 | |
| Successor | Kantara Initiative |
|---|---|
| Established | September 2001 (2001-09) |
| Dissolved | 2009 (2009) |
| Purpose | Industry standards group |
TheLiberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices foridentity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, anIdentity Governance Framework, and Identity Web Services.
By 2009, theKantara Initiative took over the work of the Liberty Alliance.
The group was originally conceived and named byJeff Veis, atSun Microsystems based inMenlo Park, California.[1] The initiative's goal, which was personally promoted byScott McNealy of Sun, was to unify technology, commercial and government organizations to create a standard for federated, identity-based Internet applications as an alternative to technology appearing in the marketplace controlled by a single entity such asMicrosoft'sPassport.[2]Another Microsoft initiative,HailStorm, was renamed My Services but quietly shelved by April 2002.[3] Sun positioned the group as independent, andEric C. Dean ofUnited Airlines became its president.[4]
In July 2002, the alliance announced Liberty Identity Federation (ID-FF) 1.0.[5]At that time, several member companies announced upcoming availability of Liberty-enabled products.Liberty Federation allowed consumers and users of Internet-based services and e-commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Websites. This federated approach did not require the user to re-authenticate and can support privacy controls established by the user.
The Liberty Alliance subsequently released two more versions of the Identity Federation Framework, and then in November 2003, Liberty contributed its final version of the specification, ID-FF 1.2, toOASIS.[6] This contribution formed the basis forSAML 2.0. By 2007, industry analyst firmGartner claimed that SAML had gained wide acceptance in the community.[7]
Liberty Alliance, releasing the Liberty Identity Web Services Framework (ID-WSF) in April 2004 for deploying and managing identity-based web services. Applications includedgeolocation, contact book, calendar, mobile messaging and People Service, for managing social applications such as bookmarks, blogs, calendars, photo sharing and instant messaging in a secure and privacy-respecting federated social network. In a 2008 marketing report recommended considering it for federation.[8]
The alliance introduced a certification program in 2003, designed to test commercial and open source products against published standards to assure base levels of interoperability between products. In 2007, the USGeneral Services Administration began requiring this certification for participating in the US E-Authentication Identity Federation.[9]
In January 2007, the alliance announced a project foropen-source software developers building identity-based applications. OpenLiberty.org was a portal where developers can collaborate and access tools and information to develop applications based on alliance standards.[10]In November 2008, OpenLiberty released an open sourceapplication programming interface called ArisID.[11]
In February 2007Oracle Corporation contributed theIdentity Governance Framework to the alliance,[12] which released the first version publicly in July 2007.[13]The Identity Governance Framework defined how identity related information is used, stored, and propagated using protocols such asLDAP, Security Assertion Markup Language,WS-Trust, and ID-WSF.
The Liberty Alliance began work on itsidentity assurance framework in 2008. The Identity Assurance Framework (IAF) detailed four identity assurance levels designed to link trusted identity-enabled enterprise, social networking and Web applications together based on business rules and security risks associated with each level. The four levels of assurance were outlined by a 2006 document from the USNational Institute of Standards and Technology.[14]The level of assurance provided is measured by the strength and rigor of the identity proofing process, the credential's strength, and the management processes the service provider applies to it. These four assurance levels were adopted by UK, Canada, and USA government services.
In 2007 the Liberty Alliance helped to found theProject Concordia, an independent initiative for harmonization identity specifications. It was active through 2008.[15]
The alliance wrote papers on business and policy aspects of identity management.[16] It hosted meetings in 2007 and 2008 to promote itself.[17]
Management board members includedAOL,British Telecom,Computer Associates (CA),Fidelity Investments,Intel,Internet Society (ISOC),Novell,Nippon Telegraph and Telephone (NTT), Vodafone, Oracle Corporation and Sun Microsystems.
As described above,Liberty contributed Identity Federation Framework (ID-FF) 1.2 to OASIS in November 2003. For the record, here is a complete list of contributed ID-FF 1.2 documents:
Only the archived PDF files are individually addressable on the Liberty Alliance web site. (The original contributed documents are lost.) To obtain copies of the remaining archived files, download both theLiberty ID-FF 1.2 archive and theLiberty 1.1 support archive.