett, president of Liberty Alliance and vice president of Internet Strategy for American Express. "However, in the meantime, there are business and technology barriers impeding this innovation and progress. These barriers include the complexity of identity management -- a critical component in web services -- as well as the lack of technical standards and the inability for identity management products and services to work together."
Breaking Down the Barriers to Web Services
Businesses can capitalize on and lead this major market opportunity by incorporating the Liberty Alliance Phase 2 specifications introduced today into their products and future plans. The Liberty Alliance specifications offer a technology blueprint for companies that want to create innovative, identity-based web services based on a federated model.
Federated identity management makes it possible for an identity to be recognized and take part in personalized services across multiple domains (i.e., Web sites), taking into account both security and privacy, without all of a user's identity information being held in one place.
The specifications provide a commonly accepted way of discovering, sharing and authenticating personal information and attributes, in a permissions-based manner, over any platform or network device. In short, they simplify the technical complexity of identity management.
Liberty's open specifications also break down the interoperability barriers that currently exist in the identity management space. Liberty's specifications, which are developed collaboratively by members representing various industries and organizations across the globe, are open and free for anyone to download. The specifications support and include other open industry standards like SAML, SOAP, WAP, WS-Security and XML. This allows businesses to implement Liberty-enabled products and services confidently, knowing they'll interoperate with the company's infrastructure and the infrastructure of its customers and business partners.
Building Consumer Trust in Web Services
The Liberty Alliance also addressed privacy and security issues in the Implementation Guidelines and Best Practices documents released today with the Phase 2 draft specifications. These draft documents offer guidance to help companies build more secure, privacy-friendly identity-based services that can be in compliance with local regulations and create a more trusted relationship with customers and partners.
The Privacy and Security Best Practices document covers the following issues:
- Liberty's perspective on privacy and its role in writing open standards that address privacy and security concerns related to federated identity
- Brief overview of global privacy laws and fair information principles
- Privacy and security recommendations for Liberty implementers, highlighting the importance of providing users with access, notice, choice, control and protection over their information.
- Guidance on protecting against Internet and implementation vulnerabilities
The draft Implementation Guidelines document provides a more technically-oriented explanation of how the Phase 2 specifications can be implemented in a manner that addresses privacy and security issues.
Technical Details of the Liberty Specifications
The Phase 2 technical specification drafts announced today provide three new elements to Liberty Alliance's Federated Network Identity Architecture. These elements are:
Enhancements to Phase 1, the Liberty Identity Federation Framework (ID-FF)
The Liberty Identity Federation Framework version 1.2 provides new functionality to the opt-in account linking and single sign-on capabilities released in July 2002. ID-FF version 1.2 now includes protocols for the following features:
- Affiliation: This enables a user to choose to federate with a group of affiliated sites, a critical need for portals and business-to-employee applications.
- Anonymity: This enables a service to request certain user attributes without needing to know the user's identity.
Introduction of the Liberty Identity Web Services Framework (ID-WSF)
The Liberty Identity Web Services Framework outlines the technical components necessary to build interoperable identity-based web services. Specific features include:
- Permissions-Based Attribute Sharing: This allows an organization to offer users individualized services based on attributes and preferences that the user has chosen to share.
- Identity Discovery Service: This allows a service provider to dynamically discover the location of a user's identity services, and for the identity provider to respond based on the user's permissions. This feature is critical for being able to offer a large number of users real-time identity-based services.
- Interaction Service: This allows an identity service to obtain permission from a user (or someone who owns a resource on behalf of that user) to allow them to share data with the requesting service.
- Security Profiles: This describes the profiles and requirements necessary to protect privacy and ensure the integrity and confidentiality of messages.
- Extended Client Support: This enables hosting of Liberty-enabled identity-based services on devices without requiring HTTP servers. This is useful since most consumers do not run HTTP-servers on their PCs, and many networks do not support running HTTP-servers on consumer devices. This also reduces implementation costs in resource-constrained devices such as mobile phones.
Introduction of the Liberty Identity Service Interface Specifications (ID-SIS)
In Phase 2 and future phases on its specifications, the Liberty Alliance will be developing a collection of specifications, built on the Liberty Identity Web Services Framework, that offer companies a standard way to build interoperable identity-based services. Today, Liberty introduced its first service interface specification:
- ID-Personal Profile: This service defines a template for basic profile information, typically used in registration. It includes a standard set of attribute fields (name, legal identity, legal domicile, work address, email address) so organizations have a common language to speak to each other and offer interoperable services.
Liberty Alliance will continue to update its Phase 2 specifications through the public review period and expects a final version of the specifications to be available in Q3 2003.
Expanding Beyond Technical Specifications
Many companies and organizations have expressed to the Liberty Alliance a need for business guidelines, as well as technology specifications, to further address the business complexity of creating new identity-based Web services. As part of the next phase of Liberty Alliance work, the organization intends to develop business best practices guidelines that assist companies in forming partnerships, or "circles of trust," to deliver identity-based Web services. They will also address related business challenges, such as liability. The first draft of Liberty's business guidelines are expected to be released by Q2 2003.
Continuing to Grow Our Membership Base
The Liberty Alliance is led by its Management Board, which consists of 14 sponsor member companies. The board works together with the Alliance's Public Policy, Technology and Business & Marketing Expert Groups to guide the consortium's direction and identify major issues affecting identity and web services. Today, the Alliance announced four new members to its Management Board. The new board members -- Ericsson, Fidelity Investments, Novell and VeriSign, Inc. -- represent the telecom, financial services, software and security sectors. Companies interested in joining the Alliance should visit the Liberty Alliance Web site for more information or email info@projectliberty.org
About the Liberty Alliance Project
The Liberty Alliance Project (http://www.projectliberty.org) is a consortium formed to develop open standards for federated network identity management and identity-based services. The Alliance is made up of 160 members, representing a worldwide cross-section of organizations ranging from educational institutions and government organizations, to service providers and financial institutions, to technology firms and wireless providers. Federated identity will help drive the next generation of the Internet, offering businesses and consumers convenience and choice. Membership is open to all commercial and non-commercial organizations.
[1] IDC, U.S. Web Services Market Analysis, February 2003. (Statistic represents the software, services, and hardware opportunity for web services in the U.S.)
[2] IDC, U.S. Web Services Market Analysis, February 2003.
Contacts
Tiffany Van Gorder
Ketchum PR for Liberty Alliance
Tel: 1-415-984-6192
Email: tiffany.vangorder@ketchum.com
Michelle Vance
Ketchum PR for Liberty Alliance
Tel: 1-415-984-6170
Email: michelle.vance@ketchum.com
[Source: https://www.projectliberty.org/press/releases/2003-04-15-Phase2.html]
Prepared by Robin Cover for The XML Cover Pages archive. See the news story "Liberty Alliance Releases Phase 2 Specifications for Federated Network Identity." General references in "Liberty Alliance Specifications for Federated Network Identification and Authorization."