After more than a year spent crafting a specification, the Liberty Alliance Project now has some of the largest end-user companies in the U.S. testing it to see if Liberty can deliver on the promise of a federated identity management system.

A founding member of the alliance, General Motors is testing the specification by incorporating it into security software for its employee intranet called MySocrates. The Liberty-enabled software gives users one ID for accessing internal human resources data and external Web sites for 401(k) and health-benefit services. GM also is evaluating the Liberty Alliance specification as the foundation for a universal authentication service for its network of 10,000 supplier partners.

"We hope any early successes will galvanize the industry around identity management and show the industry how it should move forward," says Rich Taggart, director of enterprise architecture and IT standards for GM's global technology management group.

A collection of the largest banks in the U.S. is working with consulting firm Niteo Partners, another alliance member, to create a network for sharing data secured by Liberty-based identity services. The firm also is working with the Bond Market Association, a trade group representing the $17 trillion global debt markets, to build a Liberty-secured data portal this year for bond dealers to do everything from find new issues to resolve post-trade disputes.

Each of these efforts is important proving ground for the 150-member Alliance, whose membership has grown sixfold since its inception in September 2001. The group plans its 2.0 release of the specification for mid-2003, which would add a permission framework that provides privacy controls.

The specification, which already has seen support in products from vendors such as Entrust, Novell, Oblix, RSA Security and Sun, details how to create a reusable user authentication token for use across Web sites. Key is support for the Security Assertion Markup Language (SAML), an XML-based standard for exchanging user identity information.

Liberty's efforts are similar to Microsoft's Passport single-sign-on service, which it is trying to adapt for corporate use.