Liberty Alliance News

Liberty Alliance Analyst, Media and Social Media Coverage Report February 6, 2009

libertyalliancenews — Fri, 20 Feb 2009 16:49:35 +0000

1.MEDIA – Consortium Info News – 2/2

Liberty Alliance Tackles Identity, Web 2.0 Challenges

http://www.consortiuminfo.org/news/index.php#4899

2.MEDIA – Sys-con Media – 2/4

Semantic Cloud Abstraction

What is the Semantic Web and why does it matter for a unified cloud interface?

http://cloudcomputing.sys-con.com/node/826224

3.MEDIA – Canadian News Wire (press release) – 2/2

Ontario‘s Privacy Commissioner, Dr. Ann Cavoukian, releases new tool to help protect privacy and manage online identity among multiple players

http://www.newswire.ca/en/releases/archive/February2009/02/c4362.html

4.MEDIA – Publi News, France – 2/5

Ericsson, NEC, NeuStar, Orange, Symlabs et TeliaSonera à la tête du nouveau groupe Liberty Alliance Telecom

http://www.publi-news.fr/data/05022009/05022009-091449.html

5.MEDIA – RadioBRM france, 1/27

France Télécom: Orange rejoint Liberty Alliance Telecom

http://www.radiobfm.com/edito/info/19996/france-telecom-orange-rejoint-liberty-alliance-telecom-/

6.BLOG – Elastic Vapor – Live in the Cloud – 2/1

Semantic Cloud Abstraction

I am the first to point out that there are other groups attempting a similar approach for web services (i.e., Liberty Alliance), systems management…

http://www.elasticvapor.com:80/2009/02/semantic-cloud-abstraction.html

7.BLOG/Social Media – Dan Glass delicious – 2/2

Links for 2009-02-02 [del.icio.us]

Top 10 2007 – OWASP

SANS Institute – CWE/SANS TOP 25 Most Dangerous Programming Errors

Home – Liberty Alliance

http://delicious.com/djglass

8.BLOG/GROUP –Searchfull Net – 2/3

JBoss Identity Community Platform 1.0.0.alpha1 released
We gathered a wealth of thoughtful input regarding what’s working and what’s not working in the identity standards community as a whole – well beyond the Liberty Alliance’s activities. The basic conclusion is that most of the various …
http://www.searchfull.net/1859121.html

9.BLOG – Danny Galic – 2/3

Technologies/Products that should make an impact in 2009

There have been several false starts in this area – Microsoft’s Passport (in retrospect, visionary) 10 years ago and Sun’s response to it (Liberty Alliance). Most recently OpenID – despite endorsements by all big players OpenID’s adoption has been disappointing – partly because it’s still complicated, people don’t understand it, and partly because it only offers single id and password.

http://dannygalic.wordpress.com/2009/02/01/technologies-for-2009/

10.BLOG – James McGovern – 2/3

Vendor Relationship Management and Federated Identity

The best answer is to not turn someone asking a question into a sales lead nor to point you towards membership in the Liberty Alliance but instead to figure out how to encourage vendors to do their part in enabling federation.

http://duckdown.blogspot.com/2009/02/vendor-relationship-management-and.html

11.BLOG – Liberty Alliance News Blog – 2/5

Liberty Alliance News and Coverage Week Ending January 30/09

Liberty Alliance, Analyst, Media and Social Media Highlights

Week Ending January 30/09

http://libertyalliancenews.wordpress.com/2009/02/05/liberty-alliance-news-and-coverage-week-ending-january-3009/

12.BLOG – Liberty Alliance News Blog – 2/5

Liberty Alliance News and Coverage Week Ending January 30/09

Liberty Alliance, Analyst, Media and Social Media Highlights

Week Ending January 23/09

http://libertyalliancenews.wordpress.com/2009/02/05/liberty-alliance-news-and-coverage-week-ending-january-2309/

13.BLOG – Liberty Alliance News Blog – 2/5

Liberty Alliance News and Coverage Week Ending January 30/09

Liberty Alliance, Analyst, Media and Social Media Highlights

Week Ending January 16/09

http://libertyalliancenews.wordpress.com/2009/02/05/liberty-alliance-news-and-coverage-week-ending-january-1609/

14.BLOG/SOCIAL MEDIA – Liberty Alliance @ Twitter – 2/6

Liberty Communications Weekly Tweets

LibertyRus

https://twitter.com/LibertyRus

Media Stories

1) – Liberty Alliance Tackles Identity, Web 2.0 Challenges

ExChangeMag.com – February 2, 2009: Liberty Alliance has established a new effort to help telecom operators identify and overcome technology and policy challenges relative to wide scale, identity-enabled enterprise and Web 2.0 applications and services. The goal of the new group, called Liberty Alliance Telecom Special Interest Group, is “to develop best practices for managing identity-information and identity-enabled transactions and services in the telecom and service provider industries, and to advance identity-enabled telecom applications based on Liberty SAML 2.0 Federation, Liberty Identity Web Services (ID-WSF 2.0) and the policy-based Liberty Identity Assurance Framework.” …Full Story-3) links to Xchange 1/27 story

http://www.xchangemag.com/hotnews/liberty-alliance-tackles-service-challenges.html

2) Semantic Cloud Abstraction

What is the Semantic Web and why does it matter for a unified cloud interface?

The CCIF and it’s members have recently focused on creating a common cloud taxonomy and ontology. I find it’s starting to sound a lot like semantics, Cloud Semantics. We are in a sense defining what cloud computing is by describing it’s “components” and their relationships to one another. One that is capable of expressing cloud computing and its subsequent parts in terms of a consensus data model.

So in this effort we may actually be defining a dynamic computing model that can, under certain conditions, be ‘trained’ to appropriately ‘learn’ the meaning of related cloud & infrastructure resources based on an common ontology / taxonomy. In a sense, we are talking about the Semantic Web applied to API’s or more broadly, a unified cloud interface.

What is the Semantic Web and why does it matter for a unified cloud interface?

The Wikipedia describes the semantic web as “a vision of information that is understandable by computers, so that they can perform more of the tedious work involved in finding, sharing and combining information on the web.”

Why not apply those same philosophies to the underlying control structures of the web (i.e. the cloud) itself? A Semantic Cloud Infrastructure capable of adapting to a variety of methodologies / architectures and completely agnostic to any specific API or platform being described. A general abstraction that doesn’t care if you’re focusing on a platform (Google App Engine, Salesforce, Mosso etc), application (SaaS, Web2.0, email, id/auth) or infrastructure model (EC2, Vmware, CIM, etc).

I’m the first to point out there are other groups attempting a similar approach for web services (i.e. Liberty Alliance), systems management (i.e. DMTF / CIM, OASIS) and others (i.e. OpenID/OAuth). However, I feel all of these groups lack a true consensus of how to describe “all” the aspects of the cloud using a unified semantic ontology.

I’ve been very impressed by the work the Distributed Management Task Force (DMTF) has achieved with their Common Information Model (CIM). It could be a key aspect of our unified cloud interface efforts. However, one of the problems a lot of these system management standards are missing is any kind of usage outside of the traditional “enterprise” system management platforms or in the case of VMWare or Microsoft, they are simply limited to their own platforms – interoperable, but only if you’re using our software.

The key drivers of a unified cloud interface (UCI) is “One abstraction to Rule them All” – an API for other API’s. A singular abstraction that can encompass the entire infrastructure stack as well as emerging cloud centric technologies through a unified interface. What a semantic model enables for UCI is a capability to bridge both cloud based API’s such as Amazon Web Services with existing protocols and standards, regardless of the level of adoption of the underlying API’s or technology. The goal is simple, develop your application once, deploy anywhere at anytime for any reason.

The other benefit of a semantic model is that of future proofing. Creating a model that assumes we as an industry are moving forward and not making any assumptions on the advancements in technology by implementing a static specification based on current technological limitations but instead creating one that can adapt as technology evolves.

The use of a resource description framework (RDF) based language may be an ideal method to describe our semantic cloud data model. The benefit to these types of RDF based ontology languages is they act as a general method for the conceptual description or modeling of information that is implemented by actual web resources. These web resources could just as easily be “cloud resources” or API’s. This approach will allow us to easily take an RDF-based cloud data model and adapt it within other ontology languages or web service formats making it both platform and vendor agnostic. In applying this approach we’re not so much defining how, but instead describing what. What is cloud computing?

The next steps in enabling a unified future for cloud computing will be to create a working group focused on an open semantic taxonomy and framework. This group will investigate the development of a functional unified cloud interface implementation across several cloud and infrastructure providers. To this end, we have created a Google Code project at http://code.google.com/p/unifiedcloud/ The current time frame for the public unveiling of an initial functional draft UCI implementation, taxonomy and ontology will be April 2nd at the upcoming Wall Street Cloud Computing Interoperability Forum.

If you’d like to be a contributor to the UCI working group please get in touch with me directly. If you would like to be involved without joining the UCI Working Group, you are encouraged to review and comment on the working drafts as they become available. Updates will be posted to the Cloud Computing Interoperability Forum mailing list. Feedback from people & companies actually implementing the specifications will be especially valuable and appreciated.

3) Ontario’s Privacy Commissioner, Dr. Ann Cavoukian, releases new tool to help protect privacy and manage online identity among multiple players

Ontario‘s Information and Privacy Commissioner,

Dr. Ann Cavoukian, is releasing a new assessment tool tomorrow, intended for

use by companies that will be sharing their online identity management

systems. Calling it the “Federated Privacy Impact Assessment” or F-PIA, it

will serve to ensure end-to-end privacy across all members of an association

or federation.

“Whether you’re dealing with data in motion or data at rest,” said

Commissioner Cavoukian, “privacy assurances must be given by every member of

the federation to ensure consumer confidence.”

In a federated identity system, a consumer’s online identity information

supplied by a particular service or company can be recognized by a wide range

of other service providers. In this scenario, a consumer would only need to

federation. When dealing with other members of the federation, their identity

provider could securely share – on a need-to-know basis and with the knowledge

of the consumer – the information which the second, third and subsequent

companies need to complete a transaction, without the consumer having to

The white paper, entitled, The New Federated Privacy Impact Assessment

(F-PIA): Building Privacy and Trust-enabled Federation, builds on the IPC’s

earlier work on privacy and identity management, including the 7 Laws of

Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age,

and Privacy in the Clouds. Written in collaboration with Joseph Alhadeff,

Chief Privacy Officer of Oracle and one of the leading privacy experts of the

Liberty Alliance Project, it represents a new direction. Formed in 2001, the

Liberty Alliance is a group of 150 global technology vendors, consumer product

and service companies, educational organizations and governments working to

establish open standards, guidelines and best practices for federated identity

management.

Commissioner Cavoukian fully appreciates the convenience that this type

of arrangement can provide to consumers. “Limiting the amount of personal

information you provide in a federated identity management system is a

significant best practice with regards to privacy. Companies that are part of

the federation cannot rely on a PIA that they may have produced for their

business alone. I am urging them to conduct an F-PIA or Federated-PIA.” Joseph

Alhadeff further adds, “After reading the guidance in this white paper, the

next logical step for a federation would be the development of a formal F-PIA.

Organizations and federations should use it, along with numerous other PIAs

and development tools currently in existence, to create measurable standards

against which privacy and trust can be evaluated and implemented.”

This paper builds on the Commissioner’s concept of Privacy by Design – a

term that Commissioner Cavoukian developed in the `90s when she first began

her campaign to enlist the support of technology to protect privacy, instead

of encroaching upon it. Last week, the Commissioner sponsored a major

conference entitled the Privacy by Design Challenge, which focused on the

emergence and growth of privacy-enhancing technologies, commonly referred to

as PETs, in a positive-sum (not zero-sum) manner, which the Commissioner

believes will pave the way for ensuring the future of privacy. (For more

information, please visit, www.privacybydesign.ca.)

Commissioner Cavoukian will be releasing her F-PIA white paper tomorrow

at the 10th Annual Reboot Privacy and Security Conference in Victoria, B.C.,

where she will be delivering a keynote address on February 3rd. The white

paper can also be downloaded, free of charge, at www.ipc.on.ca, on February 3.

4) Ericsson, NEC, NeuStar, Orange, Symlabs et TeliaSonera à la tête du nouveau groupe Liberty Alliance Telecom

Liberty Alliance, la communauté mondiale d’identité œuvrant dans le but de créer un Internet plus digne de confiance pour les entreprises, les gouvernements et les particuliers, a annoncé aujourd’hui le lancement du Groupe d’intérêt spécial (Special Interest Group, SIG) public de Liberty Alliance Telecom. Ce groupe est composé de représentants d’Ericsson, NEC, NeuStar, Orange, Symlabs et de TeliaSonera et est le dixième groupe d’intérêt spécial Liberty Alliance ouvert aux membres et aux non membres de Liberty Alliance. L’objectif du Groupe d’intérêt spécial est de développer des meilleures pratiques de gestion des informations d’identité et les transactions et services utilisant ces informations dans le secteur des télécommunications mondial.

La fédération Liberty SAML 2.0 et les services Web d’identité Liberty sont largement reconnus et déployés dans l’industrie des télécommunications et des fournisseurs de services (http://projectliberty.org/liberty/adoption/telecom).

Selon Gartner, « SAML 2.0 est devenu la norme de fédération dans tous les secteurs. » (1) Le groupe Burton recommande aux organisations de tenir compte des spécifications Liberty Alliance ID-WSF 2.0 lors de la mise en œuvre d’une fédération.(2) Le Groupe d’intérêt spécial s’emploie à faire progresser les applications d’identité et Web 2.0 dans le secteur des communications en s’inspirant des normes Liberty Alliance et des cadres Liberty de gouvernance (http://projectliberty.org/liberty/strategic_initiatives/identity_governance) et d’assurance (http://projectliberty.org/liberty/strategic_initiatives/identity_assurance) en matière d’identité.

Selon José Luis Mariz, responsable stratégique de produits au sein d’Ericsson et président du Groupe d’intérêt spécial Liberty Alliance Telecom : « La formation du Groupe d’intérêt spécial télécommunications constitue un forum public important pour les organisations et les particuliers de l’industrie des télécommunications permettant de préparer collectivement la nouvelle génération d’applications télécom en matière d’identité interopérables, sûres et respectant la vie privée, pour les entreprises et les particuliers. »

5)France Télécom: Orange rejoint Liberty Alliance Telecom

Orange, la marque principale de France Télécom, a rejoint le consortium Liberty Alliance Telecom, un groupe ayant pour objectif de développer de nouvelles applications interopérables télécom en matière d’identité.

En dehors d’Orange, le groupe est également composé du suédois Ericsson, du japonais NEC, des américains NeuStar et Symlabs ainsi que du scandinave TeliaSonera.

L’objectif de Liberty Alliance Telecom est de ‘préparer la nouvelle génération d’applications télécom en matière d’identité interopérables, sûres et respectant la vie privée, pour les entreprises et les particuliers’ selon le consortium.

Le système SAML 2.0 de Liberty était déjà devenu une norme de fédérationau sein du secteur des télécommunications et des fournisseurs de services.

###

Liberty Alliance News and Coverage Week Ending January 30/09

libertyalliancenews — Thu, 05 Feb 2009 14:54:40 +0000

Liberty Alliance

Analyst, Media and Social Media Highlights

Week Ending January 30/09

1.MEDIA/ANALYST REPORT – IDS Insights White paper – 1/26

The Current and Future Direction of Identity Assurance

http://www.eds.com/insights/whitepapers/downloads/identity_assurance.pdf?rss=192&filterid=0

2.MEDIA/ANALYST REPORT – Kuppinger Cole – 1/28

Why IaaS is mandatory for the cloud… | Martin Kuppinger

http://blogs.kuppingercole.com:80/kuppinger/2009/01/28/why-iaas-is-mandatory-for-the-cloud/

3.MEDIA – Telecompaper, Netherlands – 1/28

Liberty Alliance launches Telecom Special Interest Group (requires subscription)

http://www.telecompaper.com/news/SendArticle.aspx?u=True

4.MEDIA – Telecom Asia – 1/28

Liberty Alliance has formed a special interest group to help carriers manage identity-enabled enterprise and web 2.0 issues.

http://www.telecomasia.net/article.php?type=article&id_article=12155

5.MEDIA – Teltarif Germany – 1/28

Liberty Alliance: Weltweiten Identitätsschutz fördern

http://www.teltarif.ch/arch/2009/kw05/s8939.html

6.MEDIA – TMC Net – 1/28

Liberty Alliance Telecom Special Interest Group Launches

http://caas.tmcnet.com/topics/web-2/articles/49539-liberty-alliance-telecom-special-interest-group-launches.htm

7.MEDIA – InfoTech – 1/30

New Telecom SIG Includes Ericsson, NEC, Neustar, Orange, Symlabs and TeliaSonera

http://it.tmcnet.com:80/topics/it/articles/49798-new-telecom-sig-includes-ericsson-nec-neustar-orange.htm

8.MEDIA – Global Security Magazine – 1/27

Liberty Alliance announced a new global telecom group

http://www.globalsecuritymag.com/Liberty-Alliance-announced-a-new,20090127,7188

9.MEDIA – Dark Reading – 1/27

Liberty Alliance Launches Telecom Special Interest Group

http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212902780

10.MEDIA – Light Reading – 1/28

Another Interest Group

http://www.lightreading.com/document.asp?doc_id=171002

11.MEDIA – Xchange Magazine – 1/27

Liberty Alliance Tackles Identity, Web 2.0 Challenges

http://www.xchangemag.com/hotnews/liberty-alliance-tackles-service-challenges.html

12.MEDIA – Billing and OSS World Magazine – 1/28

Liberty Alliance Tackles Identity, Web 2.0 Challenges

http://www.billingworld.com:80/news/briefs/liberty-alliance-tackles-service-challenges.html

13.MEDIA – Government Computer News – 1/27

Telecom group to develop privacy best practices

http://gcn.com/articles/2009/01/27/telecom-special-interest-group.aspx

14.MEDIA – CNS Cabling Network Systems Magazine, Canada – 1/28

Liberty Alliance telecom SIG formed by Ericsson, NEC and others

http://www.cnsmagazine.com/issues/ISArticle.asp?id=95276&issue=01282009

15.MEDIA – GFM Magazine, Germany – 1/29

Liberty Alliance gründet TK-Interessensvertretung

http://www.gfm-nachrichten.de/news/archives/Liberty-Alliance-gruendet-TK-Interessensvertretung.html

16.MEDIA – Red Orbit – 1/27

Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera Lead New Liberty Alliance Telecom Group

http://www.redorbit.com/news/technology/1629205/ericsson_nec_neustar_orange_symlabs_and_teliasonera_lead_new_liberty/

17.MEDIA – Yahoo Financial News – 1/27

Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera Lead New Liberty Alliance Telecom Group

http://biz.yahoo.com/prnews/090127/ny61992.html?.v=1

18.MEDIA – Yahoo Financial News Europe – 1/27

Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera Lead New Liberty Alliance Telecom Group

http://de.news.yahoo.com/16/20090127/tbs-ericsson-nec-neustar-orange-symlabs-f79b6b2.html

19.MEDIA – Yahoo Financial News, Brazil – 1/27

Ericsson, NEC, NeuStar, Orange, Symlabs e TeliaSonera lideram novo grupo Liberty Alliance Telecom

http://br.noticias.yahoo.com/s/27012009/24/economia-negocios-ericsson-nec-neustar-orange.html

20.MEDIA – Tool Linux France – 1/28

Identité et interopérabilité, la mission de Liberty Alliance Telecom

http://www.toolinux.com/lininfo/toolinux-information/developpement/article/identite-et-interoperabilite-la

21.MEDIA – Lexpress fr – 1/27

France Télécom: Orange rejoint Liberty Alliance Telecom

http://www.votreargent.fr/bourse/fiches-valeurs/actualite_dep.asp?id=96235&xtor=RSS-09

22.MEDIA – CSO Online – 1/29

PayPal joins the OpenID Foundation

http://blogs.csoonline.com/paypal_joins_the_openid_foundation

23.BLOG – Oracle – Nishant Kaushik – 1/29

International Data Privacy Day: Real Problems, Real Solutions

In honor of International Privacy Day, I thought I’d post a few links that provide some (essential/interesting/weird/amusing) perspectives and information on the topic of privacy as it is being talked about today…Identity Governance Framework at Liberty Alliance

http://blogs.oracle.com/talkingidentity/2009/01/international_data_privacy_day.html

24.BLOG – Kim Cameron – 1/25

More news about our identity team

Orange played an important role in Liberty Alliance, and Ariel has a lot to share with us about Liberty’s accomplishments. Listen to Kuppinger Cole’s Felix Gaehtgens interview Ariel on YouTube to get a real sense for his passion and accomplishments.

http://www.identityblog.com/?p=1034

25.BLOG – EIfEL Team BLOG – Learning Futures – 1/27

The Identity Centric Framework

The tremendous work done by organisations such as the Oasis Group, Liberty Alliance and Open ID on specifications and standards for digital identity call for a profound transformation of the Internet, moving from the “Internet of documents” to the “Internet of Subjects.”

http://www.learningfutures.eu/2009/01/identity-centric-framework.html

26.BLOG – G. Beuchelt – 1/27

Work 2.0

In this spirit, I decided to join the Liberty Alliance as an individual member. The new structure of the organization, combined with a reasonable fee schedule allows me to continue my formal relationship with one of the more comprehensive identity consortia currently in existence.

http://blog.beuchelt.org:80/2009/01/27/Work+20.aspx

27.BLOG – Dale Olds – 1/23

Dale Olds – Novell: Identity Services: Being vs Doing

This roughly corresponds to Dave’s first 3 waves. With the appearance of federation protocols and the Liberty Alliance, the industry started layering an Identity Provider Model on top of Directory Services. Information Cards and OpenID are more recent additions to that model. This could be Eric’s first wave of Identity after 3 waves of Directory Services.

http://virtualsoul.org/blog/2009/01/23/identity-services-being-vs-doing/

28.BLOG/GROUP – mainyaa - 1/25

まいにゃあ？ブクマ？ / 2009年1月25日 (8)

Liberty Alliance ID-WSF2.0仕様について – 080620 Identity Conference #2 hiroki www.slideshare.net

http://b.hatena.ne.jp/mainyaa/20090125#bookmark-9061717

29.BLOG – Moriya (Sun) – 1/30

Identity Manager with MySQL Enterprise Monitor

れた後、外資系にあこがれてサン・マイクロシステムズに入社。入社後しばらくしてLiberty Allianceの実証実験に関わり、ソフトウェアに興味を持つ。 …

http://blogs.sun.com/moriya/entry/vaio_type_p_and_enterprise

30.BLOG/SOCIAL MEDIA – digg – 1/27

Liberty Alliance Tackles Identity, Web 2.0 Challenges

http://digg.com/security/Liberty_Alliance_Tackles_Identity_Web_2_0_Challenges

31.BLOG/SOCIAL MEDIA – Liberty Alliance @ Twitter – 1/30

Liberty Communications Weekly Tweets

LibertyRus

https://twitter.com/LibertyRus

MEDIA STORIES

1) The Current and Future Direction of Identity Assurance

http://www.eds.com/insights/whitepapers/downloads/identity_assurance.pdf?rss=192&filterid=0

The Current and Future Direction of Identity Assurance

Initiatives such as the Liberty Alliance Project’s “Identity. Assurance Framework” are needed to establish the common. language and standards necessary to persuade companies. to hand over control of their identities to a trusted third …

2) Why IaaS is mandatory for the cloud… | Martin Kuppinger

I blogged several times about IaaS (Identity as a Service), last time only some two weeks ago. We will observe a strong increase in that field, the stronger the more people understand that IaaS is mandatory for the cloud. In our upcoming Market Report Cloud Computing 2009 (available starting tomorrow at http://www.kuppingercole.com/reports) we provide, first time ever, a stringent and valid structurization of the cloud market with all its different segments.

IaaS is part of this market, but it is as well a prerequisite for most other aspects of cloud computing. The more services you use in the cloud, the more you need IaaS and GRCaaS (GRC as a Service, just to create a new horrible acronym). How will you become ever compliant if you can’t manage your identities and their access rights consistently in the cloud? That goes well beyond authentication. We will need approaches for a consistent policy management across different cloud services, which again will require new standards, going beyond what federation standards like SAML, authorization standards like XACML and other standards like the IGF (Identity Governance Framework) provide today.

The biggest threat in cloud computing is manageability. And within that field, the biggest threat by far is managing the identities, their authentication, the authorization and all the auditing stuff, to meet the business policies and rules defined within more advanced GRC approaches. Thus, within a cloud strategy the IAM strategy is a vital part, and a prerequisite for every successful move to the cloud. That is true as well when using only a few cloud services (or even only consuming some external web services in SOA applications) as for approaches where everything including IAM and GRC is moved into the cloud.

We strongly recommend to evaluate today’s options for IaaS and their relationship to cloud strategies. By the way: European Identity Conference 2009 will be a great place to learn and discuss about this.

3) Liberty Alliance launches Telecom Special Interest Group (requires subscription)

http://www.telecompaper.com/news/SendArticle.aspx?u=True

4) Liberty Alliance has formed a special interest group to help carriers manage identity-enabled enterprise and web 2.0 issues.

Global operator group Liberty Alliance has formed a special interest group to help carriers manage identity-enabled enterprise and web 2.0 issues. The group was launched by alliance members Ericsson, NEC, NeuStar, Orange and Symlabs.

5) Liberty Alliance: Weltweiten Identitätsschutz fördern

Die Liberty Alliance, eine weltweite Identitätsschutzorganisation, die an einem vertrauenswürdigen Internet für Kunden, Regierungen und Unternehmen arbeitet, startet heute die öffentliche Telecom Special Interest Group (SIG). Diese Gruppe wurde von Repräsentanten von Ericsson, NEC, NeuStar, Orange, Symlabs und TeliaSonera gebildet und ist die zehnte Interessenvertretung der Liberty Alliance, die sowohl Mitgliedern der Organisation als auch Nichtmitgliedern offen steht.

Das Ziel der SIG besteht in der Entwicklung eines Erfolgsrezepts für die sichere Verwaltung von Identitätsinformationen sowie personalisierten Transaktionen und Dienstleistungen in der weltweiten Telekommunikationsbranche. Des Weiteren arbeitet die SIG an der Förderung von personalisierten Unternehmens- und Web 2.0-Anwendungen in der Telekommunikationsbranche, die auf Standards der Liberty Alliance basieren.

Nach Angaben von Jose Luis Mariz, Strategischer Produktmanager von Ericsson und Vorsitzender der Liberty Alliance Telecom SIG: “Die Bildung der Telecom SIG bietet Organisationen und Einzelpersonen in der Telekommunikationsbranche ein bedeutendes öffentliches Forum für die gemeinsame Förderung der nächsten Generation von interoperablen, sicheren und den Datenschutz respektierenden Identity-Enabled-Anwendungen für Unternehmen und Einzelpersonen.”

Liberty Identity Web Services sind in der Telekommunikations- und Service-Provider-Branche im breiten Maße im Einsatz. Mit deren Umsetzung ist die Liberty SAML 2.0 Federation betraut. Das Marktforschungsinstitut Gartner erklärt, dass “SAML 2.0 zum branchenübergreifenden Federation-Standard geworden ist.”

6) Liberty Alliance Telecom Special Interest Group Launches

Given that secure interoperability in today’s innovative information economy is founded on trust, the matter of “who is trusted with what” requires holistic policy, business and technology understanding and infrastructure. In response to this need for a global, holistic approach to identity, the Liberty Alliance Project emerged in September 2001.

Consisting of more than 160 companies, the stated goal of the Liberty Alliance is to establish an open standard for federated network identity, which addresses network identity management complications that exist today. The Liberty Alliance is thus essentially a global identity community working to build a more trustworthy Internet for businesses, governments and people in general. Members develop digital identity products that follow the standards set by the Liberty Alliance Project.

So-called “federated identity” allows users to “link” elements of their identity between accounts without having to store all of their personal information in a central location.

And now, the Liberty Alliance has announced the launch of the public Liberty Alliance Telecom Special Interest Group (SIG). The group has been established by representatives from Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera (News – Alert) and is the tenth Liberty Alliance special interest group open to both Liberty Alliance members and non-members. The goal of the SIG is to develop best practices for managing identity-information and identity-enabled transactions and services in the global telecom sector.

Liberty SAML 2.0 Federation and Liberty Identity Web Services are widely validated and deployed in the telecom and service provider industries. Gartner (News – Alert) states that “SAML 2.0 has become the de facto federation standard across industries.”

Over at Jim Burton’s (News – Alert) Burton Group, the recommend that organizations consider Liberty Alliance ID-WSF 2.0 specifications when implementing federation. The SIG is working to advance identity-enabled enterprise and Web 2.0 applications in the telecom sector based on Liberty Alliance standards and the Liberty Identity Governance and Identity Assurance Frameworks.

7) New Telecom SIG Includes Ericsson, NEC, Neustar, Orange, Symlabs and TeliaSonera

Liberty Alliance has launched its public Liberty Alliance Telecom Special Interest Group, a global identity community to build a reliable Internet for businesses, governments and people.

This public group will assist in the development of the next generation of Interoperable, secure and privacy-respecting identity-enabled telecom applications.

The SIG comprises of representatives from Ericsson, NEC, Neustar, Orange, Symlabs and TeliaSonera (News – Alert). It is the tenth Liberty Alliance special interest group which is open for both Liberty Alliance members and non-members. The SIG is expected to develop ways and means for managing identity-information and identity-enables transactions and services in the telecom sector.

Liberty SAML 2.0 Federation and Liberty Identity Web Services are validated and preferred both in the telecom and service provider industries. SAML 2.0 has become a federation standard across most industries, according to Gartner (News – Alert) Group.

Also the Burton Group is advising organizations to employ Liberty Alliance ID-WSF 2.0 specifications while they are implementing federation. The SIG is striving to make identity-enabled enterprise and Web 2.0 applications popular in the telecom sector. This will be based on Liberty Alliance standards and the Liberty Identity Governance and Identity Assurance Frameworks.

Jose Luis Mariz, strategic product manager at Ericsson (News – Alert) and chair of the Liberty Alliance Telecom SIG, said, “The formation of the Telecom SIG provides organizations and individuals in the telecom industry with an important public forum for collaboratively fostering the next generation of interoperable, secure and privacy-respecting identity-enabled applications for businesses and people.”

Liberty Alliance Telecom SIG members are working with other group members and standards for specifically identifying and eliminating technology and policy issues. Such issues arise when telecom operators have to deal with wide-scale deployment of interoperable identity-enabled applications and services.

The Liberty Alliance Telecom SIG is one among several industry-specific SIGs which are formed by the collective efforts of market leaders. These companies are active in Liberty Alliance like healthcare and eGovernment and make sure that specialized identity management and services requirements are satisfied by emerging technology and policy frameworks.

Liberty Alliance announced a new global telecom group

Liberty Alliance announced a new global telecom group formed to identify and eliminate the technology and policy issues telecom operators face when it comes to the wide scale deployment of interoperable identity-enabled enterprise and Web 2.0 applications and services.

Launched by Liberty Alliance members from Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera, and chaired by Jose Luis Mariz of Ericsson, the group is the tenth vertical-specific Liberty Alliance special interest group (SIG) that is open to the public. The goal of the group is to develop best practices for managing identity-information and identity-enabled transactions and services in the telecom and service provider industries, and to advance identity-enabled telecom applications based on Liberty SAML 2.0 Federation, Liberty Identity Web Services (ID-WSF 2.0) and the policy-based Liberty Identity Assurance Framework.

9) Liberty Alliance Launches Telecom Special Interest Group

SIG’s goal: to develop best practices for managing identity-information and identity-enabled transactions and services in the global telecom sector

Jan 27, 2009 | 10:09 AM

New York and Madrid, Jan. 27, 2009 – Liberty Alliance, the global identity community working to build a more trustworthy Internet for businesses, governments and people, today announced the launch of the public Liberty Alliance Telecom Special Interest Group (SIG). The group has been formed by representatives from Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera and is the tenth Liberty Alliance special interest group open to both Liberty Alliance members and non-members. The goal of the SIG is to develop best practices for managing identity-information and identity-enabled transactions and services in the global telecom sectors.

Liberty SAML 2.0 Federation and Liberty Identity Web Services are widely validated and deployed in the telecom and service provider industries. Gartner states that “SAML 2.0 has become the de facto federation standard across industries.”1 Burton Group recommends organizations consider Liberty Alliance ID-WSF 2.0 specifications when implementing federation.2 The SIG is working to advance identity-enabled enterprise and Web 2.0 applications in the telecom sector based on Liberty Alliance standards and the Liberty Identity Governance and Identity Assurance Frameworks.

According to Jose Luis Mariz, strategic product manager at Ericsson and chair of the Liberty Alliance Telecom SIG, “The formation of the Telecom SIG provides organizations and individuals in the telecom industry with an important public forum for collaboratively fostering the next generation of interoperable, secure and privacy-respecting identity-enabled applications for businesses and people.”

About the Public Telecom SIG

Members of the Liberty Alliance Telecom SIG are collaborating with other groups and standards bodies to identify and eliminate the technology and policy issues telecom operators face when it comes to the wide-scale deployment of interoperable identity-enabled applications and services. The new Telecom SIG joins a growing ecosystem of industry-specific SIGs formed by market leaders active in Liberty Alliance, such as Healthcare and eGovernment, who are working to ensure their specialized identity management and services requirements are being met by emerging technology and policy frameworks. Information about the Telecom SIG, including how to join public calls and mail lists, is available at http://tinyurl.com/9ffnke 1) Source: Gartner, Inc. “The U.S. Government’s Adoption of SAML 2.0 Shows Wide Acceptance”, by Gregg Kreizman, John Pescatore and Ray Wagner, October 29, 2007 2) Source: Burton Group “Federated Identity”, by Bob Blakley, October 2008

10) Another Interest Group

Liberty Alliance, the global identity community working to build a more trustworthy Internet for businesses, governments and people, today announced the launch of the public Liberty Alliance Telecom Special Interest Group (SIG). The group has been formed by representatives from Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera and is the tenth Liberty Alliance special interest group open to both Liberty Alliance members and non-members. The goal of the SIG is to develop best practices for managing identity-information and identity-enabled transactions and services in the global telecom sector.

Liberty SAML 2.0 Federation and Liberty Identity Web Services are widely validated and deployed in the telecom and service provider industries (http://projectliberty.org/liberty/adoption/telecom). Gartner states that “SAML 2.0 has become the de facto federation standard across industries.”(1) Burton Group recommends organizations consider Liberty Alliance ID-WSF 2.0 specifications when implementing federation.(2) The SIG is working to advance identity-enabled enterprise and Web 2.0 applications in the telecom sector based on Liberty Alliance standards and the Liberty Identity Governance (http://projectliberty.org/liberty/strategic_initiatives/identity_governance) and Identity Assurance Frameworks (http://projectliberty.org/liberty/strategic_initiatives/identity_assurance).

11-12) Liberty Alliance Tackles Identity, Web 2.0 Challenges

Liberty Alliance – a group formed by Ericsson (ERIC), NEC Corp., NeuStar Inc. (NSR), Orange (FTE), Symlabs Inc. and TeliaSonera (TLS.VX) – has established a new effort to help telecom operators identify and overcome technology and policy challenges relative to wide scale, identity-enabled enterprise and Web 2.0 applications and services.

The goal of the new group, called Liberty Alliance Telecom Special Interest Group, is “to develop best practices for managing identity-information and identity-enabled transactions and services in the telecom and service provider industries, and to advance identity-enabled telecom applications based on Liberty SAML 2.0 Federation, Liberty Identity Web Services (ID-WSF 2.0) and the policy-based Liberty Identity Assurance Framework.” Liberty SAML 2.0 Federation and Liberty Identity Web Services have, according to the group and Gartner, become the de facto federation standard across industries.

“The formation of the Telecom SIG provides organizations and individuals in the telecom industry with an important public forum for collaboratively fostering the next generation of interoperable, secure and privacy-respecting identity-enabled applications for businesses and people,” said Jose Luis Mariz, strategic product manager at Ericsson and chair of the Liberty Alliance Telecom SIG.

13) Telecom group to develop privacy best practices

The Liberty Alliance Telecom Special Interest Group has been established to develop best practices for managing identity information and identity-enabled transactions and services in the global telecommunications sector and service provider industries to create interoperable, secure and privacy-respecting identity-enabled telecom applications.

The Telecom Special Interest Group was launched by Liberty Alliance members from Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera, and will be chaired by Jose Luis Mariz of Ericsson. Liberty Alliance is an open-standards organization whose mission is to enable governments, consumers, citizens and businesses to more easily conduct online transactions while protecting the privacy and security of identity information.

Another goal of the group is to advance identity-enabled and Web 2.0 telecom applications based on the Liberty SAML 2.0 Federation and Liberty Identity Web Services standards initiatives, and the policy-based Liberty Identity Assurance Framework. Liberty SAML 2.0 Federation and Liberty Identity Web Services are widely validated and deployed in the telecom and service-provider industries.

14) Liberty Alliance telecom SIG formed by Ericsson, NEC and others

Liberty Alliance, the global identity community working to build what it calls a more trustworthy Internet for businesses, governments and people, today announced the launch of the public Liberty Alliance Telecom Special Interest Group (SIG).

The group has been formed by representatives from Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera and is the 10th Liberty Alliance special interest group open to both Liberty Alliance members and non-members.

The goal of the SIG is to develop best practices for managing identity-information and identity-enabled transactions and services in the global telecom sector.

According to Jose Luis Mariz, strategic product manager at Ericsson and chair of the new SIG, “the formation of the Telecom SIG provides organizations and individuals in the telecom industry with an important public forum for collaboratively fostering the next generation of interoperable, secure and privacy-respecting identity-enabled applications for businesses and people.”

15) Liberty Alliance gründet TK-Interessensvertretung

Mit der öffentlichen Liberty Alliance Telecom Special Interest Group (SIG) hat die weltweit agierende Identitätsschutzorganisation Liberty Alliance eine neue Interessenvertretung gegründet. Die Gruppe soll die besten Möglichkeiten für die Verwaltung von Identitätsinformationen sowie Identity-Enabled-Transaktionen und -Dienstleistungen in der Telekommunikationsbranche finden. Zu den Repräsentanten der Telecom SIG gehören Ericsson, NEC, NeuStar, Orange, Symlabs und TeliaSonera.

“Die Bildung der Telecom SIG bietet Organisationen und Einzelpersonen in der Telekommunikationsbranche ein bedeutendes öffentliches Forum für die gemeinsame Förderung der nächsten Generation von interoperablen, sicheren und den Datenschutz respektierenden Identity-Enabled-Anwendungen für Unternehmen und Einzelpersonen”, sagt Jose Luis Mariz, Strategischer Produktmanager von Ericsson und Vorsitzender der Liberty Alliance Telecom SIG.

Die neue Telecom SIG wird zum Teil eines wachsenden Ökosystems branchenspezifischer Interessenvertretungen wie Gesundheitswesen und E-Government, die von in der Liberty Alliance aktiven Marktführern gebildet werden, um zu gewährleisten, dass ihre spezifischen Identitätsmanagement- und Serviceanforderungen von aufkommenden Technologie- und Policy-Frameworks erfüllt werden.

16-19) Liberty Alliance gründet TK-Interessensvertretung

Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera Lead New Liberty Alliance Telecom Group

Tuesday January 27, 2009, 9:15 am EST

Yahoo! Buzz Print Public Group Fostering the Next Generation of Interoperable, Secure and Privacy-Respecting Identity-Enabled Telecom Applications

NEW YORK and MADRID, Spain, Jan. 27 /PRNewswire/ — Liberty Alliance, the global identity community working to build a more trustworthy Internet for businesses, governments and people, today announced the launch of the public Liberty Alliance Telecom Special Interest Group (SIG). The group has been formed by representatives from Ericsson, NEC, NeuStar, Orange, Symlabs and TeliaSonera and is the tenth Liberty Alliance special interest group open to both Liberty Alliance members and non-members. The goal of the SIG is to develop best practices for managing identity-information and identity-enabled transactions and services in the global telecom sector.

Liberty SAML 2.0 Federation and Liberty Identity Web Services are widely validated and deployed in the telecom and service provider industries. Gartner states that “SAML 2.0 has become the de facto federation standard across industries.”(1) Burton Group recommends organizations consider Liberty Alliance ID-WSF 2.0 specifications when implementing federation.(2) The SIG is working to advance identity-enabled enterprise and Web 2.0 applications in the telecom sector based on Liberty Alliance standards and the Liberty Identity Governance and Identity Assurance Frameworks.

About the Public Telecom SIG

1) Source: Gartner, Inc. “The U.S. Government’s Adoption of SAML 2.0 Shows Wide Acceptance”, by Gregg Kreizman, John Pescatore and Ray Wagner, October 29, 2007

2) Source: Burton Group “Federated Identity”, by Bob Blakley, October 2008

20) Identité et interopérabilité, la mission de Liberty Alliance Telecom

Liberty Allliance crée “Liberty Alliance Telecom”, un groupe public de promotion de l’interopérabilité des d’applications télécom en matière d’identité.

Liberty Alliance Telecom est le dixième groupe d’intérêt spécial lancé par le consortium. Ce groupe est composé de représentants d’Ericsson, NEC, NeuStar, Orange, Symlabs et de TeliaSonera.

L’objectif est de “développer des meilleures pratiques de gestion des informations d’identité et les transactions et services utilisant ces informations dans le secteur des télécommunications mondial.”

Selon l’institut Gartner, le standard SAML 2.0 est devenu “la norme de fédération dans tous les secteurs.” Le Groupe d’intérêt spécial va s’employer à “faire progresser les applications d’identité et Web 2.0 dans le secteur des communications en s’inspirant des normes Liberty Alliance et des cadres Liberty de gouvernance et d’assurance en matière d’identité.”

Voilà qui devrait permettre de préparer collectivement ce que le groupe appelle une “nouvelle génération d’applications télécom en matière d’identité interopérables, sûres et respectant la vie privée”, pour les entreprises, mais avant tout les particuliers.

Lien : projectliberty.org/liberty/adoption/telecom

21) France Télécom: Orange rejoint Liberty Alliance Telecom

En dehors d’Orange, le groupe est également composé du suédois Ericsson, du japonais NEC, des américains NeuStar et Symlabs ainsi que du scandinave TeliaSonera.

Le système SAML 2.0 de Liberty était déjà devenu une norme de fédérationau sein du secteur des télécommunications

22) PayPal joins the OpenID Foundation

The OpenID Foundation announced today that PayPal has joined their board. At first blush, this may not seem like the biggest of big news, but I actually think it’s rather significant.

The reason is simple: Michael Barrett, CISO at PayPal and one-time President of the Liberty Alliance, has been a very vocal and public critic of OpenID in the past. So, does PayPal’s joining of the OpenID Foundation mean that Michael’s security concerns (because all of his criticism was focused on the lack of security in OpenID) have been resolved? Or does it mean that PayPal has recognized that they must have their security concerns regarding OpenID addressed?

In either case, PayPal seems to be assuming that OpenID adoption will become important to their business. I’ll wait to hear from Michael for the exact reasoning behind their joining.

###

Liberty Alliance News and Coverage Week Ending January 23/09

libertyalliancenews — Thu, 05 Feb 2009 14:23:32 +0000

1.MEDIA – BetaNews – 1/22

Former Netscape attorney may be named DOJ antitrust chief

http://www.betanews.com:80/article/Former_Netscape_attorney_may_be_named_DOJ_antitrust_chief/1232658156

2.MEDIA – Linux Security News – 1/17

Debian: New lasso packages fix validation bypass

http://www.infosecnews.org/pipermail/isn/2009-January/017325.html

3.BLOG – Anthony Broad-Crawford – 1/22

Dataportability Healthcare Taskforce Update

Additionally, we have been identifying and working with groups such as Liberty Alliance and ID Commons to find what synergies exist between these similar initiatives and how we might work together.

http://anthonybroadcrawford.com/index.php/dataportability-healthcare-taskforce-update/

4.BLOG/GROUP – Linux France.org – 1/17

Logiciel : Sortie de LemonLDAP::NG 0.9.3

Indépendance des mécanismes d’authentification et de recherche des données de l’utilisateur : la phase d’authentification permet de valider la création de la session WebSSO, elle peut être effectuée sur un annuaire LDAP, par certificat SSL, par Liberty Alliance, par CAS, par Kerberos ou tout autre méthode d’authentification disponible dans Apache2.

http://linuxfr.org:80/2009/01/17/24890.html

5.BLOG/GROUP – Java Eye – 1/19

DRM Delivery Method HTTP Download

MMS, OMA Download v1.0…Liberty Alliance ID-WSF 1.1

http://azi.javaeye.com/blog/318690

6.BLOG – James Kobielus – 1/18

New Federation Frontiers in the Cloud Services World

The IMS community is referencing federation identity management (IdM) standards—such as those developed by the Organization for the Advancement of Structured Information Standards (OASIS) and the Liberty Alliance

http://jkobielus.blogspot.com/2009/01/new-federation-frontiers-in-cloud.html

7.BLOG – Apuntes electrónicos – 1/22

Identificación en servicios públicos y Redes Sociales

Aunque ha habido diversos sistemas que han buscado la identificación universal, Liberty Alliance o Passport son quizás los últimos que han alcanzado popularidad, parece que la solución va a venir de la mano de los ecosistemas construidos entorno a las redes sociales generalistas.

http://apunteselectronicos.wordpress.com/2009/01/22/identificacion-en-servicios-publicos-y-redes-sociales/

8.BLOG – Data Without Boarder – 1/18

Data Without Borders Episode 4: Privacy

In the first episode for 2009 we talk about privacy because Christian was attending the 25th Chaos Communications Congress and the overall topic there was privacy. Looking at social networks today we see that not really much privacy is available and we discuss if that can be changed or not….Volunteered Privacy Information SIG at Liberty Alliance

http://datawithoutborders.net/dwb4/

9.BLOG – blawgletter – 1/22

Signaling Tougher Antitrust Enforcement? (Update)

Christine has provided antitrust, competition policy, and regulatory advice to a variety of companies, including eBay, Fox Interactive Media/MySpace, Orbitz Worldwide, Inc., DoubleClick, Ernst & Young, EMI, Intelius, Advertising.com, American Hospital Association, Washingtonpost.Newsweek Interactive, Dow Jones & Company, AOL, Synopsys, Compaq Computer, Gateway, Netscape, The Liberty Alliance, and Real Networks.

http://blawgletter.typepad.com/bbarnett/2009/01/signaling-tougher-antitrust-enforcement.html

10.BLOG – Identity Woman – 1/20

Online Community Unconference East

I am hoping that some community members working on OpenID and Information Card maybe even some ID-WSF and SAML folks too. will also join me at the event. It is a great opportunity to talk with actual adopters/potential adopters of these technologies they represent hundreds of thousands of users and because of the focus on online community managers – there is an emphasis on the human side of things not just “business models” or “technical how to”

http://www.identitywoman.net/online-community-unconference-east-2

11.BLOG – Matthew Gardiner – Identity and Access Management – 1/20

SOA – Now at the Nadir of the Trough of Disillusionment

He is published and interviewed regularly in leading industry media on a wide range of IAM and security-related topics and is a member of the Liberty Alliance’s board of directors.

http://community.ca.com/blogs/iam/archive/2009/01/20/soa-now-at-the-nadir-of-the-trough-of-disillusionment.aspx

MEDIA STORIES

1) Former Netscape attorney may be named DOJ antitrust chief

A name floated this morning by The Wall Street Journal as a likely choice by President Obama to head the Justice Dept.’s antitrust division, may not exactly be the choice Microsoft would have preferred.

Christine Varney, a former Federal Trade Commission member in the Clinton administration, and an attorney in the high-visibility firm of Hogan & Hartson in Washington, DC since then, appears to be the leading candidate for appointment to a deputy attorney-general’s post in the Justice Dept.’s Antitrust Division, according to a WSJ report this morning. During the US Microsoft antitrust trial, but following her tenure with the FTC, Varney was an outspoken critic of Microsoft, especially since she was on the team representing Netscape, the company that was most wronged by Microsoft’s actions at that time.

In recent years, Varney has been an ardent supporter for online privacy legislation backed by government enforcement, as a supplement to market-driven self-regulation. As a lobbyist for the now largely defunct Online Privacy Alliance, she argued on behalf of service providers’ ability to set industry policies regarding the collection of information online, followed by the government’s ability to enforce regulations against those who fail to live up to those policies. Varney called those two groups the “good actors” and the “bad actors,” respectively.

“A bad actor who is engaged in the collection of information from individuals through deceit, through fraud, through any kinds of devious means and the use of it in deceptive ways, is currently subject to prosecution by the FTC, the 50 states’ attorneys general and, depending on the circumstances, the Department of Justice,” Varney told a press gathering in July 1998. “And we really support vigorous enforcement of the existing law. The Alliance document on self-enforcement then looks to, how do we create an atmosphere of trust on the Internet? And what we’re talking about is for the good actors. For the companies that want to do right on the Internet, that want to gain consumer trust and confidence, that want to grow the net, how can they do that? And we think they can do that through practicing good privacy policies and certifying they do through this kind of a seal program or idea.”

Such a “seal program” would have established an industry-wide merit system for “good actors” whose privacy policies live up to, or exceed, the industry’s own code of behavior.

Varney was also a supporter of the Child Online Protection Act, which only yesterday was dealt a final death blow by the US Supreme Court. The Act — which her boss, Pres. Clinton, signed into law after having taken her advice — would have enabled the punishment of individuals and institutions who failed to provide adequate filtration on their Internet systems for pornography being displayed to minors.

In a 2000 appearance on PBS’ The NewsHour with Jim Lehrer, Varney defended the Act — which was law at the time — though she lumped it in with other regulations designed to protect consumer privacy online. When asked by Ray Suarez how she would prefer the government pursue groups or individuals that fail to observe privacy regulations, her defense used strikingly similar language: “As a former government enforcer, I’ve always thought…good laws don’t stop bad people from doing bad things. They merely give prosecutors and in some cases private citizens, more tools to go after them. So I think we have to remember that we have a lot of law in place right now. The question is whether or not existing law is adequate. As we discussed earlier, the FTC has the authority right now to prosecute bad actors under certain circumstances. I’m not sure that an additional grant of regulatory authority is going to get us all the way there in the least intrusive manner.”

Varney’s personal “About” page on her law firm’s Web site lists her as having represented the following stellar list of companies: “eBay, Fox Interactive Media/MySpace, Orbitz Worldwide, Inc., DoubleClick, Ernst & Young, EMI, Intelius, Advertising.com, American Hospital Association, Washingtonpost.Newsweek Interactive, Dow Jones & Company, AOL, Synopsys, Compaq Computer, Gateway, Netscape, The Liberty Alliance, and Real Networks.”

Prominently not appearing in that list are Google — the subject of intense scrutiny recently over privacy regulations, as well as its previous effort to help Yahoo not be swallowed by Microsoft — and, of course, Microsoft.

Being no stranger to PBS, Varney — at the time, publicly representing Netscape — appeared on the NewsHour in February 1999 on the day that then-Microsoft vice president Cameron Myrhvold testified that his company had placed restrictions on major Internet service providers, providing prominent placement on the Windows desktop in exchange for limiting the Web browsers they offer to just Internet Explorer; and that Microsoft “embedded” IE with Windows with the same general aims in mind. Her counterpart on the panel that day, Microsoft consultant Rick Rule, had just stated that the government had failed to demonstrate that the company’s conduct had directly harmed consumers.

When asked whether Rule was right about that, Varney responded, “Saying that Microsoft had a good week is like saying Microsoft’s not a monopolist.

“I think the Government proved every single claim that they had to,” she continued. “The Government had to prove Microsoft was a monopolist. Microsoft’s own witnesses acknowledge that there’s no viable alternative to Microsoft’s operating system…The Government had to prove that Microsoft engaged in certain acts and practices. Clearly, the Government proved that; Microsoft’s own witnesses conceded several of those. Cameron Myhrvold got on the stand and said the reason they had to put the browser in the operating system was because if consumers could freely and easily choose between two browsers, Microsoft would lose…And finally the Government had to prove these acts were illegal. I think it’s absolutely clear that Microsoft’s acts were intended to and did, in fact, restrain trade.”

Christine Varney’s ability and willingness to make sweeping choices with potentially serious repercussions was proven in May 1997, when she cast the deciding vote on the FTC against tobacco products maker R. J. Reynolds’ use of the “Joe Camel” character in its cigarette advertising. Only three months later, prior to the actual expiration of her term, she left the FTC to be the driving force in Hogan & Hartson’s Internet law division. Though she’s officially been there all this time, she has already served as a senior counsel to the Obama transition team, and may have been the person who vetted — assuming such vetting took place — then-Sen. Hillary Clinton, prior to her nomination for Secretary of State, though Varney did work closely with the Secretary’s husband.

Just yesterday, the Antitrust Division released its latest Joint Status Report with Microsoft, on the ongoing status of the company’s documentation efforts. There were no major hitches to report. However, this was the last such report produced under the leadership of the previous administration.

2) Debian: New lasso packages fix validation bypass

———————————————————

It was discovered that Lasso, a library for Liberty Alliance and SAML

protocols performs incorrect validation of the return value of OpenSSL’s DSA_verify() function.

http://www.linuxsecurity.com/content/view/147130

###

Liberty Alliance News and Coverage Week Ending January 16/09

libertyalliancenews — Thu, 05 Feb 2009 14:15:05 +0000

Liberty Alliance

Industry Analyst, Media, Blog and Social Media Highlights

Week Ending January 16, 2009

1.MEDIA – Computing Now, IEEE Computer Society – 12/29

Single Sign-On and Social Networks

http://www2.computer.org/portal/web/computingnow/1208/whatsnew/dsonline

2.MEDIA - XML Daily Newslink – 12/29

Single Sign-On and Social Networks

http://xml.coverpages.org/newsletter/news2008-12-29.html#cite2

3.MEDIA – Distributed Systems Online – 12/29

Single Sign-On and Social Networks

http://dsonline.computer.org/portal/site/dsonline/index.jsp

4.MEDIA – NetEco France – 1/8

CA sécurise et prend le contrôle d’Orchestria

http://www.neteco.com:80/249834-ca-prend-controle-securise-orchestria.html

5.MEDIA/ANALYST FIRM – Gartner – 12/24

Take the Best, Leave the Rest for Identity Federation Governance and Controls

(requires subscription)

http://www.gartner.com/DisplayDocument?id=846624&ref=g_fromdoc

6.MEDIA/ANALYST FIRM – CSO Online – 1/8

SPML, SaaS and identity in a services world

http://blogs.csoonline.com/spml_saas_and_identity_in_a_services_world

7.MEDIA – XML Daily News Link – 1/17

Let’s Talk More about SPML (Service Provisioning Markup Language)

http://groups.google.com/group/bastille/browse_thread/thread/e5651131a492afbf?hl=en&q=%22Liberty+Alliance%22

8.BLOG/ANALYST FIRM – Burton Group Blogs – Mark Diodati – 1/7

New Year’s Resolution: Let’s Talk More about SPML

As for federation and federated provisioning, the lack of provisioning capabilities remains an operational impediment. Several years ago, a Liberty Alliance Technical Expert Group began working on a way to “harmonize” SPML and SAML. …

http://identityblog.burtongroup.com:80/bgidps/2009/01/new-years-resolution-lets-talk-more-about-spml.html

9.BLOG/SOCIAL Media – YouTube – 1/5

Oracle EMEA Web Video Channel

Roger Sullivan – Current economic climate will mean increased focus on compliance

http://www.youtube.com/user/OracleEMEAWebVideo

10.BLOG/GROUP – MCNC – 12/28

Federated Identity Management TF

Consortiums, InCommon, InCommon I2 Confluence Space

InCommon Bedtime Story (How InCommon could benefit students), Liberty Alliance

Liberty Alliance Wiki

https://edspace.mcnc.org:443/confluence/pages/viewpage.action?pageId=7020109

11.BLOG/SOCIA MEDIA – Dan Glass’s Bookmarks – 1/5

Links for 2009-01-04 [del.icio.us]

Liberty Alliance Identity Assurance Framework 1.1

http://delicious.com/djglass/?page=2

12.BLOG/GROUP – Sun Microsystems Training – 12/30

Managing Entity Metadata using ssoadm

Sun Open SSO Enterprise 8.0 Adminstration Guide – November 2008

There are two types of entity provider metadata (formatted in XML files) that can be used as input to ssoadm: Standard metadata properties are defined in the Liberty ID-FF and SAMLv2 specification. http://docs.sun.com/app/docs/doc/820-3885/6nfcuutp8?l=ja&a=view

http://dlc.sun.com/pdf/820-3885/820-3885.pdf

13.BLOG/GROUP – Octo Talks – 1/6

Sun Aquarium de Paris

Open Source de Sun Access Manager. Ce produit couvre les fonctions suivantes : Contrôle d’accès web (authentification, délégation d’autorisation)

Fédération d’identité (SAML2, Liberty Alliance)

http://blog.octo.com/index.php/2009/01/06/220-sun-aquarium-de-paris

14.BLOG – James McGovern – 1/5

Microsoft, Open Source and SPML

If salesforce.com allows an outside party to provision and de-provision identity, doesn’t this raise many of the same issues as the discussion around federated identity? Should the Liberty Alliance have special guidance around SPML?

http://duckdown.blogspot.com/2009/01/microsoft-open-source-and-spml.html

15.BLOG/GROUP – ID Trust/XML.org – 12/30

Single Sign-On and Social Networks

http://idtrust.xml.org/news/single-sign-on-and-social-networks

16.BLOG/SOCIAL MEDIA – Reddit – mivsek- 12/30

Single Sign-On and Social Networks

http://www.reddit.com/r/programming/comments/7mhdw/single_signon_and_social_networks/

17.BLOG/GROUP – Oracle Tutorials - 12/08

ArisID API – Identity Governance Framework Attribute Services API…The Identity Governance Framework (IGF) specifications from Liberty Alliance. The ArisID API uses:…

http://www.oracle.com/technology/tech/standards/idm/igf/arisid/arisid-tutorial.pdf

18.BLOG– Java Net Sarfari Books on Searchfull.net – 1/07

Critical Listening Skills for Audio Professionals – (2009年01月07日)发表于java.net – Comment – Recent identity related efforts like the Identity Governance Framework are also part of this architecture, providing the ability to deliver privacy-aware applications.

http://www.searchfull.net/1779353.html

19.BLOG/GROUP – Orange Labs R & D – 12/29

Identity Federation and Privacy: One Step Beyond

…complementary federation models. Liberty federation model. “Blind” federation model …Liberty Alliance and SAML/OASIS (4Q 08)

http://www2.pflab.ecl.ntt.co.jp/dim2008/DIM2008Jacques.pdf

20.BLOG/GROUP – Sun Traning Catalog – 12/29

Developing Secure Java Web Services (DWS-4120-EE5)

Secure web services by using Liberty token profiles

https://www.suntrainingcatalogue.com:443/eduserv/client/loadCourse.do;jsessionid=9059BC061D8D4277A50DABBFDE855CBD.tomcat2?coId=en_IN_DWS-4120-EE5&coCourseCode=DWS-4120-EE5&l=en_IN

21.BLOG – Lancelotes.com – 12/28

A Bulding Block Approach to Standardization

Later on, it was decided to align on the specifications for Liberty Alliance, which define web services permitting 3rd party service providers to access user data owned by the network operator.

http://lancelotes.com/article/bankingcredit/2008-12-29/16206.html

22.BLOG – MIRLN - 12/27

INTERNETBAR.ORG IS PLEASED TO ANNOUNCE THE RECEIPT OF A GRANT FROM THE AMERICAN BAR ASSOCIATION FUND FOR JUSTICE AND EDUCATION…

The Liberty Alliance, a standards organization with a global membership that provides a holistic approach to identity, is collaborating with the legal community to develop a system of legal assurance for identity within the legal empowerment network.

http://mirln.blogspot.com/2008/12/mirln-7-27-december-2008-v1117.html

23.BLOG – James McGovern – 12/24

Liberty Alliance 2.0

SAML 2.0 supports an XACML payload. Anyone care to guess why you can’t find a single product that can’t make effective use of this specification…

http://duckdown.blogspot.com/2008/12/liberty-alliance-20.html

24.BLOG – Liako.Biz, Elias Bizanneson – 12/22

So open it’s closed

Organisationally, we are currently working on a legal entity to protect our online community, and we are doing this whilst also ensuring we are working with others in the industry, such as the discussions we’ve had within the IDTBD proposal with Liberty Alliance , Identity Commons and others.

http://liako.biz/2008/12/so-open-its-closed/

25.BLOG/SOCIAL MEDIA – Liberty Alliance @ Twitter – 1/09

Liberty Communications Weekly Tweets – 1/09

LibertyRus

https://twitter.com/LibertyRus

###

Media Stories

1-3) Single Sign-On and Social Networks

Call it what you will—single sign-on, federated identity, one-stop authentication—letting users sign on to the Internet once and securely access network resources anywhere has been one of the industry’s enduring quests.

While numerous standards efforts have steadily pursued this capability, most have been back-end technologies of which users are mostly unaware. Periodically, however, something brings these efforts to the foreground. Recent developments surrounding the open source OpenID federated-identity technology signal another high-profile period for single sign-on. But they also raise questions about how to achieve interoperability between disparate technologies meant for distinctly different user communities and which of these technologies might be worth investment.

“Large deployers who are cognizant of OpenID, [Microsoft’s] CardSpace, and the general information card arena are asking how all this stuff fits together,” says Roger Sullivan, president of the Liberty Alliance (www.projectliberty.org), a 150-member federated-identity standards body that’s been working on single sign-on since 2001. “They’ll say, ‘I understand what federation is all about and how to use it in a serious business application, but I also have an interest—a strategic interest—in being able to tap into this social community that’s using OpenID and figuring how I can then migrate that anonymous user into my more structured environment, to provide linked services that are more highly authenticated and secure to that more casual user.’”

OpenID Gains Momentum

OpenID (http://openid.net) was originally conceived as a convenient way for heavy blog users to traverse their Internet niche without having to sign on separately to each site. It has become the latest cause celebre of the single sign-on movement. Within a few days of each other in late October, both Microsoft (http://winliveid.spaces.live.com/Blog/cns!AEE1BB0D86E23AAC!1745.entry) and Google (http://google-code-updates.blogspot.com/2008/10/google-moves-towards-single-sign-on.html) announced their support of the OpenID 2.0 protocol.

Microsoft’s current OpenID release, included in its Live product suite of services including Hotmail and Windows Messenger, is for testing purposes only. The company expects its OpenID implementation to be ready for production “sometime in 2009.”

In 1995, Raiter said, S&P decided to switch from a rules-based risk model for these mortgages to a more sophisticated statistics-based model. The first version of the new model analyzed 500,000 loans and five years of performance data. By 1999, S&P had updated the model to include data on approximately 900,000 loans and six to eight years’ performance history.

At first glance, the announcements appeared to signal that OpenID was ready to become the Internet-wide de facto standard for user-initiated single sign-on. However, even some of the technology’s most avid advocates admit there is much work to do, technologically and in shaping end-user perceptions.

Perhaps the most vexing problem is that the announced support of OpenID is a one-way proposition. The most popular email and identity providers—Yahoo as well as Google and Microsoft—currently serve as “issuing” OpenID providers, but they’ve hesitated to become “relying” providers, which accept logins from other OpenID sites. To many observers, this alone is adequate reason to wait until the OpenID community’s deeds match its words. After all, what’s the point of a single sign-on technology that won’t allow single sign-on?

In fact, representatives of Google and Microsoft don’t even agree as to why they’re delaying two-way implementation of the standard.

For example, Google security team member Eric Sachs blogged (http://google-code-updates.blogspot.com/2008/10/moving-another-step-closer-to-single.html) on 30 October, the day after Google announced its OpenID 2.0 availability, that only one problem stands in the way of becoming a relying party:

[F]ortunately it is more of a technology problem than a usability issue. That problem is that rich-client apps (desktop apps and mobile apps) are hard-coded to ask a user for their username and password. As an example, all Google rich-client apps would break if we supported federated login for our consumer users, and in fact they do break for the large number of our enterprise E-mail outsourcing customers who run their own identity provider, and for which Google is a relying party today.

However, in an emailed statement, Microsoft representatives questioned whether other OpenID providers could maintain the levels of service availability and account protection that Windows Live ID provides for its users. If not, Live Service users might be “prevented from access their own data due to an inappropriate or unlucky choice of OpenID providers.” This raises two further questions. What is the worth of a community effort in which one of the most influential members holds forth the possibility other members could offer “inappropriate” or “unlucky” access to a trusting user? And what is that company’s true commitment to a legitimate two-way protocol instead of a low-resistance, one-way hook into more users.

Transitions and Disconnects

OpenID Foundation chairman Scott Kveton says the delay is indicative of a transitional period between centralized and decentralized architectures and business models.

“Sites are silos in and of themselves,” he says. “With system-centric design comes system-centric values—people asking, ‘How will this affect our user base? Will our uses leave?’ But people are finding that instead of leaving, users are actually more rooted at that site if they can use OpenID. This occurs as we move to a more user-centric model.”

In fact, Kveton says niche sites might see a huge opportunity with smaller Web site operators from users of the big sites that now offer only one-way access via OpenID.

“You’re going to be able to implement OpenID on your site, and that will accept users from any one of those places. The big guys are still trying to get a feel for what this means, but in the next six to 12 months, I think there’s a huge opportunity for the smaller sites to take advantage of all these users who are now being exposed to it.”

Thus far, the exposure hasn’t translated to end-user popularity, however. Leah Culver, founder and lead developer of the San Francisco-based social networking and micro-blogging site Pownce, says, “None of our users are really asking for it. The truth is, when you go to sign up for a social network that uses OpenID, you still have to create all your profile information, and all it does is tie in your OpenID in as an alternative authentication, which is great if you like that. But right now, it’s not worth our time and effort to set up a second authentication service.”

Allen Tom, principal architect for Yahoo’s membership team, says the results of a recent company-run OpenID usability study (http://developer.yahoo.net/blog/archives/2008/10/open_id_research.html) showed users were frustrated not only with OpenID’s difficult multistep sign-on process but also had no idea what it really was.

“The most striking conclusion was that OpenID doesn’t really seem to have much brand recognition,” Tom says.

According to Pownce’s Culver, the lack of recognition is a symptom of the disconnect between the developer and user communities.

“It’s one thing to be an advocate—as an independent developer, to say, ‘Hey, everyone should use OpenID.’ And it’s another thing to be a site owner, where you do have users, and you have to consider what they’re going to think of it, and most of them are not technical by far,” she says. “They’re used to password login and have never heard of OpenID. It’s really hard to break that pattern.”

Japan Taking the Lead

Although OpenID might appear to be spinning its wheels with the mass audience in the US, Liberty Alliance president Sullivan says the technology is being recognized as a potentially vital partner in other regions. The closing panel at the Alliance’s Asian board of directors’ November meeting was a joint presentation by Liberty, OpenID Japan, and Microsoft—three organizations which have been mutually antagonistic more often than not. The panel attracted 300 people.

Sullivan says the Japanese market will be the likely pioneer of melding social networking and transactionally oriented single sign-on technologies. He cites mobile phone services is Japan as an example.

“Folks in Japan wave their phones over turnstiles in the metro, and that is the authentication device as well as the payment device. We’re nowhere near that in the US,” he says. In Japan, “OpenID represents one of many on-ramps onto the identity infrastructure highway. There are many ramps, some more secure than others. Everybody wants to get into the high-speed lane, and to do that you have to cross some barriers along the way.”

To some degree, Sullivan thinks the melding of federated identity technologies will be generationally driven. For instance, while many savvy midlife Internet users are quite satisfied with the increasing capabilities of interbank asset transfers using just one bank’s sign-on—one of federated identity’s signal applications—merchants targeting a younger demographic are still frustrated in capturing their user base online.

Sullivan says merchants that serve the younger demographic typically lament that their traditional way of asking to connect with the customer, an e-mail address, often results in the customer supplying a spoof address to avoid being solicited. Technologies such as OpenID, Sullivan says, can fill a key niche in the continuum of reaching those customers.

“Businesses are really starting to see the strategic importance of answering questions such as ‘How do I manage the progression from anonymity into a meaningful business interaction?’ Because at the end of the day, that’s what these technologies are all about—creating that seamless transition from anonymity to a highly secure environment and being able to use, at any point along the way, the technology that is appropriate for that transaction.”

Cite this article:

Greg Goth, “Single Sign-on and Social Networks,” IEEE Distributed Systems Online, vol. 9, no. 12, art. no. 0812–oy001.

4) CA sécurise et prend le contrôle d’Orchestria

Le groupe CA réalise une nouvelle acquisition dans le domaine de la sécurité informatique à travers le rachat d’Orchestria. Basée à New York, la société est éditrice de logiciels de protection de données (DLP ou Data Loss Prevention). L’acquisition, dont le montant n’a pas été précisé, devrait être finalisée fin janvier 2009. CA déclare dans un communiqué vouloir maintenir en poste « la quasi-totalité des salariés » d’Orchestria.

Anciennement Computer Associates, CA a engagé sa mue en 2006 à travers un changement de nom et une spécialisation dans la gestion des systèmes d’information d’entreprise (EITM). Désormais l’éditeur veut « révolutionner » le domaine, de la prévention de la fuite des données à la gestion des identités. Ambitieux ! Sur ce marché s’activent d’autres poids lourds américains, dont Oracle, Sun, HP, IBM – membres, comme CA, du projet Liberty Alliance – BMC et Microsoft.

5) Take the Best, Leave the Rest for Identity Federation Governance and Controls

(requires subscription)

http://www.gartner.com/DisplayDocument?id=846624&ref=g_fromdoc

6) SPML, SaaS and identity in a services world

Topic(s): Identity Management

Ian Glazer’s posting about the idea of federated provisioning over on the Burton Group blog, and in so doing, exposing a whole hornet’s nest of identity topics.

As I’ve said recently, I think we just ended “the first wave” of identity. The period ran (roughly) from 2001 to 2008 (7 years). It began with Passport, evolved into the rise of “real” identity management vendors like Netegrity and Oblix, morphed through the Liberty Alliance, SAML and federation, transformed into real implementations around provisioning and GRC, and collapsed (exhausted) with the release of “passport 2.0″ (facebook connect).

That first wave saw identity become a real enterprise implementation. Identity vendors that could barely define what “digital identity” was in 2002, did the hard work of building all of the pieces needed to actually provide a substantial business benefit in the next five years.

Now, though, the enterprise is truly beginning to explore SaaS, the cloud, and “service-based” offerings.

And that brings with it the challenges of what I think is now the “second wave” of identity. So, while de-provisioning from LDAP vs. Salesforce.com shouldn’t be much different technically, the truth is that conceptually it is.

Enterprise IT departments are awash in the “consumerization of IT” – that broad phenomenon wherein line of business managers can buy (or find for free) tech functionality via service-based offerings (no longer having to wait for IT to implement it). And that fundamental change is a big boulder being dropped into all technology ponds.

Identity will begin by adapting existing offerings to “secure” SaaS applications, but eventually identity management itself will have to be changed by the changing nature of how technology is bought and used.

Welcome to the second wave. (Hat tip to Toffler.)

–Eric Norlin

7) Let’s Talk More about SPML (Service Provisioning Markup Language)

Mark Diodati, Burton Group Blog

Jackson Shaw and James McGovern have been blogging recently about one

of my favorite topics: Service Provisioning Markup Language (SPML).

I’d like to contribute to the discussion… One thing that organizations

using SPML should do is to secure the service from an authentication,

authorization, and encryption perspective. In most instances, because

the number of SPML requestors and providers (this is terminology specific

to SPML) are small, most organizations are opting to manually configure

the requesting authority and the provisioning service provider with

static passwords or certificate lists to establish trust between the

provisioning services components. These authentication techniques

don’t provide authorization services in any meaningful sense. A large

SPML implementation requires authorization services to determine the

rights of the requesting authority to manage the specific user on the

respective provisioning service target. In our opinion, the multi-tenancy

(call it cloud-based if you like) use case is an example of a large

SPML implementation — one must build the requisite authorization and

authentication services to support the provisioning service. SPML’s

lack of authentication and authorization capabilities highlights the

broader issues we see with the emergence of identity services. An

authorization service requires authentication services in order to

have any utility whatsoever. The authorization and authentication

services may be consolidated (one big authorization and authentication

service) or discrete (two separate services). One example of a discrete

authorization service is a XACML authorization service that leverages

the user’s SiteMinder SMSESSION ticket for authentication… As for

federation and federated provisioning, the lack of provisioning

capabilities remains an operational impediment. Several years ago,

a Liberty Alliance Technical Expert Group began working on a way to

‘harmonize’ SPML and SAML. While the services would remain separate

‘pipes’, the TEG was working on a way to harmonize the user attribute

schema across the two services…

###

Liberty Alliance News and Coverage Week Ending January 9/09

libertyalliancenews — Thu, 05 Feb 2009 13:59:44 +0000

Liberty Alliance
Industry Analyst, Media, Blog and Social Media Highlights
Week Ending January 9, 2009

1.MEDIA – Computing Now, IEEE Computer Society – 12/29
Single Sign-On and Social Networks
http://www2.computer.org/portal/web/computingnow/1208/whatsnew/dsonline

2.MEDIA – XML Daily Newslink – 12/29
Single Sign-On and Social Networks
http://xml.coverpages.org/newsletter/news2008-12-29.html#cite2

3.MEDIA – Distributed Systems Online – 12/29
Single Sign-On and Social Networks
http://dsonline.computer.org/portal/site/dsonline/index.jsp

4.MEDIA – NetEco France – 1/8
CA sécurise et prend le contrôle d’Orchestria
http://www.neteco.com:80/249834-ca-prend-controle-securise-orchestria.html

5.MEDIA/ANALYST FIRM – Gartner – 12/24
Take the Best, Leave the Rest for Identity Federation Governance and Controls
(requires subscription)
http://www.gartner.com/DisplayDocument?id=846624&ref=g_fromdoc

6.MEDIA/ANALYST FIRM – CSO Online – 1/8
SPML, SaaS and identity in a services world
http://blogs.csoonline.com/spml_saas_and_identity_in_a_services_world

7.MEDIA – XML Daily News Link – 1/17
Let’s Talk More about SPML (Service Provisioning Markup Language)
http://groups.google.com/group/bastille/browse_thread/thread/e5651131a492afbf?hl=en&q=%22Liberty+Alliance%22

8.BLOG/ANALYST FIRM – Burton Group Blogs – Mark Diodati – 1/7
New Year’s Resolution: Let’s Talk More about SPML
As for federation and federated provisioning, the lack of provisioning capabilities remains an operational impediment. Several years ago, a Liberty Alliance Technical Expert Group began working on a way to “harmonize” SPML and SAML. …
http://identityblog.burtongroup.com:80/bgidps/2009/01/new-years-resolution-lets-talk-more-about-spml.html

9.BLOG/SOCIAL Media – YouTube – 1/5
Oracle EMEA Web Video Channel
Roger Sullivan – Current economic climate will mean increased focus on compliance
http://www.youtube.com/user/OracleEMEAWebVideo

10.BLOG/GROUP – MCNC – 12/28
Federated Identity Management TF
Consortiums, InCommon, InCommon I2 Confluence Space
InCommon Bedtime Story (How InCommon could benefit students), Liberty Alliance
Liberty Alliance Wiki
https://edspace.mcnc.org:443/confluence/pages/viewpage.action?pageId=7020109

11.BLOG/SOCIA MEDIA – Dan Glass’s Bookmarks – 1/5
Links for 2009-01-04 [del.icio.us]
Liberty Alliance Identity Assurance Framework 1.1
http://delicious.com/djglass/?page=2

12.BLOG/GROUP – Sun Microsystems Training – 12/30
Managing Entity Metadata using ssoadm
Sun Open SSO Enterprise 8.0 Adminstration Guide – November 2008
There are two types of entity provider metadata (formatted in XML files) that can be used as input to ssoadm: Standard metadata properties are defined in the Liberty ID-FF and SAMLv2 specification. http://docs.sun.com/app/docs/doc/820-3885/6nfcuutp8?l=ja&a=view
http://dlc.sun.com/pdf/820-3885/820-3885.pdf

13.BLOG/GROUP – Octo Talks – 1/6
Sun Aquarium de Paris
Open Source de Sun Access Manager. Ce produit couvre les fonctions suivantes : Contrôle d’accès web (authentification, délégation d’autorisation)
Fédération d’identité (SAML2, Liberty Alliance)
http://blog.octo.com/index.php/2009/01/06/220-sun-aquarium-de-paris

14.BLOG – James McGovern – 1/5
Microsoft, Open Source and SPML
If salesforce.com allows an outside party to provision and de-provision identity, doesn’t this raise many of the same issues as the discussion around federated identity? Should the Liberty Alliance have special guidance around SPML?
http://duckdown.blogspot.com/2009/01/microsoft-open-source-and-spml.html

15.BLOG/GROUP – ID Trust/XML.org – 12/30
Single Sign-On and Social Networks
“Large deployers who are cognizant of OpenID, [Microsoft’s] CardSpace, and the general information card arena are asking how all this stuff fits together,” says Roger Sullivan, president of the Liberty Alliance (www.projectliberty.org), a 150-member federated-identity standards body that’s been working on single sign-on since 2001.
http://idtrust.xml.org/news/single-sign-on-and-social-networks

16.BLOG/SOCIAL MEDIA – Reddit – mivsek- 12/30
Single Sign-On and Social Networks
http://www.reddit.com/r/programming/comments/7mhdw/single_signon_and_social_networks/

17.BLOG/GROUP – Oracle Tutorials – 12/08
ArisID API – Identity Governance Framework Attribute Services API…The Identity Governance Framework (IGF) specifications from Liberty Alliance. The ArisID API uses:…
http://www.oracle.com/technology/tech/standards/idm/igf/arisid/arisid-tutorial.pdf

18.BLOG– Java Net Sarfari Books on Searchfull.net – 1/07
Critical Listening Skills for Audio Professionals – (2009年01月07日)发表于java.net – Comment – Recent identity related efforts like the Identity Governance Framework are also part of this architecture, providing the ability to deliver privacy-aware applications.
http://www.searchfull.net/1779353.html

19.BLOG/GROUP – Orange Labs R & D – 12/29
Identity Federation and Privacy: One Step Beyond
…complementary federation models. Liberty federation model. “Blind” federation model …Liberty Alliance and SAML/OASIS (4Q 08)
http://www2.pflab.ecl.ntt.co.jp/dim2008/DIM2008Jacques.pdf

20.BLOG/GROUP – Sun Traning Catalog – 12/29
Developing Secure Java Web Services (DWS-4120-EE5)
Secure web services by using Liberty token profiles
https://www.suntrainingcatalogue.com:443/eduserv/client/loadCourse.do;jsessionid=9059BC061D8D4277A50DABBFDE855CBD.tomcat2?coId=en_IN_DWS-4120-EE5&coCourseCode=DWS-4120-EE5&l=en_IN

21.BLOG – Lancelotes.com – 12/28
A Bulding Block Approach to Standardization
Later on, it was decided to align on the specifications for Liberty Alliance, which define web services permitting 3rd party service providers to access user data owned by the network operator.
http://lancelotes.com/article/bankingcredit/2008-12-29/16206.html

22.BLOG – MIRLN – 12/27
INTERNETBAR.ORG IS PLEASED TO ANNOUNCE THE RECEIPT OF A GRANT FROM THE AMERICAN BAR ASSOCIATION FUND FOR JUSTICE AND EDUCATION…
The Liberty Alliance, a standards organization with a global membership that provides a holistic approach to identity, is collaborating with the legal community to develop a system of legal assurance for identity within the legal empowerment network.
http://mirln.blogspot.com/2008/12/mirln-7-27-december-2008-v1117.html

23.BLOG – James McGovern – 12/24
Liberty Alliance 2.0
SAML 2.0 supports an XACML payload. Anyone care to guess why you can’t find a single product that can’t make effective use of this specification…
http://duckdown.blogspot.com/2008/12/liberty-alliance-20.html

24.BLOG – Liako.Biz, Elias Bizanneson – 12/22
So open it’s closed
Organisationally, we are currently working on a legal entity to protect our online community, and we are doing this whilst also ensuring we are working with others in the industry, such as the discussions we’ve had within the IDTBD proposal with Liberty Alliance , Identity Commons and others.
http://liako.biz/2008/12/so-open-its-closed/

25.BLOG/SOCIAL MEDIA – Liberty Alliance @ Twitter – 1/09
Liberty Communications Weekly Tweets – 1/09
LibertyRus
https://twitter.com/LibertyRus

###

Media Stories

1-3) Single Sign-On and Social Networks

OpenID Gains Momentum
OpenID (http://openid.net) was originally conceived as a convenient way for heavy blog users to traverse their Internet niche without having to sign on separately to each site. It has become the latest cause celebre of the single sign-on movement. Within a few days of each other in late October, both Microsoft (http://winliveid.spaces.live.com/Blog/cns!AEE1BB0D86E23AAC!1745.entry) and Google (http://google-code-updates.blogspot.com/2008/10/google-moves-towards-single-sign-on.html) announced their support of the OpenID 2.0 protocol.

In fact, representatives of Google and Microsoft don’t even agree as to why they’re delaying two-way implementation of the standard.

Transitions and Disconnects
OpenID Foundation chairman Scott Kveton says the delay is indicative of a transitional period between centralized and decentralized architectures and business models.

In fact, Kveton says niche sites might see a huge opportunity with smaller Web site operators from users of the big sites that now offer only one-way access via OpenID.

