RealTime IT News

Liberty Guidelines Ease Federated ID

The Liberty Alliance released suggested guidelines for deploying a federated identification (ID) system on the network, officials announced Tuesday.

Officials said that while they expect to see 1 billion Liberty-enabled identities and devices globally by the end of 2006, they understand policy makers within an organization need tools to help them identify and manage the business considerations involved with rolling out the system.

The Deployment Guidelines for Policy Decision Makers (.PDF file) is a 13-page document addressing the business, legal and privacy challenges of deploying federated ID on the network.

Officials from Sun Microsystems , Oracle and the Business Industry Political Action Committee (BIPAC) contributed to the report.

The guidelines, which are a follow-up to Liberty's business guidelines released two years ago, outline the concerns businesses need to address before implementing a federated ID system on their networks: when the data will be shared; how consent is obtained from users and whether its auditable; how the data should be accessed and maintained; and identifying the business reasons for having federated ID in the first place.

Piper Cole, former chair of the Liberty Alliance's public policy expert group and Sun Microsystems vice president of global government and community affairs, said some of the guidelines' results came from Sun's own recent federated ID rollout.

Sun's governmental affairs office is going live with a federated network ID system in the coming days. One of its fellow Liberty Alliance members, BIPAC, will access back-end information without getting at employees' personal information. Their deployment experience went into the making of the guideline, she said.

"What we found out is the technology is pretty easy but the business issues are what is difficult, and where to start on the business issues are very difficult for people to get their heads around," Cole said.

Microsoft's PassPort is perhaps the most recognized aspect of federated ID. The single-sign on (SSO) technology lets its user log on to different areas of the Redmond empire, from its MSN Web portal to the Microsoft Developers Network (MSDN).

Business concerns, however, are a little more complicated than being able to reduce the amount of passwords needed to access a network. They need a secure platform in which partners, customers, suppliers and others can access identification data between each other without compromising that data's security.

The Liberty Alliance is an industry consortium that includes Sun, American Express , Intel and Ericsson.

The group has done a lot of work to get the latest federated ID technologies into the workplace, from its benchmarking and certification support for the Security Assertion Markup Language 2.0 (SAML 2.0) standard to evangelism for the technology specifications.