Michael Barrett, vice president of Internet systems for American Express, recently took over as president of the Liberty Alliance Project, a consortium developing a 'federated identity' system aimed at simplifying and securing Internet transactions by creating open, federated specifications for network identity. Barrett recently spoke with Network World Senior Editor John Fontana about where the alliance is headed and why the effort is so important to American Express.

Now that you've taken the reins at the Liberty Alliance, what are your goals?

The nature of my job is to help direct strategy with particular regard for the Internet and the technology that we deploy at American Express, so I tend to [think long-term]. In terms of the alliance, everything we have done so far has been very tactical. What I am doing is saying, 'OK, that was the right set of priorities, but we can do a better job of articulating what we think the alliance is going to look like over a longer time frame and what overall classes of solutions are needed.' I am asking the alliance at large a whole lot of questions.

Like what?

They are really around what the organization looks like when it grows up. The organization in under a year went from being kind of a twinkle in a few companies' eyes to an organization with 130 companies, and it is still growing.

What do the Liberty Alliance's efforts mean to corporate customers like American Express?

We had been doing a number of Web services pilots, and whenever we did one, we found that doing the Web services itself was rather straightforward, but the security integration every single time was horrible. Liberty will enable us to build and deploy Web services without having to get into these monstrous point-to-point security integration issues.

What are the highlights in Version 2 of the alliance specification slated to ship early next year?

The identity business is going to evolve much in the same way as automated teller machine networks did, where first of all you had an individual bank and it had its own ATM machines. Customers could use that and then you had these islands or networks that formed and you could interoperate within that network. At the next stage the networks were cross-wired together so you could go to any ATM and get your money out. We believe the same evolutionary path will occur in the identity management space, so Version 1 could be likened to a single network or island of trust. What Version 2 is doing is basically providing the plumbing that wires those islands of trust together. Version 2 also provides a robust mechanism for data to be moved around between partners, but also - and this is the tricky piece - it provides a robust permissioning framework to allow consumers to manage that.