Liberty Alliance updates Net identity spec

The Liberty Alliance Project has released version 1.1 of its open specifications for federated network identity as a maintenance update to version 1.0 released in July, the business and technology consortium said Tuesday in a statement.

The version 1.1 document is the first to be issued by Liberty Alliance for public review, according to the consortium.

Members of the Liberty Alliance, including Sun Microsystems Inc., are developing a technology to link various single sign-on authentication systems using a standard specification. The technology will provide an alternative to the Passport system developed by Microsoft Corp.

The Liberty Alliance system works like this: When users log onto a Web site that supports the specification, they can visit other password-protected Web sites supported by the technology without having to sign in again.

Several companies, including AOL Time Warner Inc., American Express Co., Cisco Systems Inc., eBay Inc., General Motors Corp. and Nokia Corp., have pledged to support the Liberty Alliance specification when it becomes available.

Updates in the version 1.1 specifications include a fix for a vulnerability in a Liberty Alliance-enabled client/proxy, and enhancements to provide additional flexibility to service providers.

The Liberty Alliance is taking a phased approach to the release of its specifications and anticipates the next major release of its specifications, version 2.0, to be released in 2003.

This version will provide an infrastructure for developing and supporting identity-enabled Web services from companies, organizations or government entities. The infrastructure will include a framework for permissions-based attribute-sharing and will allow groups of organizations, often referred to as “circles of trust”or authentication domains, to be linked together, as opposed to operating as separate islands.

Parties interested in reviewing version 1.1 draft specifications should contact the Liberty Alliance Web site at: