Setting a pace that the IETF and other slow-moving standards bodies could envy, the Liberty Alliance announced last week the completion of market requirements document (MRD) for the Identity Governance Framework (IGF). It also announced that development of technical specifications to meet use case requirements is now occurring both within Liberty's Technology Expert Group (TEG) and at openLiberty.org (home of open source tools to further the use of Liberty protocols).

The IGF, you may remember, was first proposed late last fall by Liberty Alliance member Oracle and turned over to the Liberty Alliance during the winter. For the IGF to complete the MRDs in less than six months is commendable. (The IETF can take years just deciding if they want to pursue a particular protocol.)

IGF is a programmatic framework designed to help organizations meet regulatory requirements such as the European Data Protection Initiative, Gramm-Leach-Bliley Act, PCI Security Standard and Sarbanes-Oxley. According to Liberty spokesman Russ DeVieu, “With the MRD now completed, work can progress rapidly on the creation of the technical specifications and open source implementations required to speed the development of standards-based end-to-end auditing and governance solutions.”

The framework defines what could be called a series of “contracts” between applications and sources of identity data. There are four key components of IGF:

* Client Attribute Requirement Markup Language (CARML) – an XML-based declarative contract defined by application developers that informs deployment managers and service providers about the attribute usage requirements of an application.

* Attribute Authority Policy Markup Language (AAPML) – a set of policy rules regarding the use of identity-related information from an identity source that allow these sources to specify constraints on use of provided data by consuming applications.

* CARML API – an API that makes it easier for developers to write applications that consume and use identity-related data in a way that conforms to policies set around the use of such information.

* Identity Service – a policy-secured service for accessing identity-related data from multiple identity sources.

You can download the IGF MRDs and view a Webcast review of the IGF developments on Aug. 15. Registration and more information about the Webcast, “An Overview of the Identity Governance Framework: Putting Privacy and Regulatory Compliance First”, is available at the Liberty Alliance Web site.

Recent Award: Verisign’s David Recordon was recently presented with the Google-O'Reilly Open Source Award as Best Strategist for his work on OpenID. Congratulations from all of us, David.

Editor's Note: Starting Aug. 13, this newsletter will be renamed "Security: Identity Management" to better reflect the focus of the newsletter. We thank you for reading Network World newsletters!

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports