November 13, 2003
Secure and Reliable Sharing of User Attributes among Websites
Information sharing control technology enabled by the latest Liberty Alliance Specifications
Nippon Telegraph and Telephone Corporation (NTT; head office: Chiyoda-ku, Tokyo; President: Norio Wada) has developed a new system for the secure and reliable sharing of user-attributes among websites, providing a new information-sharing platform for Internet services.
The two main features of the system are as follows.
1. The system is one of the world's first applications of the Phase 2 specifications of the Liberty Alliance Project (*1). The Liberty Alliance is developing open standards for federated (*2) network-identity management and identity-based services.
2. The end-user has flexible control of conditions for the sharing of user-attributes among websites. This prevents the leakage of private information against the user's wishes.
The system provides a platform for the creation of new business models for the Internet and is expected to find application in various fields.
Internet services such as on-line shopping are now providing more personalized services through user authentication and utilization of such user-attributes as names or addresses.
Sharing of user-attributes among websites is an effective tool in the provision of personalized services; such sharing requires both interoperable standards and security for private information.
To solve these problems, NTT has implemented the latest open standards from the Liberty Alliance Project (Phase 2 specifications) along with a sharing-policy control mechanism developed in house, to provide improved privacy protection in the sharing of user information among websites.
The Phase 1 Liberty Alliance Specifications are for Identity Federation Framework, which enables "simplified sign-on (*3)". With Liberty-enabled simplified sign on, users are given access to websites in a "circle of trust" after a single successful user authentication at the first site. This frees users from having to enter passwords as often as they access secure websites.
More than 20 products and services enabled by the Liberty Alliance Phase 1 specifications have been on the market.
The Phase 2 Specifications define Identity Web Services Framework, which enables the sharing of user-attributes between federated websites based on per-user-defined permission. NTT's system is one of the first in the world to utilize the Phase 2 Specifications.
In addition to the single-sign-on user authentication and user-attribute sharing among websites defined by the Liberty Alliance, NTT provides a new method for secure sharing of user-attributes in which end-users are able to configure the sharing policy for their own private information.
For example, users might only want to provide their names to music sites but will have to give out addresses to on-line shopping sites when home delivery is required.
Below is an outline of the system's main features (see the attached figure and notes).
1. Sharing of user attributes among federated entities on the Internet.
The phase-2 specification from the Liberty Alliance describes the sharing of user attributes by multiple organizations that hold the attributes; this is achieved through the Internet Web-sites that represent the organizations, and frees users from typing such attributes as their names, addresses and telephone numbers every time they open secure websites.
NTT has, of course, considered the development of Japanese-language websites, so the system is capable of handling Japanese-language data.
2. Privacy Protection
The phase-2 specification describes the sharing of user-attributes according to user-defined permission. Moreover, NTT's new information-resource-sharing method improves privacy protection by ensuring that only the minimum essential information is shared among the organizations.
NTT will contribute to further development of the information society by developing techniques for the integration of various network services, providing customers with convenient one-stop services.
The phase 3 and later specifications will be oriented more towards service images. Methods for the sharing of such extended attributes as user's presence information will be defined in the specification; among other things, utilizing such information will enable the provision of more strongly individualized services.
NTT will continue to contribute as a member of the Liberty Alliance and will energetically promote the specification in Japan.
*1 Liberty Alliance Project
The Liberty Alliance Project (http://www.projectliberty.org) was formed in September 2001 to serve as the premier open-standards organization for federated identity and identity-based services. The Alliance is delivering specifications and guidelines for a complete network identity infrastructure that will resolve many of the technological and commercial issues hindering the deployment of identity-based web services. Members of the alliance include major service providers, vendors and carriers from North America, Europe and Japan.
Federation refers to an association of some set of service providers and identification providers. Federate is the binding of providers as network entities.
*3 Simplified sign-on
Functionality for websites such that a single successful authentication gives the user access to multiple websites.
- (Attachment) Technological configuration (outline)
For more information, please contact:
NTT Information Sharing Platform Laboratories
(Chizuka, Sano or Ida)
Copyright (c) 2003 Nippon telegraph and telephone corporation