Liberty Alliance publishes updated specs for ID management

IDG News Service - The Liberty Alliance Project industry consortium published the final version of its Phase 2 specifications today and named five companies that will be releasing identity management products that support the new standards.
The Phase 2 Liberty Identity Federation Framework, which finalizes a draft standards document that was released in April, is intended to make Web services easier to deploy and ensure that they comply with laws for securing privileged user information.
Web services allow businesses and business applications to use open technology standards such as XML and SOAP to communicate and share information with each other and with customers over corporate intranets or the Internet.
Phase 2 builds upon standards for sharing user authentication information such as usernames and passwords among organizations and adds guidelines for sharing other user attributes, said Sai Allavarpu, group business manager for network identity services at Sun Microsystems Inc. Sun is a founding member of the Liberty Alliance.
The new standards will make it possible to link user accounts at two or more organizations that exchange information in a Web services transaction and share data such as billing information, credit card numbers and shipping information. That will allow for "mainstream" Web services deployments, something not possible with just the Phase 1 specifications, Allavarpu said.
"Phase 2 bakes privacy into the [Web services] architecture," he said. "When you share data with businesses, you can decide what kinds of conditions and controls you want to place on that data."
Also, the newer specifications introduce features such as a "resource owner interaction service" that will allow users to be contacted on mobile devices such as cellular telephones and confirm requests to share their user information, he said.
For example, a book ordered on Amazon.com Inc.'s Web site might generate a request from FedEx Corp., that's sent to the user's cellular telephone or mobile device, to allow FedEx in order to share the shipping address with Amazon, Allavarpu said.
Those kinds of services may be particularly attractive to telecommunications companies in Europe and the U.S., which are eager to expand the number of premium services they can offer their phone customers but which also must contend with privacy regulations that restrict the sharing of customer information, according to Dan Blum, an analyst at Burton Group.
With a robust identity framework that allows companies to securely exchange useful information about user demographics and preferences, telecommunications companies will find it easier to market and sell new services such as games, restaurant recommendations and applications, Blum said.
Vodafone Group PLC plans to

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.