Search:

User Empowerment

The role of the user is at the core of any identity conversation. Is the user an employee? A consumer? A friend? A partner? Depending on your relationship with the person or entity with whom you're interacting, different types of control are assumed. Our work is about building respect for users’ wishes into identity systems, with privacy and user empowerment foundational to all of our work. Liberty’s policy experts have provided baseline guidance from inception with our market requirement work and technical output to be sure a respect for privacy was foundational in all of our standards while defining technologies for empowering users at many points in the flow of information.

The general goal of respecting users' rights to determine access to and use of their own identity information can be termed "user empowerment." Making this vision come to pass involves various regulatory, social, contractual, and technological aspects.

A minimum bar for user empowerment is "user consent", where you are given the opportunity to examine the options and consequences for identity information sharing, and choose whether to share or not. This opportunity to gather and act on consent might come in many technical guises. The Liberty architecture includes specific points where consent can be explicitly captured as such, for example in Liberty Federation.

Liberty’s specifications also provide means by which you, the user, can define policies that your identity providers must accept and act on. There are a number of ways to gather and act on such policies; for example, they might be stored for later use when you're not online, an important scenario for attribute sharing among services acting on your behalf. The Liberty architecture includes, for example, the Liberty Web Services specifications, which are designed to address this scenario.

Or sometimes you—the user—want to be right in the middle of the run-time flow of information between your identity provider and a provider of some service, such that the two never communicate directly or share any sort of a relationship. The Liberty architecture has long defined an identity-knowledgeable module, called a Liberty-Enhanced Client or Proxy or LECP (now ECP in the converged SAML V2.0 standard used today by Liberty Federation), which can achieve exactly this effect.

The role of the user—and the business model of the deployer in reflecting that role—has evolved since Liberty first emerged. In the early days of adoption, there was much use of the single sign-on and account linking capabilities. This is certainly an important part of what Liberty offers. The early pent-up demand by enterprises and governments for a standard solution in these areas drove a lot of adoption, and ultimately encouraged Liberty to foster convergence by contributing its work back to SAML (whose first versions underlay Liberty's early work). The result was SAML V2.0, now synonymous with Liberty Federation. Today Liberty Web Services is seeing adoption as well, and Liberty's continuing work includes Liberty Client, a privacy-enabled trusted module that intelligently stores your attributes from identity providers for later use at service providers. A Liberty Client might be in a phone, a set-top cable box, or on any platform. You can imagine the many opportunities for true user empowerment across all of these implementations, devices and platforms….designed to support many different business models with many different user experiences.

Liberty Alliance specifications are all about enablement, empowerment, and employment of good privacy and security for the user, in line with the business model of the deployer, enabling various types of identity management implementations.

To learn more about user empowerment and Liberty’s focus on the user from a policy, business and technical standpoint, the following resources may be of value:

Additional Resources

Blog - Hubert A. Le Van Gong -C'est la vie !

Blog - Eve Maler - XMLgrrl

Blog - Paul Madsen - ConnectID

Liberty Whitepaper: Personal Identity - March 23, 2006

•  Personal_Identity.pdf 216.91 kB

Find all of the Liberty Alliance specifications here.

Specifications

Privacy and security are key concerns in the implementation of Liberty Alliance specifications and deployment of Liberty-enabled technologies and business models. As such, the Liberty Alliance has and will continue to provide tools and guidance to implementing companies that enable them to build more secure, privacy-friendly identity-based services that can comply with local regulations and create a more trusted relationship with customers and partners.

Deployment Guidelines for Policy Decision Makers

Highlights certain national privacy laws, fair information practices, and implementation guidance for organizations using the Liberty Alliance specifications. A French translation of this document is also available.

Liberty Alliance Privacy and Security Best Practices

T-Online, the leading identity service provider in Germany, launched “Netzausweis” (engl.: Net ID Card) in 2005 to bring the benefits of federated identity management to its customers and partners. The Liberty-enabled federated system provides consumers with easy, secure and privacy respecting access to applications and services and partners with new opportunities for reducing costs and increasing revenues. The deployment supports millions of consumers and over 200 products in the telecom, service provider, gaming, Web-hosting, IP-TV and IP-Telephony sectors.
It offers a Circle of Trust is deployed among all of the T-Online “Netzausweis” partners in Germany, France and Spain, with the consumer controlling all of their identity information with privacy controls built into the system. Features include single login/sign on, auto identification and authentication, data vault, age verification and single log-off.

