Liberty Alliance Identity Theft Workgroup FAQ

  • What is Liberty Announcing?
  • Why did Liberty Alliance form the Identity Theft Protection Group?
  • How does the formation of the Identity Theft Protection Group represent a “natural progression” of Liberty’s work in open identity specifications?
  • Aren’t there other organizations already working to solve this issue?
  • How will Liberty’s Identity Theft Protection Group differ from what these other companies and organizations are doing in the identity theft space?
  • Has Liberty always addressed the technology, policy and business issues of identity?
  • What will Liberty’s Identity Theft Protection Group do?
  • What Liberty members are participating in the group?
  • What organizations from outside of Liberty’s membership base are involved with the Identity Theft Protection Group?
  • How will Liberty accomplish its goals in curbing online identity theft by working with so many organizations?
  • Do you need to be a member of Liberty Alliance to participate in the Identity Theft Prevention Group?
  • Will the work of Liberty’s Identity Theft Prevention Group influence how Liberty currently develops specifications?
  • How do Liberty’s federated identity specifications help in combating identity theft?
  • How does Liberty’s work in federated identity help restore “trust” to consumers?
  • Some in the industry have said federation adds to the identity theft problem. What is Liberty’s response to this?
  • How do Liberty specifications help consumers protect their privacy?
  • How do Liberty-enabled products differ from what other vendors are offering in the identity and identity theft space?
  • Where can consumers find companies offering Liberty-enabled solutions?
  • When will we see more news from Liberty’s Identity Theft Prevention Group?

    Q: What is the Liberty Alliance Project?
    A: The Liberty Alliance Project (https://projectliberty.org) was formed in September 2001 to serve as the premier open standards organization for federated identity and identity-based services. The Alliance is delivering specifications and guidelines to enable a complete network identity infrastructure that will resolve many of the technology and business issues hindering the deployment of identity-based web services.

    Q: What is Liberty Announcing?
    A: Liberty is announcing the formation of a cross-organizational group to address issues of online identity theft and fraud. The name of the group is the Liberty Alliance Identity Theft Protection Group.
    Q: Why did Liberty Alliance form the Identity Theft Protection Group?
    A: Identity theft is a critical concern to our members—many of whom have been working to address online identity theft and fraud for quite some time. The formation of the group represents a natural progression of Liberty’s work in collaborative identity specifications and brings together the resources – both within and outside of our membership base — to attack the online identity theft problem aggressively and in a collaborative environment.

    Q: How does the formation of the Identity Theft Protection Group represent a “natural progression” of Liberty’s work in open identity specifications?
    A: Liberty Alliance is the only global body of vendors, consumer-facing companies,
    government agencies, and non-profit organizations focusing on all aspects of identity.
    Our 150 members have hands-on knowledge and experience implementing complex identity systems. We understand the technical and — more importantly —
    non-technical challenges associated with such implementations. We’ve got processes in place to pull together the various requirements to address ID theft and fraud and reconcile those requirements to meet broad demand.

    Q: Aren’t there other organizations already working to solve this issue?
    A: Yes, there are many individual organizations doing valuable work in the online identity theft and fraud space. Some of these organizations are individual technology vendors, some are government and law enforcement agencies, and some are advocacy and consumer groups. But the online identity theft problem is too big and growing too quickly to be solved by only one vendor or by multiple organizations with limited scope and reach. Liberty Alliance has formed this new group with the belief that when the industry works together, the majority of online identity theft issues will be solved faster and on a broader scale.

    Q: How will Liberty’s Identity Theft Protection Group differ from what these other companies and organizations are doing in the identity theft space?
    A: Liberty’s identity theft group is about attacking online identity theft issues in a collaborative environment and from multiple fronts. The online identity theft problem is multi-faceted and brings new challenges to businesses and consumers almost every day. Addressing and moving to solve these issues won’t happen in silos. Identity theft impacts technology, policy and business practices and for identity theft solutions to work, they must be comprehensive. This is where Liberty’s identity theft group is unique – we are addressing online identity theft from a holistic perspective – combining our work in open identity specifications, privacy and business guidelines with the work of others in the industry to address the problem from a comprehensive and global perspective.

    Q: Has Liberty always addressed the technology, policy and business issues of identity?
    A: Yes. Since Liberty was formed in 2001, it has continuously demonstrated success in analyzing broad market needs — and quickly driving solutions to meet those needs – by addressing identity from a technology, policy and business perspective. Liberty released its first set of technical specifications in April 2002 and regularly releases new specifications to solve a variety of identity issues. Liberty has tremendous depth in its membership to address technical challenges and is the only identity-focused organization that has an experienced policy team, which has released best practice and privacy guidelines. Our business expert group has always been focused exclusively on the business aspects of identity through guidelines, updates and case studies.

    Q: What will Liberty’s Identity Theft Protection Group do?
    A: Member activities are focused on developing comprehensive strategies and potential solutions to the online identity theft and fraud problem based on the information and experience all members bring to the group. The group is developing an identity theft matrix, which identifies attack vectors from a technical, physical and social engineering perspective, and analyzes potential solutions for each. Members are also involved in research and the development of case studies and white papers to provide education for consumers and organizations on best practices for combating online identity theft and fraud. The group is also working closely with other organizations — government agencies, advocacy and consumer groups and law enforcement agencies—to create a global network for delivering vendor-neutral information, guidance and best practices for combating the online identity theft problem.

    Q: What Liberty members are participating in the group?
    A: Since Liberty approved the formation of the group in April, interest from across Liberty’s membership base has been enormous. The group is co- chaired by Michael Barrett, past president of the Liberty Alliance Management Board and Vice President Internet Strategy, American Express and Alex Popowycz, member of the Liberty Alliance management board and Vice President, Fidelity Investments. The group currently has over thirty-five member organizations participating and includes representatives from Liberty’s management board and all of Liberty’s expert groups.

    Q: What organizations from outside of Liberty’s membership base are involved with the Identity Theft Protection Group?
    A: We’ve put a liaison program in place to encourage broad industry participation in the group’s activities. The goal of this program is to ensure that Liberty’s identity theft group is leveraging the work and accomplishments of many regional, national and global organizations working to provide education and solutions for identifying, reducing and solving the online identity theft problem. While we’ve begun working relationships with numerous groups from around the world, our initial focus in this area has been in developing close working relationships with organizations focusing on identity theft issues from both a consumer and business perspective.

    Q: How will Liberty accomplish its goals in curbing online identity theft by working with so many organizations?
    A: Liberty has a track record of success when it comes to getting the job done in a multi-organizational and global environment. From day one, our greatest strength has been in working collaboratively with members and other organizations to deliver open identity solutions that solve real problems. This is the model we are applying to our identity theft group and one we believe will be effective in helping to solve the online identify theft problem.

    Q: Do you need to be a member of Liberty Alliance to participate in the Identity Theft Prevention Group?
    A: While we are working with many global national and regional organizations to collaboratively attack the online identity theft problem, Liberty membership is required to actively participate in the identity theft workgroup. The group is open to all Liberty members regardless of membership level. Current participation spans across the entire Liberty Alliance membership base.

    Q: Will the work of Liberty’s Identity Theft Prevention Group influence how Liberty currently develops specifications?
    A: Yes. From day one our mission has been to provide open, identity specifications and business guidelines for managing open, interoperable federated identity and we have always done this in a collaborative, vendor-neutral environment. This is the basis for our existence and will not change. We believe the recommendations of this group will positively impact our technical, policy and business work and we look for forward to that happening based on work stemming from the group.

    Q: How do Liberty’s federated identity specifications help in combating identity theft?
    A: Federation offers businesses, governments, employees and consumers a secure and convenient way to control identity information. A federated network identity delivers the benefit of simplified sign-on to users by allowing users to “link” elements of their identity between accounts without centrally storing all of their personal information. This increases security and delivers better identity control. With a federated network identity approach, users authenticate once in a trusted environment while still retaining complete control over their personal information.

    Q: How does Liberty’s work in federated identity help restore “trust” to consumers?
    A: There can be no doubt that highly visible threats are causing consumers to hesitate before conducting e-commerce transactions. The online world is moving to a federated identity model because centralized and static identity solutions have proven to be ineffective at helping to eliminate many of today’s most pressing identity issues. Liberty’s open identity specifications have been developed based on the principle that consumers should 1) have choice in what personal information they share and 2) be able to give permission before data is passed on to others. Only when consumers have control of their personal information – from any fixed or mobile device — will trust in the internet be restored. Liberty’s open identity specifications are delivering these capabilities to consumers now.

    Q: Some in the industry have said federation adds to the identity theft problem. What is Liberty’s response to this?
    A: While it’s true that there is no single answer to ID theft, these critics are wrong. Federation provides a structural deterrent to many identity theft attack vectors and we believe it represents the e-commerce model of the future. Liberty has always been focused on quality security and privacy in its specifications, which delivers inherent benefits when addressing ID Theft. There are 4 basic tenets in a quality federation implementation:

  • Superior security and privacy inherent in interactions between the Principal, Identity Provider and Service Provider
  • No single point of failure, i.e. limited information in any one repository
  • Permission-based access to attributes
  • Coordinated response to incidents of fraudAdd to that the fact that Liberty is regularly releasing updates to its specifications, and you see quickly how this sort of a standards approach to identity provides superior protection.Q: How do Liberty specifications help consumers protect their privacy?
    A: The Liberty Alliance Project is the only identity-focused global organization that has a Public Policy Expert Group (PPEG), which provides advice and guidance on enabling privacy functionality within Liberty specifications. We address privacy in the specification development process. Our Public Policy Expert Group exerted influence from Day One on privacy issues and continuously invites input from policy makers and privacy advocates. All technology decisions are made to enhance privacy and make it easier to implement good privacy practices from both an organizational and consumer perspective.Q: How do Liberty-enabled products differ from what other vendors are offering in the identity and identity theft space?
    A: Liberty’s technology solutions have been implemented and proven by companies such as American Express, AOL, Fidelity, General Motors and Nokia. Approximately 400 million Liberty-enabled identities or clients are anticipated globally by the end of 2005, so clearly these are proven specifications. In addition, Liberty members represent the top global companies for just about every industry, which means the technology, policy and business guidelines have been developed in collaboration with leading global organizations. Liberty’s privacy guidelines already take into account varying privacy laws across the globe. Liberty specifications are developed based on the following fundamental decisions:
  • To use a de-centralized architecture, where it is not necessary to have data stored with a single entity;
  • To use a federated architecture, where parties are free to link networks as business judgment dictates;
  • To support and promote permissions-based attribute sharing to enable consumer choice and control over the use and disclosure of his or her personal information;
  • To provide open specifications that are not centrally administered;
  • To provide interoperable specifications that can be used on a wide variety of network access devices;
  • To leverage existing systems, standards, and protocols where they work well;
  • To enable companies to transmit information using the specifications with the best available security;
  • To include in the specifications, tools that enable companies to respond to consumer interests regarding privacy and security and to compete on that basis.Q: Where can consumers find companies offering Liberty-enabled solutions?
    A: A list of Liberty members is available on the Web site (www.projectliberty.org). A list of organizations who have completed Liberty’s interoperability testing (meaning they have proven adherence to Liberty’s interoperability elements for the specifications) is also available at https://www.projectliberty.org/activities/conformant_products.php.Q: When will we see more news from Liberty’s Identity Theft Prevention Group?
    A: This group was formed in April, and has already achieved a lot in terms of a common ground for understanding Identity Theft. In the short-term, you’ll see the threat matrix and whitepapers produced that are aimed to help the industry at large come to a common definition for identity theft. You’ll also see outreach to other industry groups and organizations, via formal meetings like the ID Theft Workshop and informal discussions. This work will be continual, and we’re happy to be moving forward so quickly.

LEAVE A REPLY

Please enter your comment!
Please enter your name here