|
|
The Liberty Alliance is an industry consortium comprised of more than 70 companies, whose goal is to make it easier for businesses and consumers to conduct commerce while providing protection mechanisms for privacy and identity information. The Liberty Alliance has established a specification for an open standard of federated network identity that integrates with a variety of products and services.
A federated identity model will allow business and consumers alike to conduct business dynamically, without having to form relationships in advance. A federated identity in a consumer scenario may be used to provide a unified view of a consumer's information across providers. Consumers can unify their personal information, such as name, address, phone numbers, credit records, payment information, and other sensitive personal data. A federated identity provides important capabilities, such as allowing credentials from different originating organizations to be linked. This will provide single sign-on as well as allow business partners to interact with each other in a secure, trusted manner, without adding overhead by duplicating credentials across organizational boundaries.
Extending the federated identity approach over a network will allow consumers and business to manage diverse sets of identity information. An account federation allows for the association and binding of a consumer's multiple credentials within an affiliated group among commercial organizations that have some legal agreement. The account federation allows a user to sign on with one member of an affiliate group and subsequently use other access points within the group without having to reauthenticate.
The main objectives of Project Liberty are:
To allow consumers to secure their network identity and enable privacy for it
To enable businesses to manage their customer relationships without third-party participation or intervention
To provide an open standard for single sign-on that uses a decentralized authentication and authorization model with the ability to incorporate multiple security providers
To allow federated identity infrastructure components to work across all current and emerging network access devices
To allow for the creation of new revenue opportunities that leverage existing relationships with consumers and partners cost-effectively
To provide a framework in which businesses can give consumers the choice, convenience, and control of their information when using any device connected to the Internet
Internet users today have multiple login IDs, passwords, and other aspects that make up an identity. This information is spread throughout the Internet, buried in multiple sites. The thought of having a cohesive network identity is not realizable today. The Liberty Alliance allows the goal of a network identity to be realized, enabling two essential elements: circles of trust and local identities.
Circles of trust (Figure 15.12) are defined between business affiliates that use Liberty-enabled technology and that have established mutual operational agreements defining trust relationships between each party. Local identities allow each business to have its own set of credentials but provide a way to federate these credentials across organizations. A circle of trust is a federation of identity and service providers who have formed technical and legal relationships that allow users to transact business securely and seamlessly.
 |
A circle of trust exists when the user and service providers rely on identity providers as trusted sources for authenticated user information.
|
Let's look at a scenario in which Flute Bank would use the Liberty Alliance. The Bank wants to ensure that all its consumers can access services created by Flute Bank and those provided by third parties. Flute Bank respects the privacy of its consumers and wants to delegate to them responsibility for protecting their information. The bank has a relationship with a travel company that allows bank customers to purchase airline tickets to international destinations economically. The airline ticket site has a relationship with an online bookseller that allows customers of the airline site to purchase travel-related books economically. The airline ticket site also has a relationship with a restaurant reservation service that can automatically arrange for reservations at top-tier restaurants at the selected destinations.
Flute Bank will use the circle of trust not only to avoid the need for customers to establish new identities or reauthenticate themselves to each provider but also to tie together payment information that will furnish the Flute Bank credit card number securely to each vendor. This example realizes the goal of the Liberty Alliance, in that identity becomes united but stays decentralized, so that information (credit card number) is available only at the time of engagement, in conjunction with a business transaction.
A federated network identity provides many strategic advantages to an organization, including, but not limited to:
Reducing costs related to identity and access management infrastructure
Enabling self-help (self-service) for customers, employees, and business partners in a private, secure and trusted manner
Creating an opportunity to collaborate with business partners without fear of losing your customers, because the need to reveal customer identities is eliminated
Improving understanding of customer needs across business partners, by mining information and sharing preferences without revealing customer identities or intruding on their privacy
Enabling consumers to access advertised services anonymously, without having to undergo a barrage of solicitations for services.
Enabling deployment of business-critical functions more quickly, because they no longer have to incorporate the overhead of identity management
Network identity is the first step in creating a viable trust model on the Internet, whereby personal information is secure and the information-sharing policy is clear and authorized by consumers. Network identity also has the ability to reduce online transaction fraud and the costs of integration and support for providers. We believe that network identity is inevitable and that no organization should simply be in standby mode, postponing decisions about it.
Network identity will also help organizations stay within legal compliance for many governmental actions, such as the Healthcare Information Portability Act (HIPA). It is imperative for architects to embrace network identity as part of the technology infrastructure and for business architects to incorporate it into all business processes. It is in your organization's best interest to respect consumers' privacy, earn their trust, and make services easy to use (eliminating multiple credentials).
The Liberty Alliance specification will incorporate and ratify many of the specifications discussed in this chapter.
|
|
