Alliance Launches Effort to Link Authentication Tools

Computerworld - The Liberty Alliance Project, a consortium of companies that's working on federated identity management standards, last week announced the creation of a group that will focus on developing interoperability specifications for so-called strong authentication tools.

The Strong Authentication Expert Group (SAEG) includes American Express Co., Financial Services Technology Consortium Inc. (FSTC), Oracle Corp., VeriSign Inc. and the Defense Manpower Data Center within the U.S. Department of Defense.

Roger Sullivan, a Liberty Alliance board member, said the new group will try to speed up the development of strong authentication interoperability standards, specifically for federated networks where end users can use one set of identity credentials to gain access to multiple network domains.

But Sullivan, who is a vice president of business development at Oracle, added that "the principles of what we are discussing" could also be applied in network environments that aren't federated.

For that reason, the initiative should be relevant to the retail banking industry, said Jim Salters, director of technology development and business initiatives at the New York-based FSTC. He noted that banks face a deadline of Dec. 31, 2006, for implementing stronger processes for authenticating online customers under guidelines issued last month by the Federal Financial Institutions Examination Council.

The SAEG's Identity Strong Authentication Framework will be designed to enable technologies such as smart cards, tokens and biometric tools to interoperate across organizations, networks and vertical market segments. The first draft of the framework, which is referred to informally as ID-Safe, is expected to be completed by mid-2006.

Meanwhile, the FSTC is developing its own set of guidelines and standards for improving mutual authentication processes between banks and online customers.

The blueprint for mutual authentication is being developed by a 25-member group, including representatives from eight of the top 10 banks in the U.S., Salters said. He added that the goal is to make it easier for financial institutions to deploy strong authentication technologies and for consumers to adopt them.

The process brings financial institutions together "to discuss the commonalities that need to be in place for deploying stronger authentication," Salters said.

An initial set of specifications is due in next year's first quarter. The FSTC will also create a list of the interoperability and technology features that the financial industry needs to work on or provide to IT vendors, Salters said.

Another group working toward similar goals is the Initiative for Open Authentication, or Oath, which has a membership made up largely of IT vendors. Oath is developing interoperability standards and a reference architecture to foster the adoption of stronger authentication technologies.