Liberty turning first spec over to OASIS; will introduce two more

News
Apr 14, 20033 mins

The Liberty Alliance this week for the first time will turn over part of its work to a standards group and will release two new draft specifications as part of its revamped architecture for creating open network identity specifications.

The Liberty Alliance this week for the first time will turn over part of its work to a standards group and will release two new draft specifications as part of its revamped architecture for creating open network identity specifications.

The group will announce at this week’s RSA Conference that the first phase of its work will be turned over to the Organization for the Advancement of Structured Information Standards (OASIS). The first phase, which was renamed Identity Federation Framework in March, is basically Liberty’s Version 1.1 specification that outlines single sign-on and account sharing between partners with established trust relationships.

The Liberty move could be a reaction to IBM and Microsoft, which are not Liberty members but are trying to create their own identity framework as part of WS-Security, an evolving Web services standard they created and submitted to OASIS. Microsoft also is creating a federated identity framework around its Passport technology.

“It is significant that Liberty is ready to open up to a wider world than its own group,” says Prateek Mishra, co-chair of the Security Services technical committee at OASIS and director of technology and architecture at Netegrity, a Liberty Alliance member.

Liberty’s Version 1.1 specification will become a foundation document to help create Version 2 of OASIS’s Security Assertion Markup Language (SAML), according to sources. SAML is a standard for exchanging authentication and authorization information that Version 1.1 incorporates and extends.

Handing over Version 1.1 to OASIS is a milestone because Liberty previously has referred to itself as a de facto standards organization.

Draft specifications for Liberty’s second and third phases of work, which now incorporate WS-Security, also will be introduced at RSA.

The second phase, called Identity Web Services Framework (ID-WSF), will let islands of trusted partners link to other islands of trusted partners and provide users with the ability to control how their identity information is shared. Phase 3, called Identity Services Interface Specifications (ID-SIS), will build services on top of ID-WSF.

The hope is that ID-WSF and ID-SIS will eventually extend SAML 2.0 to create a single standards-based environment for federated identity and sharing of identity credentials.

Liberty also plans an interoperability demonstration at RSA with 18 vendors that have implemented Version 1.1, including Novell, Sun, Ericsson and Communicator.