User companies pilot Liberty spec

After more than a year spent crafting a specification, the Liberty Alliance Project now has some of the largest end-user companies and banks in the U.S. putting its work to the test in an effort to see if Liberty can deliver on its promise of a federated identity management system.

General Motors, a founding member of Liberty, is testing the specification by incorporating it into security software for its employee intranet called MySocrates to provide users a single ID for accessing internal human resources data and external Web sites for 401K and health benefit services. The company also is evaluating Liberty as the foundation for a universal authentication service for its network of 10,000 supplier partners.

“We hope any early successes will galvanize the industry around identity management and show the industry how it should move forward,” says Rich Taggert, director of enterprise architecture and IT standards for GM’s global technology management group. Also, a collection of the largest cash management banks in the U.S. is working with consulting firm Niteo Partners, another Liberty member, to create a network for sharing data secured by Liberty-based identity services. The firm also is working with the Bond Market Association, a trade group representing the $17 trillion global debt markets, to build a Liberty-secured data portal this year for bond dealers to do everything from find new issues to resolve post-trade disputes.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

After more than a year spent crafting a specification, the Liberty Alliance Project now has some of the largest end-user companies and banks in the U.S. putting its work to the test in an effort to see if Liberty can deliver on its promise of a federated identity management system.

General Motors, a founding member of Liberty, is testing the specification by incorporating it into security software for its employee intranet called MySocrates to provide users a single ID for accessing internal human resources data and external Web sites for 401K and health benefit services. The company also is evaluating Liberty as the foundation for a universal authentication service for its network of 10,000 supplier partners.

“We hope any early successes will galvanize the industry around identity management and show the industry how it should move forward,” says Rich Taggert, director of enterprise architecture and IT standards for GM’s global technology management group. Also, a collection of the largest cash management banks in the U.S. is working with consulting firm Niteo Partners, another Liberty member, to create a network for sharing data secured by Liberty-based identity services. The firm also is working with the Bond Market Association, a trade group representing the $17 trillion global debt markets, to build a Liberty-secured data portal this year for bond dealers to do everything from find new issues to resolve post-trade disputes.

All three efforts are important proving grounds for the 150-member Alliance, whose membership has grown by 500% since its inception in September 2001. The group published its 1.0 specification in July and a 1.1 update appeared in November.  A 2.0 release is scheduled for the middle of this year that will added a permission framework to provide important privacy controls.

The specification, which has already seen support in products from vendors such as Entrust, Novell, Oblix, Sun and RSA, details how to create a re-usable user authentication token for use across Web sites. A key feature is the support of the Security Assertion Markup Language (SAML), an XML-based standard for exchanging user identity information.

Liberty’s efforts are similar to Microsoft’s Passport single sign-on service, which it is trying to adapt for corporate use.

GM has deployed Web Access Management products, which it declined to identify, that support the Liberty specification as part of its MySocrates intranet.

“We see the potential for enormous internal cost savings on things like password management and the help desk,” says Taggart.

But the company also is exploring Liberty for support of a system that extends across company boundaries. “We will never have agreement [with partners] around one identity model, that’s why we need a federated system,” says Taggart.

GM is now asking vendors to detail plans for support of Liberty and SAML in any product pitches they make to the company.

“We won’t throw out existing products, we want them updated with Liberty and SAML,” says Taggart. The company also is asking two of its largest technology vendors, IBM and Microsoft, to get involved.