The Liberty Alliance Project on Tuesday updated its specification for creating a standard for network identity and solicited for the first time public comment on the document, signaling the consortium's intention to act more like a traditional standards body.The group released\u00a0version 1.1 of the spec, which corrects a security flaw and clarifies ambiguities in the text of the draft. The 130-member group in July released the first draft, which details how to create a universal user identity to be used for authentication as a user moves from Web site to Web site. The effort is similar to Microsoft\u2019s Passport single sign-on consumer service, which it is trying to adapt for corporate use.In version 1.1 of the Liberty specification, the group fixed a flaw in the Liberty-enabled Client\/Proxy Profile that would allow hackers to interject themselves into the middle of the exchange of identity credentials between a Web site and an end user with a mobile device. The so-called \u201cman-in-the-middle\u201d attack was discovered in October by researchers from both Sun and IBM and quickly corrected. It is now part of the formal specification.\u201cIt took a couple of weeks to turn [the fix],\u201d says Michael Barrett, president of the Liberty Alliance. \u201cWe didn\u2019t push as hard as we would have if we had actual users. But this enabled us to prove our rapid response mechanism.\u201dThat is important to corporations that, if they adopt products that support the Liberty Alliance specification, will demand a process that guarantees quick patches to the technology.The Alliance also added a few enhancements that allow both users and the entities that accept their identity credentials to periodically change the credentials, a process that is similar to changing a users password at set intervals to preserve its integrity.Barrett says the enhancements were made to bring the specification more in line with corporations that have set policies on managing identity credentials.In addition to changes to the specification itself, the Alliance also opened the document to general review by the public for the first time. Version 1.0 was only open to comments by members of the Alliance.\u201cWe are trying to make the Alliance as open as possible while respecting the rights of our members,\u201d Barrett says.The members, which include both user companies and vendors, pay a fee to participate in the group, which has been coy about whether it may at some point turn its work over to a recognized standards body or continue to work as a independent organization. But by opening the specification for public review, the Alliance seems to be signaling that it will continue to do its own work.In October,\u00a0Barrett told Network World, \u201cfor all intents and purposes the Liberty Alliance is a de facto standards organization.\u201dBarrett says the group doesn\u2019t have any specific expectations on the public review period that ends Dec. 6, but says, \u201cwe will read and consider all significant responses and weed out the wacko stuff.\u201dThe Alliance plans to publish version 2.0 of its specification in the first half of next year, which will focus on wiring together islands of Liberty Alliance supporters to create a mesh of trust. Version 2 also provides a mechanism for data to be moved around between partners and a permission framework to allow consumers to manage that data exchange.