Liberty Alliance Gives Network Guidelines

The Liberty Alliance has taken another step toward its mission of a single sign-on for e-commerce, releasing guidelines for how companies should craft network access for customers and business partners.

A standard approach is crucial to advance Web services, say members of the Liberty Alliance Project. The organization has already released the technical requirements needed to create a federated identity architecture, which will grant surfers a single sign-on and password-access process at all participating sites.

The group released the Liberty Alliance Business Guidelines document at the Burton Catalyst Conference in San Francisco this week. It outlines how companies should ensure mutual confidence, risk management, liability assessment, and compliance when considering wide-scale deployment of federated network identity.

Building Alliances

The guidelines come on the heels of the group's federated network identity technical requirements, released last year, and the second set of recommendations, which is currently out for public review.

The nonprofit group represents more than 170 companies and organizations working to develop and deploy open, federated network identity standards. Members include companies such as Sun Microsystems, SAP, and American Express.

The group's open standards for federated identity compete against Microsoft's Passport service in the user authentication and identity management arena. However, Microsoft and the Liberty Alliance have discussed how they might make their two approaches compatible.

Future Web?

The alliance believes that the open standards approach will drive the future growth of Web services.

Web services are set to be a $21 billion industry by 2007, according to representatives of the project, citing figures from IDC.

The group believes that extending access to customers, partners and suppliers is the next phase of Web services, and advises companies to put processes in place that guard against losses due to identity fraud and leakage of information.

What's more, companies should determine what parties will bear which losses in a network environment and agree upon policies and procedures for compliance with government standards and privacy policies, according to the Project.

More information on the group's recommendations and technical requirements can be found on its Web site. The group is expected to release additional guidelines later this year.