Liberty Alliance releases new client ID specs

Mobile devices to act as "trusted modules" for own info

The Liberty Alliance released a new set of specifications aimed at protecting identity information transmitted by mobile devices during Web-based transactions.

The Advanced Client specifications are platform independent and could be used in devices such as cameras, laptops and TVs, the Liberty Alliance said Wednesday. The alliance is a consortium that defines protocols used for federated identity and Web services.

Liberty sees the specifications as a crucial step in protecting the privacy and security of Internet transactions, such as single sign-on authentication and client-based Web services, all of which underpin e-commerce transactions. The organization has also developed a legal framework for how businesses can approach sharing user identity information.

The Advanced Client specifications draw on ID-WSF 2.0 (Identity Web Services Framework) (PDF format), a Web services framework for identity-based transactions, and allow for identity information to be safely stored and managed whether a device is online or offline, Liberty said.

The advantage is that users will be able to act as their own ID provider, or a "trusted module," if they can't connect to the ID provider for some reason, said Roger Sullivan, president of the Liberty Alliance Management Board and a vice president in the identity management section at Oracle Corp. The user would also be able to access other Web services that trust the identity information.

"You want to be able to continue working if you are no longer connected to the identity provider," Sullivan said. "The whole foundation of this is to provide that kind of trust and security for these credentials."

BT Group PLC, Intel Corp. and Hewlett-Packard Co. -- all members of Liberty -- recently showed a proof-of-concept application using the Advanced Client specifications, said Conor Cahill, an identity architect with Intel's Corporate Technology Group. It involved provisioning identity credentials over a wireless network to a laptop using the Extensible Authentication Protocol Method for GSM Subscriber Identity protocol, he said.

Other vendors may bring forward products that use the Advanced Client specifications for Liberty's next round of interoperability testing, scheduled for May or June, Sullivan said.

The Advanced Client specifications are available for download.

Liberty will update the specifications later this year, expanding the ID provisioning functions and adding new reporting capabilities, Sullivan said. The changes will improve how devices are managed and create a framework for compliance and regulatory requirements, it said.

Copyright © 2007 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon