Liberty Alliance Delivers Phase 2 of Identity Framework

Phase 2 moves the alliance closer to delivering specs for federated identity and other security standards for Web services.

The Liberty Alliance Project Wednesday announced Phase 2 of its effort to deliver specifications for federated identity and other security standards for Web services.

The Liberty Alliance, a consortium of more than 160 technology-using and -producing organizations, published its Phase 2 specifications, which complete the Liberty Federation Framework and set the tone for the Liberty Identity Web Services Framework, alliance officials said.

In addition to the new specifications, the Liberty Alliance delivered a best practices manual on how to implement the specifications according to an organizations policy and privacy procedures. And the Liberty group also announced a new Services Group to create new specifications for the new framework.

The new Liberty Web Services Framework enables users to deliver identity-based Web services, said John Fanelli, director of business management for Java system network identity, communications and portal services at Sun Microsystems Inc. Sun is a key member of the Liberty Alliance.

"Phase 2 delivers the specifications for identity management, moving from Phase 1, which delivered cross-domain single sign-on capabilities," Fanelli said. Phase 2 provides "a framework for building interoperable identity-based Web services," he said.

A federated identity architecture enables users to take their authenticated identity across multiple Web services from multiple organizations that have business agreements that allow for sharing information, the organization said.

Essentially, Phase 2 extends the Phase 1 premise of a single sign-on and enables users to exchange attributes and add identity to Web services, Fanelli said. This provides greater context for the use of the services, he said.

"The key component is the ability to do service discovery," he added.

Meanwhile, five companies announced support for the Phase 2 Liberty specifications, including Sun with its Java Enterprise System, which supports the specification now. Other companies planning support are Phaos Technology Corp., with the Phaos Liberty Identity Provider and Phaos Liberty Service Provider; Ping Identity Corp., with its SourceID Federation Platform; Trustgenix Inc., with its IdentityBridge; and Vodafone Group plc., which plans to use the specifications in its platform in 2004 and 2005.

The Liberty Alliance on Wednesday also released its "Privacy and Security Best Practices" guide, a document that details privacy laws in various areas and provides suggestions on how to safeguard systems from known network threats.

As the alliance moves toward Phase 3 of the Liberty specifications, the organization has created two groups to promote the use of its Phase 1 and Phase 2 specifications. In October, the alliance introduced a conformance program under its Conformance Expert Group to validate Liberty solutions. And Wednesday the Liberty Alliance announced a new Services Group to develop interoperable specifications that rely on service interfaces using the new Liberty Identity Web Services Framework. These specifications will be known as Identity Service Interface Specifications (ID-SIS) and will make up Phase 3 of the Liberty specifications.

The alliance released two such specifications Wednesday: the ID-Personal Profile, which provides a standard template for registration information that carries across organizations offering interoperable services; and the ID-Employee profile, which provides similar information but focuses on an organizations employees.

Fanelli said in Phase 3 the alliance will deliver specifications for contact book or address book interfaces, a geo-location service interface, and a presence service interface, which will enable users to show whether they are online or offline.

Meanwhile, Fanelli said the Liberty specifications support the WS-Security standard and has some overlap with the WS-Federation specification being promoted by IBM and Microsoft Corp., but Liberty is "much more secure than WS-Federation."

Discuss This in the eWEEK Forum