Putting Identity Management into practice
Presented by Michael Gärtner, Manager, Product Infrastructure of T-Online International AG
T-Online, the leading identity service provider in Germany, launched “Netzausweis” (engl.: Net ID Card) in 2005 to bring the benefits of federated identity management to its customers and partners. The Liberty-enabled federated system provides consumers with easy, secure and privacy respecting access to applications and services and partners with new opportunities for reducing costs and increasing revenues. The deployment supports millions of consumers and over 200 products in the telecom, service provider, gaming, Web-hosting, IP-TV and IP-Telephony sectors. It offers a Circle of Trust is deployed among all of the T-Online “Netzausweis” partners in Germany, France and Spain, with the consumer controlling all of their identity information with privacy controls built into the system. Features include single login/sign on, auto identification and authentication, data vault, age verification and single log-off.

Your identity is yours...and yours alone. For many deployments, there is strong value in allowing you to make all of the decisions regarding how your various elements of identity information are shared and with whom. Liberty specifications support this choice. This presentation details how.

Liberty and User Centric Identity
Presented by John Kemp of Nokia
Your identity is yours...and yours alone. For many deployments, there is strong value in allowing you to make all of the decisions regarding how your various elements of identity information are shared and with whom. Liberty specifications support this choice. This presentation details how.

The open identity protocols of the Liberty Alliance have built-in user
consent and privacy features, which are designed to work with a wide
variety of network devices. In addition, the Liberty model works
equally well with human users and the machine-to-machine
communications involved in service-oriented architectures. This
document discusses the methods provided by the Liberty ID-FF and
ID-WSF specifications for the making and verification of identity
claims.

Personal Identity

Deutsche Telekom AG, T-Com: Raising the Service Performance Bar with Federation

•  T-Com-CaseStudy.pdf 466.63 kB

A paper written by Eve Maler, Sun, December 4, 2006.

Liberty's Advanced Client is introduced and explored in this presentation, which also reviews the evolution of the client in Liberty's specifications. The architectural functionality of the specifications is reviewed, along with future roadmaps for the work, all grounded in a commitment to privacy and security.

Liberty 2.0 Power to the User: New Advanced Client Solutions and Roadmap - Conor Cahill
Presented by Conor Cahill of Intel
Liberty's Advanced Client is introduced and explored in this presentation, which also reviews the evolution of the client in Liberty's specifications. The architectural functionality of the specifications is reviewed, along with future roadmaps for the work, all grounded in a commitment to privacy and security.

A case study involving a mashup of Google Earth and fboweb flight tracking information stars in this presentation, which dissects the functionality at hand and the solution that Liberty's ID-WSF standard delivers in meeting the needs of: 1) SSO at the service level (as opposed to browser session level); 2) an identity model to identify parties in transations; 3) an identity model that supports chained transactions; 4) an interaction model that supports backend interactions; 5) a discovery model that allows per-user discovery; and 6) a token management model that allows context translation.

Liberty 2.0 Why Web 2.0 Needs ID-WSF: Building Secure, Aware and User-Focused Identity Web Services
Presented by Conor Cahill of Intel
A case study involving a mashup of Google Earth and fboweb flight tracking information stars in this presentation, which dissects the functionality at hand and the solution that Liberty's ID-WSF standard delivers in meeting the needs of: 1) SSO at the service level (as opposed to browser session level); 2) an identity model to identify parties in transations; 3) an identity model that supports chained transactions; 4) an interaction model that supports backend interactions; 5) a discovery model that allows per-user discovery; and 6) a token management model that allows context translation.

XML School July 2007--Federated Identity Challenges/User Centricity

The Three Faces of User Centricity

The analysis in this document written by Jeff Hodges, Neustar, demonstrates that the OpenID Authentication specification and the SAML Web Browser SSO Profile appear to offer very similar functionality. Though one cannot directly compare the OpenID Authentication specification to the overall abstract SAML framework itself. We said "appear to offer" in the foregoing because there are some detailed aspects of the SAML Web Browser SSO Profile, e.g. explicit privacy provisions, that OpenID Authentication does not presently provide.