Framework Drives Trust Across Identity-Enabled Applications Based on Standardized and Certified Identity Assurance Levels
Liberty Alliance, the global identity community working to build a more trust-worthy internet for consumers, governments and businesses worldwide, today announced the first public release of the protocol independent Liberty Identity Assurance Framework (IAF). The IAF details four identity assurance levels to ease and speed the process of linking trusted identity-enabled enterprise, social networking and Web 2.0 applications together based on standardized business rules and security risks associated with each level of identity assurance. Liberty Alliance will launch an IAF identity assurance accreditation and certification program during 3Q 08.
The IAF has been developed within the Liberty Alliance Identity Assurance Expert Group and corresponding public special interest group with input from members of the global financial services, government, healthcare, IT and telecommunications sectors. The policy-based framework removes the need for organizations to “reinvent the wheel” each time they need to make trust decisions about the acceptance of identity credentials, which could span from SAML to X.509, when building and expanding identity systems. Organizations adopting the IAF immediately understand how to address the business and policy challenges involved in adding new members and services to federations based on standardized IAF criteria, helping to reduce the complexities and costs of advancing secure and privacy-respecting inter-federations across sectors and regions.
“The Liberty Identity Assurance Framework provides federation operators and organizations in every sector with an industry standard for moving multi-protocol federations ahead based on trusted identity assurance levels,” said Frank Villavicencio, co-chair of the Liberty Identity Assurance Expert Group and director, Citi Global Transaction Services. “The IAF delivers the business and policy foundation developers, businesses and system integrators can now begin to leverage to more easily build and deploy a wide variety of new federated services and enterprise-grade Web 2.0 applications.”
The four identity assurance levels outlined in the Liberty Identity Assurance Framework are based on a comprehensive set of process and policy criteria organizations must meet to participate in IAF-based federations. The IAF details authentication requirements to allow federation operators and federating organizations to address cross-industry business, policy and privacy requirements related to applications and services built using any federation protocol and falling into each identity assurance level. The first version of the Liberty Alliance Identity Assurance Framework released today is available for download.
According to Dr. Peter Alterman, Asst. CIO for E-Authentication at the US National Institutes of Health and Chair, US Federal PKI Policy Authority, “The Liberty Identity Assurance Framework will help us achieve global trust at common, known levels of assurance. This will enable secure, trusted electronic business transactions outside of the enterprise. We’ve recognized this need for years within the US Government and introduced some of the first successful interfederated business processes in early 2001, and we know that to maximize the value we deliver to all of our citizens and businesses within the US, we must grow these federations to achieve economies of scale, and provide new end user offerings with validated privacy and security. The Identity Assurance Framework enables the growth of these services worldwide.”
Next Step – Liberty Certified Identity Assurance Levels
With four identity assurance levels in place, the IAF goes on to define standard assessment criteria, accreditation and certification rules for organizations to become certified at each identity assurance level. Federation operators and their respective relying party members will leverage IAF assessments performed by Liberty Alliance accredited assessors to determine the credential-based identity services they are willing to trust. Certification of identity assurance levels will provide federation operators with assurances that organizations have met the underlying due diligence applied to the issuance and use of identity credentials being asserted in any given federated transaction. The Liberty Alliance public IAF certification program is being developed within the Liberty Alliance Identity Assurance Expert Group for public launch later this year. More information about the IAF and the certification program is available.