Open specifications for interoperable strong authentication got a strong boost recently from the Liberty Alliance Project, which has created the Strong Authentication Expert Group to develop specifications and standards and encourage worldwide deployment. The group is to define clear market requirements for appropriately deploying strong authentication in a federated network.
Consortium forms global expert group to help organizations meet new industry demands for universal strong authentication
NEW YORK – The Liberty Alliance Project, a global consortium for open federated identity and Web services standards, has announced the formation of a global, cross-organizational expert group focused on developing open specifications for interoperable strong authentication. Liberty’s new Strong Authentication Expert Group has been created to speed the worldwide deployment of interoperable strong authentication and to help organizations meet new industry-wide demands for universal strong authentication solutions.
The Strong Authentication Expert Group (SAEG) leverages the work Liberty Alliance has been doing for the past year in defining clear market requirements for appropriately deploying strong authentication in a federated network. The group will expand this work beyond federation to build ID-SAFE (Identity Strong Authentication Framework), an open framework to allow strong authentication solutions such as, hardware and software tokens, smart cards, SMS-based systems and biometrics to interoperate across organizations, networks and vertical market segments.
“With increasing industry demand for better protection against online fraud and identity theft, there can be no question that the time for universal strong authentication has come,” said Timo Skytta, vice president of the Liberty Alliance. “By forming the Strong Authentication Expert Group, Liberty is committing to rapidly deliver well defined and highly deployable solutions to help organizations meet new and pressing requirements for stronger authentication.”
On October 12, 2005, the US Federal Financial Institutions Examination Council (FFIEC) issued new guidance for banks on online authentication, which acknowledges that passwords alone are insufficient as the only means of security to protect a consumer bank account. This new guidance calls on banks to implement better ways to authenticate the identity of customers using online products and services. While governments and organizations around the world have moved to implement similar requirements, financial institutions based in the US are expected to achieve compliance with the new FFIEC guidance by the end of 2006.
Liberty’s ID-SAFE will help all organizations more easily meet the challenges in implementing solutions consisting of more than usernames and passwords to strengthen online authentication. “Gartner predicts that by 2007, 80 percent of organizations will reach the ‘password breaking point’ and will need to strengthen user authentication with alternative security methods,” said Ant Allan, research vice president at Gartner. “Businesses need to put roadmaps in place now that will allow them to phase out passwords and replace them with stronger authentication methods.”*
Strong authentication requires at least two forms of identity authentication for accessing a network or online application. Liberty’s ID-SAFE will offer standards-based online identity protection to allow organizations to deploy interoperable strong authentication faster, more cost- effectively and on a wider scale.
Widely deployed strong authentication based on ID-SAFE will provide organizations with opportunities to focus more on developing new business lines and e-commerce offerings while being able to rely on universal strong authentication that is easy to deploy and manage. Consumers will benefit from ID-SAFE with increased protection against identity theft and fraud, a seamless user experience across networks and advanced privacy protection based on individual consent and control.
“The lack of strong authentication in the online space is demonstrably one of the most significant causes of identity theft,” said Michael Barrett, co- chair of the Liberty Alliance Identity Theft Prevention Group, and VP Security/Utility Strategy at American Express. “The recent FFIEC guidance on strong authentication will likely change how organizations manage online identity threats, but initiatives for addressing these issues need to be coordinated via agreed industry standards – and that’s where the Liberty Alliance has a strong track record of fast delivery.”
Liberty is modeling the ID-SAFE technical development process on the successes Liberty has had in rapidly driving open identity specifications for federated identity management (Liberty Federation Framework, ID-FF) and Web services (Liberty Web Services Framework, ID-WSF) resulting in extensive deployments and implementations worldwide. Working in a collaborative, non- proprietary and multi-vendor environment, the group expects to release the first version of ID-SAFE specifications in 2006. Liberty Alliance regularly incorporates relevant work from other open standards bodies into its specifications and welcomes these organizations to participate in the development of ID-SAFE.
About Liberty’s Strong Authentication Expert Group
Some of the members currently participating in the Strong Authentication Expert Group include American Express, Axalto, BMC Software, Diversinet Corp., Falkin Systems LLC, Financial Services Technology Consortium, HP, Intel, Kantega AS, NEC, NTT, Oracle, RSA Security, US Department of Defense / Defense Data Manpower Center, Vodafone, VeriSign, Inc. and Wave Systems. Membership in the Strong Authentication Expert Group is open to all Liberty sponsor and board members interested in helping to drive interoperable strong authentication.
About the Liberty Alliance Project
The Liberty Alliance Project (www.projectliberty.org) is a global alliance of companies, non-profit and government organizations developing open standards and business, policy and privacy guidelines for federated network identity. Federated identity offers businesses, governments, employees and consumers a more convenient and secure way to control identity information and is a key component in driving the use of e-commerce, personalized data services and identity-based Web services. Liberty specifications are deployed worldwide by organizations that include American Express, AOL, BIPAC, General Motors, France Telecom, Nokia, NTT and Sun Microsystems. Membership is open to all commercial and non-commercial organizations. A full list of Liberty Alliance members, as well as information about how to become a member, is available at www.projectliberty.org.