The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors
NEWS
Cover Stories
Articles & Papers
Press Releases
CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG
TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps
EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Last modified: March 20, 2008
Liberty Alliance Specifications for Federated Network Identification and Authorization

Overview

The Liberty Alliance Project is a consortium of commercial and non-commercial organizations working to "support the development, deployment and evolution of an open, interoperable standard for federated network identity. The vision of the Liberty Alliance is to enable a networked world in which individuals and businesses can more easily conduct transactions while protecting the privacy and security of vital identity information.To accomplish its vision, the Liberty Alliance will establish an open standard for federated network identity through open technical specifications that will: (1) Support a broad range of identity-based products and services; (2) Enable commercial and non-commercial organizations to realize new revenue and cost saving opportunities that economically leverage their relationships with customers, business partners, and employees; (3) Provide consumers with choice of identity provider(s), the ability to link accounts through account federation, and the convenience of single sign-on, when using any network of connected services and devices; (4) Increase ease of use for e-commerce consumers; and (5) Help to stimulate e-commerce." [LA website description 2002-07]

Specifications

[November 12, 2003]   Liberty Alliance Publishes Final Phase 2 Specifications and Previews Phase 3.    An announcement from the Liberty Alliance Project describes the final publication of Phase 2 Specifications in the Liberty Identity Web Services Framework, along with the Liberty Privacy Guidelines for Federated Identity. The announcement also sketches a roadmap for Liberty Alliance Phase 3 deliverables that will benefit from member participation in two new expert groups. A Services Expert Group was formed "to define and manage the process for creating new service specifications," and a Conformance Expert Group (CEG) was formed "to define and manage the process for validating interoperability between vendors' implementations of the Liberty Alliance standards." New Service Interface Specifications planned for Liberty Phase 3 include: (1) a Contact Book Service Interface, providing a "common method for users to manage and share personal or business contacts regardless of contact book provider, enabling service providers to access or automatically update, at the user's request, information like billing or shipping address"; (2) a Geo-location Service Interface, "supporting an interoperable way to automatically identify a person's location, at the user's request, to provide services like weather, news, travel or currency updates or directions to a chosen location"; (3) a Presence Service Interface "defining a common way for users to share presence information. The new Liberty Web Services Framework provides organizations with an open, standards-based way of delivering identity-based web services that can enable new revenue opportunities, cut internal IT costs, and make web services more secure and private. Because the Liberty specifications are built on existing open industry standards such as SAML, SOAP, XML and WS-Security, they can be deployed and supported in any environment and maximize an organizations investment in non-proprietary standards." The announcement identifies five companies that have announced plans to support the Phase 2 Liberty specifications in existing or new products and services.

Phase 2 Specifications

[April 15, 2003]   Liberty Alliance Releases Phase 2 Specifications for Federated Network Identity.    The Liberty Alliance Project has published draft versions of its Phase 2 specifications and guidelines for identity-based web services. The technical specification drafts provide three new elements to Liberty Alliance's Federated Network Identity Architecture. The Liberty Identity Federation Framework (ID-FF) version 1.2 now includes protocols for Affiliations and Anonymity. Liberty Identity Web Services Framework (ID-WSF) provides for Permissions-Based Attribute Sharing, Identity Discovery Service, Interaction Service, Security Profiles, and Extended Client Support. An initial service interface specification 'Personal Profile' is part of the Liberty Identity Service Interface Specifications (ID-SIS). "Drafts of security and privacy implementation guidelines as well as a Privacy and Security Best Practices document are also introduced with the Phase 2 draft specifications. These documents highlight global privacy laws and fair information practices, as well as provide implementation guidance for organizations using the Liberty Alliance specifications to build identity-based services. A Liberty Alliance public interoperability event being held at the RSA 2003 conference is bringing together 20 of the industry's leading hardware, software, mobile device and service companies; these companies will showcase how Liberty's Phase 1 specifications for opt-in account linking and simplified sign-on can be used today in numerous business scenarios. Liberty's specifications, which are developed collaboratively by members representing various industries and organizations across the globe, are open and free for anyone to download. The specifications support and include other open industry standards like SAML, SOAP, WAP, WS-Security and XML. This allows businesses to implement Liberty-enabled products and services confidently, knowing they will interoperate with the company's infrastructure and the infrastructure of its customers and business partners."

Version 1.1 Specifications

[November 19, 2002]   Liberty Alliance Releases Draft Version 1.1 Specifications for Public Review.    The Liberty Alliance Project has released a public review draft of its version 1.1 specifications. This maintenance update incorporates feedback received from members and non-members during the last three months. The version 1.1 document suite is the first to be issued by the Liberty Alliance for public input. The Liberty Alliance Project represents "an alliance of more than 130 technology and consumer organizations formed to develop and deploy open, federated network identification specifications that support all current and emerging network devices in the digital economy. Its specifications focus on enabling interoperability between technology systems to make it easy for businesses to provide opt-in account linking and simplified sign-on functionality to partners, customers and employees." The version 1.1 draft specification suite includes two XML Schema files corresponding to the Protocols and Schema Specification and the Authentication Context Specification. The Liberty Bindings and Profiles Specification defines concrete transport bindings and usage profiles for the abstract Liberty protocols. Supporting documents include an Overview, Glossary, and Implementation Guidelines. In addition to the editorial changes, the v1.1 specification fixes a vulnerability in a Liberty-enabled Client/Proxy Profile and includes minor enhancements to provide additional flexibility in the specifications for identity and service providers. The public review period extends through December 16, 2002.

Documents:

Version 1.0 Specifications

On July 15, 2002 the Liberty Alliance Project released its version 1.0 open federated network identity specifications, and several vendors at the Burton Group Catalyst Conference in San Francisco have announced plans today to deliver Liberty-enabled products and services. The Liberty Alliance Project is a an alliance (60+ members) formed to deliver and support a federated network identity solution for the Internet that enables single sign-on for consumers as well as business users in an open, federated way. The version 1.0 specifications focus on interoperability between systems to enable opt-in account linking and simplified sign-on functionality. This allows users to decide whether to link accounts with various identity providers and makes it easier for both consumers and businesses to take advantage of the growing Web services space." Specific functionality outlined in version 1.0 includes: (1) Opt-in account linking; (2) Simplified sign-on for linked accounts; (3) Authentication context; (4) Global log-out; (5) Liberty Alliance client feature. The six-part specification includes: Architecture Overview, Architecture Implementation Guidelines, Authentication Context Specification, Bindings and Profiles Specification, Protocols and Schemas Specification, and a Technical Glossary. "The Liberty Alliance specifications leverage industry-standard security and data transfer protocols, including the Security Assertion Markup Language (SAML), developed OASIS; SAML is quickly becoming the de-facto means for exchanging user credentials between trusted environments."

Liberty Alliance V1.0 Specification Overview:

This specification defines a set of protocols that collectively provide a solution for identity federation management, cross-domain authentication, and session management. This specification also defines provider metadata schemas that may be used for making a priori arrangements between providers.

The Liberty architecture contains three actors: Principal, identity provider, and service provider. A Principal is an entity (for example, an end user) that has an identity provided by an identity provider. A service provider provides services to the Principal.

Once the Principal is authenticated to the identity provider, the identity provider can provide an authentication assertion to the Principal, who can present the assertion to the service provider. The Principal is then also authenticated to the service provider if the service provider trusts the assertion. An identity federation is said to exist between an identity provider and a service provider when the service provider accepts authentication assertions regarding a particular Principal from the identity provider. This specification defines a protocol where the identity of the Principal can be federated between the identity provider and the service provider.

This specification relies on the SAML specification [defined in SAML Core]. In SAML terminology, an identity provider acts as an Asserting Party and an Authentication Authority, while a service provider acts as a Relying Party.

Liberty Alliance specification version 1.0 documents:

  • Liberty Bindings and Profiles Specification. Edited by Jason Rouault (Hewlett-Packard Company). Version 1.0. Reference: liberty-architecture-bindings-and-profiles-v1.0. 11-July-2002. 57 pages. "This specification defines the bindings and profiles of the Liberty protocols and messages to HTTP- based communication frameworks. This specification relies on the SAML core framework in [SAMLCore] and makes use of adaptations of the SAML profiles in [SAMLBind]. A separate specification, ['Liberty Protocols and Schemas Specification'], is used to define the Liberty protocols and messages used within the profiles."

  • Liberty Architecture Overview. Edited by Jeff Hodges (Sun Microsystems, Inc.). Version 1.0. Reference: liberty-architecture-overview-v1.0. 11-July-2002. 41 pages. "The path to realizing a rich, fertile federated identity infrastructure can be taken in phases. The natural first phase is the establishment of a standardized, multivendor, Web-based single sign-on with simple federated identities based on today's commonly deployed technologies. This document presents an overview of the Liberty Version 1.0 architecture, which offers a viable approach for implementing such a single sign-on with federated identities. This overview first summarizes federated network identity, describes two key Liberty Version 1.0 user experience scenarios, summarizes the Liberty engineering requirements and security framework, and then provides a discussion of the Liberty Version 1.0 architecture."

  • Liberty Protocols and Schemas Specification. Edited by John D. Beatty (Sun Microsystems, Inc.). Version 1.0. Reference: liberty-architecture-protocols-schemas-v1.0. 11-July-2002. 27 pages. "This specification defines the abstract Liberty protocols for identity federation, single sign-on, name registration, federation termination, and single logout. Several concrete bindings and profiles of these protocols are defined in the 'Liberty Bindings and Profiles Specification'. This specification uses schema documents conforming to W3C XML Schema and normative text to describe the syntax and semantics of XML-encoded SAML assertions and protocol messages."

  • Liberty Architecture Glossary. Edited by Hank Mauldin (Cisco Systems, Inc.). Version 1.0. Reference: liberty-tech-glossary-v1.0. 11-July-2002. 13 pages. "This document is intended to provide a reference of terms, which ensures that when discussing identity solutions for the Internet and, in particular, the solution defined by the Liberty Alliance, a common understanding of their meaning exists. This document is not intended to be a complete and authoritative compendium of all terms used when discussing network identity, but rather a comprehensive list of definitions for concepts used in the whole Liberty scope."

  • Liberty Authentication Context Specification. Edited by Paul Madsen (Entrust, Inc.). Version 1.0. Reference: liberty-architecture-authentication-context-v1.0. 11-July-2002. 35 pages. "This specification defines a syntax for the definition of authentication context statements and an initial list of Liberty authentication context classes... Authentication context is defined as the information additional to the authentication assertion itself that the service provider may require before it makes an entitlements decision... Liberty will not prescribe a single technology, protocol, or policy for the processes by which identity providers issue identities to Principals and by which those Principals subsequently authenticate themselves to the identity provider... If the service provider is to place sufficient confidence in the authentication assertions it receives from an identity provider, it will be necessary for the service provider to know which technologies, protocols, and processes were used or followed for the original authentication mechanism on which the authentication assertion is based. Armed with this information and trusting the origin of the actual assertion, the service provider will be better able to make an informed entitlements decision regarding what services the subject of the authentication assertion should be allowed to access."

  • Liberty Architecture Implementation Guidelines. Edited by Lena Kannappan (France Telecom) and Matthieu Lachance (Openwave Systems Inc.). Version 1.0. Reference: liberty-architecture-impl-guidelines-v1.0. 11-July-2002. 12 pages. "This document defines the recommended implementation guidelines and checklists for the Liberty architecture focused on deployments for the service-providing entities: service providers, identity providers, and Liberty-enabled clients or proxies (LECPs). It is intended to provide recommended implementation guidelines to Liberty component developers to help them decide what they need to implement to meet their business needs... The document also provides a checklist of requirements based on the following Liberty architecture specification categories that implementers can use to advertise their supported feature set: (a) Functionality in the Liberty protocols and schemas described (b) Bindings and profiles defined for each Liberty protocol type (specific interactions between identity providers, service providers, and LECPs) (c) The authentication request and reply context-specific information."

Specification description from the FAQ document:

On July 15, 2002 the Liberty Alliance announced public availability of its version 1.0 specifications, the consortium's open, platform-agnostic specifications for federated network identity. The version 1.0 specifications focus on interoperability between systems to enable opt-in account linking and simplified sign-on functionality. This allows users to decide whether to link accounts with various identity providers and makes it easier for both consumers and businesses to take advantage of the growing Web services space. The Liberty Alliance also released guidance on how its next set of specifications will build on the version 1.0 specifications.

The Liberty version 1.0 specifications are the first step in building an open federated identity platform that will enable users to link their accounts with various disparate identity providers. Specifically, the first specifications enable the following features:

  • Opt-in account linking: Users can choose to link accounts they have with different service providers that are within "circles of trust" (existing business agreements or affinity programs)
  • Simplified sign-on for linked accounts: Once a user's accounts are federated, he/she can log in and authenticate at one linked account and navigate to another linked account without having to log in again.
  • Authentication context: Institutions or companies linking accounts can communicate the type and level of authentication that should be used when the user logs into different accounts.
  • Global log-out: Once a user logs-out of the site where they initially logged in, the user can be automatically logged-out of all of the other sites the user linked to and still maintains a live session.
  • Liberty Alliance client feature: This can be implemented on particular client solutions in fixed and wireless devices to facilitate use of the Liberty version 1.0 specifications.

The Liberty version 1.0 specifications do not involve the exchange of personal information, but rather a format for exchanging authentication information between companies so as to not reveal the identity of the user. The user may maintain separate identities in different locations.

Network identity refers to the global set of attributes that are contained in an individual's various accounts with different service providers. These attributes include such information as name, phone numbers, social security numbers, addresses, credit records and payment information. For individuals, network identity is the sum of their financial, medical and personal data-which must be carefully protected. For businesses, network identity represents their ability to know their customers and constituents and reach them in ways that bring value to both parties.

Federated network identity means consumers and businesses can allow separate entities to manage different sets of identity information. Account federation enables associating, connecting or binding a user's multiple Internet accounts within an affiliated group established between or among commercial and non-commercial organizations and governed by some legal agreement. Federated single sign-on enables users to sign on with one member of an affiliate group and subsequently use other sites within the group without having to sign-on again.

[The version 2.0 specifications] will extend the simplified sign-on capabilities in version 1.0 and enable organizations to share certain personal information of users according to the permissions and preferences granted by the user. The Alliance also anticipates that the next set of specifications will enable organizations to link and extend their service offerings between various "circles of trust" or industries.

Principal URLs

Related Topics

News, Articles and Commentary

  • [March 20, 2008] "Liberty Alliance Web Services Framework: A Technical Overview." A Liberty Alliance Project Technical Report. By Conor Cahill (Intel), Carolina Canales (Ericsson), Hubert A. Le Van Gong (Sun Microsystems), Paul Madsen (NTT), Eve Maler (Sun Microsystems), Greg Whitehead (HP). Version 1.0. February 14, 2008. 16 pages. "This overview document enumerates the major features of Liberty Web Services, a framework for identity-based services that provides added value for identity, security, and privacy above and beyond basic web services, and thereby makes identity data portable across domains. The term Liberty Web Services comprises the Identity Web Services Framework (ID-WSF) and the Identity Service Interface Specifications (ID-SIS) that take advantage of that framework. Together, these two pieces enable identity-based services — web services associated with the identity attributes of individual users. Why are identity-based services valuable? Fundamentally, because they enable a user's identity data to be portable across the many Web applications that, if able to access these attributes, can provide a more customized and meaningful experience to the user, whilst removing from that user the burden of manually repeatedly providing and managing their identity attributes at each. ID-WSF builds on many existing standards for networking and distributed computing, and adds specialized capabilities for handling identity-related information and tasks and for ensuring privacy and security. With ID-WSF providing the addressing, security and privacy plumbing — different ID-SIS specifications define the specific syntax and semantics for sharing different slices of your identity attributes. For instance, a Calendar SIS specifies how the travel service would query the user's Calendar Service for free blocks, or write an event. Other ID-SIS specifications either already exist or can be defined for other aspects of your identity, e.g., The user's personal profile, geolocation, presence, or wallet... An identity-based service is a web service associated with a particular user, i.e., a web service at which a user's calendar information can be accessed. Identity-based services require functionality beyond that necessary for basic web services not associated with a given user — particularly in the areas of identity, security, and privacy. Liberty ID-WSF specifications define the addressing, security and privacy plumbing — and different Liberty ID-SIS specifications define the specific syntax and semantics for sharing different slices of identity attributes. Together, ID-WSF and ID-SIS make identity data portable in a secure and privacy-respecting manner..." See also Eve Maler's blog. [PDF source]

  • [February 13, 2008] "Liberty Alliance Schedules Four Public Interactive Webcasts to Review and Finalize Identity Assurance Framework Criteria Consortium Releases Updated Version of the IAF as Organizations Worldwide Participate in Review and Development Process." Announcement February 13, 2008. "Liberty Alliance, the global identity consortium working to build a more trusted internet for consumers, governments and businesses worldwide, today released the latest version of the Liberty Identity Assurance Framework (IAF). The IAF is a policy-based organizational framework being developed collaboratively within the Liberty Alliance Identity Assurance Expert Group and corresponding public special interest group to advance trusted identity federations based on standardized and certified identity assurance levels. The latest version of the IAF is based on recent input from over 40 representatives from the global financial services, government, telecom, healthcare, system integrator, and technology sectors and is available for additional review and comment. Liberty Alliance formed the Identity Assurance Expert Group (IAEG) to foster adoption of identity trust services. Utilizing initial contributions from the e-Authentication Partnership (EAP) and the U.S. E-Authentication Federation, the IAEG's objective is to create a framework of baseline policies, business rules, and commercial terms against which identity trust services can be assessed and evaluated. The goal is to facilitate trusted identity federation to promote uniformity and interoperability amongst identity service providers. The primary deliverable of IAEG is the Liberty Identity Assurance Framework (LIAF). The LIAF leverages the EAP Trust Framework and the US E-Authentication Federation Credential Assessment Framework (CAF) as a baseline in forming the criteria for a harmonized, best-of-breed industry identity assurance standard. The LIAF is a framework supporting mutual acceptance, validation, and life cycle maintenance across identity federations. The main components of the LIAF are detailed discussions of Assurance Level criteria, Service and Credential Assessment Criteria, an Accreditation and Certification Model, and the associated business rules. Assurance Levels (ALs) are the levels of trust associated with a credential as measured by the associated technology, processes, and policy and practice statements. Liberty Alliance is also announcing four public webcasts, each designed to review and gather industry input into primary sections of the IAF as the Framework moves to final during 2Q of 2008...

  • [December 18, 2007] Liberty Alliance Publishes SAML 2.0 Interoperability Testing Matrix. Announcement: "Liberty Alliance Announces First Companies to Pass Full-Matrix SAML 2.0 Interoperability Testing. November Liberty Interoperable Event First to Test Over the Internet and Against US GSA SAML 2.0 Profile Requirements." — Liberty Alliance announced that products from Hewlett-Packard, IBM, RSA (The Security Division of EMC), Sun Microsystems, and Symlabs, Inc. have passed Liberty Alliance testing for SAML 2.0 interoperability. The Security Assertion Markup Language (SAML) Specification Version 2.0 was approved as an OASIS Standard in March 2005. Products and services passing SAML 2.0 interoperability testing included: Hewlett-Packard's HP Select Federation 7.0; IBM's Tivoli Federated Identity Manager, version 6.2; RSA's Federated Identity Manager 4.0; Sun Microsystems' Java System Federated Access Manager 8.0; Symlabs Inc's Federated Identity Suite version 3.3.0. The vendors participated in the November 2007 Liberty Interoperable event administered by the Drummond Group Inc. and are the first to pass full-matrix testing Liberty Alliance incorporated into its interoperability program this year. All of these vendors also passed Liberty Alliance testing against the US GSA SAML 2.0 profile, meeting the prerequisite interoperability requirements for participating in the US E-Authentication Identity Federation. Liberty Alliance continually enhances the Liberty Interoperable program to meet cross-industry demands for proven interoperable identity solutions. The November event was the first to conduct Internet-based and full-matrix testing. Internet-based testing allows vendors to participate in the same interoperability event from anywhere in the world. Full-matrix testing requires each vendor to test with every other participant to ensure testing mirrors real word identity federation interoperability requirements. The breadth and depth of these testing procedures provides deploying organizations with assurances that products have proven to interoperate with each other across the widest possible range of deployment scenarios..." See also the Matrix.

  • [March 22, 2007] "Liberty Alliance Releases New Specifications for Linking Digital Identity Management to Consumer Devices." — "Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, announced the release of the Advanced Client specifications designed to allow enterprise users and consumers to manage identity information on devices such as cameras, handhelds, laptops, printers, and televisions. The Advanced Client is a set of specifications and technologies that leverage the proven interoperability, security and privacy capabilities of Liberty Federation and Liberty Web Services to allow users to conduct a wide range of new identity-based transactions from any device. The Advanced Client is part of Liberty's roadmap to deliver an end-to-end digital identity management framework that provides enterprise users and consumers with increased identity management functionality across all networks and devices. The set of platform independent specifications were developed to extend identity management capabilities such as single sign-on, access to Web Services, stronger authentication and user-controlled provisioning to client devices. The Advanced Client will allow users to securely store identity data on a device and access and manage the information when the device is either connected to a network or offline... The Advanced Client represents the third phase of Liberty's ongoing work in delivering increased identity management functionality to client devices. In phase one Liberty Alliance defined the LECP (Liberty Enabled Client/Proxy) which was incorporated into SAML 2.0 and supports federation operations as the Enabled Client/Proxy. The Active Client is part of phase two and provides client-based Web services functionality, single sign-on into Liberty Web Services and support for any authentication model. Work on the Robust Client specifications, phase four, is underway. These phase four specifications will support trusted digital identity relationships, mobility modules and provide a platform for facilitating client-based universal strong authentication. Advanced Client relies on ID-WSF 2.0 (Liberty Web Services) which includes support for WS-Addressing and WS-Security specifications. The specific functionality included in the Advanced Client specifications released in draft form includes: Trusted Module: The Advanced Client acts as an extension of the identity provider (IdP) offering protocol support for trusted model capabilities and able to function when the IdP is not present. The specifications allow the client to assert assurances on behalf of the authority issuing the identity in a closed and protected environment such as a smart card or other tamper resistant mechanism within the client device. Provisioning: The Advanced Client supports full life-cycle provisioning of data and/or functionality to the client over the air in a privacy sensitive and secure manner. Service Hosting/Proxying (SHPS): Allows a service, such as a calendar or e-commerce profile to be hosted on a client device, such as a cell phone or laptop. The specifications allow others to interact with the service via a proxy based on the security, privacy and permission controls established by the user and when the device is either on or offline..."

  • [January 23, 2007] "Liberty Alliance Announces openLiberty Project. Consortium Leverages Global Leadership in Developing Secure and Privacy-Respecting Identity Standards to Support the Worldwide Open Source Community." — "Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced the openLiberty Project, a global initiative formed to provide resources and support to open source developers building identity-based applications. With today's news, Liberty Alliance has launched openLiberty.org, a portal where developers can collaborate in the openLiberty Project and access tools and information for 'jump starting" the development of more secure and privacy-respecting applications based on the widely deployed Liberty Federation and Liberty Web Services standards. The openLiberty Project was launched under the direction and leadership of the Liberty Alliance Open Source Special Interest Group. This group was formed to coordinate synergies among global open source initiatives and to identify the open source libraries developers need to build applications that interoperate with Liberty Federation, which consists of ID-FF 1.1, 1.2 and SAML 2.0, and Liberty Web Services, which consists of ID-WSF 1.0, 1.1, 2.0 and Liberty People Service specifications. Members of the group have identified the need to focus initially on delivering ID-WSF Web Services Consumer (WSC) libraries to allow open source developers to incorporate SAML 2.0 functionality into Web services applications. OpenLiberty.org is the first portal designed to serve as a comprehensive resource for the global open source community. OpenLiberty.org is where anyone interested in contributing to the architecture, design and development of the openLiberty Project will be able to participate in the project wiki, document repository and discussion lists. The portal will allow developers to access information about other relevant open source efforts, their relationship to the openLiberty Project and links to those efforts. Using a standard Apache licensing model, developers will have access to downloadable member contributed open source code for building applications based on standards from Liberty Alliance..."

  • [January 16, 2007] "Liberty Alliance Announces Products from CA, Entr'ouvert, Ericsson, HP, NTT, NTT Software, and Symlabs Pass Interoperability Testing." — "Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced that products from CA, Entr'ouvert, Ericsson, HP, NTT, NTT Software and Symlabs have passed Liberty Alliance testing. With today's testing results, nearly 80 identity products and solutions from vendors around the world have now passed Liberty Alliance testing for SAML 2.0, Liberty Federation and Liberty Web Services. 'Interoperability of identity products and solutions is key to the successful and wide scale deployment of federation, Web services, SOAs and social networking applications,' said Roger Sullivan, president of the Liberty Alliance Management Board and vice president of Oracle Identity Management. 'Vendors passing Liberty Alliance interoperability testing offer their customers assurances that products can interoperate from day-one and deliver real business value over the long-term.' Today's news marks the first time Liberty Alliance has tested vendors for interoperability of ID-WSF 2.0, the latest version of Liberty Web Services specifications which was released as final in October 2006. ID-WSF 2.0 includes Liberty People Service, the industry's first open Web services framework that allows consumers and enterprise users in any market segment to manage applications such as calendars, blogs, e-mail, instant messaging and photo sharing in a secure, privacy-respecting and trusted federated social network. Liberty Interoperable products are deployed extensively by governments and businesses worldwide. Organizations can trust that products that have passed Liberty Alliance testing will deploy quickly and can immediately interoperate with other Liberty-enabled technologies. During testing held in France the week of December 4, 2006, the products and services listed below demonstrated interoperability with one or more of the following standards, Liberty Federation, which consists of ID-FF 1.1, 1.2 and SAML 2.0, and Liberty Web Services, which consists of ID-WSF 1.0, 1.1, 2.0 and Liberty People Service specifications..."

  • [October 04, 2006] "Liberty Alliance Releases Final Version of ID-WSF 2.0 Web Services Standards." — "Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced the release of the final version of ID-WSF 2.0, the industry's most complete framework for building and managing privacy-respecting, secure and interoperable Web services and Service Oriented Architectures (SOAs)... The final release of ID-WSF 2.0 now includes additional support for open industry standards to allow developers, enterprises and system integrators to build successful Web services faster based on the widely deployed and proven interoperable Liberty Web Services standards. Today's release also includes Liberty People Service, the industry's first user-centric Web services protocol for managing a user's relationship network across social applications in a trusted, secure and privacy-respecting manner. The release of ID-WSF 2.0 includes Liberty People Service, the industry's first non-proprietary user-centric Web services framework to allow consumers and organizations to manage social and enterprise applications such as bookmarks, blogging, calendars, e-mail, photo sharing and instant messaging in a federated social network. With Liberty People Service individuals can easily store, maintain, and categorize online relationships with friends, family and colleagues so that other socially-aware Web services applications can leverage identity information based on the consent and privacy controls established by the user. Liberty's secure and privacy-respecting ID-WSF 2.0 provides organizations with a complete framework for deploying and managing interoperable, non-proprietary and trusted SOAs. Liberty Alliance is the only global identity organization that tests vendor products for true interoperability of identity standards. Nearly 75 products from vendors around the world have now passed testing since Liberty launched its Liberty Interoperable program in 2003. Gemalto, Epok, HP, Sun Microsystems, Novell, Nokia, NTT and Symlabs have passed testing for Liberty Web Services interoperability... Liberty Alliance regularly incorporates truly open standards into its identity specifications based on industry and member requirements for open and interoperable identity solutions. With the final release of IDW-SF 2.0, Liberty Web Services now offers increased support for SAML 2.0 to allow SAML 2.0 assertions to be used as security tokens; incorporates WS-Addressing to enable asynchronous messaging capabilities; features new subscription and notification capabilities to allow a push-model for attribute sharing; and supports identity tokens to provide a structured mechanism to refer to a user inside the network..."

  • [November 21, 2005] "Liberty Alliance Announces Latest Companies Passing SAML 2.0 Interoperability Testing. Products from IBM, NEC, NTT and RSA Security Join Liberty's Growing List of Interoperable Identity Solutions." - "The Liberty Alliance Project, a global consortium for open federated identity and Web services standards, today announced that products from IBM, NEC, NTT and RSA Security passed interoperability testing at Liberty's recent conformance event. These companies successfully demonstrated that their products meet interoperability standards for Liberty Federation and join nearly seventy other identity products and solutions from multiple vendors that have now passed Liberty interoperability testing. Liberty Alliance holds regular conformance events at varying locations around the world to test products for interoperability of Liberty identity specifications. After participating in a five-day testing event held in Tokyo earlier this month, IBM, NEC, NTT and RSA Security have demonstrated interoperability of products and solutions that incorporate Liberty Federation (Liberty ID-FF 1.2 and/or SAML 2.0) specifications. 'Liberty's Interoperable Program is about creating a global ecosystem of identity solutions that have been proven to work together in an open federated network environment,' said Roger Sullivan, chair of the Liberty Alliance conformance program and vice president of business development for Oracle's Identity Management. 'Since Liberty launched the program in 2003, identity products that have passed interoperability testing have been deployed extensively in a variety of industries and vertical market segments worldwide..."

  • [October 11, 2005] "Liberty Alliance Releases Business and Policy Guidelines for Deploying Federated Identity Management. Liberty's First Guidelines for Policy Decision Makers Addressing the Business, Legal, and Privacy Aspects of Federation." - The Liberty Alliance Project, a global consortium for open federated identity standards and identity-based Web services, has announced the release of business and policy guidelines for helping organizations address and manage the business, legal and privacy challenges of deploying federated identity management. The guidelines have been developed based on the experiences of Liberty members who have implemented federation and serve as a resource for accelerating the wide-scale deployment of federated identity solutions... With over one billion Liberty-enabled identities and devices expected globally by the end of 2006, Liberty has proven that the technology for deploying successful federation is in place. But Liberty also recognizes that in order to fully leverage the benefits of federation, technology alone is not enough. Policy decision makers need tools to help identify and manage the many business considerations involved in developing Circles of Trust, the legal and contractual frameworks governing federation between organizations. Liberty's Business and Policy Deployment Guidelines, developed by the Alliance's Public Policy Expert Group (PPEG), is the first of many tools and documents to come from Liberty to provide assistance with this decision framework. Liberty Alliance is the only global organization addressing the business, policy and technology aspects of identity management and the only identity-focused organization that has a Public Policy Expert Group, which provides advice and guidance on privacy functionality within Liberty specifications. PPEG member representatives from BIPAC, the US General Services Administration, Oracle, and Sun Microsystems spearheaded the development of the deployment guidelines by leveraging their work in open federated identity management...[Guidelines (PDF), cache]

  • [April 15, 2005] "Liberty Alliance Embraces SAML 2.0." By Jim Wagner. From InternetNews.com (April 15, 2005). "With the ink barely dry on the final Security Assertion Markup Language (SAML) 2.0 standard, officials at the Liberty Alliance are set to include the technology in its interoperability test bed Monday. The Liberty Interoperable Logo Program certifies software developers create products that interoperate with products from other vendors using a variety of specified profiles and schema. Officials at OASIS blessed the single sign-on technology for use in the industry Thursday. The technology fills in the gaps left by SAML 1.0, with improved metadata specifications to improve communications between companies using the technology within a federation, as well as new attribute profiles. Roger Sullivan, Liberty Alliance conformance expert group chairman and Oracle vice president for identity management solutions, said the organization has been working on getting SAML 2.0 into the interoperability program for some months... Several vendors have already included SAML 2.0 in their product line or are in the process of rolling out a version in the near future: Oracle, Computer Associates and RSA Security. Sullivan would not say which companies are going through the interoperability process, noting the identities of companies participating in the program are kept secret under non-disclosure agreements until several weeks after successful completion of the program. In order to gain program approval, the product must work with at least two other vendor implementations. The logo is good only for the specific version of the product that undergoes the testing, not the entire product line. According to officials, some 15 vendors and 30 products have already successfully participated in the program, the first in the industry to test and approve interoperability standards for federation, single sign-on and identity-based Web services..."

  • [April 12, 2005]   Liberty Releases Contact Book, Geo-Location, and Presence Interface Specifications.    The Liberty Alliance Project has announced the publication of three new identity management specifications that are deployable in Liberty's Identity Web Services Framework (ID-WSF). The Liberty ID-SIS Contact Book Service Specification, Liberty ID-SIS Geolocation Service Specification, and Liberty ID-SIS Presence Service Specification "offer new application functionality to enterprises and service providers, as well as privacy, personalization and security benefits to users." Liberty is an alliance of "more than 150 companies, non-profit and government organizations from around the globe, committed to developing an open standard for federated network identity that supports all current and emerging network devices. Federated identity offers businesses, governments, employees and consumers a more convenient and secure way to control identity information in today's digital economy, and is a key component in driving the use of e-commerce, personalized data services, as well as Web-based services." The Liberty ID-SIS Contact Book (ID-SIS-CB) specification defines a "common method for users to manage and share personal or business contacts regardless of contact book provider, enabling service providers to access or automatically update, at the user's request, information like billing or shipping address. ID-SIS-CB is an instance of data-oriented identity web service. It is characterized by ability to query and to update attribute data and incorporates from other specifications mechanisms for access control and conveying data validation information and usage directives. The Liberty ID-SIS Geolocation (ID-SIS-GL) specification provides "an interoperable way to automatically identify a person's location, at the user's request, to provide services like weather, news, travel or currency updates or directions to a chosen location. It is an instance of a data oriented identity web service. ID-SIS-GL uses the Liberty ID-WSF Data Services Template, and the geolocation-related data is mostly from the Mobile Location Protocol version 3.1 specified by the Open Mobile Alliance." The Liberty ID-SIS Presence Service Specification specification "defines a web service for presence information within the context of the Liberty Alliance project. It provides a common way for users to share presence information, such as whether they are online, offline, on the phone or in a meeting, with any service provider for the purpose of communicating availability. The core meaning of presence refers to a Principal's availability for communications over a network (phone, IM, video conference); 'extended' presence includes the Principal's proximity to or interaction with a user agent (e.g., 'away' or 'do not disturb'), activity (e.g., 'driving'), mood (e.g., 'grumpy'), and date/time ranges for availability."

  • [January 18, 2005] "Liberty Alliance Project Responds to RFI From U.S. Department of Health and Human Services. Consortium's Widely Implemented Specifications Focus on Privacy, Confidentiality and Security, Cited as Core Issues in Healthcare." - "Liberty Alliance, the global consortium for open federated identity standards and identity Web-based services, today announced that it had submitted a formal response to the U.S. Department of Health and Human Services' Office of the National Coordinator for Health Information Technology (ONCHIT) Request for Information (RFI) on 'Development and Adoption of a National Health Information Network.' The response was submitted on behalf of Liberty's 150-member base, and addresses possible methods by which widespread interoperability and health information exchange can be deployed and operated on a sustainable basis. Liberty also participated in a joint filing authored by 13 organizations, including the Markle Foundation, HIMSS, the AMIA, ANSI and a number of other organizations. Liberty's federated identity standards and business guidelines focus on privacy, confidentiality and security, offering the flexible, secure and open infrastructure that is required to support and manage online services and transactions that are necessary in healthcare. Liberty Alliance first introduced its specifications publicly in April 2002, and has since issued several additional revs of these specifications. The specifications have been implemented by organizations worldwide, and in fact it is estimated that there will be in excess of 400 million Liberty-enabled identities and devices by the end of 2005... ONCHIT issued the public RFI to obtain information that can be used to help develop a new vision for healthcare through the use of information technology, with the intention of developing a strategic plan to implement over the next 10 years. The initial RFI addresses the goal of interconnecting clinicians and the use of Electronic Health Records so that health information can be exchanged using advanced and secure electronic communication... Further to its healthcare focus, the Liberty Alliance will also participate in the HIMSS (Health Information and Management Systems Society) annual conference in Dallas, TX, Feb. 13-17, 2005. It will showcase a demonstration of its specifications in use in a healthcare setting, as well as present on the topic of 'Efficiency, Effectiveness and Regulatory Compliance in Healthcare: The Promise of the Liberty Alliance and Federated Identity Management'..." See also "XML in Clinical Research and Healthcare Industries."

  • [October 25, 2004] "Twelve Companies Earn Liberty Alliance Interoperable Logo at First Event to Test Identity Web Services Conformance." - "The Liberty Alliance, the global consortium developing an open federated identity standard and business tools for implementing identity-based services, today announced products and services from 12 companies have earned the Liberty Alliance Interoperable mark in the latest Liberty-sponsored conformance test — the first event to test against the Liberty Identity Web Services specification ID-WSF 1.0. The Liberty Alliance continues to be the only organization to offer more than simple specification interoperability testing and officially validate Liberty Federation and Identity Web Services implementations in products and services. Alcatel, Elios, IBM, NEC, Nokia, Novell, NTT, Oracle, Ping Identity, Sun Microsystems, Symlabs and Trustgenix have been awarded the 'Liberty Alliance Interoperable' mark. Following a rigorous testing process, conformant products may display the Liberty Alliance's highest stamp of quality, which offers buying assurances to end customers that products are truly interoperable out- of-the-box, shortening deployment cycles, increasing productivity and saving costs. 'Participants are responding to market demand for validation of quality and assurance of true interoperability,' said Roger Sullivan, vice-chair of the Liberty Alliance Conformance Expert Group. 'The conformance program offers vendors and service providers the opportunity to respond to the customer mandate for products and services that have earned the 'Liberty Alliance Interoperable' mark.' The Liberty conformance program requires that each company successfully complete tests against scripts and scenarios prepared by the Liberty Alliance Conformance Expert Group and published on the Liberty Alliance website. As part of the testing, companies must demonstrate interoperability with at least two other randomly selected participants. The program requires repeated operation of the Liberty specification's core features in many combinations and sequences and in different roles and contexts common to real-world deployments. The federation testing reviewed federation establishment and termination, single sign-on, opaque name registration, affiliation, identity proxying and anonymous login. The identity web services testing reviewed authentication, service registration and update, service lookup, service invocation and interaction. 'Liberty is pleased with the rapid adoption of its Identity Web Services specifications, and the response of both members and non-members who want to assure the market that their products will interoperate with these specifications out of the box,' said Donal O'Shea, Executive Director of Liberty Alliance. 'Companies who have earned the 'Liberty Alliance Interoperable' mark report that customers more easily create partnerships, in part because displaying the mark delivers instant market credibility and assures rapid deployment.' The conformance test event was held in Tokyo, Japan during the week of October 11-15, 2004..." General references in "Liberty Alliance Specifications for Federated Network Identification and Authorization."

