Identity Governance

Work is well underway within Liberty Alliance on addressing identity governance, an issue of particular import in today’s society of identity theft and increasing understanding of the importance of privacy. This work is focused on defining a framework to help enterprises easily determine and control how identity related information, including Personally Identifiable Information (PII), access entitlements, attributes, etc. are used, stored, and propagated between their systems. The Identity Governance Framework enables organizations to define enterprise level policies to securely and confidently share sensitive personal information between applications that need such data, without having to compromise on business agility or efficiency. Furthermore, it eases the burden of documentation and auditing of these controls, allowing organizations to be able to quickly answer questions on how personal information such as social security numbers and credit card data is being used, by whom, at what time, and for what purpose.

The Identity Governance Framework (IGF) is designed to allow: (1) application developers to build applications that access identity-related data from a wide range of sources, (2) administrators and deployers to define, enforce, and audit policies concerning the use of identity-related data. IGF has four components: (a) identity attribute service, a service that supports access to many different identity sources and enforces administrative policy (b) CARML: declarative syntax using which clients may specify their attribute requirements, (c) AAPML: declarative syntax which enables providers of identity-related data to express policy on the usage of information, and (d) multi-language API (Java, .NET, Perl) for reading and writing identity-related attributes.

This MRD definition/scoping portion of this work has been completed and work is progressing within openLiberty.org and parallel track in the Technology Expert Group.

Liberty Alliance Identity Governance Framework (IGF) 1.0 Specifications

The initial public draft release (Draft Release 1) of the IGF specifications is in the Liberty Alliance Identity Governance Framework (IGF) 1.0 Specifications folder. You can submit comments about these draft IGF specifications using the Specifications Feedback form.

Resources of interest:

Additional Resources

Presentation given by Phil Hunt at May 2007 IIW, offering overview of the MRD (Market Requirements Document) work around the Identity Governance Framework within the Liberty Alliance.

Identity Governance Framework Presentation

The secure and appropriate exchange of identity-related information between users and applications and service providers (both internal and external) is the basis of providing deeper and richer functionality for service-oriented architecture.

Sensitive identity-related data such as addresses, social security numbers, bank account numbers, and employment details are increasingly the target of legal, regulatory, and enterprise policy. These include, but are not limited to, the European Data Protection Initiative, Sarbanes-Oxley, PCI Security standard, and Gramm-Leach-Bliley as examples.

The Id Governance initiative assists entities managing identity data with increased transparency and demonstrable compliance with respect to policies for identity-related data. It would allow corporations to answer questions such as: Under what conditions may user social security numbers be accessed by applications? Which applications had access to customer account numbers on January 27, 2007?

•  overview-id-governance-framework-v1.0.pdf 224.41 kB

Aug. 2007 presentation by Phil Hunt and Prateek Mishra of Oracle about the Identity Governance Framework: the use cases it addresses and intended next steps.

An Overview of the Identity Governance Framework: Putting Privacy and Regulatory Compliance First webcast PDF

The Identity Governance Framework: Liberty Alliance's Privacy Initiative

Enterprise systems are becoming increasingly distributed across internal and external service providers. As we look at this from a SOX and a general governance, risk and compliance perspective, the importance of good quality, accurate, personal and private information becomes a larger issue for enterprises as existing technology solutions become too complex to support.
As enterprises consider their formal written policies for the consumption and use of personal information, they should look towards IGF as the best open, standards-based approach to programmatic enforcement of these written policies in the future. IGF provides declarative, request/response metadata (promises and obligations), and policy enforcement that documents and governs the use of identity-related information in networked systems and applications. IGF supports the evolving federation and user-centric protocols, as well as new and evolving governance and privacy legislation. While IGF is still in development, enterprises and software developers are encouraged to get involved and learn more about IGF and its benefits.

•  IGF SOX article >

This presentation reviewed the Identity Governance Framework, a technical spec currently being developed parallel track within Liberty's Technology Expert Group, as well as Open Source code released through the OpenLiberty.org activity. A technical walk through is presented, allowing attendees to see that with proper governance, the sharing of personal information can reduce information collection, improve privacy, reduce liability, and improve business accuracy, workflow, and profitability.

•  083010 LAP workshop igf-openliberty Hunt.pdf 714.24 kB

Webcast: Identity Governance Framework: New Standards to Protect Privacy Through Governing Policy

•  080423 igf-openliberty - P Hunt.pdf 5.26 MB

eZ publish™ copyright © 1999-2009 eZ systems as