GSA, DOD sign onto Liberty Alliance

Both the Department of Defense and the General Services Administration have joined the Liberty Alliance, the network identity standards body.

The alliance hopes the government's involvement will help set the standard for large-scale digital authentication and identity management.

In addition, the alliance announced Lockheed Martin Corp., Bethesda, Md., also joined the organization.

Founded in July 2002, the alliance is a consortium of 160 organizations created to develop open standards across security product vendors.

Members include EDS, MasterCard Inc., Sun Microsystems Inc. and VeriSign Inc.

"Identity management is becoming . . .more relevant as an increasing number of transactions and relationships move online," said Michael Barrett, president of the Liberty Alliance Management Board.

While identity solutions exist in the marketplace, the alliance is creating a common language, or specifications, that will allow the solutions to work in a similar way, thus paving the way for government bodies to simplify electronic services to a large numbers of citizens, workers and businesses, said Simon Nicholson, head of the business and marketing expert group for the alliance.

The GSA is looking at the Liberty Alliance specifications as a way to implement authentication services across the Internet as part of its eAuthentication initiative, one of the 25 e-government projects spearheaded by the Office of Management and Budget. This initiative will develop a way to verify the identities of citizens and businesses doing business with the government online.

The Defense Department's Defense Manpower Data Center is looking at Liberty Alliance specifications for help in maintaining its automated power, personnel, training and financial databases.

By joining the alliance, the Defense Department and the General Services Administration can assure that the specifications being developed meet their business and technical requirements, Nicholson said.

The first work that the alliance has taken on is a single sign-on capability. Using a common specifications for single sign-on and identity management, an individual who signs on to a trusted network would not have to sign on a second time if he uses other services elsewhere, Nicholson said.

So, for instance, a sailor logs onto the Navy-Marine Corps Intranet and if the intranet uses the Liberty specifications, that sailor will be allowed to check his medical records being held by another Liberty-compliant branch of the service without logging in again.

"Once a user logs into a usual site, he or she can go to an alternate site without re-authenticated himself unless a stronger level of authentication were required," Nicholson said.

The signing of the two agencies also represents a major victory for the Liberty Alliance, as Microsoft Corp., Redmond, Wash., is rolling out its own identity management service, called Passport.

"We recognized that no one supplier could set the standards and that identity, security and privacy are all key to seeking what we want to offer on the Web. So participation by the GSA and DoD is further evidence that we're agreeing that we all need to work with each other," Nicholson said.