Liberty Alliance identity work due by September

With new U.S. federal guidelines looming, the Liberty Alliance says that it is months away from explaining the role it will play in developing stronger online authentication specifications. The identity standards consortium now says that the first public documents from its recently formed Strong Authentication Expert Group are expected by the end of September.

Liberty is presently developing a "scope of work" document that will define, exactly what the organization expects to do in this area, said Roger Sullivan, a vice president of business development with Oracle Corp. and a Liberty Alliance board member. "We hope to be able to talk about something more specifically in the summer time frame," he said referring to the months between June and September.

Liberty's Strong Authentication group was formed in late 2005. Following the "scope of work" statement, the group hopes to release a draft specification by year's end, a Liberty spokesman said.

Strong authentication is going to become a more important issue for U.S. financial institutions, as new federal guidelines go into effect at the end of this year. The guidelines, developed by the Federal Financial Institutions Examination Council (FFIEC) call for banks to use a stronger form of authentication than the username and password logins typically used for online banking today. The guidelines do not spell out what exactly what this technique must be, leaving banks some leeway to develop their own approaches to stronger authentication.

Though it is unclear what mechanism will be used to enforce the FFIEC guidelines, the financial companies are concerned that if the they do not assuage consumer concerns over identity theft, they could be followed by government regulation.

"I would describe them as a wake-up call to the industry," Sullivan said of the guidelines. "There's a great sense of urgency around this, both in our members and in the industry at large."

On Wednesday, the Liberty Alliance announced that 15 new companies had joined the consortium, additions that were, in part, fuelled by the work being done on strong authentication, Sullivan said.

The new members include digital identity vendor Livo Technologies SA, Finland's National Board of Taxes, and ChoicePoint Inc., the Atlanta company that was tricked by scammers into revealing sensitive information about 163,000 U.S. residents.

Sullivan declined to comment on ChoicePoint's reasons for joining the alliance. Calls to ChoicePoint representatives were not returned Wednesday.

Given its background in the field of federated identity, the Liberty Alliance could do some interesting work in simplifying the task of managing stronger authentication credentials, said Gerry Gebel, a senior analyst with the Burton Group research firm.

But Liberty needs to act fast in order for its specifications to be relevant, Gebel said. "The deadline for the FFIEC is ... in December. So that doesn't give them a lot of time for their customers to react."