Nos membres

• Cliss XXI
• Code Lutin
• Easter-eggs
• Eledo
• Entr'ouvert
• labor-liber
• Les Développements Durables
• LibrenBerry
• Libricks
• Néreide
• Open Via
• praKsys
• SILECS
• Syloé
• Ticket-Libre

Entr'ouvert

eGovernment and digital identity

• Home
• Contact
• FAQ
• Clients

• eGovernment
  • Au quotidien
  • w.c.s.
• Identity management
  • Liberty Alliance
  • Lasso
  • Identity Provider
  • Reverse-Proxy
  • Projects
  • Demonstration
  • License and support

Liberty Alliance

Founded in 2001 by Sun in order to propose an alternative to the Microsoft Passport project, the consortium Liberty Alliance aims to promote an infrastructure of standards allowing the management of federated identities between several services or systems. Since its creation, this group was joined by several hundreds of companies (France Télécom, Vodafone, VeriSign, Mastercard, etc.).

Liberty Alliance is the best way to couple the needs for a strong authentication with an absolute respect of the users private life. That's the reason why the State Modernisation Department is a member of the consortium and encourages its use among french administrations.

Entr'ouvert has developed the first free implementation of Liberty Alliance: Lasso. Lasso allows you to secure your network applications, the identity federation and the use of Single Sign On.

Actors

The Liberty Alliance specifications define three types of actors:

• The user, person or entity who can acquire an identity;
• The identity provider which creates and manages the identity of the users, and authenticates them to the service providers;
• The service provider who provides services to the users once that they have authenticated to an identity provider.

One calls circle of trust a grouping of identity providers and service providers which agreed to share (to federate) the identity of their users.

Authentication procedure summary

• The user wants to reach a service for which it must be authenticated;
• The service provider redirects the user on the identity provider;
• The user authenticates himself on the identity provider;
• The identity provider redirects the user towards the service provider and gives him an element of authentication (certificate, login and password...);
• This element is transmitted by the user to the service provider;

• The service provider asks the identity provider to validate the element of authentication;
• The identity provider valids. He thus authenticates the user for the service provider;
• The service provider then provides to the user the service initially requested;
• The operation is transparent for the user: when it asks to reach the service, one asks him to be authenticated. It reaches the service then;
• It reaches then the services of other service providers of the same circle of trust without needing re-authentication.

Privacy respect

The Liberty Alliance standards allow users to benefit from Single Sign On and to control their personnel datas at the same time. The explicit consent of the user is a required precondition to identity federation and data sharing.

The Liberty Alliance project was validated as enabling the respect of user's privacy, by the "Working document on online authentication services" adopted on January 29, 2003 by the "Data Protection Working Party" from the European Union.

For further information, the Liberty Alliance web site.

Copyright © 2004-2007 Entr'ouvert.