Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Liberty Alliance: Federated Identity Ready to Go



 By: Anne Chen
2004-03-29
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The president of the Liberty Alliance says federated identity management is ready to roll.

As president of the Liberty Alliance Project, Michael Barrett is charged with shepherding the organization as it works to deliver open specifications and frameworks for federated network identity. Barrett, who is also vice president of information security and privacy strategy for American Express Co., said 2004 will be the year federated identity management proves its more than hype.

eWEEK Labs Senior Writer Anne Chen recently spoke with Barrett about the challenges facing federated identity deployments, Liberty Alliances priorities three years after its inception and American Express efforts to secure its own Web services deployments.

Liberty Alliance has been working on federated identity since 2001. What are you focused on today?

The theme in 2004 is ... ensuring that any barriers to adoption around federated identity management are removed. Theres always a gap between the leading- edge companies that play with a lot of the technologies and the early adopters, and our goal this year is to close that gap.

Were spending most of our energy doing things that are needed to help companies deploy federated identity while continuing to build on the foundations. Where in the past we built infrastructure specifications, were now building actual services specifications that write upon previous specs. Our focus is in ensuring that we knock down as many perceived barriers as possible.

Resource Library:

What are some common misconceptions surrounding federated identity?

One example is that people think there are no products out there. The Liberty Alliance has dozens of products on the market.

I saw something recently that said the Liberty Alliance specs are not stable. Weve had these specs on the market for nearly 18 months now. You have to keep educating. Were seeing implementations, and our expectation is that within a few months, there will be a fairly large number of implementations, which is one thing that really encourages the early-adopter crowd.

You have said that youre working on convergence between Libertys IDFF (Identity Federation Framework) and SAML (Security Assertion Markup Language). Can you describe some of the work being done?

The Liberty Alliance owed a great debt to SAML in that it was the technology that we most heavily relied on. I wouldnt want to minimize the implication that SAML had on our first family of specs. We are very conscious that we didnt want to see any kind of schism in the marketplace. So rather than seeing two diverging specifications, we submitted IDFF as the basis for SAML 2.0.

Why did American Express join the Liberty Alliance?

If you set the clock back to late 2000 [or] early 2001, XML was around and SOAP [Simple Object Access Protocol] was around, but neither of them was finalized. Web services were understood conceptually, and there were enough tools around where we said "this stuff looks promising." American Express has a number of services we offer to customers. We have a proprietary application system we built ourselves that manages our Travelers Cheque inventory. When a Travelers Cheque is cashed, its recorded so that system manages the life cycle of Travelers Cheques.

We went to a couple of partners and said, "Were interested in Web services. Would you like to work with us to build an implementation of this check system?" The problem at that time surrounded security integration problems.

We felt the business promise of Web services was justified, but security was a problem. Problem two was, whenever youre transacting commercially, most transactions are authenticated. There was a hole in the standards set that didnt address identity.

We joined Liberty Alliance because we needed a solution to identity-enable Web services transactions.

How is American Express using Liberty Alliance frameworks and specifications today?

Broadly speaking, our deployment can be characterized as multiphase. Were trying to do foundational work … to minimize the business issues but give us value so that we have a learning exercise for cutting our teeth on the technology. Its the whole walk-and-then-run concept.

For corporate cards, corporate travel, etc., a number of companies … say theyd like [our] services to integrate with an employee single-sign-on portal. Essentially, they want employees to come to us and have us trust their identity. And they want us to do this without a proprietary solution.

We know some of our competitors are starting do to this. We know that if we attempted to stay proprietary, wed start losing deals and become noncompetitive. Even if we thought using open standards like Liberty was a bad thing, wed be forced into doing it.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: Liberty Alliance: Federated Identity Ready to Go
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Anne Chen
 


x}kw89v2zۑȶkbYK'{!m䐔mu _zВqNl BUP(#I"ntcnQ?sOG3齿O$w}L9UQ#C3W)92 E]0eNznDzpDwd>J`OS{S )5'Ӡ5ޙ Q}_6g2z9o0 fE63&6IE9JDqDRงGEQ>߱L㈄-:;|7*UN83p{f_ʞ0IQIM"x<&j>vn=ݣw2`~|!k`T黖8$CM-G ؓ ۭ@5lvy!rs#gߎz$fPr&NWw#205ARZ"[XdTZ ӡc)u8r `p)jXtGL: nK>1P:x =3~bA2xfdQӸO*! lpa+j)y'C,\tY֡_׽YoAס>x6ܳL]b6JmO |l ݟR>AGchGPu#o8sF94G푦J5(GJ\S#g}޴ ޷L{`T3vTo|wUMSZw>ʑCKo -%u`(:n{'Owq@.{A~$Vj}& D%\.fI&0hMmdڽ~X}AFI?j|%R+ i٥z4Jr ])21,ԐYۭlni][W^['7fٚY jiedXY3׫ӛkiGκ}!+|v!5 0\6:֪V1?!"wA<0MߑRMRs?#3p=jio]}ퟒ;۾Bdu#7ReQ oȱn>@|Ӡdq* ߱n^S;G7ۯZx۬) rƒ tKs;nZK}0[=RFp\ ДaCXذ 1"%̛ hJ@e $}ВEtBAͨ8 .)J!"xN3ˌE !\J!=! g|8Jn.r?G_5 .΃awʪ9QY ++\M޲G\zcOgfu.~zLqJjpX.B2iKB0.pjۛZ\MG_)Ab/*5U95|Qnl 2XjXvR7X[A^݇lA0ut3#|>9Շm'!|Бdmx=Z.s3GS4!>F&MЀ`;^h>[׏ <[ K!pA}x3V=H:}mP`95$'CMߟ̀s#08w ɝ 5y05ݻCi`y1&բ !Tg ,zz>)@}9\P lmN7-}hZ`1 5#JKm@i0xzOEأ$@!-i]R@Az68 -8,rr ޑvZ*&RP*m=!ԑtLZ*=h3aGe-n^ $ d6g2+IMihn1!UG,D`v9J,L.Y ϴ6jԭebQ9ҴZ hқ͑ Kbi]ye&,`b ȩ& # K8Y0Ϲpm'ȓcQ@la} /| ` Sn6O)tsfڰ`) 0|Ch2!isM/Xgu׵Lj{rgtKm0s k2'yvw=g&.Q>juϙܑ-ӾȇRoBoڅRT眺_dA_fMjlȌu>IVB17O wf@nmhIJ:#w4)dz~#Jݸ^`3h{q#%IAg=U檳@tlX+nMo?JՍ݋pz1(+úZjp Hoh m_eƠumLGi+-m" IPצ(X kezdxE6*&C 7u=k=0\PeM }d2wê%M*ګY3ld tAqFA͐`AELl5KWթw@4=":zu@nzS|P9s?棄YTpܩ480T]2agRhjUMas(zG/ı``{sp9pJ.k1sM^^/V꺰+]69g"@0m"}aiNR} ش^oZMk#RXO%}T5&"I D ȸla,ri L*gXsM>QȺ a(JuѧHǴ&gzI4e$og đaܧ^ۨO`Dk 5o` 2l3s&/frwE% y?CU^fx,"JPVbjxSC+jrTT+ oV Ls1)' Sf|ǁ3S翼;ugiԛJm@o([gn!WGשeXTe10fW#SJI3$#vZman0L{3Mᗬ6{  "9&S}o pe7dݤS(H[D`{ nUESU[zfy@L t@zCxؽL HMҜ)o:+@%5-r ?Ť֊kt)D Ȯcf>Fu*ZWּ}Zb^ څHB:GdH#`NT8w]܁c:P>H(Tg7gMEH]ac6U{z@n)Z/'W'vhTJE幛>7;'ojA-rF7=_`%to@șY!7G:eۤs:n&2006E-0P>O\մRߖ,09W|)3p3 `Ϙɧb_`pl1\Anc>GsW> m۠|m*Ln1}c%[ŜRx` fΌzliʀkxG2gdQ JhU m{\ c4wyN1 Qc>/$*RQv+T5΀LdR,WEzy,(U|4 BL*>"Gwŏ[o(UrmVՏG>Q*~ EPGIuzd*+ZR<*4rOk,ش/6"h ޜ-cz[ e|\+̖K%4e3/ -9@XP9ɷwnh‰/lCXx|{ `?KXXD>DiF\{e">QP(\}?؇^?hUeQbE1 wcyHV~ZgZqRFQtW%}w>Ϻ}i_|>3>L̾~xfkC {D[( ^-{Zi\#-0MC~ڗUˇݏR|ga\[dzLR(I]2~̮W{隿ð ]a區wnG4߷/ŗtOk~\/[R1~J`'y~yȒu4*$Eyp|hq0)MF0SkF#wȰ6 Z_ť{}ں̂KӜ$"j?N3dn ʣF4Skޚ( V`!旁w1d|PR# (ʑ=`=` v9:\b/;$B 0FD_TJi)W4f'uSxv:^79S%j67 EW%'K+ u{--':}mF1џW` e܃*׌Vrh'?!4|㿜yQG$ !r"0xc.A-H7ԺN9$S0qJh"g:Q;)~ڲOCT䵤 g[UHN~D!qbwy~@0GW吜ZC=?rjm_wg=z@(O$ ؑq eީӊN|u +ɅNo՗W3k{R̵j 2aє{`ֳs@לπ(|s9xf"64NlyWy#KxESrcW}V7ʳ/q!~<,?4nڈbveO5i^~&-_ |1$?[Н>u?y{do&=)sǣAlΜu9obJwfk6rO0#ݥoR8oi{޽Ҿ2CWq :i)`*9$DhHn e_"2NIJn/:L9zdM#}%3 =яki^x̠tg[f1vfGP >I>]bwP;_zŞYiIu/K\-"Pn'ZZ|W%0.ց_'2>6,ɺKehQsG-K&~T̼'!f> X -P>ڰBol[SD>{:MPY=ӨEVɇ3:Ց,t =׈ǎÎJP/ıDZsD"c>PCo{r4MZ<#iぜ <;17^5-qZg yv1uB#^e‚%g?Bn*z92;-6zɄY8nKr,OZ9#1t[hq<9s##6K2l`ܹ*h@niu> d7ékJ%f¡(`+aYf`j9'Տ֙vV#uI+qKMb+fs&1%KR$]qV#q/.+q=tOnI$`9U j)N4DNr1"$wy*7 J'rLydʧ} )cE`Qԗu λ$NX(z4ID+J4Z)1Z3^"fQyDTH `UY,y:HZ "w0BT$w{>)n o)rM,**5PАs6V4m "C2]@0IHKM[bS=漒(xy4 e!bLOi7C! Z M @D K)Q@)-k)k_"xYz}^u7 EIQ%g2T{.tr@"oz<m{+ƌ@}ClD\x]) 7vgWV+jZtm_I0٢Yd!_1TdK0oBaV>|!I_ H[%b3W^O BƸm͝ا,1ږ}/>, Oc2J1plҙx[*s&x?*Vep#  @QB$ WV/I*S+;]MRaTKHXj=8AjET(JlI=$ $a I_=oV9 HB&cDW ƅg0Ա  m sLX@&}8qP$Χ(ABZlscj;1RI)lH7CO9|Ksd]V,X5;W%L"B@h@&$^R]i-$@cۚj+gpK׻sšԀgggg{vUT>߳뫗pn\u"% 锺-s4Crx9 {g[}箨'~ƣUqўA%NU+s‰y ћxn z,br4q xvk甧hs@Ɠ_ݒ^-aܹ.N_!<3AA߉ҥ.rV SAuqߘҙIbHC"f>/D/C;K-6HVsfi>H삥}o oMo~%#e6-ǹݺ.>Sk.O= a0iP_$8AR%]'0__x!E{&-]/C`9&9&9&9&ndP.U6tp Fgd@YʧL{!W{Q#5ݏ%.){=mJ~>J:wXJ㺸<87 )X $s1O1micˊ['a(P۟{ͳ:#s0_(?n%z-+{n T\nrGu_j1*><I>i@B_h~:qt.ecG\Z&_rV[͹r$|9MzC9uK|xl oĮd|Sljzw<4%a/AC؆f,Ҟ1m-Xn\ұBRQ¦/2DċUH.F7\7f0gagkm,~t7Cb+gP)=h%$GuI0kF>A.WҦW{2ns9~:nYN_WH)&T v<\͋xc&m QN=6[7o$?vj}c!嵙vm{{ŷi7`W۲:pX%E٪0m-m,љsGW*eɳX -}-%cw>-x=Kv4C2ĆQa+I錃qlrGJߙXgL4skxN([ 0G7{D/2rpB Ӯ\:=_}"|MsLE ~n>^"ҶE8e^첦e-'I4b'ݴ͟X,hELVÑBu}ų Ta t PCᅽ>wƝ!^9<œ3cT<8I B(lGhF]i826lAˢ^"'̉NssJ(aZ&OӘ4>(C^PB^]’M=1I>r1ꚚrMl @ˆ~MZC O]c)I5ˋAE! :.mͤ<؎7ӭÌa8FSYhT!ncbj\.iU,VzVdqK2&/ #zPWwƌ7FSj9椷 G]#DTtHU) &G`/~ŨtYM13цX50yfBpdn&~iXp>H':t=jh DѤJd mYP)ϑVPJj\=rC;u_8ZՔV-`{tȊ*=AR`J5rủH#BOK.kXGl7̋1#JZP-0o鞵>qX*l EL|ۜ",G J6_K~G tpr|w\ۭ5ɓ>KB4X>k_ 㽻Ԙn% Dhc办vxҙ H۠[*н"%&hP1~"js{-f1쎱2OR+ 6Ƕl[vi|D_A Rd 3]smS? S\:2uxG*%_Dx}%rk1f= GrMu4wt1І0#ZNHx J;#4ƿB< Ec&SO L%& J!47\CP |@WC7R(?hUeQb+Y!kb;ҁ<+qܒ:ir _T|L'`߄7h>8 :{ᛂrPZ-]F/|T0/b=#-񸐤#f< wz̥7f?= .!N8_ǃ"Ba=X :>IoHlL]U# `xMI(FV~h/ew[= dR/9k5'ւ]͢d,~/ؙSR%WùA|]!'vQ]Q sXTfF`6^EP00a|Lo?gQPOnΆs&pf,yǥ}-AG,G71=` ?v^.usx\jHA$Ѕ:y,@#!9ωkg1#mu;5G@h),f,TՊR &uU !2,=VR\<>;AguUp VH+^@03:%H? &O=lFLnyuuuI]Zwrݾ귻uѽ#L֚_ԝe}5Lfbv>L5m^kLJy22 gN)sC9,jO6W#\]drxixɎ(ah,.63u{$G(%lGyї51oLl+s=VeS+?gg:^.9q Χ6~V CpXmn$!>E.Z'}ҽlIJ/6//2?@_k(\~NmfwQ\~ 48me@3Y}CgG(k7OsiF9?ϴ/3ʡz埡 fF'c|:'dv2t2;w?;d'eSF9g QށNF9e^\f%eu݌wAt3OK7C\\e5u^=@?6_SV9)O@Orߛ o2ڿ\'I73y S*Rq/2苬+ OY射<(Ay>++P/nt3 ث : 3/z^}NV&/ir]!,.5PUZk /Y[3ݴ6q  ۓ{ݯ\pmঠϻH^-AkOW}:exvY^][j7m!ϋ1y}³2SwفGhߚD,'y e%Hi_1\-n>_Q?f(Au̞^ebp|b^`,}Uq< 9sYu8% HMԳpNR?Ѱs3@z:}K=s~o8uc0L ;J墦 V˕R;~O+F"ð""C& UMVYI0ZYrF(RB4|O۴W)]7tCsc<{+4аY-}"z5~L@NL6"ϻ/cA6of)3^8,{|y؛ގe@7 J,5{3ЫD@.^[s/7q) ?dD:G鴓q8D#ӄwY!DӸf\z4}z<(nX?P3G)b|337dLdp!gB-Kt!PeD˦U$B`G:՞/snnu–'*F;B.NkuErly0%63wH P,cV}#"0 ;VWӄ.󡟼w3' " n+Q^ULZDAi=@Z#i^zIcYq^3LIvm4ux >}r 1-֠}ֽFӴFo"9ţ:a2PƋћ7ZԘP.{?I|nHHU֧f2{M{:з57d([|ӽނ4ܨNAeVb0yM&Ԋp ?dtE#b[p!@>pEg*QTD KQ)Ybd㜙/-rxgsgx*LWvm:yDt[] D heӵxv'k$~El=fu{+Wrcdk{f:ePeXl'!Rk+Wei$ցi>ΈRnãōGXǸ׭[ [+ qy6` <Щ0D\bXe܌1GtD]hT[)**S6 9/ߵS3pݼ®"vyXA\gX3' ȱ ya1 g{y{~kC'> ksxuz!}őYX&7ę /O C7Ѱ0 L{,luEG%RRNCa 0F :p2 19.OxI1%h3l䣈mAb?ŕc),]c1}p1LX+0_mkASsLeU|tCGYEL`&;]+N%t&ж?8acT 1L(_<,RYדWv!{Zq΋|E>WNENE<<Sf}')VSL_Xџ_,P>I*g\`͓ﯻ/OhI:VH]5OOۗ񲞽P7v r9̳`bhPlQWVIGv3HZ\֓Rvᷮ g۲M*d.%rR⚫W+EiQ}&' CfZ܄;66BKFslx61kav)