to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID

You Tell Us:

We use SSL Technology for web data entry points:

What is SSL?

Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Liberty Alliance to Speed Wide-Scale Adoption of Strong Authentication Solutions

compliance and privacy

Current News Updates

Liberty Alliance to Speed Wide-Scale Adoption of Strong Authentication Solutions

Consortium forms global expert group to help organizations meet new industry demands for universal strong authentication

The Liberty Alliance Project, a global consortium for open federated identity and Web services standards, has announced the formation of a global, cross-organizational expert group focused on developing open specifications for interoperable strong authentication. Liberty's new Strong Authentication Expert Group has been created to speed the worldwide deployment of interoperable strong authentication and to help organizations meet new industry-wide demands for universal strong authentication solutions.

The Strong Authentication Expert Group (SAEG) leverages the work Liberty Alliance has been doing for the past year in defining clear market requirements for appropriately deploying strong authentication in a federated network. The group will expand this work beyond federation to build ID-SAFE (Identity Strong Authentication Framework), an open framework to allow strong authentication solutions such as, hardware and software tokens, smart cards, SMS-based systems and biometrics to interoperate across organizations, networks and vertical market segments.

"With increasing industry demand for better protection against online fraud and identity theft, there can be no question that the time for universal strong authentication has come," said Timo Skytta, vice president of the Liberty Alliance. "By forming the Strong Authentication Expert Group, Liberty is committing to rapidly deliver well defined and highly deployable solutions to help organizations meet new and pressing requirements for stronger authentication."

On October 12, 2005, the US Federal Financial Institutions Examination Council (FFIEC) issued new guidance for banks on online authentication, which acknowledges that passwords alone are insufficient as the only means of security to protect a consumer bank account. This new guidance calls on banks to implement better ways to authenticate the identity of customers using online products and services. While governments and organizations around the world have moved to implement similar requirements, financial institutions based in the US are expected to achieve compliance with the new FFIEC guidance by the end of 2006.

Liberty's ID-SAFE will help all organizations more easily meet the challenges in implementing solutions consisting of more than usernames and passwords to strengthen online authentication. "Gartner predicts that by 2007, 80 percent of organizations will reach the ‘password breaking point' and will need to strengthen user authentication with alternative security methods," said Ant Allan, research vice president at Gartner. "Businesses need to put roadmaps in place now that will allow them to phase out passwords and replace them with stronger authentication methods."*

Strong authentication requires at least two forms of identity authentication for accessing a network or online application. Liberty 's ID-SAFE will offer standards-based online identity protection to allow organizations to deploy interoperable strong authentication faster, more cost-effectively and on a wider scale.

Widely deployed strong authentication based on ID-SAFE will provide organizations with opportunities to focus more on developing new business lines and e-commerce offerings while being able to rely on universal strong authentication that is easy to deploy and manage. Consumers will benefit from ID-SAFE with increased protection against identity theft and fraud, a seamless user experience across networks and advanced privacy protection based on individual consent and control.

"The lack of strong authentication in the online space is demonstrably one of the most significant causes of identity theft," said Michael Barrett, co-chair of the Liberty Alliance Identity Theft Prevention Group, and VP Security/Utility Strategy at American Express. "The recent FFIEC guidance on strong authentication will likely change how organizations manage online identity threats, but initiatives for addressing these issues need to be coordinated via agreed industry standards - and that's where the Liberty Alliance has a strong track record of fast delivery."

Kevin Trilli of VeriSign, Inc. commented "For strong authentication to achieve its true potential, fresh approaches are needed in the development and deployment of two-factor authentication services.  Two years ago, VeriSign, along with several industry partners, sought to address the need for an open standards-approach with the creation of the Initiative for Open AuTHentication.  VeriSign applauds the Liberty Alliance for also recognizing this need, and we look forward to contributing to the ultimate goal of an open, global and federated authentication service that benefits all Internet users."

A full list of Liberty Alliance members, as well as information about how to become a member, is available at .

*Gartner Research "Passwords Are Near the Breaking Point" by Ant Allan. December 6, 2004.

Follow and contribute to the discussion


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.