Today, Liberty Alliance announced that Aetna, Citi, Deutsche Telekom AG and UNINETT have won the 2008 Liberty Alliance IDDY (Identity Deployment of the Year Award). With three nomination categories, more submissions than any other year, and winning applications in the healthcare, financial services, telecom and open source sectors, the 2008 program mirrors the evolving identity landscape, recognizing established and up-and-coming enterprise solutions as well as the applications developed to serve communities and users.
Now in its third year, the IDDY recognizes identity-enabled applications built using open identity specifications and policy frameworks from Liberty Alliance. The entire press release detailing winning applications follows. Congratulations to this year's winners!
Aetna, Citi, Deutsche Telekom AG and UNINETT Win 2008 Liberty Alliance IDDY Awards
Identity-Enabled Applications in the Healthcare, Financial Services, Telecom and Open Source Sectors Receive Identity Deployment of the Year Awards
Liberty Alliance – July 17, 2008 -- Liberty Alliance, the global identity community working to build a more trust-worthy internet for consumers, governments and businesses worldwide, today announced Aetna, Citi, Deutsche Telekom AG and UNINETT have won the 2008 IDDY (Identity Deployment of the Year) Award. This year the judging panel awarded IDDYs in three categories covering Liberty-based deployments, Liberty-based emerging applications and multi-protocol identity-enabled solutions incorporating open identity specifications from Liberty Alliance. Winners will receive the IDDY Award on-stage at CSO Magazine’s Digital ID World 2008 conference in Anaheim CA on September 9. A photo of the Liberty Alliance IDDY Award is available at http://www.projectliberty.org/liberty/news_events/iddy_awards
“Now in its third year, the Liberty Alliance IDDY Awards recognize some of the best-of-the best enterprise and user-driven identity-enabled applications in the global marketplace today,” said Brett McDowell, executive director, Liberty Alliance. “Aetna, Citi, Deutsche Telekom AG and UNINETT are to be congratulated for demonstrating winning applications that enable organizations to deliver a variety of secure and more privacy-respecting identity-enabled services to communities, organizations and people worldwide.”
IDDY Award nominations are evaluated based on criteria that include the benefits applications deliver to users and organizations; the ROI the application demonstrates; and how the solution may successfully address identity issues such as reducing identity theft, meeting regulatory requirements or providing users with increased security and privacy protection. The program highlights identity-enabled applications that leverage any of the secure, privacy-respecting and proven interoperable Liberty SAML 2.0 Federation, Liberty Web Services (ID-WSF), Liberty People Service and Liberty Advanced Client specifications.
Representatives from winning organizations will participate in the "Case Studies and Stories from IDDY Award Winners" panel discussion to be held from 12:20 – 1:10 on Tuesday, September 9 at CSO Magazine’s Digital ID World 2008. All DIDW participants are welcome to attend the presentation with more information available at http://public.cxo.com/conferences/agenda.html?conferenceID=24
2008 Liberty Alliance IDDY Award Winners
Aetna – Aetna has received an IDDY Deployment Award for an externally hosted online provider portal used for linking healthcare providers with health plans. Working with NaviMedix, the portal includes a variety of tools including transactions and content hosted by Aetna with interfaces to third-party Internet Application Service Providers and Content Service Providers. The deployment was launched in the US in December 2007 and is currently utilized by healthcare providers in all 50 states.
Highlights – The application delivers seamless and secure single sign-on (SSO) capability into Aetna-hosted applications and identity-enabled transactions. This enables the use of applications without redevelopment, giving a common portal presentation to providers adding enablement of web service transactions within the federated context. Since deploying the application, Aetna has been able to increase its offering of tools and features that help providers conduct simplified administrative transactions, reduce paper-based communications, and access clinical decision support tools. The solution allows for the quick roll-out of new applications and services throughout the provider network.
Technologies – The application leverages SAML 2.0 for browser-based SSO, DSML for downstream identity provisioning, and Web Services Security for authorization and signature of entitlements. Requests and responses using X.509 certificates are scheduled for implementation during 3Q of this year.
Citi – Citi’s Global Transaction Services has received an IDDY Deployment Award for providing managed identity services that help institutional clients utilize digital credentials and signature technologies in a comprehensive and legally binding manner. Citi is both a Credential Service Provider and a Relying Party as defined in the Liberty Identity Assurance Framework (IAF). As a trusted financial services provider to the world’s top corporations and governments in more than 100 countries, Citi is addressing identity challenges in establishing trust in B2B and B2G identity-enabled transactions by coupling rigorous internal processes with proven identity management technologies.
