The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services. By 2009, the

Kantara Initiative Kantara Initiative, Inc. is a non-profit trade association that works to develop standards for identity and personal data management. It focuses on improving trustworthy use of identity and personal data in the area of digital identity managemen ...

took over the work of the Liberty Alliance.

History

The group was originally conceived and named by Jeff Veis, at

Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...

based in

Menlo Park, California Menlo Park is a city at the eastern edge of San Mateo County within the San Francisco Bay Area of California in the United States. It is bordered by San Francisco Bay on the north and east; East Palo Alto, Palo Alto, and Stanford to the south; ...

. The initiative's goal, which was personally promoted by

Scott McNealy Scott McNealy (born November 13, 1954) is an American businessman. He is most famous for co-founding the computer technology company Sun Microsystems in 1982 along with Vinod Khosla, Bill Joy, and Andy Bechtolsheim. In 2004, while still at Sun, ...

of Sun, was to unify technology, commercial and government organizations to create a standard for federated, identity-based Internet applications as an alternative to technology appearing in the marketplace controlled by a single entity such as

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...

Passport A passport is an official travel document issued by a government that contains a person's identity. A person with a passport can travel to and from foreign countries more easily and access consular assistance. A passport certifies the personal ...

. Another Microsoft initiative,

HailStorm Hail is a form of solid precipitation. It is distinct from ice pellets (American English "sleet"), though the two are often confused. It consists of balls or irregular lumps of ice, each of which is called a hailstone. Ice pellets generally fal ...

, was renamed My Services but quietly shelved by April 2002. Sun positioned the group as independent, and Eric C. Dean of

United Airlines United Airlines, Inc. (commonly referred to as United), is a major American airline headquartered at the Willis Tower in Chicago, Illinois.

became its president.

Identity federation

In July 2002, the alliance announced Liberty Identity Federation (ID-FF) 1.0. At that time, several member companies announced upcoming availability of Liberty-enabled products. Liberty Federation allowed consumers and users of Internet-based services and e-commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Web sites. This federated approach did not require the user to re-authenticate and can support privacy controls established by the user. The Liberty Alliance subsequently released two more versions of the Identity Federation Framework, and then in November 2003, Liberty contributed its final version of the specification, ID-FF 1.2, to

OASIS In ecology, an oasis (; ) is a fertile area of a desert or semi-desert environment'ksar''with its surrounding feeding source, the palm grove, within a relational and circulatory nomadic system.” The location of oases has been of critical imp ...

. This contribution formed the basis for

SAML 2.0 Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens conta ...

. By 2007, industry analyst firm

Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...

claimed that SAML had gained wide acceptance in the community.

Identity web services

Liberty Alliance releasing the Liberty Identity Web Services Framework (

ID-WSF In computer networking, Identity Web Services Framework is a protocol stack that profiles WS-Security, WS-Addressing, SAML and adds new protocol specifications of its own, such as the Discovery Service, for open market per user service discovery ...

) in April 2004 for deploying and managing identity-based web services. Applications included geo-location, contact book, calendar, mobile messaging and People Service, for managing social applications such as bookmarks, blogs, calendars, photo sharing and instant messaging in a secure and privacy-respecting federated social network. In a 2008 marketing report recommended considering it for federation.

Certification

The alliance introduced a certification program in 2003, designed to test commercial and open source products against published standards to assure base levels of interoperability between products. In 2007, the US

General Services Administration The General Services Administration (GSA) is an independent agency of the United States government established in 1949 to help manage and support the basic functioning of federal agencies. GSA supplies products and communications for U.S. gover ...

began requiring this certification for participating in the US E-Authentication Identity Federation.

Openliberty.org

In January 2007, the alliance announced a project for

open-source software Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Op ...

developers building identity-based applications. OpenLiberty.org was a portal where developers can collaborate and access tools and information to develop applications based on alliance standards. In November 2008, OpenLiberty released an open source

application programming interface An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how t ...

called ArisID.

Identity governance framework

In February 2007

Oracle Corporation Oracle Corporation is an American multinational computer technology corporation headquartered in Austin, Texas. In 2020, Oracle was the third-largest software company in the world by revenue and market capitalization. The company sells da ...

contributed the Identity Governance Framework to the alliance, which released the first version publicly in July 2007. The Identity Governance Framework defined how identity related information is used, stored, and propagated using protocols such as

LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...

, Security Assertion Markup Language,

WS-Trust WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker t ...

, and ID-WSF.

Identity assurance framework

The Liberty Alliance began work on its identity assurance framework in 2008. The Identity Assurance Framework (IAF) detailed four identity assurance levels designed to link trusted identity-enabled enterprise, social networking and Web applications together based on business rules and security risks associated with each level. The four levels of assurance were outlined by a 2006 document from the US

National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...

. The level of assurance provided is measured by the strength and rigor of the identity proofing process, the credential's strength, and the management processes the service provider applies to it. These four assurance levels were adopted by UK, Canada, and USA government services.

Concordia project

In 2007 the Liberty Alliance helped to found the Project Concordia, an independent initiative for harmonization identity specifications. It was active through 2008.

Privacy and policy

The alliance wrote papers on business and policy aspects of identity management. It hosted meetings in 2007 and 2008 to promote itself.

Membership

Management board members included

AOL AOL (stylized as Aol., formerly a company known as AOL Inc. and originally known as America Online) is an American web portal and online service provider based in New York City. It is a brand marketed by the current incarnation of Yahoo (2017� ...

British Telecom BT Group plc (trade name, trading as BT and formerly British Telecom) is a British Multinational corporation, multinational telecommunications holding company headquartered in London, England. It has operations in around 180 countries and is th ...

Computer Associates CA Technologies, formerly known as CA, Inc. and Computer Associates International, Inc., is an American multinational corporation headquartered in New York City. It is primarily known for its business-to-business (B2B) software with a product po ...

(CA),

Fidelity Investments Fidelity Investments, commonly referred to as Fidelity, earlier as Fidelity Management & Research or FMR, is an American multinational financial services corporation based in Boston, Massachusetts. The company was established in 1946 and is on ...

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

Internet Society The Internet Society (ISOC) is an American nonprofit advocacy organization founded in 1992 with local chapters around the world. Its mission is "to promote the open development, evolution, and use of the Internet for the benefit of all people ...

(ISOC),

Novell Novell, Inc. was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi-platform network operating system known as Novell NetWare. Under the lead ...

Nippon Telegraph and Telephone , commonly known as NTT, is a Japanese telecommunications company headquartered in Tokyo, Japan. Ranked 55th in Fortune Global 500, ''Fortune'' Global 500, NTT is the fourth largest telecommunications company in the world in terms of revenue, as w ...

(NTT), Oracle Corporation and Sun Microsystems.

References

External links

Liberty Alliance web site

OpenLiberty Project

Liberty ID-FF 1.2 Archive

As described above

in November 2003. For the record, here is a complete list of contributed ID-FF 1.2 documents: Only the archived PDF files are individually addressable on the Liberty Alliance web site. (The original contributed documents are lost.) To obtain copies of the remaining archived files, download both th
Liberty ID-FF 1.2 archive
and th
Liberty 1.1 support archive
{{authority control Standards organizations in the United States Identity management initiative Organizations established in 2001 Organizations disestablished in 2009