Liberty Alliance issues Phase 2 of ID spec

The Liberty Alliance on Wednesday is rolling out Phase 2 of its federated identity specifications, which enables identity functions for Web services.

The organization also is mapping out the planned Phase 3 of its specifications.

Available for download Wednesday, the Phase 2 specifications round out the existing Liberty Federation Framework and provide the foundation for the "Liberty Identity Web Services Framework," the alliance said.

"Phase 1 was about federated identity for single sign-on. Phase 2 at a high level is about permissions-based attribute sharing," said Paul Madsen, security analyst at Entrust and a specification editor within the Liberty Alliance technology expert group.

The Web services framework from Liberty Alliance provides a way of delivering identity-based Web services that can make Web services more secure and private, according to the alliance. Liberty specifications are built on standards such as SOAP, SAML (Security Assertion Markup Language), XML and WS-Security.

Sun Microsystems plans support for Phase 2, specifically to identity-enable Web services, in its Java System Identity Server product next year, said Sai Allavarpu, group business manager for network identity at Sun.

Liberty's specifications provide a chain of identity for Web services as well as privacy enablement, Allavarpu explained. "Today, Web services don't have a way to identify all these players in a Web services delivery chain," he said.

"Liberty 2 provides a standard way to identity-enable these Web services by identifying all the players in a secure, trusted manner," said Allavarpu.

Liberty Alliance on Wednesday also is introducing a Services Expert Group to develop interoperable service specifications that utilize the Liberty Identity Web Services Framework and address the needs of specific industries, applications, and business models. To be part of the planned Phase 3 of the Liberty specifications, members participate in development of these specifications, to be called Identity Service Interface Specifications (ID-SIS).

The first two Service Interface Specifications being released Wednesday include an ID-Personal Profile that defines a standard template for basic registration information, so organizations can speak to each other in a common language and offer interoperable services. The other specification, ID-Employee Profile, defines similar information targeted to internal employees.

Also to be part of Phase 3 are the following Service Interface Specifications: Contact Book Service Interface, for managing and sharing business contacts; Geo-location Service Interface, for automatically identifying a person's location to provide services such as weather or news; and Presence Service Interface, a common way to share presence information such as whether a user is online.

Liberty specifications are intended to enable implementers to choose the best-fitting privacy policies and data-management options. To assist with implementation, the alliance on Wednesday is releasing its "Privacy and Security Best Practices" guide.

Five companies, including Sun, on Wednesday are announcing plans to support Phase 2 Liberty specifications. The other companies are Vodafone, Phaos, Ping Identity, and Trustgenix.