CTO Forum: Tackling identity

The challenges of managing a user’s network identity and multiple disconnected identities scattered across isolated Internet sites took center stage during Wednesday morning’s keynote at the InfoWorld CTO Forum in Boston. 

As a member of the Liberty Alliance Project’s management board, the event’s speaker, Simon Pugh, vice president of standards and infrastructure at MasterCard, broke down misperceptions between Liberty and Microsoft Passport, the role of service providers with federated identity, and the uphill climb policy faces to satisfy network identity demands.

Pugh said he has learned the hard way how malleable an online and electronic identity is once he moved to the United States from the United Kingdom a few years ago and was forced to start a new identity from scratch.

“All my records I built up [over a lifetime] in the U.K. didn’t mean anything in the U.S.,” said Pugh. “It’s a network world and more and more people desire to interact with services and remote services and networks … managing those identity services in a distributed fashion is an extremely great challenge.”

Among the top hurdles facing Pugh and the Liberty Alliance is educating users about the distinct differences between Liberty and Microsoft’s Passport authentication system. The MasterCard executive portrayed Liberty as a means to allow products to interoperate with one another and offer federated services and products featuring a set of mutual specifications.

Unlike Microsoft’s Passport which has been criticized by some as a potential single point of failure for holding identity information in a central repository, Pugh pointed toward Liberty’s mission to see a small collection of ID providers and relying parties, such as service providers, build a network over time to support a true federated ID model.

Pugh said existing relationships between customers and their vendors is not expected to change through the Liberty Alliance’s work. In fact, that element is expected to play a major part of managing and navigating network identities between interoperable and authenticated connections to receive “unequivocal acceptance.”

“Clearly members of the Liberty Alliance are there for pure self-interest. No one shows up at standards meetings from pure altruism. There’s also a goal to lead relationships between organizations,” remarked Pugh.