Liberty Alliance Finalizes
Phase 2 Specifications and Privacy Guidelines
for Federated Identity
Consortium Also
Forms Services Expert Group for Phase 3 Development
Madrid, Spain– November
12, 2003 – The Liberty Alliance, a consortium
formed to develop open, interoperable federated identity standards,
today announced approval and publication of its Phase 2 specifications
which round out the existing Liberty Federation Framework
and cement the foundation for the Liberty Identity Web Services
Framework. The final Liberty Phase 2 specifications are now
available for download to be used for Liberty-enabled product
and service development.
The Alliance also announced today
initial member implementation plans for the Phase 2 specifications,
a best practices “owners manual” to help Liberty
implementers use the specifications in a privacy-compliant
manner, and the formation of a new group, the Services Group,
to develop service interface specifications that exploit the
Liberty Identity Web Services Framework.
“The Liberty Alliance is unique
among standards-setting organizations,” said Michael
Barrett, president of the Liberty Alliance and vice president
for privacy and security at American Express. “While
other forums are producing technology platforms for building
web services, only the Liberty Alliance is devoting attention
to not only building standards but providing the business
and policy best practices that allow those standards to work
across industries, across the globe and in a privacy and security-enhancing
manner.”
Ready for Deployment
The new Liberty Web Services Framework
provides organizations with an open, standards-based way of
delivering identity-based web services that can enable new
revenue opportunities, cut internal IT costs and make web
services more secure and private. Because the Liberty specifications
are built on existing open industry standards such as SAML,
SOAP, XML and WS-Security, they can be deployed and supported
in any environment and maximize an organizations investment
in non-proprietary standards.
In a related development, five companies
announced today plans to support the Phase 2 Liberty specifications
in existing or new products and services:
· Phaos – The Phaos Liberty
Identity Provider (IDP) and Phaos Liberty Service Provider
(SP), J2EE Server components packages, support the Phase 2
Liberty Identity Federation Framework (ID-FF), allowing for
identity/account linkage, simplified single sign-on and session
management. Phaos plans to implement the Liberty Identity
Web Services Framework (ID-WSF) into a product that will be
available in Q2 of 2004.
· Ping Identity – Plans to deploy
a Phase 2 Liberty-enabled version of their leading open source
SourceID Federation Platform in early 2004. SourceID provides
world-class tools, applications, and infrastructure for federated
identity management. Currently, there have been more than
2,500 downloads of SourceID from global 1000 corporations.
· Sun Microsystems – Plans to
immediately expand the existing Liberty functionality of the
Sun Java Enterprise System through its Java System Identity
Server to include support for Liberty's Phase 2 specifications.
· Trustgenix- IdentityBridge™,
available now, supports the Liberty Phase 2 standards and
provides federated identity management (including single sign-on,
provisioning and privilege management in the extended enterprise)
that complements existing identity management systems.
· Vodafone – Vodafone plans
to deploy Phase 1 and Phase 2 Liberty standards in its intranet
and commercial service platforms across Vodafone. Vodafone
will include the specifications as part of platform releases
in 2004-2005.
Privacy and Security
The Liberty specifications are built
to enable individual implementers to choose the privacy policies
and data management options that best fit their region, industry
and company policy. To assist implementers in developing identity-based
web services that are secure, privacy enhancing and in compliance
with local laws, the Alliance released today its final “Privacy
and Security Best Practices" guide.
“Privacy and security are fundamental
components of the identity issue, and Liberty’s work
has been developed with this in mind,” said Piper Cole,
chair of Liberty’s Public Policy Expert Group and vice
president of global public policy for Sun Microsystems. “Privacy
is good for business and Liberty’s mission is to provide
the technology tools and business guidance to ensure good
privacy.”
LLiberty Alliance’s “Privacy
and Security Best Practices” document offers information
regarding privacy laws and fair information practices in various
regions and sectors, specific suggestions to combat common
network vulnerabilities inherent in the Internet and the Alliance’s
recommendations regarding privacy and security. To download
this document, please see http://www.projectliberty.org/specs/final_privacy_security_best_practices.pdf
Phase 3 and Beyond
For two years, the Liberty Alliance’s
Technology, Public Policy and Business & Marketing Expert
Groups have worked together to develop a complete solution
for federated identity. The Liberty Alliance has created two
additional Expert Groups to focus on driving use of the Phase
1 and 2 specifications – the Conformance Expert Group
and the Services Group.
In October, the Alliance introduced
a conformance program to validate products and services that
have successfully implemented the Liberty Alliance federated
identity standards. This program, under the management of
Liberty’s new Conformance Expert Group, will help vendors,
integrators and implementers ensure interoperability between
Liberty-enabled solutions.
Today, the Liberty Alliance announced
a new Services Group formed to develop a number of interoperable
service interface specifications that utilize the new Liberty
Identity Web Services Framework and address the needs of specific
industries, applications and business models. All Liberty
Alliance members can participate in the development of these
new “Identity Service Interface Specifications (ID-SIS),”
which will be Phase 3 of the Liberty specifications. Additional
SIS groups will be formed as driven by the Liberty Alliance
membership.
The first two available Service Interface
Specifications released today include an ID-Personal Profile
that defines a standard template for basic registration information
so organizations have a common language to speak to each other
and offer interoperable services. The second is an ID-Employee
Profile that defines similar information but targeted to internal
employees.
In Phase 3 the Alliance will develop
the following additional Service Interface Specifications:
· Contact Book Service Interface:
A common method for users to manage and share personal or
business contacts regardless of contact book provider, enabling
service providers to access or automatically update, at the
user’s request, information like billing or shipping
address.
· Geo-location Service Interface: An
interoperable way to automatically identify a person’s
location, at the user’s request, to provide services
like weather, news, travel or currency updates or directions
to a chosen location.
· Presence Service Interface: A common
way for users to share presence information, such as whether
they are online, offline, on the phone or in a meeting, with
any service provider for the purpose of communicating availability.
These new specifications will be
released on a rolling basis. For more information on how to
become a member or participate in the development of the service
interface specifications, please contact info@projectliberty.org.
About the Liberty Alliance Project
The Liberty Alliance Project (www.projectliberty.org)
is an alliance of more than 160 companies, non-profit and
government organizations from around the globe. The consortium
is committed to developing an open standard for federated
network identity that supports all current and emerging network
devices. Federated identity offers businesses, governments,
employees and consumers a more convenient and secure way to
control identity information in today’s digital economy,
and is a key component in driving the use of e-commerce, personalized
data services, as well as web-based services. Membership is
open to all commercial and non-commercial organizations.
Contacts:
Suzanne Sinden
Ketchum for Liberty Alliance
+44 207 611 3598
Suzanne.sinden@ketchum.com
Tiffany van Gorder
Ketchum for Liberty Alliance
+1 415-984 6192
Tiffany.vangorder@ketchum.com
|