In Search of Network Security

The challenges of managing a user's network identity and multiple, disconnected identities scattered across isolated Internet sites took center stage during Wednesday morning's keynote at the InfoWorld CTO Forum in Boston.

Simon Pugh, vice president of standards and infrastructure at MasterCard and a member of the Liberty Alliance Project's management board, offered personal and professional perspectives. Pugh broke down misperceptions regarding Liberty and Microsoft Passport, the role of service providers with federated identity, and the uphill climb policy faces to satisfy network-identity demands.

Pugh said he learned the hard way how malleable an online and electronic identity is when he was forced to start a new identity from scratch after he moved to the United States from the U.K. a few years ago.

"All my records I built up [over a lifetime] in the U.K. didn't mean anything in the U.S.," Pugh said. "It's a network world, and more and more people desire to interact with services and remote services and networks...managing those identity services in a distributed fashion is an extremely great challenge."

Different Approaches

Among the top hurdles facing Pugh and the Liberty Alliance is educating users about the distinct differences between Liberty and Microsoft's Passport authentication system. The MasterCard executive portrayed Liberty as a means to allow products to interoperate with one another and to offer federated services and products featuring a set of mutual specifications.

Microsoft's Passport has been criticized by some as a potential single point of failure for holding identity information in a central repository. In contrast, Pugh pointed toward Liberty's mission to see a small collection of ID providers and relying parties, such as service providers, build a network over time to support a true federated ID model.

Pugh said existing relationships between customers and their vendors are not expected to change through the Liberty Alliance's work. In fact, such relationships are expected to play a major part in managing and navigating network identities between interoperable and authenticated connections to receive "unequivocal acceptance."

"Clearly members of the Liberty Alliance are there for pure self-interest. No one shows up at standards meetings from pure altruism. There's also a goal to lead relationships between organizations," Pugh said.