Liberty Alliance

Last updated
Liberty Alliance Project
Successor Kantara Initiative
EstablishedSeptember 2001 (2001-09)
Dissolved2009 (2009)
PurposeIndustry standards group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Contents

By 2009, the Kantara Initiative took over the work of the Liberty Alliance.

Liberty actors Liberty-actors.jpg
Liberty actors

History

The group was originally conceived and named by Jeff Veis, at Sun Microsystems based in Menlo Park, California. [1] The initiative's goal, which was personally promoted by Scott McNealy of Sun, was to unify technology, commercial and government organizations to create a standard for federated, identity-based Internet applications as an alternative to technology appearing in the marketplace controlled by a single entity such as Microsoft's Passport. [2] Another Microsoft initiative, HailStorm, was renamed My Services but quietly shelved by April 2002. [3] Sun positioned the group as independent, and Eric C. Dean of United Airlines became its president. [4]

Identity federation

Liberty Alliance 2002-2005 Liberty-protocol-history.jpg
Liberty Alliance 2002–2005

In July 2002, the alliance announced Liberty Identity Federation (ID-FF) 1.0. [5] At that time, several member companies announced upcoming availability of Liberty-enabled products. Liberty Federation allowed consumers and users of Internet-based services and e-commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Websites. This federated approach did not require the user to re-authenticate and can support privacy controls established by the user.

The Liberty Alliance subsequently released two more versions of the Identity Federation Framework, and then in November 2003, Liberty contributed its final version of the specification, ID-FF 1.2, to OASIS. [6] This contribution formed the basis for SAML 2.0. By 2007, industry analyst firm Gartner claimed that SAML had gained wide acceptance in the community. [7]

Identity web services

Liberty Alliance, releasing the Liberty Identity Web Services Framework (ID-WSF) in April 2004 for deploying and managing identity-based web services. Applications included geolocation, contact book, calendar, mobile messaging and People Service, for managing social applications such as bookmarks, blogs, calendars, photo sharing and instant messaging in a secure and privacy-respecting federated social network. In a 2008 marketing report recommended considering it for federation. [8]

Certification

The alliance introduced a certification program in 2003, designed to test commercial and open source products against published standards to assure base levels of interoperability between products. In 2007, the US General Services Administration began requiring this certification for participating in the US E-Authentication Identity Federation. [9]

Openliberty.org

In January 2007, the alliance announced a project for open-source software developers building identity-based applications. OpenLiberty.org was a portal where developers can collaborate and access tools and information to develop applications based on alliance standards. [10] In November 2008, OpenLiberty released an open source application programming interface called ArisID. [11]

Identity governance framework

In February 2007 Oracle Corporation contributed the Identity Governance Framework to the alliance, [12] which released the first version publicly in July 2007. [13] The Identity Governance Framework defined how identity related information is used, stored, and propagated using protocols such as LDAP, Security Assertion Markup Language, WS-Trust, and ID-WSF.

Identity assurance framework

The Liberty Alliance began work on its identity assurance framework in 2008. The Identity Assurance Framework (IAF) detailed four identity assurance levels designed to link trusted identity-enabled enterprise, social networking and Web applications together based on business rules and security risks associated with each level. The four levels of assurance were outlined by a 2006 document from the US National Institute of Standards and Technology. [14] The level of assurance provided is measured by the strength and rigor of the identity proofing process, the credential's strength, and the management processes the service provider applies to it. These four assurance levels were adopted by UK, Canada, and USA government services.

Concordia project

In 2007 the Liberty Alliance helped to found the Project Concordia, an independent initiative for harmonization identity specifications. It was active through 2008. [15]

Privacy and policy

The alliance wrote papers on business and policy aspects of identity management. [16] It hosted meetings in 2007 and 2008 to promote itself. [17]

Membership

Management board members included AOL, British Telecom, Computer Associates (CA), Fidelity Investments, Intel, Internet Society (ISOC), Novell, Nippon Telegraph and Telephone (NTT), Vodafone, Oracle Corporation and Sun Microsystems.

See also

Related Research Articles

<span class="mw-page-title-main">BEA Systems</span> Defunct American software corporation

BEA Systems, Inc. was a company that specialized in enterprise infrastructure software products, which was wholly acquired by Oracle Corporation on April 29, 2008.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

Java Authentication and Authorization Service, or JAAS, pronounced "Jazz", is the Java implementation of the standard Pluggable Authentication Module (PAM) information security framework. JAAS was introduced as an extension library to the Java Platform, Standard Edition 1.3 and was integrated in version 1.4.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">Shibboleth (software)</span> Internet identity system

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

<span class="mw-page-title-main">OpenID</span> Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

<span class="mw-page-title-main">Kantega</span>

Kantega is a Norwegian software corporation founded in 2003 with headquarters in Oslo. Kantega primarily develops bespoke software based on Java and lightweight application frameworks. It also has offices in Trondheim and Bergen.

<span class="mw-page-title-main">Windows CardSpace</span> Discontinued identity selector app by Microsoft

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

WS-Federation is an Identity Federation specification, developed by a group of companies: BEA Systems, BMC Software, CA Inc., IBM, Microsoft, Novell, Hewlett Packard Enterprise, and VeriSign. Part of the larger Web Services Security framework, WS-Federation defines mechanisms for allowing different security realms to broker information on identities, identity attributes and authentication.

The Identity Governance Framework was a project of the Liberty Alliance for standards to help enterprises determine and control how identity information is used, stored, and propagated using protocols such as LDAP, SAML, and WS-Trust and ID-WSF.

Active Directory Federation Services (ADFS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity. Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services. Microsoft advises using Entra ID and Azure AD Connect in place of ADFS in most cases.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.cf. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling security tokens. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as OpenID, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM, Microsoft, Nortel and VeriSign.

<span class="mw-page-title-main">OpenAM</span>

OpenAM is an open-source access management, entitlements and federation server platform. Now it is supported by Open Identity Platform Community.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

<span class="mw-page-title-main">Kantara Initiative</span> Digital identity organization

Kantara Initiative, Inc. is a non-profit trade association that works to develop standards for identity and personal data management. It focuses on improving the trustworthy use of identity and personal data in digital identity management and data privacy.

The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.

References

  1. "Jeff Veis: Vice President, Marketing, Protect Solutions, Autonomy" (PDF). Executive biography. Hewlett-Packard Company. Retrieved November 9, 2013.
  2. Andrew Orlowski (October 24, 2001). "Do Androids Dream of Electric Single Sign-Ons? Sun's Passport-killer six months away". The Register. Retrieved November 9, 2013.
  3. John Markoff (April 11, 2002). "Microsoft Has Quietly Shelved Its Internet 'Persona' Service". The New York Times. Retrieved November 9, 2013.
  4. Steve Lohr (April 1, 2002). "New Economy: In a shift in the technology business, customers are now the kingmakers". The New York Times. Retrieved November 9, 2013.
  5. "Industry Leaders Release Details Of Anticipated Liberty Alliance-Enabled Products" (Press release). Liberty Alliance. July 15, 2002. Retrieved November 8, 2013.
  6. "Liberty Strategic Initiatives: Federation". Liberty Alliance. Retrieved 2017-08-25.
  7. Gregg Kreizman; John Pescatore; Ray Wagner (October 29, 2007). The U.S. Government's Adoption of SAML 2.0 Shows Wide Acceptance (Report). Gartner, Inc.
  8. Bob Blakley (October 2008). "Federated Identity". Burton Group.[ dead link ]
  9. "US GSA Requires Liberty Alliance Interoperability Testing as Public Sector SAML 2.0 Adoption Soars" (Press release). Liberty Alliance. October 29, 2007. Retrieved November 8, 2013.
  10. "Liberty Alliance Announces openLiberty Project" (Press release). Liberty Alliance. January 23, 2007. Retrieved November 8, 2013.
  11. "OpenLiberty.org Releases First Open Source Identity Governance Framework Software" (Press release). Liberty Alliance. November 19, 2008. Retrieved November 9, 2013.
  12. "Liberty Alliance and Oracle Team to Advance Identity Governance Framework" (Press release). Liberty Alliance. February 7, 2007. Retrieved November 9, 2013.
  13. "Industry Leaders Submit Identity Governance Framework to openLiberty.org for Development of Open Source Implementations" (Press release). Liberty Alliance. February 7, 2007. Retrieved November 9, 2013.
  14. William E. Burr; Donna F. Dodson; W. Timothy Polk (April 2006). Electronic Authentication Guideline (PDF). Special Publication 800-63 version 1.0.1 (Report). US Institute of Standards and Technology. Retrieved November 9, 2013.
  15. "Concordia". Old web site. Archived from the original on May 18, 2008. Retrieved November 8, 2013.
  16. publishing business and policy "Papers". Promotional web site. Retrieved November 8, 2013.{{cite web}}: Check |url= value (help)
  17. "Privacy Summits". Promotional web site. Retrieved November 8, 2013.

Liberty ID-FF 1.2 Archive

As described above, Liberty contributed Identity Federation Framework (ID-FF) 1.2 to OASIS in November 2003. For the record, here is a complete list of contributed ID-FF 1.2 documents:

Liberty ID-FF 1.2 Archive
Contributed DocumentsArchived Documents
Liberty ID-FF Architecture Overview liberty-idff-arch-overview-v1.2.pdf draft-liberty-idff-arch-overview-1.2-errata-v1.0.pdf
Liberty ID-FF Protocols and Schema Specification liberty-idff-protocols-schema-v1.2.pdf
liberty-idff-protocols-schema-v1.2.xsd 		draft-liberty-idff-protocols-schema-1.2-errata-v3.0.pdf
liberty-idff-protocols-schema-1.2-errata-v3.0.xsd
Liberty ID-FF Bindings and Profiles Specification liberty-idff-bindings-profiles-v1.2.pdf draft-liberty-idff-bindings-profiles-1.2-errata-v2.0.pdf
Liberty ID-FF Implementation Guidelines draft-lib-idff-guidelines-v1.2-11.pdf liberty-idff-guidelines-v1.2.pdf
Liberty ID-FF Static Conformance Requirementsliberty-idff-1.1-scr.v1.0.pdf liberty-idff-1.2-scr-v1.0.pdf
Liberty Metadata Description and Discovery Specification liberty-metadata-v1.0.pdf
liberty-metadata-v1.0.xsd
liberty-idff-wsdl-v1.0.wsdl 		liberty-metadata-v1.1.pdf
liberty-metadata-v1.1.xsd
liberty-idff-wsdl-v1.1.wsdl
Liberty Authentication Context Specification liberty-authentication-context-v1.2.pdf
liberty-authentication-context-v1.2.xsd 		liberty-authentication-context-v1.3.pdf
liberty-authentication-context-v1.3.xsd
Liberty Utility Schema Files liberty-utility-v1.0.xsd
liberty-idff-utility-v1.0.xsd 		liberty-utility-v1.1.xsd
liberty-idff-utility-v1.0.xsd
Liberty Glossary liberty-glossary-v1.2.pdf liberty-glossary-v1.4.pdf
Liberty ID-FF 1.2 Errata draft-liberty-idff-1.2-errata-v1.0.pdf

Only the archived PDF files are individually addressable on the Liberty Alliance web site. (The original contributed documents are lost.) To obtain copies of the remaining archived files, download both the Liberty ID-FF 1.2 archive and the Liberty 1.1 support archive.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.