General questions related to the Identity Assurance work, including the merge of EAP into Liberty Alliance, Liberty Trust Framework, and discussion of other key issues related to this important Expert Group.
The Electronic Authentication Partnership (EAP) and Liberty Alliance have always shared a number of similar goals. Both organizations have recognized that the industry needs a common trust framework to allow interoperable inter-federations to advance more easily and on the widest possible scale. Established in 2002 and recently approved as a non-profit membership organization, the EAP realized that a merger into Liberty Alliance would allow it to extend its work in developing the EAP Trust Framework by leveraging the participation of Liberty’s global membership, the work of its expert and special interest groups and its proven model of addressing the technology, business and privacy aspects of identity management. The merger of EAP into Liberty Alliance provides both organizations with a mutually beneficial relationship for quickly developing the Liberty Trust Framework.
The Liberty Trust Framework is an organizational framework designed to fill cross-industry requirements for standardized identity assurance criteria for use in a broad range of federation scenarios. The Framework will provide organizations in every sector and region with criteria for moving identity federations forward based on a standard approach to managing identity assurance levels and associated business processes and technologies. Work on developing the Framework is happening within Liberty’s new global Identity Assurance Expert Group (IAEG) where members are developing the Liberty Trust Framework by initially extending contributions from the Trust Framework of the EAP and the Credential Assessment Framework of the US E-Authentication Federation.
The Trust Framework of the EAP collectively defines the industry-led self-regulatory framework for electronic trust services in the United States, as operated by the EAP. The trust framework includes, among other documents, descriptions of criteria, rules, procedures and processes to help organizations manage identity assurances across federated and inter-federated relationships. The information found in the Trust Framework of the EAP is providing the foundation for developing the Liberty Trust Framework within the IAEG.
The Credential Assessment Framework puts forth the assessment criteria by which credential service providers will be certified to the EAP Trust Framework. The IAEG will incorporate some of the criteria established in the Credential Assessment Framework into the Liberty Trust Framework.
The IAEG is developing the Liberty Trust Framework to remove a major barrier to global inter-federation deployments: the complexity of assessing the level of identity assurance among all organizations participating in federated relationships. Currently, different federations have varying policies and processes governing identity operations, the interpretation of which adds to the cost and complexity of deploying assured identity services. With common criteria for determining accurate identities in place, the Liberty Trust Framework will make it easier to bring new members into existing federations as well as simplify how federations themselves can interoperate.
IAEG was formed by the merge of the EAP into Liberty Alliance and is currently focused on the development of the Liberty Trust Framework. IAEG is Liberty’s fifth global expert group, joining the Business Marketing Expert Group (BMEG), Technology Expert Group (TEG), Public Policy Expert Group (PPEG) and Strong Authentication Expert Group (SAEG). The group consists of members representing the worldwide financial services, government, healthcare and service provider sectors and is working with all of Liberty’s expert and special interest groups (SIGs), such as the eGovernment, eHealth, Identity Theft Prevention, Japan and Norway SIGs, to collaboratively drive the development of the Liberty Trust Framework.
Liberty Alliance has made memberships available to all EAP members and since forming the IAEG last month, and many members of the EAP have joined the Alliance. These new members include representatives from Health Information and Management Systems Society (HIMSS), Mortgage Bankers Association (MBA), the Postsecondary Electronic Standards Council (PESC), the Reserve Bank of Cleveland, University Bancorp and Wells Fargo. Several other EAP members were already members of the Liberty Alliance.
Liberty’s IAEG is co-chaired by Jane Hennessy, Senior Vice President, Wells Fargo Bank, N.A., and Michael Sessa, Executive Director, Postsecondary Electronic Standards Council (PESC). In addition to members joining from the EAP, members of the IAEG include representation from Adobe, BT, Fidelity Investments, HP, SanDisk, Sun Microsystems, Symlabs and the US GSA. The group currently has over 30 members representing public and private sector organizations from around the world.
All individuals and organizations interested in advancing identity assurances across industries and regions are encouraged to join Liberty’s IAEG to participate in the development of the Liberty Trust Framework. Earlier this year Liberty Alliance made changes to its membership structure and added new member benefits in order to make it easier for everyone to access the resources of the Alliance and participate in its global expert and special interest groups. Individuals and organizations interested in joining the IAEG can get more information by visiting here. More information about how to join many of Liberty’s public groups and mail lists is also available.
The Liberty Trust Framework will be applicable to all identity initiatives and specifications. The Framework provides a standard set of criteria so that identity transactions — with assurance requirements ranging from leaving a comment on a blog to high-value government and financial transactions requiring the highest degree of security and privacy protection — can move ahead based on a standard organizational framework for managing identity assurance levels and associated business processes and technologies. The Framework establishes baseline operating and assessment criteria, including rules and processes, designed to provide a guideline toward interoperability for all identity protocols.
All organizations relying on identity credentials as a means of supporting business processes will be interested in the Liberty Trust Framework. More specifically, direct consumers of the Liberty Trust Framework will include identity service providers, federations, trust schemes, government agencies and private sector corporations. The Liberty Trust Framework will provide organizations with opportunity to extend the functionality of existing identity management solutions and move to achieve interoperability of identity credentials across inter-federated relationships.