Best practices, effective business guidelines and a thorough technical understanding are core to the values of Liberty Alliance. We know that the identity challenge is both technical, business, and policy oriented. Defining and understanding these ever changing elements of identity is where a lot of our member work is focused.
Additionally, many member companies have also written whitepapers.
Liberty Identity Assurance Framework v1.1 – 6/2008
The Liberty Alliance Identity Assurance Expert Group (IAEG) was formed to foster adoption of identity assurance services. Utilizing initial contributions from the e-Authentication Partnership (EAP) and the US E-Authentication Federation, the IAEG’s objective is to create a framework of baseline policies, business rules, and commercial terms against which identity assurance services can be assessed and evaluated. The goal is to facilitate assured identity federation to promote uniformity and interoperability amongst identity service providers. The primary deliverable of IAEG is the Liberty Identity Assurance Framework (LIAF).
Liberty Alliance Web Services Framework: A Technical Overview – 3/2008
This overview enumerates the major features of Liberty Web Services, a framework for identity-based services that provides added value for identity, security, and privacy above and beyond basic web services, and thereby makes identity data portable across domains.
Authentication 2.0–New Opportunities for Online Identification, a paper by CSIS – 1/2008
Digital networks offer people new opportunities. Taking advantage of these opportunities, however, will depend on whether we can improve our ability to authenticate identity online. Weak authentication distorts social interactions, security, and business on the Net. Without better authentication, we will forgo many opportunities and the Net will remain a place that holds considerable risk. Authentication technologies that can create digital credentials that are secure, but not necessarily trustworthy. This anomaly explains how we ended up where we are today – in a situation where we have very strong credentials that are not widely trusted and therefore not widely used. The problem – and the solution – to authentication do not lie with technology. Better authentication requires expanding trust, but trust is in short supply on the Internet. This paper explores what is needed for a solution.
Liberty Identity Assurance Framework v1.0 – 11/2007
The Liberty Alliance Identity Assurance Expert Group (IAEG) was formed to foster adoption of identity assurance services. Utilizing initial contributions from the e-Authentication Partnership (EAP) and the US E-Authentication Federation, the IAEG’s objective is to create a framework of baseline policies, business rules, and commercial terms against which identity assurance services can be assessed and evaluated. The goal is to facilitate assured identity federation to promote uniformity and interoperability amongst identity service providers. The primary deliverable of IAEG is the Liberty Identity Assurance Framework (LIAF). Members of the public community can submit feedback on the Liberty Identity Assurance Framework here: https://maa.projectliberty.org/id/idf-feedback.html
An Overview of the Id Governance Framework – 7/2007
The secure and appropriate exchange of identity-related information between users and applications and service providers (both internal and external) is the basis of providing deeper and richer functionality for service-oriented architecture. Sensitive identity-related data such as addresses, social security numbers, bank account numbers, and employment details are increasingly the target of legal, regulatory, and enterprise policy. These include, but are not limited to, the European Data Protection Initiative, Sarbanes-Oxley, PCI Security standard, and Gramm-Leach-Bliley as examples. The Id Governance initiative assists entities managing identity data with increased transparency and demonstrable compliance with respect to policies for identity-related data. It would allow corporations to answer questions such as: Under what conditions may user social security numbers be accessed by applications? Which applications had access to customer account numbers on January 27, 2007?
Access to Identity-Enabled Web Services in Cross-Border, Inter-Federation Scenarios – 6/2007
This technical whitepaper describes the different potential options to access identity-based web services in Inter-federation (Inter-CoT ) scenarios; i.e., when there is no business relationship between the service requestor and the service provider AND such relationship can not be inherited from a commonly-trusted third party, such as in typical federation cases – Intra-CoT. Even if there is such lack of direct business relationship, final interoperability is still possible by (indirect) inheritance of the trust relationship existing among the entities operating the different CoTs. The solutions proposed in this whitepaper are especially interesting in certain scenarios, such as those associated with roaming situations in the telecommunications industry. They can also be applicable to other industries such as the eHealth or eGovernment sectors.
Liberty Alliance Contractual Framework Outline for Circles of Trust – 3/2007
This document provides guidance on suggested business structures and terminology for a Liberty enabled technology deployment necessary to create a legally binding Circle of Trust (CoT). Its purpose is to facilitate a Liberty enabled deployment of identity management specifications and technology by assisting stakeholders and their legal and executive management teams in the identification of the legal structure best suited for their deployment. Such structures and contractual agreements among participating parties serve to create a trusted and legally binding relationship among the participants.
Cross Operation of Single Sign-On, Federation, and Identity Web Services Frameworks – 2/2007
As standards evolve, both in versions and in scope, it is necessary to adopt newer technologies. This poses problems in terms of already-provisioned federations as well as in using combinations of frameworks that were not foreseen at the time when the specifications were written. This technical whitepaper provides pragmatic solutions for these situations, providing equivalence or interoperability of Name IDs as well as specifying how all known combinations of SSO assertions and bootstraps are represented.
Digital Identity Management A Critical Link to Service Success: A Public Network Perspective – 1/2007
This research, conducted by the Telecompetition Group, looks at the opportunity and challenges facing all public network operators – companies, whether they have fixed, wireless or mixed infrastructure. Such large, capital-intensive companies have survived many societal transformations and in many ways, they have thrived. The roadmap is not quite as clear as we look forward at the next transformation– to a world where many different players are able to delivery compelling content and services often without the burden of large investments in infrastructure. The operator becomes the pipe while others enjoy the openness and other benefits of IP-based technologies. The study analyzes identity management and its crucial role in enabling personalized services. Identity management is viewed as a crucial element in a basket of technology enablers that will be instrumental in preventing network operators from experiencing a dreaded “bit pipe” fate. Wireless operators are also at risk, right along with their fixed line counterparts. The analysis focuses on a high level global view through 2015, providing quantitative and qualitative analysis.
Personal Identity – 2/2006
The open identity protocols of the Liberty Alliance have built-in user consent and privacy features, which are designed to work with a wide variety of network devices. In addition, the Liberty model works equally well with human users and the machine-to-machine communications involved in service-oriented architectures. This document discusses the methods provided by the Liberty ID-FF and ID-WSF specifications for the making and verification of identity claims.
Identity Theft Primer – 11/2005
This paper, written by the Identity Theft Prevention Special Interest Group of the Liberty Alliance, clearly explains how a cross-organizational and vendor-neutral method of approaching the challenge of identity theft can work where piecemeal approaches will not. It includes a detailed identity theft matrix that explores the various types of identity theft and possible mitigating strategies, as well as an identity theft lifecycle that presents the various stages of the identity theft problem.
Appendix A: Glossary of Attack Vectors – 11/2005
This document provides a glossary of terms used in the discussion of Identity Theft, and is meant to service as a companion piece to the Identity Theft Primer.
Liberty Alliance Whitepaper: Liberty ID-WSF People Service – Federated Social Identity – 11/2005
Provides an overview of the motivation and value of federated social networks, and how the Liberty Alliance’s People Service can enable networks.
Deployment Guidelines for Policy Decision Makers – 8/2005
Privacy and security are key concerns in the implementation of Liberty Alliance specifications and deployment of Liberty-enabled technologies and business models. As such, the Liberty Alliance has and will continue to provide tools and guidance to implementing companies that enable them to build more secure, privacy-friendly identity-based services that can comply with local regulations and create a more trusted relationship with customers and partners.
Liberty ID-SIS Contact Book Service Implementation Guidelines – 6/2005
This document provides implementation guidelines supplemental to the Liberty ID-SIS Contact Book Service specification.