Embed Size (px)
DESCRIPTION
What is the Liberty Alliance ?. • A business alliance, formed in Sept 2001, with the goal of establishing an open standard for federated identity management • Global membership consists of consumer- facing companies and technology vendors as well as policy and government organizations. - PowerPoint PPT Presentation
Citation preview
What is the Liberty Alliance ?
• A business alliance, formed in Sept 2001, with the goal of establishing an open standard for federated identity management
• Global membership consists of consumer- facing companies and technology vendors as well as policy and government organizations
tutorial_draft.pdf
Goals :
– Provide open standard and business guidelines
for federated identity management spanning all
network devices
– Provide open and secure standard for SSO with
decentralized authentication and open
authorization
– Allow consumers/ businesses to maintain personal
information more securely, and on their terms
tutorial_draft.pdf
Open Interaction and Participation
tutorial_draft.pdf
ID-FF Concepts
Simplified Sign-On (aka Single Sign-On)Allows a user to sign-on once at a Liberty enabled site and to be seamlessly signed-on when navigating to another Liberty-enabled site without the need to authenticate again.
Single Logout provides synchronized session logout functionality across all sessions that were authenticated by a particular identity provider.
tutorial_draft.pdf
Key Concepts
Network Identity is the fusion of network security and authentication, user provisioning and customer management, single sign-on technologies and Web-services delivery.
Federated identity architecture delivers the benefit of simplified sign-on to users by granting rapid access to resources to which they have permission but does not require the user’s personal information to be stored centrally.
tutorial_draft.pdf
Federated Identity Lifecycle
tutorial_draft.pdf
Single Sign-on and Federation
tutorial_draft.pdf
IdP-initiated Single Logout
tutorial_draft.pdf
ID-WSF Concepts
Discovery Service enables various entities (e. g. Service Providers) to dynamically discover a Principle’s registered identity services.
Interaction Service protocols provide an identity service the means to obtain permission from a users.
Attribute Provider hosts a data service – such as ID-Personal Profile.
tutorial_draft.pdf
The Complete Liberty Architecture
Interaction
tutorial_draft.pdf
Business Guidelines
Federated Identity cannot be successful based on technology alone. Also required are: IT staff to manage and implement a set of specifications that
cross several domains of expertise A clean directory Pre-existing agreements with others in a circle of trust
Detail major issues for federated identity interchange and trust relationships Examine risk and liability in identity interchange Identify success criteria for global and cross- company
federation
tutorial_draft.pdf
Business Guidelines
IBM/France Telecom Deployment
Create a single-sign-on network for France Telecom's 50 million cellular phone users
Subscribers can sign-on via mobile telephone or personal computer
Makes single-sign-on systems even more important, since logging into a network with a phone is much slower than using a PC's keyboard.
Applications that France Telecom hopes that it or its partners will supply include instant messaging, location-based services, games, online banking and e-mail
AOL/D-Link Deployment
AOL Broadband subscribers use D-Link's wireless media player to play music from the Radio@AOL service on home stereos.
The media player uses the Liberty protocols to access Radio@AOL on behalf of a user No need to login to AOL to use media player
AOL demonstrated the same service running over a Nokia handset at the 3GSM Conference this February
Japan’s EduMart Deployment
Part of the e-Japan Policy Priority Program Spearheaded by the Strategic Headquarters for
the Promotion of an Advanced Information and Telecommunications Network Society
Brings rich educational content to students at more than 40,000 schools
Established an open interface Built an educational content distribution network that
will lead to a system in which both public institutions and private businesses can connect to interfaces and freely participate.
County Land Document Recording Exchange
Deployment across Government and Industry Streamlines the land recordation process (thousands of counties and innumerable lenders/title companies each with separate systems and identities)
Establishes a strong foundation for an industry “Circle of Trust”
Product Support
NTT Software (available) (2004) PeopleSoft (available) Phaos Technology (available) Ping Identity (available) PostX (available) RSA (Q4) Salesforce. com (TBD) Sigaba (available) Sun Microsystems (available) Trustgenix (available) Ubisecure (available) Verisign (Q4*) Vodafone (2004) WaveSet (available) *Delivery dates being confirmed
AOL (announced) Communicator (available) Computer Associates (Q4*) DataKey (available) DigiGan (Q3*) Ericsson (Q4) Entrust (Q1 2004) France Telecom (Q4 2003) Fujitsu Invia (available) Gemplus (TBD) HP (available) July Systems (available) Netegrity (2004) NeuStar (available) Nokia (2004) Novell (available)
For More Information
W W W. PROJECTLIBERTY. ORG•www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
•www-106.ibm.com/developerworks/library/ws-fed/
•Contact me:
Rebekah Metz
