The Liberty Alliance Project has published draft versions of its Phase 2 specifications and guidelines for identity-based web services. The technical specification drafts provide three new elements to Liberty Alliance's Federated Network Identity Architecture. The Liberty Identity Federation Framework (ID-FF) version 1.2 now includes protocols for Affiliations and Anonymity. Liberty Identity Web Services Framework (ID-WSF) provides for Permissions-Based Attribute Sharing, Identity Discovery Service, Interaction Service, Security Profiles, and Extended Client Support. An initial service interface specification 'Personal Profile' is part of the Liberty Identity Service Interface Specifications (ID-SIS). "Drafts of security and privacy implementation guidelines as well as a Privacy and Security Best Practices document are also introduced with the Phase 2 draft specifications. These documents highlight global privacy laws and fair information practices, as well as provide implementation guidance for organizations using the Liberty Alliance specifications to build identity-based services. A Liberty Alliance public interoperability event being held at the RSA 2003 conference is bringing together 20 of the industry's leading hardware, software, mobile device and service companies; these companies will showcase how Liberty's Phase 1 specifications for opt-in account linking and simplified sign-on can be used today in numerous business scenarios. Liberty's specifications, which are developed collaboratively by members representing various industries and organizations across the globe, are open and free for anyone to download. The specifications support and include other open industry standards like SAML, SOAP, WAP, WS-Security and XML. This allows businesses to implement Liberty-enabled products and services confidently, knowing they will interoperate with the company's infrastructure and the infrastructure of its customers and business partners."
Technical Details of the Liberty Specifications
The Phase 2 technical specification drafts announced today provide three new elements to Liberty Alliance's Federated Network Identity Architecture. These elements are:
Enhancements to Phase 1, the Liberty Identity Federation Framework (ID-FF)
The Liberty Identity Federation Framework version 1.2 provides new functionality to the opt-in account linking and single sign-on capabilities released in July 2002. ID-FF version 1.2 now includes protocols for the following features:
- Affiliation: This enables a user to choose to federate with a group of affiliated sites, a critical need for portals and business-to-employee applications.
- Anonymity: This enables a service to request certain user attributes without needing to know the user's identity.
Introduction of the Liberty Identity Web Services Framework (ID-WSF)
The Liberty Identity Web Services Framework outlines the technical components necessary to build interoperable identity-based web services. Specific features include:
- Permissions-Based Attribute Sharing: This allows an organization to offer users individualized services based on attributes and preferences that the user has chosen to share.
- Identity Discovery Service: This allows a service provider to dynamically discover the location of a user's identity services, and for the identity provider to respond based on the user's permissions. This feature is critical for being able to offer a large number of users real-time identity-based services.
- Interaction Service: This allows an identity service to obtain permission from a user (or someone who owns a resource on behalf of that user) to allow them to share data with the requesting service.
- Security Profiles: This describes the profiles and requirements necessary to protect privacy and ensure the integrity and confidentiality of messages.
- Extended Client Support: This enables hosting of Liberty-enabled identity-based services on devices without requiring HTTP servers. This is useful since most consumers do not run HTTP-servers on their PCs, and many networks do not support running HTTP-servers on consumer devices. This also reduces implementation costs in resource-constrained devices such as mobile phones.
Introduction of the Liberty Identity Service Interface Specifications (ID-SIS)
In Phase 2 and future phases on its specifications, the Liberty Alliance will be developing a collection of specifications, built on the Liberty Identity Web Services Framework, that offer companies a standard way to build interoperable identity-based services. Today, Liberty introduced its first service interface specification:
- ID-Personal Profile: This service defines a template for basic profile information, typically used in registration. It includes a standard set of attribute fields (name, legal identity, legal domicile, work address, email address) so organizations have a common language to speak to each other and offer interoperable services.
[From the announcement]
Liberty Alliance Phase 2 Draft Specifications
- Liberty ID-FF Implementation Guidelines defines the recommended implementation guidelines and checklists for the Liberty architecture focused on deployments for the service-providing entities: service providers, identity providers, and Liberty-enabled clients or proxies (LECPs).
- Liberty ID-FF Architecture Overview is a non-normative summary description of the Liberty ID-FF architecture, including policy and security guidance.
- Liberty ID-FF Bindings & Profiles Specification defines concrete transport bindings and usage profiles for the abstract Liberty protocols.
- Liberty ID-FF Protocols & Schema Specification defines the abstract protocols and XML schemas for Liberty. See the accompanying Schema.
- Liberty ID-WSF Primer is a non-normative document intended to provide an overview of the features of the Liberty ID-WSF Version 1.0 Specifications.
- Liberty ID-WSF Security & Privacy Guidelines is a non-normative document providing an overview of the security and privacy issues in ID-WSF technology and briefly explaining potential security and privacy ramifications of the technology used in ID-WSF.
- The Liberty ID-WSF Discovery Service Specification describes protocols and schema for the description and discovery of ID-WSF identity services. See the Schema and WSDL Document.
- Liberty ID-WSF SOAP Binding is a specification that defines the Liberty Identity Web Services Framework (ID-WSF) SOAP binding. It specifies simple SOAP message correlation, consent claims, and usage directives. With Schema.
- Liberty ID-WSF Security Profiles specifies security mechanisms that protect identity services. With XML Schema.
- Liberty ID-WSF Interaction Service specifies an identity service that allows providers to pose simple questions to a Principal. With XML Schema and WSDL document.
- Liberty ID-WSF Data Services Template provides protocols for the querying and modifying of data attributes when implementing a data service using the Liberty Identity Web Services Framework (ID-WSF). With XML Schema.
- Liberty ID-Personal Profile specification describes a web service that provides a Principal's basic profile information, such as their contact details, or name. With XML Schema.
- Liberty Glossary contains important terms, abbreviations and acronyms used in the Liberty specifications.
- Liberty Trust Model Guidelines is a non-normative document intended to provide guidance on a variety of models that can be applied to establish trust among Liberty components.
- The Liberty Metadata specification describes metadata, protocols for obtaining metadata, and resolution methods for discovering the location of metadata. With XML Schema.
- Liberty Authentication Context defines the authentication context schema, which is used to communicate information about an authentication event. With XML Schema.
- The Liberty Reverse HTTP Binding for SOAP specifies a binding that enables HTTP clients to expose services using the SOAP protocol, where a SOAP request is bound to an HTTP response, and a SOAP response is bound to an HTTP request. With XML Schema.
- "Liberty Alliance Announcements." Posted by Simon Nicholson 2003-04-15.
- Announcement 2003-04-15: "Liberty Alliance Releases New Specifications, Privacy and Security Guidelines to Drive Development of Identity-Based Web Services. Liberty Alliance Announces New Management Board Representatives Ericsson, Fidelity Investments, Novell and VeriSign, Inc. As Consortium Gains Momentum."
- Announcement 2003-04-15: "Liberty Alliance Hosts First Public Event Showcasing Array of Liberty-Enabled Products and Services Working Together. Interoperability Demonstrations Illustrate Liberty's Impact On Businesses, Consumers and Employees."
- Liberty Alliance Specifications
- Phase 2 Draft Specifications. Complete collection, ZIP file. See the file listing. [cache]
- "Project Liberty Privacy and Security Best Practices." Working Draft. Monday April 14, 2003. 45 pages.
- Liberty Specifications archive
- See also: "Liberty Alliance Submitting Spec to OASIS. Turning Work Over to Standards Body for First Time." By John Fontana. In InfoWorld (April 11, 2003). Details in the announcement.
- Liberty Alliance website
- "Liberty Alliance Specifications for Federated Network Identification and Authorization" - Main reference page.