Possibly taking the first step towards a standardized set of network identification specifications allowing for creation of single sign-on capability, the Liberty Alliancea cross-industry coalition of more than 60 organizationsreleased the first set of specifications in the Liberty Alliance Project.
In essence, companies that develop technology based on Liberty Alliance Version 1 will be able to allow userseither customers, business partners or internal employeesto access information from many different systems, possibly from many different companies, with a single sign-on.
"The Liberty Alliance is enabling different enterprises to deal directly with each other," says Andy Eliopoulos, director of product marketing for Menlo Park, CA-based Sun Microsystems' Network Identity products. "Each company can determine its particular relationship with its partners and decide what information to share. There isn't a third-party that is acting as an authenticator." Sun Microsystems is a founding member of the Liberty Alliance.
While most people associated single sign-on technology, such as Microsoft's popular .NET Passport, with B2C transactions, Eliopoulos points out that Liberty Alliance quickly found that companies need single sign-on applications for internal operations. "When Liberty first came out, everyone thought it would be for B2C," he says. "But many companies have problems internally with many different databases and different systems with separate log-ons."
For insurance companies, the Liberty Alliance specifications can help connect internal employees, agents and even policyholders to a carrier. "This could really help carriers connect with agents," says Karlyn Carnahan, global industry manager, insurance, Sun Microsystems. "Currently, agents have to sign on again and again to different carriers and systems. With a single sign-on based on the Liberty Alliance specifications, an agent would be able to access carriers that participated in the specifications without logging in multiple times."
Internally, insurance carriers would be able to provide access for employees-for instance, a call center rep who has to access multiple legacy systems to obtain customer information.
Also, notes Eliopoulos, the specifications allow companies to design their own levels of security for different types of data, a capability that will become important as insurers develop more Web services, requiring communication among internal divisions and even with outside companies.
Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio