Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Liberty Alliance: Federated Identity Ready to Go

    By
    Anne Chen
    -
    March 29, 2004
    Share
    Facebook
    Twitter
    Linkedin

      As president of the Liberty Alliance Project, Michael Barrett is charged with shepherding the organization as it works to deliver open specifications and frameworks for federated network identity. Barrett, who is also vice president of information security and privacy strategy for American Express Co., said 2004 will be the year federated identity management proves its more than hype.

      eWEEK Labs Senior Writer Anne Chen recently spoke with Barrett about the challenges facing federated identity deployments, Liberty Alliances priorities three years after its inception and American Express efforts to secure its own Web services deployments.

      Liberty Alliance has been working on federated identity since 2001. What are you focused on today?

      The theme in 2004 is … ensuring that any barriers to adoption around federated identity management are removed. Theres always a gap between the leading- edge companies that play with a lot of the technologies and the early adopters, and our goal this year is to close that gap.

      Were spending most of our energy doing things that are needed to help companies deploy federated identity while continuing to build on the foundations. Where in the past we built infrastructure specifications, were now building actual services specifications that write upon previous specs. Our focus is in ensuring that we knock down as many perceived barriers as possible.

      What are some common misconceptions surrounding federated identity?

      One example is that people think there are no products out there. The Liberty Alliance has dozens of products on the market.

      I saw something recently that said the Liberty Alliance specs are not stable. Weve had these specs on the market for nearly 18 months now. You have to keep educating. Were seeing implementations, and our expectation is that within a few months, there will be a fairly large number of implementations, which is one thing that really encourages the early-adopter crowd.

      You have said that youre working on convergence between Libertys IDFF (Identity Federation Framework) and SAML (Security Assertion Markup Language). Can you describe some of the work being done?

      The Liberty Alliance owed a great debt to SAML in that it was the technology that we most heavily relied on. I wouldnt want to minimize the implication that SAML had on our first family of specs. We are very conscious that we didnt want to see any kind of schism in the marketplace. So rather than seeing two diverging specifications, we submitted IDFF as the basis for SAML 2.0.

      Why did American Express join the Liberty Alliance?

      If you set the clock back to late 2000 [or] early 2001, XML was around and SOAP [Simple Object Access Protocol] was around, but neither of them was finalized. Web services were understood conceptually, and there were enough tools around where we said “this stuff looks promising.” American Express has a number of services we offer to customers. We have a proprietary application system we built ourselves that manages our Travelers Cheque inventory. When a Travelers Cheque is cashed, its recorded so that system manages the life cycle of Travelers Cheques.

      We went to a couple of partners and said, “Were interested in Web services. Would you like to work with us to build an implementation of this check system?” The problem at that time surrounded security integration problems.

      We felt the business promise of Web services was justified, but security was a problem. Problem two was, whenever youre transacting commercially, most transactions are authenticated. There was a hole in the standards set that didnt address identity.

      We joined Liberty Alliance because we needed a solution to identity-enable Web services transactions.

      How is American Express using Liberty Alliance frameworks and specifications today?

      Broadly speaking, our deployment can be characterized as multiphase. Were trying to do foundational work … to minimize the business issues but give us value so that we have a learning exercise for cutting our teeth on the technology. Its the whole walk-and-then-run concept.

      For corporate cards, corporate travel, etc., a number of companies … say theyd like [our] services to integrate with an employee single-sign-on portal. Essentially, they want employees to come to us and have us trust their identity. And they want us to do this without a proprietary solution.

      We know some of our competitors are starting do to this. We know that if we attempted to stay proprietary, wed start losing deals and become noncompetitive. Even if we thought using open standards like Liberty was a bad thing, wed be forced into doing it.

      /zimages/2/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
      Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

      Anne Chen
      As a senior writer for eWEEK Labs, Anne writes articles pertaining to IT professionals and the best practices for technology implementation. Anne covers the deployment issues and the business drivers related to technologies including databases, wireless, security and network operating systems. Anne joined eWeek in 1999 as a writer for eWeek's eBiz Strategies section before moving over to Labs in 2001. Prior to eWeek, she covered business and technology at the San Jose Mercury News and at the Contra Costa Times.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×