Monday, June 23, 2008

Liberty Announces First Release of IGF and IAF Specifications

Great news! Liberty Alliance announced the release the first drafts of the Identity Governance Framework and the Identity Assurance Framework.

The current IGF draft has 3 major components:
  • Privacy Constraints - This document describes a small set of atomic privacy constraints based on WS-Policy that can be used in other IGF specifications. Privacy constraints are atomic constraints on the use, display, retention, storage and propagation of identity data. When combined with policy frameworks such WS-Policy, such assertions can be used to describe composite constraints on identity data.
  • Client Attributes Requirements Markup Language - This document describes an XML declaration format describing identity-related data usage by an application.
  • CARML Profile for Privacy Constraints - This document profiles the use of privacy constraints within CARML.
The complete specifications page for IGF can be found here. I should also point out this is just the first release of an ongoing series of specifications around identity governance. Next steps will likely include profiling of IGF in connection with various communication protocols and Attribute Authority Policy Markup Language which is currently proposed as a profile of XACML.

The Identity Assurance Framework is a new specification that defines 4 levels of assurance that can be used between federated providers to define the level of assurance or trust-worthiness of information.
The four identity assurance levels outlined in the Liberty Identity Assurance Framework are based on a comprehensive set of process and policy criteria organizations must meet to participate in IAF-based federations. The IAF details authentication requirements to allow federation operators and federating organizations to address cross-industry business, policy and privacy requirements related to applications and services built using any federation protocol and falling into each identity assurance level. The first version of the Liberty Alliance Identity Assurance Framework released today is available for download.
For those of you wondering at this point, do these specifications represent new protocols? The answer is no. These specifications are really information-level policy declarations describing how and when to use identity-related information and its level of assurance. These declarations are intended to be used with any protocol system used to exchange information whether it be LDAP, ID-WSF, or WS-*. The diagram below should help show the relationship between IAF, IGF, and the various Identity protocols.

Many thanks to my fellow colleagues at Liberty Alliance who worked so hard to provide their input and contributions to these specifications. Without such excellent attention, this work would not have been possible!

No comments:

Post a Comment