by CIO Staff

Liberty Alliance Publishes New Specs for Securing E-Commerce

News
Mar 21, 20072 mins
BPM Systems

The Liberty Alliance released a new set of specifications aimed at protecting identity information transmitted by mobile devices during Web-based transactions.

The Advanced Client specifications are platform independent and could be used in devices such as cameras, laptops and TVs, the Liberty Alliance said Wednesday. The alliance is a consortium that defines protocols used for federated identity and Web services.

Liberty sees the specifications as a crucial step in protecting the privacy and security of Internet transactions, such as single sign-on authentication and client-based Web services, all of which underpin e-commerce transactions. The organization has also developed a legal framework for how businesses can approach sharing user identity information.

The Advanced Client specifications draw on ID-WSF 2.0, a Web services framework for identity-based transactions, and allow for identity information to be safely stored and managed whether a device is online or offline, Liberty said.

The advantage is that users will be able to act as their own ID provider, or a “trusted module,” if they can’t connect to the ID provider for some reason, said Roger Sullivan, president of the Liberty Alliance Management Board and a vice president in the identity management section at Oracle. The user would also be able to access other Web services that trust the identity information.

“You want to be able to continue working if you are no longer connected to the identity provider,” Sullivan said. “The whole foundation of this is to provide that kind of trust and security for these credentials.”

BT Group, Intel and Hewlett-Packard—all members of Liberty—recently showed a proof-of-concept application using the Advanced Client specifications, said Conor Cahill, an identity architect with Intel’s corporate technology group. It involved provisioning identity credentials over a wireless network to a laptop using the Extensible Authentication Protocol Method for GSM Subscriber Identity protocol, he said.

Other vendors may bring forward products that use the Advanced Client specifications for Liberty’s next round of interoperability testing, scheduled for May or June, Sullivan said.

The Advanced Client specifications are available for download.

Liberty will update the specifications later this year, expanding the ID provisioning functions and adding new reporting capabilities, Sullivan said. The changes will improve how devices are managed and create a framework for compliance and regulatory requirements, it said.

-Jeremy Kirk, IDG News Service (London Bureau)