Setting a pace that the IETF and other slow-moving standards bodies could envy, the Liberty Alliance announced last week the completion of market requirements document (MRD) for the Identity Governance Framework (IGF). It also announced that development of technical specifications to meet use case requirements is now occurring both within Liberty's Technology Expert Group (TEG) and at openLiberty.org (home of open source tools to further the use of Liberty protocols).
The IGF, you may remember, was first proposed late last fall by Liberty Alliance member Oracle and turned over to the Liberty Alliance during the winter. For the IGF to complete the MRDs in less than six months is commendable. (The IETF can take years just deciding if they want to pursue a particular protocol.)
IGF is a programmatic framework designed to help organizations meet regulatory requirements such as the European Data Protection Initiative, Gramm-Leach-Bliley Act, PCI Security Standard and Sarbanes-Oxley. According to Liberty spokesman Russ DeVieu, “With the MRD now completed, work can progress rapidly on the creation of the technical specifications and open source implementations required to speed the development of standards-based end-to-end auditing and governance solutions.”
The framework defines what could be called a series of “contracts” between applications and sources of identity data. There are four key components of IGF:
* Client Attribute Requirement Markup Language (CARML) – an XML-based declarative contract defined by application developers that informs deployment managers and service providers about the attribute usage requirements of an application.
* Attribute Authority Policy Markup Language (AAPML) – a set of policy rules regarding the use of identity-related information from an identity source that allow these sources to specify constraints on use of provided data by consuming applications.
* CARML API – an API that makes it easier for developers to write applications that consume and use identity-related data in a way that conforms to policies set around the use of such information.
* Identity Service – a policy-secured service for accessing identity-related data from multiple identity sources.
You can download the IGF MRDs and view a Webcast review of the IGF developments on Aug. 15. Registration and more information about the Webcast, “An Overview of the Identity Governance Framework: Putting Privacy and Regulatory Compliance First”, is available at the Liberty Alliance Web site.
Recent Award: Verisign’s David Recordon was recently presented with the Google-O'Reilly Open Source Award as Best Strategist for his work on OpenID. Congratulations from all of us, David.
Editor's Note: Starting Aug. 13, this newsletter will be renamed "Security: Identity Management" to better reflect the focus of the newsletter. We thank you for reading Network World newsletters!