Liberty Alliance lifts lid off Advanced Client

By Robert Jaques on Mar 22, 2007 10:55 AM
Filed under Security

Specifications allow identity management on consumer devices.

The Liberty Alliance has unveiled its Advanced Client specifications designed to allow enterprises and consumers to manage identity information on devices such as cameras, handhelds, laptops, printers and televisions.

Advanced Client is a set of platform-independent specifications developed to extend identity management capabilities such as single sign-on, access to web services, stronger authentication and user-controlled provisioning to a variety of consumer client devices.

The specifications will allow users to store identity data on a device and access and manage the information when the device is connected to a network or offline.

Advanced Client represents the third phase of Liberty's ongoing work in delivering increased identity management functionality to client devices.

In phase one the organisation defined the Liberty Enabled Client/Proxy which was incorporated into SAML 2.0 and supports federation operations as the Enabled Client/Proxy.

The Active Client is part of phase two and provides client-based web services functionality, single sign-on into Liberty Web Services and support for any authentication model.

Work on the Robust Client specifications, phase four, is underway. These phase four specifications will support trusted digital identity relationships and mobility modules, and provide a platform for facilitating client-based universal strong authentication.

Advanced Client relies on ID-WSF 2.0 (Liberty Web Services) which includes support for WS-Addressing and WS-Security specifications.

The specific functionality included in the Advanced Client specifications released in draft form today includes:

The specification acts as an extension of the identity provider (IDP) offering protocol support for trusted model capabilities and able to function wh en the IDP is not present.

The specifications allow the client to assert assurances on behalf of the authority issuing the identity in a closed and protected environment such as a smart card or other tamper resistant mechanism within the client device.

"Liberty's Advanced Client specifications mark a new era in how consumers will access identity-based applications, and how businesses and governments will deploy and manage new identity-based services," said Roger Sullivan, president of the Liberty Alliance Management Board and vice president of Oracle Identity Management.

"With today's news, Liberty Alliance is closer to delivering an always-available end-to-end identity framework where devices of all kinds are linked by federation and users are in better control of their identity information."