The Liberty Alliance Project has released two key federated identity documents. The Tier 2 Business Guidelines: Mobile Deployments document outlines "near-term market opportunities and business requirements for federated identity in the mobile market. The document examines how mobile operators, equipment providers, content and service providers as well as vendors and users can take advantage of the growth and demand for mobile services, and in turn, how Liberty's open standard can enable secure delivery of Web services. The Mobile Deployments guidelines address business issues that must be considered during planning and deployment, including: establishing mutual confidence and minimum quality standards; developing a comprehensive risk management strategy; defining liability and dispute resolution mechanisms; complying with agreed-upon standards and relevant legislation."
A Whitepaper on Liberty Protocol and Identity Theft white paper "discusses identity theft and the related problem of identity management, showing how the Liberty Alliance Project addresses the current issue of identity theft through its specifications and through best practice implementation guidelines. Liberty specifications lower the risk of identity theft because of higher security and privacy standards. They limit the damage of identity theft caused to Principals because all their personal data is not concentrated in the same single site, and Principals control which sites can share what data."
The Liberty Alliance represents more than 150 institutional members partnering to "develop open standards for federated network identity management and identity-based services. Its goals are to ensure interoperability, support privacy, and promote adoption of its specifications, guidelines and best practices."
Tier 2 Business Guidelines: Mobile Deployments. February 04, 2004. 30 pages. Edited by Frank Kaupa (American Express), Xavier Passard (Axalto, a Schlumberger Co.), Alain Nochimowski and Philippe Deniau (France Telecom), Paul Miller (Gemplus), Mark Foster (NeuStar), Ian Nordman and Bjorn Wigforss (Nokia), Andrew Sikiar (Sun Microsystems), Stephanie Manning, Christina Hirsch, and James Vanderbeek (Vodafone).
Document abstract: "For the reader active in the mobile business market, this document provides generic guidance and information sources — legislation and articles — for examining the broad federated-identity business issues within the mobile-services industry, as generally identified by the Alliance. The Tier 2 Scenario document combines the significant business issues that span the various Liberty implementation scenarios (B2B, B2C mobile, etc.) from mutual confidence, risk, liability and compliance perspectives. See Business Guidelines document published July 2003. For people wanting to deploy a Liberty-enabled infrastructure, this document will help them understand the business stakes involved in the federation process. It is written using the mobile-industry market input written in Liberty marketing-use cases and requirements that serve as the foundation of the Liberty specification."
Whitepaper on Liberty Protocol and Identity Theft. Edited by William Duserick (Fidelity Investments). From the Liberty Alliance Project. February 20, 2004. 11 pages. Contributors: Paul Madsen (Entrust), Sandra Silk (Fidelity Investments), Luc Mathan (France Telecom), Margareta Bjorksten (Nokia), Niina Karhuluoma (Nokia), Shin Adachi (NTT), Eric Norlin (Ping Identity Corporation), Linda Elliott (Ping Identity Corporation), Karyn Murphy (RSA Security), Tanya Candia (Sigaba), Piper Cole (Sun Microsystems), Susan Landau (Sun Microsystems), and Stephen Deadman (Vodafone).
Paper Abstract: "Identity theft, a modern crime of this modern age, has become a significant threat to the growth of electronic commerce. Cases of misuse of online accounts by imposters as well as creation of new accounts using stolen identity and attribute information are prevalent. The resulting press accounts have served to dampen citizen, corporate, and government enthusiasm for electronic interactions which are sensitive or have monetary value. Federated identity management provides the ability to leverage authentication and use personal or business information stored with one online entity to conduct business with another. The Liberty Alliance Project is developing standards for federated identity management which emphasize security and support the privacy of users in a networked world. This paper discusses how the Liberty Alliance Project addresses the current issue of identity theft through specifications, best practice documentation and implementation guidelines. Identity federation as specified by the Liberty Alliance Project is a controlled method by which partnering companies can provide more integrated and complete customer service to a qualified group of individuals within certain sets of business transactions. The mechanisms inherent in the concepts of identity federation, and the Liberty Alliance Project specifications in particular, should help protect the user from theft and abuse. There are several considerations which lead to this conclusion: (a) Superior security and privacy inherent in interactions; (b) No single point of failure, i.e., limited information in any one repository; (c) Permission-based access to attributes; (d) Upgrades to the specifications to deal with breach experience..."
Privacy and Security Best Practices. Version 2.0. November 12, 2003. Edited by Christine Varney (Hogan & Hartson). 32 pages.
Abstract: "Privacy and security are key concerns in the implementation of Liberty Alliance specifications. As such, the Liberty Alliance has and will continue to provide tools and guidance to implementing companies that enable them to build more secure, privacy-friendly identity-based services that can comply with local regulations and create a more trusted relationship with customers and partners. The following document highlights certain national privacy laws, fair information practices and implementation guidance for organizations using the Liberty Alliance specifications."
Summary of Tier 2 Business Guidelines: Mobile Deployments
"Mobile operators are well-positioned to provide Liberty-defined identity services to service providers and/or SIM services to other identity providers:
- Liberty Alliance serves as the de facto standard for identity services in the mobile industry and can enable data services between GSM operators, similar to what the GSMA has done with voice service roaming.
- Liberty Alliance can benefit access control and data services immediately (remote payment, geolocation)
- The improved identity solution at the right cost benefits the entire mobile ecosystem
- Identity, and therefore the Liberty Alliance, furnishes the focal point for many mobile-industry efforts
Key trends that reinforce the Liberty message:
- European Commission funding of the t2r project for mobile-enabled identity and a sharable SIM
- The Mobile Web Services announcement around SIM-based authentication
- Various examples from Europe and Central America of downloaded credentials to a mobile device and cooperative business models around a shared SIM
- The convergence of Web services that occurs among mobile, enterprise, media and Internet domains require a standard approach of managing identities, bridging the mobile and fixed network." [from the Mobile Deployments Executive Summary]
- Announcement: "Liberty Alliance Delivers Mobile Business Guidelines for Federated Identity Deployments. Liberty's Open Standard Paves the Way for Identity-Based Mobile Services."
- "Tier 2 Business Guidelines: Mobile Deployments." February 04, 2004.
- Comments on the Mobile Deployments document: send email to email@example.com
- Announcement: "Liberty Alliance White Paper Outlines Federated Identity's Ability to Reduce Identity Theft."
- "Whitepaper on Liberty Protocol and Identity Theft." February 20, 2004.
- Published earlier: "Privacy and Security Best Practices." Version 2.0
- Liberty Alliance white papers "Illustrate the technical and business aspects of the Liberty Alliance specifications."
- Liberty Alliance Project Phase 2 Final Specifications
- Liberty Alliance FAQ document
- Liberty Alliance web site
- Earlier Liberty Alliance news:
- "Liberty Alliance Publishes Final Phase 2 Specifications and Previews Phase 3"
- "Liberty Alliance Publishes Business Requirements and Guidelines for Identity Federation"
- "Liberty Alliance Releases Phase 2 Specifications for Federated Network Identity"
- "Government Agencies Join Liberty Alliance to Support Digital Identity Standards"
- "Sun ONE Identity Server 6.0 Supports Liberty Alliance and SAML Specifications"
- "Liberty Alliance Releases Draft Version 1.1 Specifications for Public Review"
- "Liberty Alliance Specifications for Federated Network Identification and Authorization" - General references.