Multi-Agency Group Seeks to Increase Internet Security
Imagine a procurement process in which all vendors are required to use a standard interface when dealing with myriad government agencies and offices. Imagine issuing purchas orders and no longer having to adapt to multiple identity provisioning technologies. Imagine a process in which security is assured and procurement executives can be certain of all trading partners’ identities.
This futuristic scenario is fast becoming govern-ment-as-usual as organizations such as the Department of Defense (DoD) and the General Services Agency (GSA) join the Liberty Alliance, a group formed in 2001 to solve the complex business and technical issues associated with assuring identity over multiple platforms and devices. Today, the Liberty Alliance represents more than 160 government agencies, businesses, and technology suppliers, along with private and educational organizations.
These organizations recognize the importance of working together to find a way to use the Internet to both improve business processes and provide vendors and constituents with better access to information. Identity management is central to accomplishing these goals and, in fact, is becoming more and more relevant as increasing numbers of transactions move online.
What exactly does the Liberty Alliance do? Liberty has established network identity management standards to create the security and trust online that people have with in-person relationships. These standards make the Internet a more secure and efficient place to do business. For example, an in-person relationship consists of elements of security, trust, convenience, and often, a shared history. A relationship in the digital world should have those same elements.
The Liberty Alliance enables improved security and efficiency in the digital world through what are called “circles of trust” and “account federation.” These new terms will become increasingly common in the coming months.
A circle of trust is established when two or more organizations come together and share credentials. These organizations can then link to each other via a common authentication interface or single sign-on capability. On the vendor or constituent side, this eliminates the need for multiple passwords and rekeying identity information.
Account federation refers to the process of connecting or binding a user’s multiple Internet accounts within an affiliated group established among commercial or non commercial organizations and governed by a legal agreement.
This legal issue is key. The Liberty Alliance provides a technology framework to deal with non-repudiation—which is critical to insuring the security of financial and classified information transactions.
For example, Liberty’s account federation would support e-authentication, one of the Bush Administration’s 24 e-government initiatives. This initiative is designed to verify (authenticate) the identity of citizens and vendors doing business with the government over the Internet and will enable the mutual trust needed to support widespread use of electronic interactions across multiple platforms. GSA, the managing partner for this initiative, is responsible for the development and implementation of infrastructure for common authentication services across the federal government. GSA participation in the Liberty Alliance is an important step toward the deployment of a common infrastructure.
Advancing Authentication for Secuity In the Future
To date, authentication in most organizations is handled manually or via a third-party authority. Circles of trust, on the other hand, deploy a powerful new industry standard called SAML (Security Assertions Markup Language). SAML represents the specifications used to exchange and authenticate XML data, the de facto framework for the universal exchange of confidential data on the Internet.
The beauty of SAML is that it enables organizations to leverage and extend internal business models and data to external trading relationships.
For example, in most government offices and private companies, authentication information is located in multiple databases. Payment information may be in one location, purchasing levels in another, and shipping authorization in still another. SAML enables an organization to create a real-time, authentication profile by accessing data from multiple repositories much like a person would—checking information and pulling it together over the phone. SAML saves time and eliminates the need for third-party certificate providers.Along with XML, it is the critical standard for the authentication on the Web.
Leveraging a Common Authentication Interface
The standard authentication mechanism developed by Liberty can be deployed in multiple ways to multiple communities. On the procurement side, Liberty Alliance supports: Interaction with a vendor community in a standards-based way.
- Just-in-time shipping and other back-end efficiencies.
- Doing less with more while reducing paper and administrative over-head.
- Improved security and reduced risk of fraud.
- A way for different agencies and departments to interact with one another and manage intergovernmental authentication issues.
Beyond procurement, single sign-on and circles of trust can be deployed in other ways, as well. Liberty also offers a single point of constituent entry to multiple services and agencies, support for Freedom of Information (FOIA) requests from private citizens and legislators at different classification levels, and access to health services, pension, and other personal information through a single portal.
Focusing on Identity Management
Attention to identity management is increasing because government and businesses want to take maximum advantage of the Internet without compromising security.
The Liberty Alliance represents the combined efforts of the public and private sector. Its support for open standards enables true interoperability and ensures that technology investments are safe from becoming obsolete.
Homeland security requires all citizens to aggressively explore new, creative methods for ensuring individual identification, information security, and proper information access, while maintaining a high degree of responsiveness, flexibility, and agility in the face of more sophisticated threats to our nation. The Liberty Alliance offers a way to deploy secure technologies and develop procurement business models for the future.