The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Created: April 15, 2003.
News: Cover StoriesPrevious News ItemNext News Item

Liberty Alliance Releases Phase 2 Specifications for Federated Network Identity.

The Liberty Alliance Project has published draft versions of its Phase 2 specifications and guidelines for identity-based web services. The technical specification drafts provide three new elements to Liberty Alliance's Federated Network Identity Architecture. The Liberty Identity Federation Framework (ID-FF) version 1.2 now includes protocols for Affiliations and Anonymity. Liberty Identity Web Services Framework (ID-WSF) provides for Permissions-Based Attribute Sharing, Identity Discovery Service, Interaction Service, Security Profiles, and Extended Client Support. An initial service interface specification 'Personal Profile' is part of the Liberty Identity Service Interface Specifications (ID-SIS). "Drafts of security and privacy implementation guidelines as well as a Privacy and Security Best Practices document are also introduced with the Phase 2 draft specifications. These documents highlight global privacy laws and fair information practices, as well as provide implementation guidance for organizations using the Liberty Alliance specifications to build identity-based services. A Liberty Alliance public interoperability event being held at the RSA 2003 conference is bringing together 20 of the industry's leading hardware, software, mobile device and service companies; these companies will showcase how Liberty's Phase 1 specifications for opt-in account linking and simplified sign-on can be used today in numerous business scenarios. Liberty's specifications, which are developed collaboratively by members representing various industries and organizations across the globe, are open and free for anyone to download. The specifications support and include other open industry standards like SAML, SOAP, WAP, WS-Security and XML. This allows businesses to implement Liberty-enabled products and services confidently, knowing they will interoperate with the company's infrastructure and the infrastructure of its customers and business partners."

Technical Details of the Liberty Specifications

The Phase 2 technical specification drafts announced today provide three new elements to Liberty Alliance's Federated Network Identity Architecture. These elements are:

  1. Enhancements to Phase 1, the Liberty Identity Federation Framework (ID-FF)

    The Liberty Identity Federation Framework version 1.2 provides new functionality to the opt-in account linking and single sign-on capabilities released in July 2002. ID-FF version 1.2 now includes protocols for the following features:

    • Affiliation: This enables a user to choose to federate with a group of affiliated sites, a critical need for portals and business-to-employee applications.
    • Anonymity: This enables a service to request certain user attributes without needing to know the user's identity.

  2. Introduction of the Liberty Identity Web Services Framework (ID-WSF)

    The Liberty Identity Web Services Framework outlines the technical components necessary to build interoperable identity-based web services. Specific features include:

    • Permissions-Based Attribute Sharing: This allows an organization to offer users individualized services based on attributes and preferences that the user has chosen to share.
    • Identity Discovery Service: This allows a service provider to dynamically discover the location of a user's identity services, and for the identity provider to respond based on the user's permissions. This feature is critical for being able to offer a large number of users real-time identity-based services.
    • Interaction Service: This allows an identity service to obtain permission from a user (or someone who owns a resource on behalf of that user) to allow them to share data with the requesting service.
    • Security Profiles: This describes the profiles and requirements necessary to protect privacy and ensure the integrity and confidentiality of messages.
    • Extended Client Support: This enables hosting of Liberty-enabled identity-based services on devices without requiring HTTP servers. This is useful since most consumers do not run HTTP-servers on their PCs, and many networks do not support running HTTP-servers on consumer devices. This also reduces implementation costs in resource-constrained devices such as mobile phones.

  3. Introduction of the Liberty Identity Service Interface Specifications (ID-SIS)

    In Phase 2 and future phases on its specifications, the Liberty Alliance will be developing a collection of specifications, built on the Liberty Identity Web Services Framework, that offer companies a standard way to build interoperable identity-based services. Today, Liberty introduced its first service interface specification:

    • ID-Personal Profile: This service defines a template for basic profile information, typically used in registration. It includes a standard set of attribute fields (name, legal identity, legal domicile, work address, email address) so organizations have a common language to speak to each other and offer interoperable services.

[From the announcement]

Liberty Alliance Phase 2 Draft Specifications

Principal references:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Bottom Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: