Liberty Alliance

Last updated
Liberty Alliance Project
Successor Kantara Initiative
EstablishedSeptember 2001 (2001-09)
Dissolved2009 (2009)
PurposeIndustry standards group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Contents

By 2009, the Kantara Initiative took over the work of the Liberty Alliance.

Liberty actors Liberty-actors.jpg
Liberty actors

History

The group was originally conceived and named by Jeff Veis, at Sun Microsystems based in Menlo Park, California. [1] The initiative's goal, which was personally promoted by Scott McNealy of Sun, was to unify technology, commercial and government organizations to create a standard for federated, identity-based Internet applications as an alternative to technology appearing in the marketplace controlled by a single entity such as Microsoft's Passport. [2] Another Microsoft initiative, HailStorm, was renamed My Services but quietly shelved by April 2002. [3] Sun positioned the group as independent, and Eric C. Dean of United Airlines became its president. [4]

Identity federation

Liberty Alliance 2002-2005 Liberty-protocol-history.jpg
Liberty Alliance 2002–2005

In July 2002, the alliance announced Liberty Identity Federation (ID-FF) 1.0. [5] At that time, several member companies announced upcoming availability of Liberty-enabled products. Liberty Federation allowed consumers and users of Internet-based services and e-commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Websites. This federated approach did not require the user to re-authenticate and can support privacy controls established by the user.

The Liberty Alliance subsequently released two more versions of the Identity Federation Framework, and then in November 2003, Liberty contributed its final version of the specification, ID-FF 1.2, to OASIS. [6] This contribution formed the basis for SAML 2.0. By 2007, industry analyst firm Gartner claimed that SAML had gained wide acceptance in the community. [7]

Identity web services

Liberty Alliance, releasing the Liberty Identity Web Services Framework (ID-WSF) in April 2004 for deploying and managing identity-based web services. Applications included geolocation, contact book, calendar, mobile messaging and People Service, for managing social applications such as bookmarks, blogs, calendars, photo sharing and instant messaging in a secure and privacy-respecting federated social network. In a 2008 marketing report recommended considering it for federation. [8]

Certification

The alliance introduced a certification program in 2003, designed to test commercial and open source products against published standards to assure base levels of interoperability between products. In 2007, the US General Services Administration began requiring this certification for participating in the US E-Authentication Identity Federation. [9]

Openliberty.org

In January 2007, the alliance announced a project for open-source software developers building identity-based applications. OpenLiberty.org was a portal where developers can collaborate and access tools and information to develop applications based on alliance standards. [10] In November 2008, OpenLiberty released an open source application programming interface called ArisID. [11]

Identity governance framework

In February 2007 Oracle Corporation contributed the Identity Governance Framework to the alliance, [12] which released the first version publicly in July 2007. [13] The Identity Governance Framework defined how identity related information is used, stored, and propagated using protocols such as LDAP, Security Assertion Markup Language, WS-Trust, and ID-WSF.

Identity assurance framework

The Liberty Alliance began work on its identity assurance framework in 2008. The Identity Assurance Framework (IAF) detailed four identity assurance levels designed to link trusted identity-enabled enterprise, social networking and Web applications together based on business rules and security risks associated with each level. The four levels of assurance were outlined by a 2006 document from the US National Institute of Standards and Technology. [14] The level of assurance provided is measured by the strength and rigor of the identity proofing process, the credential's strength, and the management processes the service provider applies to it. These four assurance levels were adopted by UK, Canada, and USA government services.

Concordia project

In 2007 the Liberty Alliance helped to found the Project Concordia, an independent initiative for harmonization identity specifications. It was active through 2008. [15]

Privacy and policy

The alliance wrote papers on business and policy aspects of identity management. [16] It hosted meetings in 2007 and 2008 to promote itself. [17]

Membership

Management board members included AOL, British Telecom, Computer Associates (CA), Fidelity Investments, Intel, Internet Society (ISOC), Novell, Nippon Telegraph and Telephone (NTT), Vodafone, Oracle Corporation and Sun Microsystems.

See also

Related Research Articles

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">Shibboleth (software)</span> Internet identity system

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

<span class="mw-page-title-main">OpenID</span> Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

<span class="mw-page-title-main">Kantega</span>

Kantega is a Norwegian software corporation founded in 2003 with headquarters in Oslo. Kantega primarily develops bespoke software based on Java and lightweight application frameworks. It also has offices in Trondheim and Bergen.

A credential service provider (CSP) is a trusted entity that issues security tokens or electronic credentials to subscribers. A CSP forms part of an authentication system, most typically identified as a separate entity in a Federated authentication system. A CSP may be an independent third party, or may issue credentials for its own use. The term CSP is used frequently in the context of the US government's eGov and e-authentication initiatives. An example of a CSP would be an online site whose primary purpose may be, for example, internet banking - but whose users may be subsequently authenticated to other sites, applications or services without further action on their part.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

WS-Federation is an Identity Federation specification, developed by a group of companies: BEA Systems, BMC Software, CA Inc., IBM, Microsoft, Novell, Hewlett Packard Enterprise, and VeriSign. Part of the larger Web Services Security framework, WS-Federation defines mechanisms for allowing different security realms to broker information on identities, identity attributes and authentication.

The Identity Governance Framework was a project of the Liberty Alliance for standards to help enterprises determine and control how identity information is used, stored, and propagated using protocols such as LDAP, SAML, and WS-Trust and ID-WSF.

A distributed social network or federated social network is an Internet social networking service that is decentralized and distributed across distinct service providers, such as the Fediverse or the IndieWeb. It consists of multiple social websites, where users of each site communicate with users of any of the involved sites. From a societal perspective, one may compare this concept to that of social media being a public utility.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.cf. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling security tokens. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as OpenID, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM, Microsoft, Nortel and VeriSign.

<span class="mw-page-title-main">OpenAM</span>

OpenAM is an open-source access management, entitlements and federation server platform. Now it is supported by Open Identity Platform Community.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

<span class="mw-page-title-main">Kantara Initiative</span> Digital identity organization

Kantara Initiative, Inc. is a non-profit trade association that works to develop standards for identity and personal data management. It focuses on improving the trustworthy use of identity and personal data in digital identity management and data privacy.

The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.

References

  1. "Jeff Veis: Vice President, Marketing, Protect Solutions, Autonomy" (PDF). Executive biography. Hewlett-Packard Company. Retrieved November 9, 2013.
  2. Andrew Orlowski (October 24, 2001). "Do Androids Dream of Electric Single Sign-Ons? Sun's Passport-killer six months away". The Register. Retrieved November 9, 2013.
  3. John Markoff (April 11, 2002). "Microsoft Has Quietly Shelved Its Internet 'Persona' Service". The New York Times. Retrieved November 9, 2013.
  4. Steve Lohr (April 1, 2002). "New Economy: In a shift in the technology business, customers are now the kingmakers". The New York Times. Retrieved November 9, 2013.
  5. "Industry Leaders Release Details Of Anticipated Liberty Alliance-Enabled Products" (Press release). Liberty Alliance. July 15, 2002. Retrieved November 8, 2013.
  6. "Liberty Strategic Initiatives: Federation". Liberty Alliance. Retrieved 2017-08-25.
  7. Gregg Kreizman; John Pescatore; Ray Wagner (October 29, 2007). The U.S. Government's Adoption of SAML 2.0 Shows Wide Acceptance (Report). Gartner, Inc.
  8. Bob Blakley (October 2008). "Federated Identity". Burton Group.[ dead link ]
  9. "US GSA Requires Liberty Alliance Interoperability Testing as Public Sector SAML 2.0 Adoption Soars" (Press release). Liberty Alliance. October 29, 2007. Retrieved November 8, 2013.
  10. "Liberty Alliance Announces openLiberty Project" (Press release). Liberty Alliance. January 23, 2007. Retrieved November 8, 2013.
  11. "OpenLiberty.org Releases First Open Source Identity Governance Framework Software" (Press release). Liberty Alliance. November 19, 2008. Retrieved November 9, 2013.
  12. "Liberty Alliance and Oracle Team to Advance Identity Governance Framework" (Press release). Liberty Alliance. February 7, 2007. Retrieved November 9, 2013.
  13. "Industry Leaders Submit Identity Governance Framework to openLiberty.org for Development of Open Source Implementations" (Press release). Liberty Alliance. February 7, 2007. Retrieved November 9, 2013.
  14. William E. Burr; Donna F. Dodson; W. Timothy Polk (April 2006). Electronic Authentication Guideline (PDF). Special Publication 800-63 version 1.0.1 (Report). US Institute of Standards and Technology. Retrieved November 9, 2013.
  15. "Concordia". Old web site. Archived from the original on May 18, 2008. Retrieved November 8, 2013.
  16. publishing business and policy "Papers". Promotional web site. Retrieved November 8, 2013.{{cite web}}: Check |url= value (help)
  17. "Privacy Summits". Promotional web site. Retrieved November 8, 2013.

Liberty ID-FF 1.2 Archive

As described above, Liberty contributed Identity Federation Framework (ID-FF) 1.2 to OASIS in November 2003. For the record, here is a complete list of contributed ID-FF 1.2 documents:

Liberty ID-FF 1.2 Archive
Contributed DocumentsArchived Documents
Liberty ID-FF Architecture Overview liberty-idff-arch-overview-v1.2.pdf draft-liberty-idff-arch-overview-1.2-errata-v1.0.pdf
Liberty ID-FF Protocols and Schema Specification liberty-idff-protocols-schema-v1.2.pdf
liberty-idff-protocols-schema-v1.2.xsd 		draft-liberty-idff-protocols-schema-1.2-errata-v3.0.pdf
liberty-idff-protocols-schema-1.2-errata-v3.0.xsd
Liberty ID-FF Bindings and Profiles Specification liberty-idff-bindings-profiles-v1.2.pdf draft-liberty-idff-bindings-profiles-1.2-errata-v2.0.pdf
Liberty ID-FF Implementation Guidelines draft-lib-idff-guidelines-v1.2-11.pdf liberty-idff-guidelines-v1.2.pdf
Liberty ID-FF Static Conformance Requirementsliberty-idff-1.1-scr.v1.0.pdf liberty-idff-1.2-scr-v1.0.pdf
Liberty Metadata Description and Discovery Specification liberty-metadata-v1.0.pdf
liberty-metadata-v1.0.xsd
liberty-idff-wsdl-v1.0.wsdl 		liberty-metadata-v1.1.pdf
liberty-metadata-v1.1.xsd
liberty-idff-wsdl-v1.1.wsdl
Liberty Authentication Context Specification liberty-authentication-context-v1.2.pdf
liberty-authentication-context-v1.2.xsd 		liberty-authentication-context-v1.3.pdf
liberty-authentication-context-v1.3.xsd
Liberty Utility Schema Files liberty-utility-v1.0.xsd
liberty-idff-utility-v1.0.xsd 		liberty-utility-v1.1.xsd
liberty-idff-utility-v1.0.xsd
Liberty Glossary liberty-glossary-v1.2.pdf liberty-glossary-v1.4.pdf
Liberty ID-FF 1.2 Errata draft-liberty-idff-1.2-errata-v1.0.pdf

Only the archived PDF files are individually addressable on the Liberty Alliance web site. (The original contributed documents are lost.) To obtain copies of the remaining archived files, download both the Liberty ID-FF 1.2 archive and the Liberty 1.1 support archive.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.