The Liberty Alliance Project has started developing technical specifications for how companies can protect sensitive personal data within their IT systems and securely share that data with other organizations.
Liberty, a consortium that develops identity management standards, completed a market requirements phase where it asked businesses, for example, how they use customer data when a person consents to give up the data, such as a credit-card number.
Those market requirements will be used to develop technical specifications for the Identity Governance Framework (IGF), a set of standard protocols that can be widely used in applications that handle identity information, said Amit Jasuja, vice president of product development for identity management at Oracle, one of Liberty's members. Those technical specifications should be finalized next year.
As those specifications are developed, vendors like Hewlett-Packard and Oracle will begin building applications based on the market requirements and preliminary IGF information, Jasuja said. After six to nine months, a Liberty technical group will work with those vendors to refine that development and close the gaps, he said.
Eventually, IGF will also be compatible with other identity management specifications, such as OpenID and WS*, and systems like Project Bandit, Project Higgins, and Microsoft's CardSpace.
Liberty is also encouraging identity application development projects through openliberty.org , its open-source development site that uses an Apache licensing model, said Brett McDowell, executive director of Liberty.
IGF will eventually be able to incorporate policies and regulations, such as the European Data Protection Initiative and Sarbanes-Oxley in the U.S., into applications that handle identity information, McDowell said.
"Users have been waiting to know there are some real teeth behind the polices that they agreed to with their data," McDowell said.
Identity management has become a hot issue among enterprises in light of data breaches and the increased sharing of sensitive information.