Fidelity: Federated Identity Management Security based on Liberty Alliance on European Ambit
On the Federated Digital Identity ambit, the Fidelity project will put in practice a system defined by Liberty Alliance specifications into a pan-European context, focusing on solving the problems that can be found in an international environment, and that can be subject to regulation(s) addressing the user data confidentiality. Currently, user identification and authentication are the key enablers for Internet business but until now the user’s personal information and authentication remain inside the organization’s boundaries. To solve this problem, the Liberty Alliance Project (LAP) has defined a Federated Identity Management environment that allow independent service/attribute providers, to hold user attributes relevant to the service they provide, to the end-user meeting always the personal data protection legal requirements. LAP proposes the creation of Circles of Trust (CoT), which associate identity and service providers, through the adequate service agreements, allowing them to share user information. The Fidelity Project implements an interoperability proof of concept in a pan-European context of the Liberty Alliance protocols and framework by setting up 4 CoT in four different EU countries. Each CoT is led by a telecom operator and has access to all the users’ attributes. This environment will allow testing the federation of identities and the sharing of the users’ attributes by different services with different authentication levels.
This approach is opposite to the one proposed by other service providers that try to concentrate all the user information in a single server, which is not quite appropriate in Europe, where there will be thousands of potential service and identity providers, that should share user attributes, with explicit consent in some cases.
The members of the Fidelity Project have strong liaisons with Liberty Alliance Project members, to allow the incorporation of the Fidelity results into new versions of the LAP protocols and framework implementation guidelines.
The project will also define codes of practice for the security policies and service level agreements amongst the partners, as well as the testing methodology of the Liberty Alliance protocols implementations.
KeywordsSmart Card Service Level Agreement Access Control Policy User Identification Telecom Operator
Unable to display preview. Download preview PDF.
- Circles of Trust: the implications of EU Data Protection and Privacy Law for establishing a legal framework for Identity Federation. February 23, 2005. editor Stephen DeadmanGoogle Scholar
- Privacy and Security Best Practices http://www.projectliberty.org/specs/final_privacy _security_best_practices.pdf Nov 2003. Christine Vemey (Liberty alliance)
- Liberty Technical Glossary http://www.projectliberty.org/specsfliberty-glossary-vl.4.pdf
- Liberty ID-FF Bindings and Profiles Specification http://www.projectliberty.org/specs/draft-liberty-idff-bindings-profiles-1.2-errata-v2.O.pdf
- Liberty ID-FF Architecture Overview http://s://www.projectliberty.org/specs/draft-liberty-idff-arch-overview-1.2-errata-vl.0.pdf
- Liberty ID-WSF Security and Privacy Overview http://s:llwww.projectliberty.org/specs/liberty-idwsf-security-privacy-overview-vl.0.pdf
- Liberty Technology Tutorial http://www.projectliberty.org/resources /LibertyTechnologyTutorial.pdf