Liberty Alliance guidelines aim to knock down legal and privacy hurdles standing in the way of federated identity Federated identity, a scheme that allows customers to log in once and access a swath of related services from multiple providers, has pretty much overcome its technology hurdles. The real obstacle is agreement on legal and privacy rules that govern how providers should share user data in order to complete multiparty transactions. That’s why the Liberty Alliance Project, an industry consortium working on standards for federated identity systems, released a set of federated identity guidelines last Tuesday.Companies must concur on what types of information will be shared — and adopt a standardized set of security and privacy measures — to achieve what the Liberty Alliance calls a “circle of trust” among the organizations involved. “The biggest barriers are how organizations actually work together to federate,” said Russ DeVeau, director of communications at Liberty Alliance.The 15-page document was created through Liberty Alliance’s Public Policy Expert Group (PPEG), which includes members from the Business Industry Political Action Committee, the U.S. General Services Administration, plus Oracle and Sun Microsystems. The guidelines, said Michael Aisenberg, chair of Liberty’s PPEG and director of government relations at VeriSign, are the closest thing to a global statement of industry best practices for federated identity. He finds it encouraging that the guidelines are self-imposed rather than mandated by law.“The problem with many technologies in the past has been the intrusion of government saying, ‘Here’s a solution; everyone has got to deploy it,’ ” Aisenberg said. “That freezes technology in place. That stagnates the incentives for innovation. That makes a telephone system rely on copper for 100 years.” SecurityIdentity Management Solutions