  • [October 18, 2004] Liberty Alliance Continues Aggressive Growth, Expands Membership Base With Seven New Members. Liberty Identity Web Services Specifications Attract Key Players in Digital Imaging and Document Technology, Security and Telecom Markets." - The Liberty Alliance, the global consortium developing an open federated identity standard and business tools for implementing federated identity and identity-based Web services, today announced that seven organizations have joined Liberty Alliance, including leading identity management, application security, mobile and wireless security, telecommunications and research companies, as well as the world-leading digital imaging, design and document technology company. Three companies joined the Liberty Alliance at the sponsor level, one at the affiliate level, one at the associate level, and two previous members have re-joined at the associate level. New members have expressed significant interest in the Liberty Alliance Identity Web Services specifications to solve existing business needs, and plan to use the specifications for applications that are new to the Liberty Alliance, such as Digital Rights Management. Adobe Systems has joined the Liberty Alliance as a sponsor member, and plans to bring Liberty's benefits down to the document level. Working with the Liberty Alliance, Adobe will strengthen document security by adding federated identities, making it easier for businesses to employ document services for meeting compliance and regulatory mandates to protect individual privacy. Additional new sponsor members include OpenNetwork Technologies, specializing in end-to-end identity management solutions, and Senforce Technologies, developing location-aware security software for mobile and wireless computers. OpenNetwork seeks to remedy the key pain points of today's enterprises while helping companies capitalize on existing technology investments. Senforce recognizes the importance of a standards-based approach to federated authentication and seeks to actively contribute to building global awareness of privacy and privacy-friendly approaches. These new members bring to the Liberty Alliance a wealth of expertise in the identity management and mobile security markets, and demonstrate the Alliance's continued ability to attract industry leaders at a sponsor level. As industry leaders continue to understand that federation is the foundation to meaningful Web services, they seek out the Liberty Alliance as a forum to come together to build identity into electronic communications and transactions..." See also the added information about IBM joining Liberty Alliance. General references: "Liberty Alliance Specifications for Federated Network Identification and Authorization."

  • [October 19, 2004] "Liberty Alliance Captures Seven New Members." By Tony Hallett. In ZDNet News (October 19, 2004). "The Liberty Alliance, a far-reaching body working on identity standards for Web services, has signed up seven new members. At an event held in Tokyo on Monday, it announced that Adobe Systems, DAI-Labor, Deny All, M-Tech Information Technology, OpenNetwork Technologies, Senforce Technologies and Telewest Broadband are joining up. Web services require identity verification for benefits such as single sign-on. While the Liberty Alliance already includes a range of vendors, nonprofit organizations and users among its members, the latest backers cover many technology bases, including document- and location-aware security. It is notable that the group is now also talking about using its standards for applications such as digital rights management (DRM) — a vital future area for Microsoft, which holds key ground in the development of Web services. The Liberty Alliance Project also announced that it has hired a full-time executive director, longtime Silicon Valley information technology consultant and ex-IBM executive Donal O'Shea..." See also the announcement in preceding entry, with notice that IBM has also joined Liberty Alliance.

  • [June 29, 2004] "McNealy: Sun, Microsoft To Unveil Phase One of Partnership in Late Summer. Directory Interoperability for Single Sign-On Will Be Tackled First." By Elizabeth Montalbano. In CRN (June 29, 2004). "Sun and Microsoft plan to detail Phase One of their historic partnership in late summer, Sun Chairman and CEO Scott McNealy said Tuesday at JavaOne. The first phase of the partnership will be to 'solve single sign-on' and facilitate interoperability between the LDAP model of the directory and identity management products in Sun's Java Enterprise System and Microsoft ActiveDirectory, McNealy told attendees in his morning keynote at Sun's annual Java developer confab in San Francisco. Once Sun and Microsoft make their software interoperable, 'users can log into the network once without having to remember multiple passwords and have their authentication travel across software infrastructure from both Sun and Microsoft,' McNealy said. Applications that run on both systems also can take advantage of the same infrastructure for network identity. 'This should make for more efficient consumer and enterprise use,' he said. Enabling single sign-on for users across multiple Web sites, particularly for e-commerce users, has been a tricky issue. Sun and a group of partner companies initiated and supported the Liberty Alliance, which leverages the Security Assertion Markup Language (SAML) specification to enable single sign-on, while Microsoft for a time planned its own project, HailStorm, to collect user information and authenticate users across multiple sites. But users were uncomfortable with the idea of Microsoft owning all of their personal information, so HailStorm didn't fly as expected..."

  • [March 19, 2004]   Liberty's Federated Identity Project Supported by Intel and Six New Global Alliances.    The Liberty Alliance consortium has announced the formation of new relationships with six global alliances, and the addition of Intel Corporation to the Liberty Alliance Management Board. The new partner relationships will help Liberty address identity challenges in the security, financial, and mobile services sectors. Liberty is developing an open federated identity standard and business tools and guidance for implementing identity-based services. Standards organizations now working collaboratively with the Liberty Alliance include Network Applications Consortium (NAC), Open Mobile Alliance (OMA), Open Security Exchange (OSE), PayCircle, SIMalliance, and WLAN Smart Card Consortium. The forging of new global alliances by Liberty highlights the importance of federated identity as "a key enabler in everything from mobile payments and on-demand networking to integrating electronic and physical security systems." The Alliance also announced that Intel Corporation has joined the global consortium as "both a sponsor member and participating company on the Alliance's Management Board. As the newest member on the Management Board, Intel is one of fifteen (15) companies responsible for overall governance and operations of the Liberty Alliance. This new membership status will allow Intel the opportunity to work with the Liberty Alliance membership to assist in the creation and recommendation of future specifications and business tools in the area of federated identity."

  • [March 18, 2004] "Intel Joins the Liberty Alliance Project. Membership Underscores Intel's Commitment to Advance Open Standards Development." - "The Liberty Alliance Project today announced that Intel Corporation has joined the global consortium developing an open federated identity standard and business tools for implementing identity-based services, as both a sponsor member and participating company on the Alliance's Management Board. As a Liberty Alliance member, Intel will continue its efforts towards the evolution of additional devices that can take advantage of Liberty Alliance compliant infrastructure and services. Liberty's federated approach to identity management provides a standards-based foundation for identity networks and services. By identity-enabling systems and services, companies can increase security, create new efficiencies to cut internal IT costs, enable new business opportunities and make Web services more privacy friendly. Identities play a large role in the convergence between computing and communications, which is an evolution Intel has been driving for many years. Intel has worked hard to advance basic building blocks both at the silicon level as well as at the platform hardware/software level. Joining Liberty Alliance will help Intel continue to advance the development of identity standards that will become one of the basic building blocks for emerging computing and communications usage models. 'Authentication and identity management are critical to the success of new computer and communications usages,' said Colin Evans, Director System Software, Corporate Technology Group, Intel. 'Liberty Alliance brings together an exciting array of companies from many industries to define these standards and we are looking forward to working with our customers and member companies to make implementation a reality across all the hardware platforms we provide.' In addition, as the newest member on the Management Board, Intel is one of 15 companies responsible for overall governance and operations of the Liberty Alliance. This new membership status will allow Intel the opportunity to work with the Liberty Alliance membership to assist in the creation and recommendation of future specifications and business tools in the area of federated identity..."

  • [February 27, 2004]   Liberty Publishes Federated Identity Documents on Mobile Deployments and Identity Theft.    The Liberty Alliance Project has released two key federated identity documents. The Tier 2 Business Guidelines: Mobile Deployments document outlines "near-term market opportunities and business requirements for federated identity in the mobile market. The document examines how mobile operators, equipment providers, content and service providers as well as vendors and users can take advantage of the growth and demand for mobile services, and in turn, how Liberty's open standard can enable secure delivery of Web services. The Mobile Deployments guidelines address business issues that must be considered during planning and deployment, including: establishing mutual confidence and minimum quality standards; developing a comprehensive risk management strategy; defining liability and dispute resolution mechanisms; complying with agreed-upon standards and relevant legislation. A Whitepaper on Liberty Protocol and Identity Theft white paper "discusses identity theft and the related problem of identity management, showing how the Liberty Alliance Project addresses the current issue of identity theft through its specifications and through best practice implementation guidelines. Liberty specifications lower the risk of identity theft because of higher security and privacy standards. They limit the damage of identity theft caused to Principals because all their personal data is not concentrated in the same single site, and Principals control which sites can share what data." The Liberty Alliance represents more than 150 institutional members partnering to "develop open standards for federated network identity management and identity-based services. Its goals are to ensure interoperability, support privacy, and promote adoption of its specifications, guidelines and best practices."

  • [February 23, 2004] "Whitepaper on Liberty Protocol and Identity Theft." Edited by William Duserick (Fidelity Investments). February 20, 2004. 11 pages. See the announcement, "Liberty Alliance White Paper Outlines Federated Identity's Ability to Reduce Identity Theft." [cache]

  • [February 23, 2004] "Liberty Alliance White Paper Outlines Federated Identity's Ability to Reduce Identity Theft." - "The Liberty Alliance today announced the availability of a white paper calling out the growing problem of identity theft and detailing ways in which federated identity and Liberty's open standard can reduce online identity theft, its frequency and its potential impact on consumers. The white paper, The Liberty Alliance Protocol and Identity Theft White Paper, also presents deployment recommendations for federated identity as a means to further mitigate risks. Identity theft is a widespread and costly problem. Research analyst firm IDC reports that worldwide economic losses due to identity theft could reach $2 trillion by 2005 (April 2003). It's not only costly, it's time-consuming and a productivity drain on the economy. A U.S. Federal Trade Commission survey reports that in 2003 individuals spent an average of 30 hours to deal with their identity theft experience. 'Identity theft is extremely painful to consumers and very costly for businesses,' said Piper Cole, chair of Liberty's public policy expert group and vice president for global public policy at Sun Microsystems. 'It is costing merchants billions a year in charge-back fees and litigation and they are in need of an immediate solution to alleviate the bleed. Liberty's federated identity framework is a part of that solution.' Liberty's federated identity model, which distributes identity information across various trusted parties, is inherently more secure than a centralized model where all information is accessible in one location. If a centralized database is breached, the entire content of that database can be a goldmine for hackers and thieves. In addition to the federation safeguards, Liberty's framework also incorporates unique privacy controls and state-of-the-art security mechanisms to protect users and businesses..."

  • [November 12, 2003] "Sun's Java Enterprise System Provides Immediate Support for Next Generation of Liberty Alliance Specifications. Sun Java System Identity Server Delivers Support for Liberty Alliance Phase 2 Specification for Secure Federated Identity. Early Access Available for Qualified Customers." - "Sun Microsystems Inc., a founding member of the Liberty Alliance Project, today announced that its market-leading Java System Identity Server is the industry's first commercial product from a software platform vendor to support the Liberty Alliance Phase 2 specifications. This support expands the broad functionality of the Sun Java System Identity Server, a key component of the Java Enterprise System, further enabling the deployment and adoption of secure and federated identity-based Web services to fixed and mobile users' devices. 'Open standards are fundamental to the development of secure, federated identity solutions and Web services. Expanding on our support for the Liberty Alliance specifications will help our customers deliver mobility with security -- the right services to the right people at the right time on any device,' said Jonathan Schwartz, executive vice president of software for Sun Microsystems. 'Identity is a critical component for secure delivery and deployment of the network services that help our customers gain a competitive advantage in an ever-changing marketplace.' The integrated identity services of the Java Enterprise System -- access management, directory, provisioning and delegated administration -- provide the best offering for customers to reap the benefits of federated network identity. The Java Enterprise System allows Sun customers to leverage functionality of the current and future Liberty specifications through the Java System Identity Server. Early access to the Java System Identity Server's latest Liberty functionality is available for qualified Sun customers today... The Java System Identity Server was the industry's first commercial-grade identity management solution to support both SAML and the Liberty Phase 1 protocols. Sun is the first software platform vendor to support the Liberty Phase two specifications. The J2EE-based architecture of Java System Identity Server makes it the preferred developer solution for 'identity-enabling' mobile and data Web services. Java System Identity Server uses role-based access control mechanisms to centrally create and manage users, delegate user administration, and define the access policies for users on intranets and extranets... The Liberty Phase 2 specifications are critical for deploying an effective federated identity infrastructure. Expanding upon the Phase 1 specifications, which allow for cross-domain single sign-on, these new specifications add support for cross-domain attribute exchange and a foundation for Liberty-based Web services. A federated identity architecture allows an authenticated identity to seamlessly take part in targeted Web services from multiple organizations or Web domains that have business agreements in place. This brings greater efficiencies for employee identity management, creates new market and revenue opportunities between business partners, and increases the end-user's control over identity information while facilitating their access to valuable Web services..."

  • [October 17, 2003] "M-Commerce, Certifications Next for Liberty Alliance. Federated Network Identity Effort Proceeds." By Paul Roberts. In InfoWorld (October 14, 2003). "Single sign-on standards group the Liberty Alliance Project said Tuesday that it was taking over the work of European mobile computing standards group Radicchio Ltd. and that it will unveil a program to certify products and services for compliance with the Liberty Alliance's federated network identity standards. The announcements come as the trade group looks for ways to increase adoption of Liberty specifications and build a secure foundation for the growth of mobile and wireless transactions... Radicchio is a U.K.-based cross industry group that was created in 1999 to foster a secure platform for conducting transactions using mobile devices such as cell phones and PDAs (personal digital assistants). The group developed a platform called the 'Trusted Transaction Roaming platform,' or t2r, for authenticating mobile device users across different mobile networks. The t2r platform was recently submitted to the European Commission for evaluation. Under an agreement, which is still being negotiated, t2r will be transferred to the Liberty Alliance Project along with any other specifications and assets belonging to Radicchio, according to a statement released by Radicchio Tuesday at the ITU Telecom conference in Geneva. Once the transfer is complete, Radicchio will discontinue operations, according to James van der Beek, senior manager of strategy at Radicchio member Vodaphone Group. The t2r platform uses the Liberty Alliance's Federated Identity Architecture, Radicchio said in its statement. The decision to fold Radicchio, which counts leading IT players including VeriSign, Telefonaktiebolaget LM Ericsson, Vodafone and Orange as members, grew out of the realization that the challenge of mobile commerce was converging with that of verifying user identity, Van der Beek said. 'Identity impacts everything and the Liberty Alliance is the place to handle identity,' he said. The merger also fits with the Liberty Alliance's focus on a new generation of identity services, according to Simon Nicholson, chairman of the Business and Marketing Expert Group at the Liberty Alliance and a manager of strategic initiatives at Sun Microsystems. Inheriting the t2r platform will give the Liberty Alliance a head start developing standards for mobile payment and wallet services, Nicholson said. 'It's a logical next step for the Liberty Alliance to solve those future problems,' he said. The Liberty Alliance is also launching a certification program to make sure single sign-on software products and services adhere to the group's published guidelines and interoperate with other Liberty products..."

  • [October 15, 2003] "Liberty Alliance Unveils Certification Test. Certification to Assure Buyers that ID Management Products Work Well Together." By Mark Willoughby. In ComputerWorld (October 15, 2003). "The Liberty Alliance Project this week announced a certification test designed to ease concerns about interoperability between products in the fast-growing identity management market. The certification includes the Liberty Interoperability Logo to assure buyers that a vendor's products have passed a battery of tests designed to prove that users can federate and support single sign-on using authentication, authorization and provisioning layers from different identity management products. 'We have well over two dozen Liberty-compliant products shipping,' said Michael Barrett, president of the Liberty Alliance management board and vice president of Internet strategy at American Express Co. 'With the growing maturity and adoption of the alliance's specifications, our work needs to focus now on alleviating the business complexity of implementing identity federation. 'This assists the buyer in knowing that the products will work with one another if they buy logoed products,' he said. The Liberty Alliance is a group of more than 170 vendors and end-user companies formed in 2001 to develop industry standards for identity management and identity-based services. The test announcement took place at the Digital ID World exhibition here. The Liberty Alliance is one of several bodies now working on setting identity management standards. Barrett downplayed any rivalry with the Web Security Federation (WS-Federation), a group led by Microsoft and IBM that has been issuing security standards to secure Web services. Each of the two groups submits technologies for security industry standards under the auspices of the Organization for Structured Information Standards (OASIS)... 'We've adopted parts of the WS-Security specifications into Liberty standards,' said Simon Nicholson, chairman of the Liberty Alliance business and marketing group. 'We're waiting to hear from the other parties.' According to Roger Sullivan, CEO of Phaos Technologies and the head of the Liberty Alliance certification team, the tests will reproduce a real-world identity federation problem... The first test is planned in Madrid for November 11-14, 2003, with plans to hold one test each quarter in a different country." See the announcement: "Liberty Alliance Launches Certification Program for Liberty-Interoperable Products and Services. Initiative Ensures Product Compatibility to Help Increase Buyer and Partner Confidence in Identity Management Products and Services."

  • [October 14, 2003] "Radicchio to Submit M-Commerce and Security Standards Work to the Liberty Alliance Project." - "Radicchio Ltd. and the Liberty Alliance Project announced today that Radicchio, a cross-industry initiative for secure m-commerce, will contribute all its existing work in the area of mobile data services to the Liberty Alliance for further development. The move will provide the Liberty Alliance, an organisation developing an open standard for federated network identity, further expertise in the mobile and European markets, as well as additional resources. It will also help speed development of a secure standard for authenticating and sharing identity-based data services across mobile networks around the globe. Radicchio, formed in 1999 to advance the potential of mobile e-commerce and mobile security, has worked in concert with its members, a number of partners in the mobile industry, the Liberty Alliance and regulatory and standardisation organisations like the European Commission and ETSI to develop the 'Trusted Transaction Roaming' platform. Radicchio's newly developed platform, a method for securely authenticating mobile users across different mobile networks, already utilises the Liberty Alliance Federated Identity Architecture, and will continue to be supported within the Alliance. 'During our work we quickly learned identity and authentication is key to security and mobile services,' said Stefan Engel-Flechsig, Radicchio CEO. 'Our work was becoming more identity-related and the Liberty Alliance is the natural and universal place for conversations, concepts and standards around identity to develop.' The consolidation of Radicchio's work within the Liberty Alliance will also help Radicchio's member base, many of whom are also part of the Liberty Alliance. Engel-Flechsig continued, 'There are numerous standards developments occurring simultaneously which is a strain not only on the those who must implement the standards but on the members involved in standards development as well. Because of the Alliance's strong support and our shared membership, we feel this is the best place for our work to continue.' [...] Radicchio's new Trusted Transaction Roaming platform is a concept for securely authenticating mobile users across networks for offering data services. The platform will allow service providers to be able to offer data services to other network operators' customers providing more value to their own customers and offering customers a wider choice of services without leaving their existing operator network..."

  • [July 08, 2003]   Liberty Alliance Publishes Business Requirements and Guidelines for Identity Federation.    The Liberty Alliance Project has released Business Guidelines: Raising the Business Requirements for Wide Scale Identity Federation, described as the first in a series of documents the Alliance is developing to provide global businesses guidance on deploying federated identity solutions. The purpose of the document is to "identify the general business considerations that must be addressed by any organization exchanging identity information beyond company boundaries in today's complex federated identity environment." Four principal business requirements identified as critical to identity federation are highlighted in the Business Guidelines: "(1) Mutual confidence: the processes and tasks business partners must undertake to set minimum quality requirements, certify the other party has met those requirements, and manage the risk of exposure; (2) Risk management: the best practices and procedures business partners must identity to guard themselves from losses due to identity fraud, losses due to the exposure of identity information, and loss of business integrity due to insecure processes or data; (3) Liability assessment: the process for determining in a networked environment what parties will bear which losses, under what circumstances and how to resolve disputes; (4) Compliance: the alignment with agreed-upon standards, policies and procedures and how that compliance is governed, including compliance with local privacy requirements. Liberty Alliance plans to introduce future documents aggregating major business issues and informational sources that will guide federated identity implementations in vertical (i.e., healthcare, financial services), regional (i.e., Japan, Germany) and industry scenarios (i.e., B2B, B2C mobile). The next set of documents is expected to be available by end of 2003."

