What is the Liberty
Alliance ?
•
A business alliance, formed in Sept 2001, with the
goal of establishing an open standard for federated
identity management
• Global membership consists of consumer- facing
companies and technology vendors as well as policy
and government organizations
tutorial_draft.pdf
Goals :
– Provide open standard and business guidelines
for federated identity management spanning all
network devices
– Provide open and secure standard for SSO with
decentralized authentication and open
authorization
– Allow consumers/ businesses to maintain personal
information more securely, and on their terms
tutorial_draft.pdf
Open Interaction and
Participation
tutorial_draft.pdf
ID-FF Concepts
 Simplified Sign-On (aka Single Sign-On)
Allows a user to sign-on once at a Liberty
enabled site and to be seamlessly signed-on
when navigating to another Liberty-enabled
site without the need to authenticate again.
 Single Logout provides synchronized session
logout functionality across all sessions that
were authenticated by a particular identity
provider.
tutorial_draft.pdf
Key Concepts
 Network Identity is the fusion of network
security and authentication, user provisioning
and customer management, single sign-on
technologies and Web-services delivery.
 Federated identity architecture delivers the
benefit of simplified sign-on to users by
granting rapid access to resources to which
they have permission but does not require the
user’s personal information to be stored
centrally.
tutorial_draft.pdf
Federated Identity Lifecycle
tutorial_draft.pdf
Single Sign-on and Federation
tutorial_draft.pdf
IdP-initiated Single Logout
tutorial_draft.pdf
ID-WSF Concepts
 Discovery Service enables various entities (e. g.
Service Providers) to dynamically discover a Principle’s
registered identity services.
 Interaction Service protocols provide an identity
service the means to obtain permission from a users.
 Attribute Provider hosts a data service – such as IDPersonal Profile.
tutorial_draft.pdf
The Complete Liberty
Architecture
Interaction
tutorial_draft.pdf
Business Guidelines
 Federated Identity cannot be successful based on
technology alone. Also required are:



IT staff to manage and implement a set of specifications
that cross several domains of expertise
A clean directory
Pre-existing agreements with others in a circle of trust
 Detail major issues for federated identity
interchange and trust relationships


Examine risk and liability in identity interchange
Identify success criteria for global and crosscompany federation
tutorial_draft.pdf
Business Guidelines
IBM/France Telecom
Deployment
 Create a single-sign-on network for France Telecom's
50 million cellular phone users
 Subscribers can sign-on via mobile telephone or
personal computer
 Makes single-sign-on systems even more important,
since logging into a network with a phone is much
slower than using a PC's keyboard.
 Applications that France Telecom hopes that it or its
partners will supply include instant messaging,
location-based services, games, online banking and email
AOL/D-Link Deployment
 AOL Broadband subscribers use D-Link's
wireless media player to play music from the
Radio@AOL service on home stereos.
 The media player uses the Liberty protocols to
access Radio@AOL on behalf of a user

No need to login to AOL to use media player
 AOL demonstrated the same service running
over a Nokia handset at the 3GSM Conference
this February
Japan’s EduMart Deployment
 Part of the e-Japan Policy Priority Program
 Spearheaded by the Strategic Headquarters for the
Promotion of an Advanced Information and
Telecommunications Network Society
 Brings rich educational content to students at more
than 40,000 schools


Established an open interface
Built an educational content distribution network that will lead
to a system in which both public institutions and
private businesses can connect to interfaces and freely
participate.
County Land Document
Recording Exchange
 Deployment across Government and Industry
Streamlines the land recordation process
(thousands of counties and innumerable
lenders/title companies each with separate
systems and identities)
 Establishes a strong foundation for an industry
“Circle of Trust”
Product Support
















AOL (announced)
Communicator (available)
Computer Associates (Q4*)
DataKey (available)
DigiGan (Q3*)
Ericsson (Q4)
Entrust (Q1 2004)
France Telecom (Q4 2003)
Fujitsu Invia (available)
Gemplus (TBD)
HP (available)
July Systems (available)
Netegrity (2004)
NeuStar (available)
Nokia (2004)
Novell (available)
















NTT Software (available)
(2004)
PeopleSoft (available)
Phaos Technology (available)
Ping Identity (available)
PostX (available)
RSA (Q4)
Salesforce. com (TBD)
Sigaba (available)
Sun Microsystems (available)
Trustgenix (available)
Ubisecure (available)
Verisign (Q4*)
Vodafone (2004)
WaveSet (available)
*Delivery dates being confirmed
For More Information
W W W. PROJECTLIBERTY. ORG
•www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
•www-106.ibm.com/developerworks/library/ws-fed/
•Contact me:
Rebekah Metz
metz_rebekah@bah.com