Release of IAF and IGF Drives Standardized Identity Assurances and Policy-Based Data and Privacy Protection across Identity-Enabled Applications and Networks
Liberty Alliance, the global identity community working to build a more trust-worthy internet for consumers, governments and businesses worldwide, today announced an industry milestone in driving trust and privacy into enterprise and identity-enabled applications based on the release of the Liberty Identity Assurance Framework (IAF) and the Liberty Identity Governance Framework (IGF). Today’s news is the result of the collaborative development of standardized frameworks and technologies designed to meet cross-industry requirements for policy-based security and privacy systems, with a focus on streamlining the establishment and management of identity and trust across user-driven applications and networks.
The IAF has been developed within the Liberty Identity Assurance Expert Group and public special interest group under the leadership of Frank Villavicencio, director, Citi Global Transaction Services and Alex Popowycz, vice president, Fidelity Investments. The IAF defines a global standard framework and necessary support programs for validating trusted identity assurance service providers in a way that scales, empowers business processes and fosters the deployment of identity federation networks, by standardizing four identity assurance levels and the related certification process for credential service providers. The protocol independent IAF makes it easier and more cost effective for organizations to link identity federations together based on a uniform definition of the security and privacy risks associated with each level of identity assurance. More information about the IAF is available by viewing today’s corresponding Liberty Alliance Releases Identity Assurance Framework press release.
The IGF has been developed within the global Liberty Alliance Technology Expert Group (TEG) and with open source implementation ongoing at OpenLiberty.org. IGF is the industry’s first declarative policy framework for managing identity flows within organizations motivated by regulatory requirements such as the European Data Protection Initiative, Gramm-Leach-Bliley Act, PCI Security Standard and Sarbanes-Oxley. IGF helps enterprises reduce risk associated with managing identity data by creating a standard for defining enterprise-level policies and controls for consumer consent for sharing sensitive personal information, including personally identifiable information. Such policies ensure that identity-enabled enterprise applications can be deployed and managed securely across enterprise networks. More information about the IGF is available by viewing today’s corresponding Liberty Alliance Announces First Release of Identity Governance Framework Components press release.
“With today’s announcements, Liberty Alliance is delivering on its promise to provide developers, system integrators and organizations in every sector with standardized business and policy frameworks to help build and deploy more trusted identity-enabled enterprise and user-driven applications,” said Roger Sullivan, president of the Liberty Alliance Management Board and vice president, Oracle Identity Management. “The Liberty Identity Assurance Framework and the Liberty Identity Governance Framework help organizations enable a variety of new business services by making it easier to address the business and policy pain points involved in managing identity relationships and user privacy across multiple identity systems.”
The release of the IAF and IGF provide organizations with a portfolio of solutions for driving policy into identity systems in order to better manage the many identity relationships spanning organizations and applications. The protocol independent IAF lays the foundation for establishing standardized identity assurances and the requirements an enterprise or group of enterprises should meet in order to obtain IAF certification. The IGF allows for the creation and updating of policy for protecting identity information and provides enterprises with tools for policy enforcement, decision explanation and auditing. The frameworks speed the advancement of interoperable and secure policy-based identity solutions across vertical markets and regions to better protect consumers against identity theft and fraud and to help organizations meet a variety of global regulatory requirements. The first versions of the IAF andIGF released today are available.
“Identity assurance makes user authentication meaningful. Without it, there is too much risk that the authentication has been compromised,” said Mark Diodati, senior analyst, Identity and Privacy Strategies, Burton Group. “Standards-based identity assurance definitions and attestation functions are particularly important for scalable federation environments, because organizations need a way to ensure that their partners’ identity assurance processes are commensurate with the security needs of the application.”