  • [June 02, 2003] "Federated Identity Management Addresses E-Business Challenges. Industry Commentary." By John Worrall (RSA Security) and Jason Rouault (Hewlett-Packard); RSA and HP are founding members of the Liberty Alliance Project. In Web Services Journal Volume 3, Issue 6 (June 2003), page 58. "A single organization cannot effectively manage or control an e-business initiative from beginning to end, especially when multiple partners are involved. Even within the enterprise, different business units often manage distinct sets of users and resources. That's why organizations are turning to federated identity management to address their e-business challenges. In a federated environment, a user logs on through his identity provider and then leverages that authentication to easily access resources in external domains. Federated identity standards form an abstraction layer over local identity and security environments of diverse domains. This abstraction layer provides for interoperability between disparate security systems inside and across domains, enabling true federation. Each domain maps to the agreed-upon policies without divulging sensitive user information. This trust is the foundation of any federated environment, and the organizations that work together within a domain are a circle of trust. A circle of trust connotes that both a business relationship and technical infrastructure are in place to assure secure access. The Liberty Alliance is developing and delivering the first open architecture and specifications to enable federated identity management. At its core is the Identity Federation Framework (ID-FF), which facilitates identity federation and management through features such as identity/account linkage, single sign-on, and session management. ID-FF is fundamental to underpinning accountability in business relationships and Web services; providing customization to user experience; protecting privacy; and allowing adherence to regulatory controls. The Liberty Alliance is also specifying an Identity Web Services Framework (ID-WSF) that will utilize the ID-FF. This framework introduces a Web services-based identity service infrastructure that enables users to manage the sharing of their personal information across identity and service providers as well as the use of personalized services. For example, a user may authorize a service provider to access their shipping address while processing a transaction. Built on top of the ID-WSF is a collection of interoperable identity services, the Identity Services Interface Specifications (ID-SIS). The ID-SIS might include services such as registration, contact book, calendar, geo-location, presence, or alerts. Through Liberty protocols and a standard set of attribute fields and expected values, organizations will have a common language to speak to each other and offer interoperable services. The services defined in the ID-SIS are designed to be built on top of Web services standards, meaning they are accessible via SOAP over HTTP calls, defined by WSDL descriptions, and use agreed-upon schemas... The Liberty Alliance unites more than 160 firms representing more than 1 billion consumers. Organizations like this will continue to strive to achieve digital identity standards that will facilitate e-business processes around the globe..." [alt URL]

  • [April 15, 2003] "Liberty Alliance Moves Ahead." By Peter Judge. In CNET News.com (April 15, 2003). "Proponents of the Liberty Alliance Project, a group developing online identity standards, provided details Tuesday of their Phase Two specifications and demonstrated new features. Liberty held its first public interoperability demonstration at the RSA Conference here with four different applications on display, built with Liberty 1.0 technology from some twenty vendors. The group also released a draft of its Phase 2 specifications, which are expected to become finished standards later this year. 'We've added permissions-based attribute sharing and other features,' said Michael Barrett, president of the Liberty management board and vice president of Internet strategy at American Express. The second version of the Liberty specification maps a way for Web users to exchange information with Web sites without revealing their identity. It is also designed to allow people to specify a set of affiliated sites onto which they can log. The demonstrations of Liberty 1.0 technology focused on transactions between business and among employees. In one, led by Communicator, an employee was allowed access to several financial services after signing into a single identity server within his company. In another, led by Novell, an employee accessed her pensions and retirement information from external sites through the corporate intranet without having to repeatedly log in. American Express is likely to launch this kind of service soon, hinted Barrett. 'I won't preannounce anything, but we believe there are a number of opportunities.' [...] Beyond the Phase 2 specifications, there will be further enhancements to Liberty's online ID efforts, including more work on policy, said Barrett. In the future, its specifications will be linked more closely with Web services, which are applications that use Extensible Markup Language (XML)-based protocols to share information between disparate systems. 'Identity is at the heart of the Web service story,' he said. In related news, the Liberty project announced several new members, including Ericsson, bringing the total up to 160. Interest in the specifications comes from all over the world, with companies from the Pacific Rim showing increasing attention..."

  • [April 14, 2003] "Liberty Alliance Contributes Phase 1 Network Identity Specifications to OASIS for Consideration in SAML 2.0." - "The Liberty Alliance Project and OASIS today announced that the Liberty Alliance has contributed its version 1.1 federated network identity specifications to OASIS. The OASIS Security Services Technical Committee requested Liberty's contribution to permit possible incorporation of Liberty version 1.1 specification features in future versions of the OASIS Open Standard Security Assertion Markup Language (SAML). SAML, an XML-based security framework for authentication and authorization in Web services, serves as a key underpinning to the Liberty Alliance federated network identity architecture. In keeping with Liberty Alliance's philosophy to leverage existing open standards whenever possible and build new functionality only if needed, the Alliance incorporated SAML into its Phase 1 specifications introduced in 2002. The Liberty Alliance chose to extend SAML in version 1.1 to include additional security enhancements vital to identity management, such as opt-in account linking, simple session management and global log-out capabilities. For the benefit of SAML and Liberty implementers and the industry as a whole, Liberty Alliance is providing those extensions back to OASIS for future versions of SAML... 'Collaboration between standards groups enables the Web services industry to move forward at a pace that meets the needs of the market,' said Patrick Gannon, president and CEO of OASIS. 'As SAML evolves, it makes sense to leverage the work Liberty Alliance has already done in this area. Our mutual goal is to decrease time-to-market for new technology, enhance interoperability between products and drive broader adoption of open standards.' 'We will continue to work closely with OASIS as the Liberty Alliance federated identity architecture evolves,' said Michael Barrett, president of the Liberty Alliance Management Board and vice president for Internet strategy at American Express. 'The Alliance will continue to develop Liberty's Identity Federation Framework within the consortium, and plans to collaborate closely with OASIS on future enhancements'..." See also "Security Assertion Markup Language (SAML)."

  • [April 11, 2003] "Liberty Alliance Submitting Spec to OASIS. Turning Work Over to Standards Body for First Time." By John Fontana. In InfoWorld (April 11, 2003). "Liberty will announce at next week's RSA Conference that the first phase of its work, which was completed in June 2002 and updated in January, will be turned over to the Organization for the Advancement of Structured Information Standards (OASIS). The first phase, which was renamed Identity Federation Framework (ID-FF) in March, is basically Liberty's Version 1.1 specification that outlines single sign-on and account sharing between partners with established trust relationships. The Liberty move may be a reaction to IBM Corp. and Microsoft Corp., who are not Liberty members, but are trying to create their own federated identity management framework built on WS-Security, an evolving Web services standard they created and submitted to OASIS... Draft specifications for Liberty's second and third phases of work, which now incorporate the WS-Security protocol for securing Web services messages, also will be introduced at RSA and will outline how to build a permission framework and sets of services for user identities that can be shared across the Internet. The second phase of Liberty 's work, called Identity Web Services Framework (ID-WSF), will allow islands of trusted partners to link to other islands of trusted partners and provide users with the ability to control how their identity information is shared. Phase 3, called Identity Services Interface Specifications (ID-SIS), will build services on top of ID-WSF. The two draft specifications are not being submitted to OASIS at this time but will be opened to the usual public review. 'I think it is significant that Liberty is ready to open up to a wider world than its own group,' says Prateek Mishra, co-chair of the Security Services technical committee at OASIS and director of technology and architecture at Netegrity, a Liberty Alliance member. Liberty 's Version 1.1 specification will become a foundation document to help create Version 2 of OASIS's Security Assertion Markup Language (SAML), according to sources. SAML 1.0 is a standard for exchanging authentication and authorization information and is incorporated into and extended by Liberty 's Version 1.1. The hope is that ID-WSF and ID-SIS will eventually extend SAML 2.0 to create a single standards-based environment for federated identity and sharing of identity credentials..." See also "Security Assertion Markup Language (SAML)."

  • [April 01, 2003] "The Liberty Alliance." By Paul Madsen. From WebServices.xml.com (April 01, 2003). "For the consumer or employee, federated identity will mean a far more satisfactory on-line experience - as well as new levels of personalization, security, and control over their identity information. The existence of such an infrastructure will open up new business opportunities, including providing economies of scale that lower business costs and expedite the growth of the Internet and e-commerce. Making this happen is what the Liberty Alliance Project is all about... Liberty's first phase focused on enabling simplified sign-on through identity federation -- this work is referred to as the Liberty Identity Federation Framework (ID-FF). The Liberty Phase 2 specifications (expected in mid-2003) will build on this base to provide key features for enhancing identity federation and enabling interoperable identity-based web services. This upcoming work is known as the Identity Web Services Framework (ID-WSF). The Liberty Phase 1 specifications released in July 2002, and updated in January 2003, provide the plumbing for federated identity management. These specifications, called the Liberty Alliance Identity Federation Framework (ID-FF), provide standards for simplified sign-on and federation or 'linking' among disparate accounts within a group of businesses that have already established relationships. The Liberty Phase 2 specifications, which are expected in mid-2003, will enhance Liberty's Identity Federation Framework and introduce the Liberty Alliance's Identity Web Services Framework (ID-WSF). This Web Services Framework outlines the technical components necessary to build interoperable identity-based web services that meet specific business needs and also protect the privacy and security of users' shared information. Phase 2 also includes the introduction of Liberty Alliance Identity Services Interface Specifications (ID-SIS), a collection of specifications built on the Liberty Identity Web Services Framework. These specifications will provide a standard way for companies to build interoperable services like registration profiles, contact books, or calendar, geo-location or alert services. The first service interface specification to be introduced is the ID-Personal Profile, which will define a basic profile template that can be used to build a registration service. As it did for Phase 1 ID-FF, XML will play a key role in Liberty's ID-WSF and subsequent phases. For instance, to enable the permission-based attribute sharing necessary for Web-based identity services that enable users to control their data, there will need to be XML schemas for capturing a users core profile (e.g., their shipping address, their cell phone number, etc), and a protocol for requesting such profile information..."

  • [March 25, 2003] "Phaos Releases Toolkit to Meet Liberty Alliance 1.1 Specifications, Increases Liberty Alliance Involvement as Sponsor Member. Phaos Technology Enables Java Developers to Adhere to Updated Sign-on Authentication and Authorization Specifications." - "Phaos Technology Corp., a leading global provider of cross-platform e-Security services and software tools to empower Internet applications, today announced the release of the Phaos Liberty Toolkit to enable developers to build applications that meet the newly established Liberty Alliance 1.1 specifications as well as the Company's membership as a sponsor member in the project. As a sponsor member, Phaos will participate in the policy, marketing and technology committees of the program. The Liberty Alliance strives to support the development, deployment and evolution of an open, interoperable standard for federated network identity. The Liberty Alliance 1.1 specifications are an important element for the upcoming Liberty Alliance Phase 2 specifications, which introduce the Identity Web Services Framework (ID-WSF). ID-WSF outlines the technical components necessary to build interoperable identity-based Web services that meet specific business needs and also protect the privacy and security of users' shared information. By keeping in-step with the specifications as they are ratified, Phaos enables Java developers to immediately begin building applications that adhere to the sign-on authentication and authorization specifications set by the Liberty Alliance. With the Phaos Liberty Toolkit, Java developers can rapidly build applications that enable single sign-on capabilities, support the consolidation of enterprise authentication schemes and allow the migration from legacy infrastructure to XML-based Web services. The Phaos Liberty Toolkit provides integrated message security (XML digital signatures and XML encryption) and channel security (SSL/TLS), and provides stronger privacy and identity protection mechanisms by seamlessly integrating with smart cards and hardware security modules. Dynamic and scalable performance acceleration using cryptographic/SSL accelerators is also supported..."

  • [March 24, 2003] "The First Taste of Liberty. Sign On Once, Log In Everywhere." By Frank Sommers. In Java World (March 21, 2003). "Prompting a user to separately log into closely affiliated Websites creates an awkward user experience. Web services that rely on one another may not even permit separate logins since they must operate without human intervention. The Liberty Alliance Project specifications provide a single sign-on mechanism for both Websites and Web services. This article explores how Liberty helps federate a user's identities from different service providers and uses that federated network identity to authenticate a user to many Web-accessible services. The article concludes with an example of how two Websites can use single sign-on... Being able to sign on once and log in everywhere may appear to your Website's or Web service's users as magic. But, as this example shows, there is no magic to single sign-on. It's a matter of following the Liberty protocols' message exchanges and trusting authentication decisions issued by an identity provider. The more Websites you must interact with that support Liberty, the more common the single sign-on experience becomes. Currently, only Sun Microsystems' Sun ONE (Open Network Environment) product line supports the Liberty protocols, but Liberty is fast gaining industry support, and dozens of companies have announced plans to Liberty-enable their products and e-commerce Websites. The forthcoming Liberty 2.0 specifications will address issues beyond single sign-on and identity federations -- for instance, they may let you share a user's preferences and other user-specific data as well. While eliminating duplicate login and data entry forms are sure to please your Website's or service's users, introducing Liberty into your Website or Web service architecture can cut down on what surely must be the biggest annoyance in a development project: duplicating functionality. That's because Liberty can help you factor out authentication roles, on the one hand, and services that are consumers of authentication-produced information, on the other. That way you could maintain just one service (or servlet) acting as an identity provider, and your other services can rely on that identity provider's authentication assertions. Instead of developing some application-specific way to exchange security assertion information, Liberty allows you to depend on SAML data structures. As you add services to your infrastructure, those new services can leverage what's already available..."

  • [March 11, 2003] "Introduction to the Liberty Alliance Identity Architecture." From the Liberty Alliance Project. Revision 1.0. March, 2003. 14 pages. Abstract: "This paper provides a brief overview of the Liberty Alliance's federated network identity management architecture. The Liberty Alliance's vision is one of a networked world in which individuals and businesses can more easily interact with one another, while respecting the privacy and security of shared identity information." From 'What is Identity?': "...The traits, attributes, and preferences that define individuals make up their identity, while the relationship of the individual with an entity determines which elements of the identity should be shared. This maintenance of privacy and identity control is paramount in the Internet world, yet users also demand ease-of-use and rapid access. What is the best way to balance the two needs? By establishing a federated network identity that links the various user identities together. A federated network identity delivers the benefit of simplified sign-on to users by granting rapid access to resources to which they have permission, but it does not require the user's personal information to be stored centrally. This increases security and delivers better identity control. With a federated network identity approach, users authenticate once and can retain control over how their personal information and preferences are used by the service providers. A federated network identity is also beneficial for businesses because it allows them to more easily conduct business transactions with authenticated employees, customers and partners. The group of service providers that share linked identities and have business agreements in place is known as a circle of trust. The attribute sharing policies within a circle of trust are typically based on the following: (1) A well-defined business agreement between the service providers; (2) Notification to the user of information being collected; (3) User granting consent for types of information collected; (4) Where appropriate, recording both notice and consent in an auditable fashion..." From the posting of Michael Barrett: "We are pleased to announce today the public availability of a white paper detailing the architecture for the Liberty Alliance work and specifications... The new identity architecture outlines the direction Liberty will follow to accomplish its vision of enabling a networked world in which individuals and businesses can more easily interact with one another while respecting the privacy and security of shared identity information. This document and the thinking behind it has already proven to be of great interest to the press and analyst community that has been briefed on our work, and we trust it will be equally interesting to you as you continue to explore the Liberty Alliance. This document and the roadmap for the Liberty Alliance will be a major item of discussion at the upcoming All Participant's Meeting for the Liberty Alliance to be held in San Francisco, April 14, 2003. If you haven't yet joined the Alliance but would like to start taking a more active role, this might be an opportune time for your organization to join. If you would like more information on Liberty Alliance membership please visit [the Liberty Alliance website]..." [cache]

  • [March 11, 2003] "Liberty Alliance Project Completes Federated Network Identity Architecture." - "The Liberty Alliance, a consortium formed to develop open standards for federated network identity, today released details outlining the Liberty Alliance Federated Network Identity Architecture, a complete infrastructure that the Alliance expects will resolve many of the technology issues currently hindering deployment of identity-based web services. This new identity architecture outlines the direction the Liberty Alliance will follow to accomplish its vision of enabling a networked world in which individuals and businesses can more easily interact with one another while respecting the privacy and security of shared identity information. The architecture and features of current and upcoming Liberty specifications are detailed in the white paper titled Introduction to the Liberty Alliance Identity Architecture, now available on www.projectliberty.org... The complete Liberty Alliance federated network identity architecture provides an open, standards-based foundation for building and supporting identity-based web services. The architecture enables companies to increase the security of their information systems, lower infrastructure maintenance costs, and more easily adapt to new business models and new technology. Consumers and employees will also benefit by having more choice and convenience in how they share and manage personal information over the web... The specifications released in Phase 1 in July 2002, and updated in January 2003, provide the plumbing for federated identity management. These specifications, called the Liberty Alliance Identity Federation Framework (ID-FF), provide standards for simplified sign-on and federation or "linking" among disparate accounts within a group of businesses that have already established relationships. Businesses, governments and other organizations can use this commonly accepted architecture to build their own interoperable products and services... Phase 2 of the Liberty Alliance specifications, which are expected in mid-2003, will enhance Liberty's Identity Federation Framework and introduce the Liberty Alliance's Identity Web Services Framework (ID-WSF). This Web Services Framework outlines the technical components necessary to build interoperable identity-based web services that meet specific business needs and also protect the privacy and security of users' shared information. Phase 2 also includes the introduction of Liberty Alliance Identity Services Interface Specifications (ID-SIS), a collection of specifications built on the Liberty Identity Web Services Framework. These specifications will provide a standard way for companies to build interoperable services like registration profiles, contact books, or calendar, geo-location or alert services. The first service interface specification to be introduced is the ID-Personal Profile, which will define a basic profile template that can be used to build a registration service. The Liberty Alliance is not a service-provider, so these specifications will offer a method to standardize the interface for exchanging data between different systems, not to standardize the service itself..."

  • [March 06, 2003]   Government Agencies Join Liberty Alliance to Support Digital Identity Standards.    Liberty Alliance has announced support from two key U.S. government agencies that are looking to the open Liberty Alliance Project to address digital identity challenges. The U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) "have joined the Liberty Alliance in its pursuit to develop open and interoperable standards for electronically managing identity information. The GSA and DoD join other Liberty Alliance members from both the private and public sectors, representing various countries around the world. The global collaboration of government organizations, corporations and consumer interest groups will prove invaluable to helping solve the complex technical and business issues associated with network identity that the Liberty Alliance is currently working to address."

  • [February 19, 2003] "Identity Systems and Liberty Specification Version 1.1 Interoperability." Edited by Paul Madsen. A Liberty Alliance Technical Whitepaper. February 14, 2003. 15 pages. Document Description: Liberty and 3rd Party Identity Systems White Paper-07.doc. "Today, most enterprises, government entities and non-profit organizations have substantial investments in processes and infrastructures to maintain the integrity of their business systems. Much as the Internet has provided access to sources of information and the need to track in more detail the activities of members of these organizations, sharing electronic information about users of information is rising in the minds of the management ranks of these organizations. This has spawned the need to create circles of membership in groups that can validate identities of the consumers of information. As a result, new organizations are being formed by various profit, non-profit and governmental groups to address this need. The solutions that are being put forward by these groups provide opportunities to choose or integrate with a new class of service provider called the Identity Manager. This