Highlights – The goal of managed identity services is to create value for Citi clients including: greater visibility into the actions of authorized end users and their role as defined by internal processes; control and governance over the access and activities of end users; and assurance of identity, non-repudiation and document integrity to mitigate risk associated with sensitive business processes when transacting with business partners.
Technologies – The identity-enabled services Citi provides are dependent on technologies spanning the web (HTTP/HTTPS), web services (SAML, WS-Security, SOAP), PKI (Certificate Authorities, X.509, PKCS#7), strong authentication technologies (HSM, KSM) records management and entitlement management (XACML), identity platforms (RDBMS, LDAP), document formats (PDF, XML) and development platforms (.NET, Java).
Deutsche Telekom AG - Deutsche Telekom AG has received a Multi-Protocol IDDY Award for its identity application designed to lower implementation barriers when it comes to the delivery of Online/IP-based services to consumers. Initially launched in 2002 and winner of the 2006 IDDY Award, the application has been steadily enhanced to offer multi-protocol capabilities for service provider interfaces as well as for authentication methods and automatic user identification. The application serves the requirements of the mass market for Online/IP-based consumer applications by providing fundamental functionalities such as Single Login, Automatic identification, Single Sign On and Single Logout.
Highlights – With Deutsche Telekom AG serving as an identity provider, the application is a key business enabler for offering Online/IP-based services to Deutsche Telekom AG customers. The application ensures easy implementation of consumer services and shortens the time-to-market for new service offerings. It allows quick and cost-efficient link-up with partners using the identity standard protocol that fits best and reduces the complexity of the IT-architecture. The application provides consumers with a unique and consistent user-interface that is easy-to-use, transparent and secure.
Technologies – With the goal of tying a wide variety of Online/IP-based consumer services together by means of a common identity management user experience and to provide scenario-focused login methods, the application currently supports SOAP/XML, Secure Token Service, ID-FF 1.2, SAML 2.0, HTTP Basic and HTTP Digest, as well as different authentication methods. The underlying architectural guidelines make it possible to integrate further IDM protocols with the latest enhancements moving to provide preliminary support for OpenID 1.1, OpenID 2.0 and Microsoft CardSpace.
UNINETT – has received an Emerging Application IDDY Award for SimpleSAMLphp, an open source lightweight implementation of several federation protocols written in PHP. Free to download and available in 15 languages, simpleSAMLphp is a platform for quick implementation of emerging standards or identity-enabled proof-of concept (POC) applications. The software implements Web SSO, and can be applied in any deployment where users need to be authenticated to a World Wide Web Service.
Highlights – The simpleSAMLphp core is widely used in production deployments, providing a platform for use where the path from POC to production does not need to be long. With simple installation, configuration and maintenance, users save time, resources and money. The flexible solution integrates with existing systems and makes it easy to incorporate new emerging standards. Features such as the User Consent module give users more control and knowledge about the exchange of personal data when conducting online identity-enabled transactions.
Technologies – SimpleSAMLphp supports identity protocols such as SAML 2.0, Shibboleth 1.3 and WS-Federation. Experimental functionality is ongoing with several other protocols including OpenID, A-Select and PAPI.
About the Liberty Alliance IDDY Award
The Liberty Alliance IDDY Award recognizes digital identity deployments and the up-and-coming identity-enabled applications that incorporate identity specifications and policy frameworks from Liberty Alliance. Previous IDDY Award winners are eBIZ.mobility, EduTech, Deutsche Telekom AG, The New Zealand Government, NTT Labs, Rearden Commerce and the UK Government Authentication Gateway. Judges for the 2008 award include Bob Bragdon, Publisher, CSO Magazine; Michael Barrett, CISO, PayPal, Inc.; Michelle Dennedy, CPO, Sun Microsystems; John Fontana, Senior Editor, Network World; Gerry Gebel, VP & Service Director, Identity and Privacy Strategies, Burton Group; Paul Madsen, Liberty Alliance Technology Expert Group and Identity Standards Researcher, NTT; Roger Sullivan, president of Liberty Alliance and vice president Oracle Identity Management; and Robin Wilton, Liberty Alliance Public Policy Expert Group and Corporate Architect, Sun Microsystems. More information about the IDDY including links to case studies detailing previous winning applications is available at http://projectliberty.org/liberty/news_events/iddy_awards
###
Thursday, July 17, 2008
Tuesday, July 1, 2008
Liberty Alliance Marks Policy and Privacy Milestone for Identity-Enabled Enterprise and Web 2.0 Applications
Liberty Alliance Marks Policy and Privacy Milestone for Identity-Enabled Enterprise and Web 2.0 Applications
Release of IAF and IGF Drives Standardized Identity Assurances and Policy-Based Data and Privacy Protection across Identity-Enabled Applications and Networks
Liberty Alliance, the global identity community working to build a more trust-worthy internet for consumers, governments and businesses worldwide, today announced an industry milestone in driving trust and privacy into enterprise and identity-enabled applications based on the release of the Liberty Identity Assurance Framework (IAF) and the Liberty Identity Governance Framework (IGF). Today’s news is the result of the collaborative development of standardized frameworks and technologies designed to meet cross-industry requirements for policy-based security and privacy systems, with a focus on streamlining the establishment and management of identity and trust across user-driven applications and networks.
The IAF has been developed within the Liberty Identity Assurance Expert Group and public special interest group under the leadership of Frank Villavicencio, director, Citi Global Transaction Services and Alex Popowycz, vice president, Fidelity Investments. The IAF defines a global standard framework and necessary support programs for validating trusted identity assurance service providers in a way that scales, empowers business processes and fosters the deployment of identity federation networks, by standardizing four identity assurance levels and the related certification process for credential service providers. The protocol independent IAF makes it easier and more cost effective for organizations to link identity federations together based on a uniform definition of the security and privacy risks associated with each level of identity assurance. More information about the IAF is available by viewing today’s corresponding Liberty Alliance Releases Identity Assurance Framework press release.
The IGF has been developed within the global Liberty Alliance Technology Expert Group (TEG) and with open source implementation ongoing at OpenLiberty.org. IGF is the industry’s first declarative policy framework for managing identity flows within organizations motivated by regulatory requirements such as the European Data Protection Initiative, Gramm-Leach-Bliley Act, PCI Security Standard and Sarbanes-Oxley. IGF helps enterprises reduce risk associated with managing identity data by creating a standard for defining enterprise-level policies and controls for consumer consent for sharing sensitive personal information, including personally identifiable information. Such policies ensure that identity-enabled enterprise applications can be deployed and managed securely across enterprise networks. More information about the IGF is available by viewing today’s corresponding Liberty Alliance Announces First Release of Identity Governance Framework Components press release.
“With today’s announcements, Liberty Alliance is delivering on its promise to provide developers, system integrators and organizations in every sector with standardized business and policy frameworks to help build and deploy more trusted identity-enabled enterprise and user-driven applications,” said Roger Sullivan, president of the Liberty Alliance Management Board and vice president, Oracle Identity Management. “The Liberty Identity Assurance Framework and the Liberty Identity Governance Framework help organizations enable a variety of new business services by making it easier to address the business and policy pain points involved in managing identity relationships and user privacy across multiple identity systems.”
The release of the IAF and IGF provide organizations with a portfolio of solutions for driving policy into identity systems in order to better manage the many identity relationships spanning organizations and applications. The protocol independent IAF lays the foundation for establishing standardized identity assurances and the requirements an enterprise or group of enterprises should meet in order to obtain IAF certification. The IGF allows for the creation and updating of policy for protecting identity information and provides enterprises with tools for policy enforcement, decision explanation and auditing. The frameworks speed the advancement of interoperable and secure policy-based identity solutions across vertical markets and regions to better protect consumers against identity theft and fraud and to help organizations meet a variety of global regulatory requirements. The first versions of the IAF andIGF released today are available.
“Identity assurance makes user authentication meaningful. Without it, there is too much risk that the authentication has been compromised,” said Mark Diodati, senior analyst, Identity and Privacy Strategies, Burton Group. “Standards-based identity assurance definitions and attestation functions are particularly important for scalable federation environments, because organizations need a way to ensure that their partners’ identity assurance processes are commensurate with the security needs of the application.”
About Liberty Alliance
Liberty Alliance is the only global identity community with a membership base that includes technology vendors, consumer service providers and educational and government organizations working together to build a more trust-worthy internet by addressing the technology, policy and privacy aspects of digital identity management. Liberty Alliance is also the only identity organization with a history of testing vendor products for true interoperability of identity specifications. Nearly 80 products and identity solutions from vendors around the world have now passed Liberty Interoperable™ testing. Liberty Alliance works with identity organizations worldwide to ensure all voices are included in the global identity discussion and regularly holds and participates in public events designed to advance the harmonization and interoperability of CardSpace, Liberty SAML 2.0 Federation, Liberty Web Services, OpenID and WS-* specifications. More information about Liberty Alliance as well as information about how to join many of its public groups and mail lists is available at www.projectliberty.org.
Release of IAF and IGF Drives Standardized Identity Assurances and Policy-Based Data and Privacy Protection across Identity-Enabled Applications and Networks
Liberty Alliance, the global identity community working to build a more trust-worthy internet for consumers, governments and businesses worldwide, today announced an industry milestone in driving trust and privacy into enterprise and identity-enabled applications based on the release of the Liberty Identity Assurance Framework (IAF) and the Liberty Identity Governance Framework (IGF). Today’s news is the result of the collaborative development of standardized frameworks and technologies designed to meet cross-industry requirements for policy-based security and privacy systems, with a focus on streamlining the establishment and management of identity and trust across user-driven applications and networks.
The IAF has been developed within the Liberty Identity Assurance Expert Group and public special interest group under the leadership of Frank Villavicencio, director, Citi Global Transaction Services and Alex Popowycz, vice president, Fidelity Investments. The IAF defines a global standard framework and necessary support programs for validating trusted identity assurance service providers in a way that scales, empowers business processes and fosters the deployment of identity federation networks, by standardizing four identity assurance levels and the related certification process for credential service providers. The protocol independent IAF makes it easier and more cost effective for organizations to link identity federations together based on a uniform definition of the security and privacy risks associated with each level of identity assurance. More information about the IAF is available by viewing today’s corresponding Liberty Alliance Releases Identity Assurance Framework press release.
The IGF has been developed within the global Liberty Alliance Technology Expert Group (TEG) and with open source implementation ongoing at OpenLiberty.org. IGF is the industry’s first declarative policy framework for managing identity flows within organizations motivated by regulatory requirements such as the European Data Protection Initiative, Gramm-Leach-Bliley Act, PCI Security Standard and Sarbanes-Oxley. IGF helps enterprises reduce risk associated with managing identity data by creating a standard for defining enterprise-level policies and controls for consumer consent for sharing sensitive personal information, including personally identifiable information. Such policies ensure that identity-enabled enterprise applications can be deployed and managed securely across enterprise networks. More information about the IGF is available by viewing today’s corresponding Liberty Alliance Announces First Release of Identity Governance Framework Components press release.
“With today’s announcements, Liberty Alliance is delivering on its promise to provide developers, system integrators and organizations in every sector with standardized business and policy frameworks to help build and deploy more trusted identity-enabled enterprise and user-driven applications,” said Roger Sullivan, president of the Liberty Alliance Management Board and vice president, Oracle Identity Management. “The Liberty Identity Assurance Framework and the Liberty Identity Governance Framework help organizations enable a variety of new business services by making it easier to address the business and policy pain points involved in managing identity relationships and user privacy across multiple identity systems.”
The release of the IAF and IGF provide organizations with a portfolio of solutions for driving policy into identity systems in order to better manage the many identity relationships spanning organizations and applications. The protocol independent IAF lays the foundation for establishing standardized identity assurances and the requirements an enterprise or group of enterprises should meet in order to obtain IAF certification. The IGF allows for the creation and updating of policy for protecting identity information and provides enterprises with tools for policy enforcement, decision explanation and auditing. The frameworks speed the advancement of interoperable and secure policy-based identity solutions across vertical markets and regions to better protect consumers against identity theft and fraud and to help organizations meet a variety of global regulatory requirements. The first versions of the IAF andIGF released today are available.
“Identity assurance makes user authentication meaningful. Without it, there is too much risk that the authentication has been compromised,” said Mark Diodati, senior analyst, Identity and Privacy Strategies, Burton Group. “Standards-based identity assurance definitions and attestation functions are particularly important for scalable federation environments, because organizations need a way to ensure that their partners’ identity assurance processes are commensurate with the security needs of the application.”
About Liberty Alliance
Liberty Alliance is the only global identity community with a membership base that includes technology vendors, consumer service providers and educational and government organizations working together to build a more trust-worthy internet by addressing the technology, policy and privacy aspects of digital identity management. Liberty Alliance is also the only identity organization with a history of testing vendor products for true interoperability of identity specifications. Nearly 80 products and identity solutions from vendors around the world have now passed Liberty Interoperable™ testing. Liberty Alliance works with identity organizations worldwide to ensure all voices are included in the global identity discussion and regularly holds and participates in public events designed to advance the harmonization and interoperability of CardSpace, Liberty SAML 2.0 Federation, Liberty Web Services, OpenID and WS-* specifications. More information about Liberty Alliance as well as information about how to join many of its public groups and mail lists is available at www.projectliberty.org.
Subscribe to:
Posts (Atom)