What is the Liberty Alliance A business alliance
What is the Liberty Alliance ? • A business alliance, formed in Sept 2001, with the goal of establishing an open standard for federated identity management • Global membership consists of consumer- facing companies and technology vendors as well as policy and government organizations tutorial_draft. pdf
Goals : – Provide open standard and business guidelines for federated identity management spanning all network devices – Provide open and secure standard for SSO with decentralized authentication and open authorization – Allow consumers/ businesses to maintain personal information more securely, and on their terms tutorial_draft. pdf
Open Interaction and Participation tutorial_draft. pdf
ID-FF Concepts w Simplified Sign-On (aka Single Sign-On) Allows a user to sign-on once at a Liberty enabled site and to be seamlessly signed-on when navigating to another Liberty-enabled site without the need to authenticate again. w Single Logout provides synchronized session logout functionality across all sessions that were authenticated by a particular identity provider. tutorial_draft. pdf
Key Concepts w Network Identity is the fusion of network security and authentication, user provisioning and customer management, single sign-on technologies and Web-services delivery. w Federated identity architecture delivers the benefit of simplified sign-on to users by granting rapid access to resources to which they have permission but does not require the user’s personal information to be stored centrally. tutorial_draft. pdf
Federated Identity Lifecycle tutorial_draft. pdf
Single Sign-on and Federation tutorial_draft. pdf
Id. P-initiated Single Logout tutorial_draft. pdf
ID-WSF Concepts w Discovery Service enables various entities (e. g. Service Providers) to dynamically discover a Principle’s registered identity services. w Interaction Service protocols provide an identity service the means to obtain permission from a users. w Attribute Provider hosts a data service – such as IDPersonal Profile. tutorial_draft. pdf
The Complete Liberty Architecture
Interaction tutorial_draft. pdf
Business Guidelines w Federated Identity cannot be successful based on technology alone. Also required are: n n n IT staff to manage and implement a set of specifications that cross several domains of expertise A clean directory Pre-existing agreements with others in a circle of trust w Detail major issues for federated identity interchange and trust relationships n n Examine risk and liability in identity interchange Identify success criteria for global and crosscompany federation tutorial_draft. pdf
Business Guidelines
IBM/France Telecom Deployment w Create a single-sign-on network for France Telecom's 50 million cellular phone users w Subscribers can sign-on via mobile telephone or personal computer w Makes single-sign-on systems even more important, since logging into a network with a phone is much slower than using a PC's keyboard. w Applications that France Telecom hopes that it or its partners will supply include instant messaging, location -based services, games, online banking and e-mail
AOL/D-Link Deployment w AOL Broadband subscribers use D-Link's wireless media player to play music from the Radio@AOL service on home stereos. w The media player uses the Liberty protocols to access Radio@AOL on behalf of a user n No need to login to AOL to use media player w AOL demonstrated the same service running over a Nokia handset at the 3 GSM Conference this February
Japan’s Edu. Mart Deployment w Part of the e-Japan Policy Priority Program w Spearheaded by the Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society w Brings rich educational content to students at more than 40, 000 schools n n Established an open interface Built an educational content distribution network that will lead to a system in which both public institutions and private businesses can connect to interfaces and freely participate.
County Land Document Recording Exchange w Deployment across Government and Industry Streamlines the land recordation process (thousands of counties and innumerable lenders/title companies each with separate systems and identities) w Establishes a strong foundation for an industry “Circle of Trust”
Product Support w w w w AOL (announced) Communicator (available) Computer Associates (Q 4*) Data. Key (available) Digi. Gan (Q 3*) Ericsson (Q 4) Entrust (Q 1 2004) France Telecom (Q 4 2003) Fujitsu Invia (available) Gemplus (TBD) HP (available) July Systems (available) Netegrity (2004) Neu. Star (available) Nokia (2004) Novell (available) w w w w NTT Software (available) (2004) People. Soft (available) Phaos Technology (available) Ping Identity (available) Post. X (available) RSA (Q 4) Salesforce. com (TBD) Sigaba (available) Sun Microsystems (available) Trustgenix (available) Ubisecure (available) Verisign (Q 4*) Vodafone (2004) Wave. Set (available) *Delivery dates being confirmed
For More Information W W W. PROJECTLIBERTY. ORG • www. oasis-open. org/committees/tc_home. php? wg_abbrev=security • www-106. ibm. com/developerworks/library/ws-fed/ • Contact me: Rebekah Metz metz_rebekah@bah. com
- Slides: 19