Liberty Alliance releases privacy best practices

An industry standards body has released guidelines on how to ensure that online credentialing systems meet privacy laws.

Agencies can use the Liberty Alliance Project's guide when developing authentication systems, said Christine Varney, a consultant for the San Francisco alliance whose members' focus is identity management standards.

The best practices released today accompany the release of the alliance's second set of specifications for federated identity management.

The Privacy and Security Best Practices includes a high-level summary of how to implement federated identity management systems so that they meet U.S. and European government privacy laws, such as the Child Online Protection Act, Health Insurance Portability and Accountability Act, and European Union Privacy Directive. It also offers guidelines on securing identity management systems.

The federated identity management specifications lay the groundwork for setting up Web-based services for authentication. With the specs, vendors and end-user organizations can start building applications that work together across systems. The initial round of Web services specifications includes templates for setting up registration systems and building employee profiles.

The federated approach to authentication is based on organizations setting up their own authentication systems that use a standard set of specifications for exchanging credentials across systems.

The Liberty Alliance specifications are well-suited to government use, Varney said, especially given the Office of Management and Budget's and General Services Administration's recent decision to scrap plans for a centralized federal authentication gateway.

The Liberty Alliance Project has more than 160 participating organizations, including GSA, the Defense Department and companies such as PeopleSoft Inc. of Pleasanton, Calif., Schlumberger Ltd. of New York, Sun Microsystems Inc. and VeriSign Inc. of Mountain View, Calif.

Joab Jackson writes for Government Computer News magazine.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.