Monday, July 30, 2007

Identity Governance Framework sprints to the finish line

Network World

Identity Management




Network World's Identity Management Newsletter, 07/30/07

Identity Governance Framework sprints to the finish line

By Dave Kearns

Setting a pace that the IETF and other slow-moving standards bodies could envy, the Liberty Alliance announced last week the completion of market requirements document (MRD) for the Identity Governance Framework (IGF). It also announced that development of technical specifications to meet use case requirements is now occurring both within Liberty's Technology Expert Group (TEG) and at openLiberty.org (home of open source tools to further the use of Liberty protocols).

The IGF, you may remember, was first proposed late last fall by Liberty Alliance member Oracle and turned over to the Liberty Alliance during the winter. For the IGF to complete the MRDs in less than six months is commendable. (The IETF can take years just deciding if they want to pursue a particular protocol.)

IGF is a programmatic framework designed to help organizations meet regulatory requirements such as the European Data Protection Initiative, Gramm-Leach-Bliley Act, PCI Security Standard and Sarbanes-Oxley. According to Liberty spokesman Russ DeVieu, “With the MRD now completed, work can progress rapidly on the creation of the technical specifications and open source implementations required to speed the development of standards-based end-to-end auditing and governance solutions.”

Network World's Network Infrastructure Buyer's Guide

Find the right infrastructure products for your enterprise - fast. Our extensive database of detailed product information in over 20 specific network gear market segments will help you quickly pinpoint what you need. With the side-by-side comparison tool you can evaluate product features and make the best decision for your enterprise.

Click here to go the Buyer's Guide now.

The framework defines what could be called a series of “contracts” between applications and sources of identity data. There are four key components of IGF:

* Client Attribute Requirement Markup Language (CARML) – an XML-based declarative contract defined by application developers that informs deployment managers and service providers about the attribute usage requirements of an application.

* Attribute Authority Policy Markup Language (AAPML) – a set of policy rules regarding the use of identity-related information from an identity source that allow these sources to specify constraints on use of provided data by consuming applications.

* CARML API – an API that makes it easier for developers to write applications that consume and use identity-related data in a way that conforms to policies set around the use of such information.

* Identity Service – a policy-secured service for accessing identity-related data from multiple identity sources.

You can download the IGF MRDs and view a Webcast review of the IGF developments on Aug. 15. Registration and more information about the Webcast, “An Overview of the Identity Governance Framework: Putting Privacy and Regulatory Compliance First”, is available at the Liberty Alliance Web site.

Recent Award: Verisign’s David Recordon was recently presented with the Google-O'Reilly Open Source Award as Best Strategist for his work on OpenID. Congratulations from all of us, David.

Editor's Note: Starting Aug. 13, this newsletter will be renamed "Security: Identity Management" to better reflect the focus of the newsletter. We thank you for reading Network World newsletters!


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Show your SysAdmins a little love
2. Industry giants get 'Simpsonized'
3. The flying wing concept aircraft takes flight
4. IBM tells employees to behave in Second Life
5. Hogwarts IT director quits
6. Top 15 'networkiest' moments of The Simpsons
7. 12 IT skills that employers can't say no to
8. Classified U.S. military info available over P2P
9. 8th annual SysAdmin Appreciation Day
10. Sand, sun and RFID?

MOST DOWNLOADED PODCAST:
Twisted Pair Podcast: Hype Wars - iPhone vs. Harry Potter


Contact the author:

Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill.

Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com .

Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail.



ARCHIVE

Archive of the Identity Management Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments:

Post a Comment