This paper provides a high-level example of how privacy preferences can be handled using a multileveled policy approach in the communication between a service provider and Web services provider. Nov. 2003
Liberty Alliance Web Services Framework: A Technical Overview
idwsf-intro-v1.0.pdf 1,007.91 kB
- Technical Comparison of SAML 2.0 and OpenID
- Next Generation of Digital Identity (Telenor Whitepaper)
- Simplifying Federation Management with the Federation Router (HP Whitepaper) – ( HP SF Router whitepaper.pdf 750.73 kB )
Whitepaper: Simplifying Federation Management with the Federation
Federation, how it works, deployment models.
Simplifying Federation Management with the Federation Router; HP Select Federation
Prepared by: Jason L Rouault, HP
HP SF Router whitepaper.pdf 711.87 kB
Liberty Identity Assurance Framework v1.0
Liberty Alliance formed the Identity Assurance Expert Group (IAEG) to foster adoption of identity trust services. Utilizing initial contributions from the e-Authentication Partnership (EAP) and the US E-Authentication Federation, the IAEG’s objective is to create a framework of baseline policies, business rules, and commercial terms against which identity trust services can be assessed and evaluated. The goal is to facilitate trusted identity federation to promote uniformity and interoperability amongst identity service providers. The primary deliverable of IAEG is the Liberty Identity Assurance Framework (LIAF).
The LIAF leverages the EAP Trust Framework [EAPTrustFramework] and the US E-Authentication Federation Credential Assessment Framework ([CAF]) as a baseline in forming the criteria for a harmonized, best-of-breed industry identity assurance standard. The LIAF is a framework supporting mutual acceptance, validation, and life cycle maintenance across identity federations. The main components of the LIAF are detailed discussions of Assurance Level criteria, Service and Credential Assessment Criteria, an Accreditation and Certification Model, and the associated business rules.
Assurance Levels (ALs) are the levels of trust associated with a credential as measured by the associated technology, processes, and policy and practice statements. The LIAF defers to the guidance provided by the National Institute of Standards and Technology (NIST) Special Publication 800-63 version 1.0.1 [NIST800-63] which outlines four (4) levels of assurance, ranging in confidence level from low to very high. Use of ALs is determined by the level of confidence or trust necessary to mitigate risk in the transaction.
The Service and Credential Assessment Criteria section in the LIAF will establish baseline criteria for general organizational conformity, identity proofing services, credential strength, and credential management services against which all CSPs will be evaluated. The LIAF will also establish Credential Assessment Profiles (CAPs) for each level of assurance that will be published and updated as needed to account for technological advances and preferred practice and policy updates.
The LIAF will employ a phased approach to establishing criteria for certification and accreditation, first focusing on the certification of credential service providers (CSPs) and the accreditation of those who will assess and evaluate them. The goal of this phased approach is to initially provide federations and Federation Operators with the means to certify their members for the benefit of inter-federation and streamlining the certification process for the industry. Follow-on phases will target the development of criteria for certification of federations, themselves, and a Best Practice guide for relying parties.
Finally, the LIAF will include a discussion of the business rules associated with IAEG participation, certification, and accreditation.
An Overview of the Id Governance Framework
The secure and appropriate exchange of identity-related information between users and applications and service providers (both internal and external) is the basis of providing deeper and richer functionality for service-oriented architecture.
Sensitive identity-related data such as addresses, social security numbers, bank account numbers, and employment details are increasingly the target of legal, regulatory, and enterprise policy. These include, but are not limited to, the European Data Protection Initiative, Sarbanes-Oxley, PCI Security standard, and Gramm-Leach-Bliley as examples.
The Id Governance initiative assists entities managing identity data with increased transparency and demonstrable compliance with respect to policies for identity-related data. It would allow corporations to answer questions such as: Under what conditions may user social security numbers be accessed by applications? Which applications had access to customer account numbers on January 27, 2007?
Privacy Summit Meeting at Net-ID Berlin – Summary Report
Privacy Summit Meeting at Net-ID Berlin – Summary Report
Privacy-Summit-Final.pdf 183.44 kB
Liberty Alliance Commitment to Open Standards
Document describes, in brief, Liberty’s philosophy of open standards and the importance of an open development process
LAPCommitmenttoOpenStandards.pdf 21.60 kB
Liberty Alliance Contractual Framework Outline for Circles of Trust
This document provides guidance on suggested business structures and terminology for a Liberty enabled technology deployment necessary to create a legally binding Circle of Trust (CoT). Its purpose is to facilitate a Liberty enabled deployment of identity management specifications and technology by assisting stakeholders and their legal and executive management teams in the identification of the legal structure best suited for their deployment. Such structures and contractual agreements among participating parties serve to create a trusted and legally binding relationship among the participants.
Liberty Legal Frameworks.pdf 644.15 kB
Digital Identity Management A Critical Link to Service Success: A Public Network Perspective
This research, conducted by the Telecompetition Group, looks at the opportunity and challenges facing all public network operators – companies, whether they have fixed, wireless or mixed infrastructure. Such large, capital-intensive companies have survived many societal transformations and in many ways, they have thrived. The roadmap is not quite as clear as we look forward at the next transformation– to a world where many different players are able to delivery compelling content and services often without the burden of large investments in infrastructure. The operator becomes the pipe while others enjoy the openness and other benefits of IP-based technologies. The study analyzes identity management and its crucial role in enabling personalized services. Identity management is viewed as a crucial element in a basket of technology enablers that will be instrumental in preventing network operators from experiencing a dreaded “bit pipe” fate. Wireless operators are also at risk, right along with their fixed line counterparts. The analysis focuses on a high level global view through 2015, providing quantitative and qualitative analysis.
Business Guidelines: Raising the Business Requirements for Wide Scale Identity Federation
Identity federation and the Liberty Alliance specifications provide businesses, governments and individuals with substantial benefits; offering them choice, convenience and control over how they can manage and share identity information. The purpose of this document is to identify the general business considerations that must be addressed by any organization exchanging identity information beyond company boundaries in today’s complex federated identity environment.
LibertyBusinessGuidelines.pdf 341.98 kB
Liberty RFI Response
LAP_ONCHIT_RFI_Response.pdf 380.57 kB
Liberty e-Prescription Scenario
Handout from HIMSS detailing how federation can be used to assist in an e-Prescription deployment to assure privacy and security
eperscrip.pdf 310.30 kB