The Liberty Alliance released a new set of specifications aimed at protecting identity information transmitted by mobile devices during Web-based transactions.The Advanced Client specifications are platform independent and could be used in devices such as cameras, laptops and TVs, the Liberty Alliance said Wednesday. The alliance is a consortium that defines protocols used for federated identity and Web services. Liberty sees the specifications as a crucial step in protecting the privacy and security of Internet transactions, such as single sign-on authentication and client-based Web services, all of which underpin e-commerce transactions. The organization has also developed a legal framework for how businesses can approach sharing user identity information. The Advanced Client specifications draw on ID-WSF 2.0, a Web services framework for identity-based transactions, and allow for identity information to be safely stored and managed whether a device is online or offline, Liberty said.The advantage is that users will be able to act as their own ID provider, or a “trusted module,” if they can’t connect to the ID provider for some reason, said Roger Sullivan, president of the Liberty Alliance Management Board and a vice president in the identity management section at Oracle. The user would also be able to access other Web services that trust the identity information.”You want to be able to continue working if you are no longer connected to the identity provider,” Sullivan said. “The whole foundation of this is to provide that kind of trust and security for these credentials.”BT Group, Intel and Hewlett-Packard—all members of Liberty—recently showed a proof-of-concept application using the Advanced Client specifications, said Conor Cahill, an identity architect with Intel’s corporate technology group. It involved provisioning identity credentials over a wireless network to a laptop using the Extensible Authentication Protocol Method for GSM Subscriber Identity protocol, he said.Other vendors may bring forward products that use the Advanced Client specifications for Liberty’s next round of interoperability testing, scheduled for May or June, Sullivan said.The Advanced Client specifications are available for download. Liberty will update the specifications later this year, expanding the ID provisioning functions and adding new reporting capabilities, Sullivan said. The changes will improve how devices are managed and create a framework for compliance and regulatory requirements, it said. Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe