The Liberty Alliance Project is working on technical specifications to protect sensitive personal data and securely share it between organisations.

Liberty, a consortium that develops identity management standards, has completed a market requirements phase where it asked businesses how they use customer data such as credit card numbers.

Those market requirements will be used to develop technical specs for the Identity Governance Framework (IGF), a set of standard protocols to be used in applications that handle identity information, said Amit Jasuja, vice president of product development for identity management at Oracle, one of Liberty's members. Those specifications should be finalised next year.

As those specifications are developed, vendors such as Hewlett-Packard and Oracle will begin building applications based on the market requirements and preliminary IGF information, Jasuja said. After six to nine months, a Liberty technical group will work with those vendors to refine that development, he said.

Eventually, IGF will also be compatible with other identity management specifications such as OpenID and WS*, and systems such as Project Bandit, Project Higgins and Microsoft's CardSpace.

Liberty is also encouraging identity application development projects through openliberty.org, its open source-development site that uses an Apache licensing model, said Brett McDowell, executive director of Liberty.

IGF will eventually be able to incorporate policies and regulations, such as the European Data Protection Initiative and Sarbanes-Oxley in the US, into applications that handle identity information, McDowell said.

"Users have been waiting to know there are some real teeth behind the polices that they agreed to with their data," McDowell said.

Identity management has become a hot issue among enterprises in light of data breaches and the increased sharing of sensitive information.