Group publishes guidelines The Liberty Alliance, in a document published this week, is emphasizing that business issues, not just technology, affect federated network identity.Released at the Catalyst conference in San Francisco, Liberty Alliance in its Business Guidelines document cites four business requirements to consider in the context of identity federation:* Mutual confidence – the process and tasks developed by business partners to set minimum quality requirements and manage the risk of exposure. * Risk management – the best practices and procedures to guard against losses due to identity fraud and exposure of identity information. Loss of business integrity due to insecure processes or data also is covered in this requirement.* Liability assessment – the process for determining in a networked environment what parties bear which losses.* Compliance – the agreed-upon standards, policies and procedures for governing compliance, including privacy requirements. Laws such as the Sarbanes Oxley regulations pertaining to public companies and audit trails also factor into the equation with network identity, said Eric Norlin, an editor of the Business Guidelines document and director of communications at Ping Identity, in Denver.“Obviously, the game and the stakes are getting greater and greater now with the legislative requirements,” Norlin said.Liberty Alliance plans to introduce future documents pertaining to major business issues and information sources to guide federated identity implementations in vertical industries such as health care and financial services. The next set of documents is due in late-2003, according to Liberty Alliance. The organization, which features member companies such as Hewlett-Packard, Sun Microsystems, SAP, and American Express, focuses on developing specifications for federated identity, which involves the verification of identities of parties in e-commerce across the Internet. The real value of Web services will not be reached until companies can more securely and efficiently manage trusted relationships among partners, according to Liberty Alliance.“Federated identity is important to organizations because it allows them to launch new business initiatives,” said Britta Glade, vice chairman of the business and marketing expert group at Liberty Alliance.Alliance officials said they would be interested to see the proposed WS-Federation specification released Tuesday by two non-Liberty Alliance members, IBM and Microsoft. WS-Federation is intended to provide security for Web services through the management of trusted relationships. The specification also covers federated identities. “Quite honestly, we have not reviewed the specification,” Glade said, when asked if it could be redundant with the Liberty Alliance’s work. The alliance looks forward to reviewing and leveraging the work done in WS-Federation, Glade said.Phase 2 of the Liberty Alliance specifications, currently in a public draft review phase, is to be released in a final version later this year. This phase will focus on security and exchanging of attributes to enable transactions and interactions via Web services.Liberty Alliance on Tuesday also said that the Financial Services Technology Consortium (FSTC), in a report, concluded that the Liberty Alliance specifications and the OASIS Security Assertion Markup Language (SAML) proposal provide financial institutions with a standardized way to extend trusted relationships with customers and employees to third parties. Software Development