Liberty Alliance Releases New Specifications for Linking Digital Identity Management to Consumer Devices
Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced the release of the Advanced Client specifications designed to allow enterprise users and consumers to manage identity information on devices such as cameras, handhelds, laptops, printers, and televisions. The Advanced Client is a set of specifications and technologies that leverage the proven interoperability, security and privacy capabilities of Liberty Federation and Liberty Web Services to allow users to conduct a wide range of new identity-based transactions from any device.
The Advanced Client is part of Liberty's roadmap to deliver an end-to-end digital identity management framework that provides enterprise users and consumers with increased identity management functionality across all networks and devices. The set of platform independent specifications were developed to extend identity management capabilities such as single sign-on, access to Web Services, stronger authentication and user-controlled provisioning to client devices. The Advanced Client will allow users to securely store identity data on a device and access and manage the information when the device is either connected to a network or offline.
“Liberty's Advanced Client specifications mark a new era in how consumers will access identity-based applications and businesses and governments will deploy and manage new identity-based services,” said Roger Sullivan, president of the Liberty Alliance Management Board and vice president of Oracle Identity Management. “With today's news, Liberty Alliance is closer to delivering an always available end-to-end identity framework where devices of all kinds are linked by federation and users are in better control of their identity information.”
The Advanced Client represents the third phase of Liberty's ongoing work in delivering increased identity management functionality to client devices. In phase one Liberty Alliance defined the LECP (Liberty Enabled Client/Proxy) which was incorporated into SAML 2.0 and supports federation operations as the Enabled Client/Proxy. The Active Client is part of phase two and provides client-based Web services functionality, single sign-on into Liberty Web Services and support for any authentication model. Work on the Robust Client specifications, phase four, is underway. These phase four specifications will support trusted digital identity relationships, mobility modules and provide a platform for facilitating client-based universal strong authentication.
Advanced Client relies on ID-WSF 2.0 (Liberty Web Services) which includes support for WS-Addressing and WS-Security specifications. The specific functionality included in the Advanced Client specifications released in draft form today includes:
Trusted Module – The Advanced Client acts as an extension of the identity provider (IdP) offering protocol support for trusted model capabilities and able to function when the IdP is not present. The specifications allow the client to assert assurances on behalf of the authority issuing the identity in a closed and protected environment such as a smart card or other tamper resistant mechanism within the client device.
Provisioning – The Advanced Client supports full life-cycle provisioning of data and/or functionality to the client over the air in a privacy sensitive and secure manner.
Service Hosting/Proxying (SHPS) - Allows a service, such as a calendar or e-commerce profile to be hosted on a client device, such as a cell phone or laptop. The specifications allow others to interact with the service via a proxy based on the security, privacy and permission controls established by the user and when the device is either on or offline.
Liberty's Technology Expert Group (TEG) has been driving the development of client specifications based on well-defined use cases and market requirements. The next version of the Advanced Client specification is due for release later this year when provisioning functionality will be expanded and new reporting capabilities will be available. These features will provide deployers with end-to-end capabilities for better managing identity-based transactions across networks and devices and a framework for more easily meeting compliance and regulatory requirements. The Advanced Client specifications released today are available for review and download at: Advanced Client Specifications
Enterprises and identity providers can leverage Liberty's portfolio of client specifications to offer customers a wide range of new services that can be provisioned and deprovisioned based on functionality included in the Advanced Client. Liberty Alliance member representatives from BT, HP and Intel recently demonstrated a proof-of-concept application using the Advanced Client in a working service provider implementation. The Remote Provisioning of Soft Credentials presentation illustrates how Liberty specifications were used to provision secure credentials to consumers in order to deliver an improved user experience across networks and devices. The presentation is available from Liberty Alliance
“Utilizing clients has been a focus of the Liberty Alliance specifications since inception,” said Conor Cahill, editor of the Advanced Client specification within the Liberty Alliance Technology Expert Group and identity architect with Intel. “The Advanced Client is helping to make clients ‘first class identity citizens' with controls for privacy and connectivity challenges built into the specifications.”