Wednesday October 12, 2005
Good news today for the companies that intend to deploy privacy and security aware services to their customers: the Liberty Alliance has just released a whitepaper entitled "Deployment Guidelines for Policy Decision Makers".
The whitepaper highlights the key decisions areas that must be addressed when deploying a federated network identity solution. I have summarized these areas below:
- What are the underlying business purposes for the deployment?
- How to create and manage a Circle of trust? What are the questions decision makers should answer to ensure that the principal's privacy and security are protected.
- On collecting and sharing data: the paper also describes some of the elements in Liberty's Personal Profile data model.
- How and when notice should be given to the principal of who is collecting what information?
- Finally the paper explains how choice should be given to the principal as to the information that is being collected. When a user has given its consent to share information, there should be mechanisms to allow him to review verify or update these consents.
Towards the end of the whitepaper, the authors map these requirements to the different pieces that compose Liberty's architecture (e.g. Interaction service, nameIdentifier protocol etc.).
In addition to this document, Liberty has also published a very useful whitepaper that describes best practices with regard to privacy & security. It also contains an interesting tour of privacy laws around the world.
As said above this paper is key to a successful deployment of a Liberty-based solution. I would add however that most of its recommendations are applicable to any deployment that is privacy and security aware; it just happens that Liberty is the only platform available today that offers a global solution that's based on those principles.
