Liberty completes Phase 2 of its identity work

The Liberty Alliance on Wednesday gave final approval to the latest specification in its three-phase effort to develop open and interoperable federated identity standards that will allow the sharing of user authentication and authorization information.

Phase 2 of the group’s work is called the Identity Web Services Framework (ID-WSF) and will allow islands of trusted partners to link to other islands of trusted partners and provide users with the ability to control how their identity information is shared.

“This phase is about cross-domain services and data sharing,” says Sai Allavarpu, group business manager for network identity at Sun, which is now supporting the Phase 2 specification in its Java System Identity Server. Other vendors announcing support for Phase 2, which is now available for download on the Liberty Alliance Web site, were Phaos, Ping Identity, Trustgenix and Vodafone.

The Phase 2 specification is a milestone in the Alliance’s work to create federated identity management standards because the specification now begins to overlap with similar work being done by IBM and Microsoft on a group of specifications led by WS-Security and its derivatives, including WS-Federation and WS-Policy.

Experts say the Phase 2 specification could likely raise the conflict between the two groups.

Liberty has already adopted WS-Security since it has been turned over to OASIS, but last month the Alliance laid out the differences between its spec and WS-Federation in a short white paper.

“We have shown our willingness to work with other groups and adopt their input and output. We’ve shown that with adoption of SAML and WS-Security,” says Simon Nicholson, chairman of the Liberty’s business and marketing group and the group manager for strategic industry initiatives at Sun.

But Nicholson says everything has to be in the public domain. The IBM/Microsoft tandem continues to work outside formal standards bodies, a fact that is causing many large companies to pressure the two to get on a standards track.

Michael Barrett, president of the Liberty Alliance, told Network World last month, “I don’t think it is a war yet, but it could be one if we are not careful.” He said convergence can happen only when IBM and Microsoft turn their work over to a standards body. The duo said that is likely to happen, but have not said when.

Completion of the Phase 2 work comes nearly 18 months after finalizing Phase 1, the Identity Federation Framework (ID-FF). That specification was updated in January to version 1.1 and turned over to the Organization for the Advancement of Structured Information Standards (OASIS).

The version 1.1 specification, which is supported today in more than 25 products, will become a foundation document to help create Version 2 of OASIS’s Security Assertion Markup Language (SAML). That OASIS specification is a building block of the Liberty identity model.

Liberty’s Phase 3, the Identity Services Interface Specifications (ID-SIS), will build services on top of ID-WSF. The hope is that ID-WSF and ID-SIS will eventually extend SAML 2.0 to create a single standards-based environment for federated identity and sharing of identity credentials.