“The most striking conclusion was that OpenID doesn’t really seem to have much brand recognition,” Tom says.

According to Pownce’s Culver, the lack of recognition is a symptom of the disconnect between the developer and user communities.

Japan Taking the Lead
Although OpenID might appear to be spinning its wheels with the mass audience in the US, Liberty Alliance president Sullivan says the technology is being recognized as a potentially vital partner in other regions. The closing panel at the Alliance’s Asian board of directors’ November meeting was a joint presentation by Liberty, OpenID Japan, and Microsoft—three organizations which have been mutually antagonistic more often than not. The panel attracted 300 people.

Cite this article:
Greg Goth, “Single Sign-on and Social Networks,” IEEE Distributed Systems Online, vol. 9, no. 12, art. no. 0812–oy001.

4) CA sécurise et prend le contrôle d’Orchestria

5) Take the Best, Leave the Rest for Identity Federation Governance and Controls
(requires subscription)
http://www.gartner.com/DisplayDocument?id=846624&ref=g_fromdoc

6) SPML, SaaS and identity in a services world

Topic(s): Identity Management
Ian Glazer’s posting about the idea of federated provisioning over on the Burton Group blog, and in so doing, exposing a whole hornet’s nest of identity topics.

Now, though, the enterprise is truly beginning to explore SaaS, the cloud, and “service-based” offerings.

Welcome to the second wave. (Hat tip to Toffler.)

–Eric Norlin

7) Let’s Talk More about SPML (Service Provisioning Markup Language)
Mark Diodati, Burton Group Blog

Jackson Shaw and James McGovern have been blogging recently about one
of my favorite topics: Service Provisioning Markup Language (SPML).
I’d like to contribute to the discussion… One thing that organizations
using SPML should do is to secure the service from an authentication,
authorization, and encryption perspective. In most instances, because
the number of SPML requestors and providers (this is terminology specific
to SPML) are small, most organizations are opting to manually configure
the requesting authority and the provisioning service provider with
static passwords or certificate lists to establish trust between the
provisioning services components. These authentication techniques
don’t provide authorization services in any meaningful sense. A large
SPML implementation requires authorization services to determine the
rights of the requesting authority to manage the specific user on the
respective provisioning service target. In our opinion, the multi-tenancy
(call it cloud-based if you like) use case is an example of a large
SPML implementation — one must build the requisite authorization and
authentication services to support the provisioning service. SPML’s
lack of authentication and authorization capabilities highlights the
broader issues we see with the emergence of identity services. An
authorization service requires authentication services in order to
have any utility whatsoever. The authorization and authentication
services may be consolidated (one big authorization and authentication
service) or discrete (two separate services). One example of a discrete
authorization service is a XACML authorization service that leverages
the user’s SiteMinder SMSESSION ticket for authentication… As for
federation and federated provisioning, the lack of provisioning
capabilities remains an operational impediment. Several years ago,
a Liberty Alliance Technical Expert Group began working on a way to
‘harmonize’ SPML and SAML. While the services would remain separate
‘pipes’, the TEG was working on a way to harmonize the user attribute
schema across the two services…

###

Read all about the ArisID — OpenLiberty.org publishes ArisID Q and A

libertyalliancenews — Thu, 20 Nov 2008 21:08:04 +0000

What is the ArisID?

ArisID is the first open source software implementing Liberty Identity Governance Framework (IGF) components. Developed by the Aristotle Project within OpenLiberty.org, the ArisID API provides enterprise developers and system architects with a library for building enterprise-grade identity-enabled applications that access and leverage identity data from many different sources using varied identity protocols.

What is the Aristotle Project?

The Aristotle Project, an open source community working within OpenLiberty.org is focused on developing a single open source API for existing identity technologies such as LDAP, as well as for federation protocols such as SAML, Liberty Identity Web Services (ID-WSF), OpenID and WS-Trust. The goal of the Aristotle Project is to create an open source programming interface that can communicate with identity services libraries called “ArisID Providers.” To build these providers, the Aristotle Project community is beginning work with technology vendors and other open source communities to adapt existing technology libraries for use as providers under the ArisID API.

Who is participating in the Aristotle Project? Who can join?

Members of the Aristotle Project currently include representatives from Liberty Alliance, but the group is open to all developers, individuals and organizations interested in furthering the advancement of declarative identity systems. Membership in Liberty Alliance is not a requirement for participation in the Aristotle Project or OpenLiberty.org.

What is the Identity Governance Framework?

The Liberty Identity Governance Framework (IGF) is the industry’s first programmatic and auditable open standards-based initiative designed to help organizations better govern and protect identity-related employee, customer and partner information as it flows across heterogeneous applications and networks. The IGF is about the secure and appropriate exchange of identity-related information between users, applications and service providers, both within an organization and across external systems. The ArisID API implements the IGF CARML (Client Attribute Requirements Markup Language) and Privacy Constraints specifications Liberty Alliance released earlier this year.

Why is the ArisID API needed?

Business applications depend upon identity data in essential ways, yet, developers and architects lack tools to describe and access identity data needed by applications. As a consequence, existing applications must code to specific identity protocols or, even worse, assume that a copy of required identity data is available from the application database. Deploying such inflexible applications is costly, and, copying sensitive identity data increases the risk of loss or misuse.

ArisID de-couples developers from having to make protocol, schema, and architecture decisions that would limit the usability and deployability of their application in an evolving and ever complex enterprise network, where a large number of identity sources and protocols are used. By relying on intelligent ArisID libraries, developers can now ensure maximum flexibility and use of their applications while significantly reducing development time.

What is a declarative identity system?

A declarative identity system is where client applications (or relying parties) declare in advance what identity data an application uses and what transactions it will perform with that data. This serves three important purposes. 1) The declaration can be used as important information in a “Privacy Impact Assessment” ensuring that an application conforms to an enterprise’s corporate policies. 2) The declaration can be used by identity services libraries and infrastructure components to map and interconnect client applications to appropriate authoritative identity sources. 3) These declarations can provide additional metadata to attribute authorities (e.g., Identity Providers) to help decide whether specific transactions meet specific policy and privacy requirements.

What is CARML?

The CARML specification is an XML document that developers use to describe the identity data and transactions used by a service or application. The data types may include identity attributes, predicates (e.g. “Is an Adult”), and roles (e.g. “Manager,” “Business Class Flier”) that an application requires. The data definitions may be based on industry standards, but it can also be specific to an application. At deployment time, these data definitions can be used by infrastructure managers to define how specific attributes, predicates, or roles are mapped to existing or new enterprise identity system schema and sources. The second part of the CARML declaration are the transactions that will be performed using the schema defined by the applications. This allows identity service middleware components to be configured to meet application needs

Why is multi-protocol so important?

There are many different identity systems in existence today. Some are based on SQL Databases, many are based on LDAP Directories. Still newer systems are evolving based on SAML, WS-Trust, Liberty Identity Web Services (ID-WSF), and OpenID. In order to meet the needs of the widest set of applications, it is clear that an API must be able to support access to identity information regardless of how it is stored or what protocol is used to access it. The multi-protocol approach forms the bases of the ArisID API.

What is “enterprise-grade” open source?

Enterprise-grade means taking the secure computing and development practices found in enterprise systems development, and applying it to an open source project. Developers of enterprise applications, whether commercial or open source, expect to be able to depend this open source project as if it were any other commercial enterprise software product. The Project Aristotle community is working to deliver enterprise-grade open source software.

What benefits does the ArisID API declarative approach provide to developers?

The declarative approach greatly simplifies the actual API used by developers to access and manipulate identity information. Because an XML declaration is created in advance, many of the parameters required in popular APIs like JNDI, or even JDBC, are eliminated. The API is able to react more intelligently because it has the full context of what the developer wants to happen in advance.

ArisID Beans are a good example. The ArisID Beans module of the ArisID API takes the CARML declaration and generates java beans. Each ArisID bean represents a specific instance of a subject identity with schema and methods corresponding to the declaration in the CARML declaration. For each bean type generated, a manager class, manages the life-cycle of entity beans. This gives the application its own notion of entity lifecycle management while at the same time, being able to intelligently interact with external enterprise identity services.

What benefits does ArisID deliver to governments and organizations?

The misuse of identity data is a serious risk and source of liability for governments and organizations. IGF allows governments and organizations to audit and document how identity data is being used by services and applications and also the constraints governing its use. ArisID delivers a valid implementation of IGF specifications. This means that governments and organizations can now begin to demand IGF compliance for all applications that consume and use identity information. Enterprises using applications using the ArisID API enjoy the benefit of having an application compliant with the IGF specifications, enabling much greater ease to perform privacy impact assessments, as well as simplified deployment and integration with existing enterprise identity services environments.

What benefits does ArisID deliver to people?

Identity data about citizens, customers and end-users is collected by a wide-variety of businesses and service providers with certain agreements and provisions concerning use. Use of IGF by businesses and service providers would help them demonstrate that identity data is being managed and used in compliance with the agreements and provisions under which the data was acquired. ArisID helps delivers a new class of applications that are IGF compliant

What can developers do with ArisID today?

Developers and architects can begin evaluating and using the fully functional ArisID API as part of their application development projects. In conjunction with today’s OpenLiberty.org news, Oracle is releasing the Oracle OVD Provider, a preview of an ArisID information provider that supports flexible access to a range of identity sources and is one of the first examples demonstrating the benefits of the ArisID API. The preview includes several sample code modules to allow developers to learn about the API features and understand the ArisID API architecture. The provider is available at http://www.oracle.com:80/technology/tech/standards/idm/igf/arisid/index.html

What’s next for ArisID and the Aristotle Project?

Going forward, we are working to expand the ArisID community by recruiting developers to provide feedback and to help further develop the ArisID API. Members of the Aristotle Project are also working with the open source community, the global identity industry and identity vendors to develop additional ArisID information providers in order to ensure a diverse eco-system of ArisID implementations to give enterprises maximum choice and flexibility to deploy identity-services applications.

Where can we get more information?

We’ll keep developers, vendors and the global identity community updated about ArisID developments. All individuals and organizations interested in collaborating on the further development of ArisID information providers and declarative open source identity systems are encouraged to join the Project Aristotle community at OpenLiberty.org. More information is available at the ArisID wiki at

http://www.openliberty.org/wiki/index.php/ProjectAris

###

New IGF Open Source Software, ArisID – enterprise-grade, multi-protocol, open source

libertyalliancenews — Thu, 20 Nov 2008 20:51:09 +0000

Some significant news from OpenLiberty.org — the release of the multi-protocol ArisID, the first Identity Governance Framework (IGF) open source software. From the release…

“The ArisID API implements the CARML (Client Attribute Requirements Markup Language) and Privacy Constraints IGF specifications Liberty Alliance released earlier this year. ArisID demonstrates how CARML and Privacy Constraints policies may be used by developers to create declarative identity applications. The open source ArisID declarative approach defines what identity-enabled transactions can be performed to ensure applications only use identity information required to complete a transaction. This allows developers to build secure identity-enabled enterprise applications that are easily auditable and protect the personally identifiable information (PII), such as a social security number or credit information, of people engaging in enterprise identity-enabled transactions.”

OpenLiberty.org will hold a public webcast to review the developer and business benefits of ArisID at 8:00am US PT (5:00PM CET) on Thursday, December 11. More information about the webcast is available here: http://tinyurl.com/62g8gr

Visit openliberty.org for more information on ArisID – www.openliberty.org

Visit the ArisID wiki here:

http://www.openliberty.org/wiki/index.php/ProjectAris

Liberty Alliance Announces Latest Companies Passing SAML 2.0 Interoperability Testing

libertyalliancenews — Wed, 24 Sep 2008 19:22:53 +0000

Liberty Interoperable Event Features Full-Matrix and eGovernment Profile Testing as Global Demand for Interoperable Identity Solutions Continues to Grow

New York, NY – September 24, 2008 – Liberty Alliance, the global identity community working to build a more trustworthy Internet for businesses, governments and people worldwide, today announced that products from CA; NTT Software; Ping Identity; RSA, The Security Division of EMC; and Ubisecure have passed Liberty Alliance SAML 2.0 interoperability testing. These vendors participated in the second Liberty Interoperable™ event to offer full-matrix and eGovernment profile testing managed by the Drummond Group Inc. Liberty Alliance and the Drummond Group will host a public webcast outlining the benefits full-matrix testing is delivering to the global identity industry at 8:00AM US PT (5:00 pm CET) on Tuesday, October 14, 2008.

“The Liberty Interoperable full-matrix SAML 2.0 testing program represents a new era in demonstrating how secure and privacy-respecting enterprise and user-driven identity-enabled applications can interoperate across devices, networks and regions,” said Brett McDowell, executive director, Liberty Alliance. “Identity products passing Liberty Interoperable SAML 2.0 full-matrix testing provide organizations with tremendous value because they have proven to interoperate with each other across a wide variety of real-world deployment scenarios.”

Liberty Alliance launched the Liberty Interoperable program in 2003 and since then nearly 85 identity products and solutions from vendors around the world have passed Liberty Alliance testing. During 4Q 2007, the program was expanded to include testing for the E-Authentication SAML 2.0 profile to support the US General Services Administration (GSA) mandate that vendors pass Liberty Alliance SAML 2.0 testing as a prerequisite for participating in the US E-Authentication Identity Federation. The 2008 event offered the most extensive testing scope to date and featured an updated eGovernment profile, new Service Provider (SP) and Identity Provider (IdP) requirements and a new multiple SP logout scenario.

In partnership with the Drummond Group Inc., Liberty Alliance enhanced the Interoperable program by incorporating Web-based full-matrix testing to meet growing global demand for interoperable, secure and privacy-respecting identity-enabled SAML 2.0 applications and services. The Web-based full-matrix testing allows vendors to participate from anywhere in the world with participants from the 2008 event located in Asia, Europe and North America. The Web-based approach also allows for more rigorous processes for ensuring products meet interoperability requirements for SAML 2.0 and the SAML 2.0 eGovernment profile.

During the testing period held from August 22 – August 29, 2008, the following products and services demonstrated interoperability based on a variety of SAML 2.0 conformance modes. A detailed list outlining what each vendor passed is available at iop.projectliberty.org.

CA – CA SiteMinder Federation Security Services r12.1 extends the Web single sign-on experience provided by CA SiteMinder Web Access Manager to applications and portals provided internally by other organizational business units or externally on the Internet by partners or application outsourcers. It enables a CA SiteMinder WAM-protected site to act as an identity provider, a service provider, or both and provides broad support of federation standards such as SAML and WS-Federation and leverages the scalability, reliability, and manageability capabilities of CA SiteMinder WAM.

NTT Software – TrustBind Federation Manager (1.1) delivers a complete, high-performance, carrier-grade SAML 2.0 solution in the form of a Java component module. With support for multiple operating systems and middleware platforms, TrustBind allows for fast and inexpensive deployments.

Ping Identity – PingFederate provides an organization’s users safe access to Internet applications without the need for repeat logins. Identity federation deployments that used to take six months or more now take days with PingFederate’s easy-to-use software. Over a dozen integration kits let PingFederate link to existing identity and application infrastructure. PingFederate 5.2 includes automated provisioning and advanced user access methods to support comprehensive SSO for Salesforce and GoogleApps™.

RSA, The Security Division of EMC – RSA^® Federated Identity Manager v4.1 is engineered to enable enterprises to securely and confidentially share trusted user identities between disparate internal business units, customers, and/or partners. It is designed to help simplify administration and accelerate deployment timelines. RSA Federated Identity Manager v4.1 supports OASIS SAML 1.1 and SAML 2.0, OASIS Web Services Federation v1.0 (WSFED) and interoperability with Microsoft^® Active Directory^® Federation Services v1.0 (ADFS). The solution includes interoperability with numerous authentication authorities including Oracle^® BEA Weblogic^®, IBM^® WebSphere^®, Microsoft^® Integrated Windows^® Authentication (IWA) and Microsoft .NET™ technology. Partner configuration management is aided by a configuration dashboard and automated metadata exchange. ..

Ubisecure – Ubilogin SSO 5.0 is an efficient-to-deploy Single Sign-On, Access Control and Federation solution providing extensive Authentication and Authorization for Intranet, Extranet, Web Services and mobile applications. It provides efficiency and cost savings in identity management and integration with the innovative Identity Broker Engine (IBE) technology. Authentication is based on more than 20 mechanisms such as Mobile-PKI authentication, various Scandinavian bank-authentication services, One-Time Passwords over SMS and printed; and many more. Integration solutions are available out-of-the-box for a variety of platforms and applications, such as SAML SPs for Oracle WebLogic, Microsoft ASP.NET and Microsoft Sharepoint. Standards-based integration based on SAML, Liberty ID-WSF and WS-Federation. Ubilogin SSO is in use in various service provider, network operator, e-government and enterprise environments. Ubilogin SSO reduces application development costs, reduces operation costs and improves usability.

About the October 14 Full-Matrix Webcast

Hosted by Liberty Alliance and Drummond Group, Inc., the public webcast will highlight the benefits full-matrix interoperability testing is delivering to organizations and people. Participants will understand how to leverage products that have passed Liberty Interoperable full-matrix testing to more easily deploy successful SAML 2.0-based digital identity management solutions. More information and registration for the one-hour event is available at http://tinyurl.com/5yz9oo

About the Liberty Interoperable™ Program

Businesses, governments and organizations around the world are deploying SAML 2.0-based identity-enabled applications to protect identity data, deliver secure business services, help meet regulatory requirements and provide people with better protection against online fraud and identity theft. The ongoing success of the Liberty Interoperable program is demonstrated by the widescale deployment of Liberty-enabled products and the increasing number of businesses and governments now requiring vendors to pass Liberty Alliance testing. A list of all vendor products that have passed Liberty Alliance testing is available at http://projectliberty.org/liberty/liberty_interoperable/implementations

IBM and WebSphere are trademarks or registered trademarks of International Business Machines Corporation. Microsoft and .NET are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. RSA is either a registered trademark or trademark of RSA Security, Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners.

Aetna, Citi, Deutsche Telekom AG and UNINETT Digital Identity Case Studies Released

libertyalliancenews — Thu, 11 Sep 2008 16:43:21 +0000

Liberty Alliance released digital identity management case studies for Aetna, Citi, Deutsche Telekom AG and UNINETT this week. As winners of the 2008 Liberty Alliance IDDY (Identity Deployment of the Year) Award, the case studies outline the value open identity specifications and standardized business and policy frameworks from Liberty Alliance are delivering to organizations, communities and people around the globe.

All of the case studies are available on the Liberty Alliance website at http://projectliberty.org/liberty/news_events/iddy_awards. Congratulations to all of the winners of this year’s award!

Aetna, Citi, Deutsche Telekom AG and UNINETT Win 2008 Liberty Alliance IDDY Awards

libertyalliancenews — Thu, 17 Jul 2008 17:56:13 +0000

Today, Liberty Alliance announced that Aetna, Citi, Deutsche Telekom AG and UNINETT have won the 2008 Liberty Alliance IDDY (Identity Deployment of the Year Award). With three nomination categories, more submissions than any other year, and winning applications in the healthcare, financial services, telecom and open source sectors, the 2008 program mirrors the evolving identity landscape, recognizing established and up-and-coming enterprise solutions as well as the applications developed to serve communities and users.

Now in its third year, the IDDY recognizes identity-enabled applications built using open identity specifications and policy frameworks from Liberty Alliance. The entire press release detailing winning applications follows. Congratulations to this year’s winners!

Aetna, Citi, Deutsche Telekom AG and UNINETT Win 2008 Liberty Alliance IDDY Awards

Identity-Enabled Applications in the Healthcare, Financial Services, Telecom and Open Source Sectors Receive Identity Deployment of the Year Awards

Liberty Alliance – July 17, 2008 — Liberty Alliance, the global identity community working to build a more trust-worthy internet for consumers, governments and businesses worldwide, today announced Aetna, Citi, Deutsche Telekom AG and UNINETT have won the 2008 IDDY (Identity Deployment of the Year) Award. This year the judging panel awarded IDDYs in three categories covering Liberty-based deployments, Liberty-based emerging applications and multi-protocol identity-enabled solutions incorporating open identity specifications from Liberty Alliance. Winners will receive the IDDY Award on-stage at CSO Magazine’s Digital ID World 2008 conference in Anaheim CA on September 9. A photo of the Liberty Alliance IDDY Award is available at http://www.projectliberty.org/liberty/news_events/iddy_awards

“Now in its third year, the Liberty Alliance IDDY Awards recognize some of the best-of-the best enterprise and user-driven identity-enabled applications in the global marketplace today,” said Brett McDowell, executive director, Liberty Alliance. “Aetna, Citi, Deutsche Telekom AG and UNINETT are to be congratulated for demonstrating winning applications that enable organizations to deliver a variety of secure and more privacy-respecting identity-enabled services to communities, organizations and people worldwide.”

IDDY Award nominations are evaluated based on criteria that include the benefits applications deliver to users and organizations; the ROI the application demonstrates; and how the solution may successfully address identity issues such as reducing identity theft, meeting regulatory requirements or providing users with increased security and privacy protection. The program highlights identity-enabled applications that leverage any of the secure, privacy-respecting and proven interoperable Liberty SAML 2.0 Federation, Liberty Web Services (ID-WSF), Liberty People Service and Liberty Advanced Client specifications.

Representatives from winning organizations will participate in the “Case Studies and Stories from IDDY Award Winners” panel discussion to be held from 12:20 – 1:10 on Tuesday, September 9 at CSO Magazine’s Digital ID World 2008. All DIDW participants are welcome to attend the presentation with more information available at http://public.cxo.com/conferences/agenda.html?conferenceID=24

2008 Liberty Alliance IDDY Award Winners

Aetna – Aetna has received an IDDY Deployment Award for an externally hosted online provider portal used for linking healthcare providers with health plans. Working with NaviMedix, the portal includes a variety of tools including transactions and content hosted by Aetna with interfaces to third-party Internet Application Service Providers and Content Service Providers. The deployment was launched in the US in December 2007 and is currently utilized by healthcare providers in all 50 states.

Highlights – The application delivers seamless and secure single sign-on (SSO) capability into Aetna-hosted applications and identity-enabled transactions. This enables the use of applications without redevelopment, giving a common portal presentation to providers adding enablement of web service transactions within the federated context. Since deploying the application, Aetna has been able to increase its offering of tools and features that help providers conduct simplified administrative transactions, reduce paper-based communications, and access clinical decision support tools. The solution allows for the quick roll-out of new applications and services throughout the provider network.

Technologies – The application leverages SAML 2.0 for browser-based SSO, DSML for downstream identity provisioning, and Web Services Security for authorization and signature of entitlements. Requests and responses using X.509 certificates are scheduled for implementation during 3Q of this year.

Citi – Citi’s Global Transaction Services has received an IDDY Deployment Award for providing managed identity services that help institutional clients utilize digital credentials and signature technologies in a comprehensive and legally binding manner. Citi is both a Credential Service Provider and a Relying Party as defined in the Liberty Identity Assurance Framework (IAF). As a trusted financial services provider to the world’s top corporations and governments in more than 100 countries, Citi is addressing identity challenges in establishing trust in B2B and B2G identity-enabled transactions by coupling rigorous internal processes with proven identity management technologies.

Highlights – The goal of managed identity services is to create value for Citi clients including: greater visibility into the actions of authorized end users and their role as defined by internal processes; control and governance over the access and activities of end users; and assurance of identity, non-repudiation and document integrity to mitigate risk associated with sensitive business processes when transacting with business partners.

Technologies – The identity-enabled services Citi provides are dependent on technologies spanning the web (HTTP/HTTPS), web services (SAML, WS-Security, SOAP), PKI (Certificate Authorities, X.509, PKCS#7), strong authentication technologies (HSM, KSM) records management and entitlement management (XACML), identity platforms (RDBMS, LDAP), document formats (PDF, XML) and development platforms (.NET, Java).

Deutsche Telekom AG - Deutsche Telekom AG has received a Multi-Protocol IDDY Award for its identity application designed to lower implementation barriers when it comes to the delivery of Online/IP-based services to consumers. Initially launched in 2002 and winner of the 2006 IDDY Award, the application has been steadily enhanced to offer multi-protocol capabilities for service provider interfaces as well as for authentication methods and automatic user identification. The application serves the requirements of the mass market for Online/IP-based consumer applications by providing fundamental functionalities such as Single Login, Automatic identification, Single Sign On and Single Logout.

Highlights – With Deutsche Telekom AG serving as an identity provider, the application is a key business enabler for offering Online/IP-based services to Deutsche Telekom AG customers. The application ensures easy implementation of consumer services and shortens the time-to-market for new service offerings. It allows quick and cost-efficient link-up with partners using the identity standard protocol that fits best and reduces the complexity of the IT-architecture. The application provides consumers with a unique and consistent user-interface that is easy-to-use, transparent and secure.

Technologies – With the goal of tying a wide variety of Online/IP-based consumer services together by means of a common identity management user experience and to provide scenario-focused login methods, the application currently supports SOAP/XML, Secure Token Service, ID-FF 1.2, SAML 2.0, HTTP Basic and HTTP Digest, as well as different authentication methods. The underlying architectural guidelines make it possible to integrate further IDM protocols with the latest enhancements moving to provide preliminary support for OpenID 1.1, OpenID 2.0 and Microsoft CardSpace.

UNINETT – has received an Emerging Application IDDY Award for SimpleSAMLphp, an open source lightweight implementation of several federation protocols written in PHP. Free to download and available in 15 languages, simpleSAMLphp is a platform for quick implementation of emerging standards or identity-enabled proof-of concept (POC) applications. The software implements Web SSO, and can be applied in any deployment where users need to be authenticated to a World Wide Web Service.

· Highlights – The simpleSAMLphp core is widely used in production deployments, providing a platform for use where the path from POC to production does not need to be long. With simple installation, configuration and maintenance, users save time, resources and money. The flexible solution integrates with existing systems and makes it easy to incorporate new emerging standards. Features such as the User Consent module give users more control and knowledge about the exchange of personal data when conducting online identity-enabled transactions.

· Technologies – SimpleSAMLphp supports identity protocols such as SAML 2.0, Shibboleth 1.3 and WS-Federation. Experimental functionality is ongoing with several other protocols including OpenID, A-Select and PAPI.

About the Liberty Alliance IDDY Award

The Liberty Alliance IDDY Award recognizes digital identity deployments and the up-and-coming identity-enabled applications that incorporate identity specifications and policy frameworks from Liberty Alliance. Previous IDDY Award winners are eBIZ.mobility, EduTech, Deutsche Telekom AG, The New Zealand Government, NTT Labs, Rearden Commerce and the UK Government Authentication Gateway. Judges for the 2008 award include Bob Bragdon, Publisher, CSO Magazine; Michael Barrett, CISO, PayPal, Inc.; Michelle Dennedy, CPO, Sun Microsystems; John Fontana, Senior Editor, Network World; Gerry Gebel, VP & Service Director, Identity and Privacy Strategies, Burton Group; Paul Madsen, Liberty Alliance Technology Expert Group and Identity Standards Researcher, NTT; Roger Sullivan, president of Liberty Alliance and vice president Oracle Identity Management; and Robin Wilton, Liberty Alliance Public Policy Expert Group and Corporate Architect, Sun Microsystems. More information about the IDDY including links to case studies detailing previous winning applications is available at http://projectliberty.org/liberty/news_events/iddy_awards

###