Michael Barrett, vice president of Internet systems for American Express, recently took over as president of the Liberty Alliance Project, a consortium developing a 'federated identity' system aimed at simplifying and securing Internet transactions by creating open, federated specifications for network identity. Barrett recently spoke with Network World Senior Editor John Fontana about where the alliance is headed and why the effort is so important to American Express.
Now that you've taken the reins at the Liberty Alliance, what are your goals?
The nature of my job is to help direct strategy with particular regard for the Internet and the technology that we deploy at American Express, so I tend to [think long-term]. In terms of the alliance, everything we have done so far has been very tactical. What I am doing is saying, 'OK, that was the right set of priorities, but we can do a better job of articulating what we think the alliance is going to look like over a longer time frame and what overall classes of solutions are needed.' I am asking the alliance at large a whole lot of questions.
Like what?
They are really around what the organization looks like when it grows up. The organization in under a year went from being kind of a twinkle in a few companies' eyes to an organization with 130 companies, and it is still growing.
What do the Liberty Alliance's efforts mean to corporate customers like American Express?
We had been doing a number of Web services pilots, and whenever we did one, we found that doing the Web services itself was rather straightforward, but the security integration every single time was horrible. Liberty will enable us to build and deploy Web services without having to get into these monstrous point-to-point security integration issues.
What are the highlights in Version 2 of the alliance specification slated to ship early next year?
The identity business is going to evolve much in the same way as automated teller machine networks did, where first of all you had an individual bank and it had its own ATM machines. Customers could use that and then you had these islands or networks that formed and you could interoperate within that network. At the next stage the networks were cross-wired together so you could go to any ATM and get your money out. We believe the same evolutionary path will occur in the identity management space, so Version 1 could be likened to a single network or island of trust. What Version 2 is doing is basically providing the plumbing that wires those islands of trust together. Version 2 also provides a robust mechanism for data to be moved around between partners, but also - and this is the tricky piece - it provides a robust permissioning framework to allow consumers to manage that.
It sounds like there are going to be issues that go well beyond the technology.
The alliance and American Express were explicitly making the assumption that the sorts of islands of trust that we were talking about required that the various partners in those islands of trust had contractual limitations on them that managed things like liability. The first deployments are going to be in the arenas where it is easiest to manage that.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment