BT is experimenting with afederated identity management systemthat could be rollled out to its eight million internet
users and corporate customers.
A commercial version would allow users to identify themselves
for websites and applications and other users to access data, do
work and transact business, said Robert Temple, BT's chief security
architect.
Using CA's Siteminder software, BT is giving internal staff web
access to applications such as Peoplesoft, Siebel, Oracle
Financials, Citrix, an XML gateway, and a
voice-verification system from Persay.
Temple said the company's intention is to provide managed user
identity as a "common capability" of the kind relatively common in
IT but rare in telecommunications.
Temple said BT runs 32 discrete different networks. As a result
it has too many Radius identity authentication servers. Learning
how to consolidate how it manages user identities on all these
networks is the only way it would be possible to extend similar
safeguards to BT customers, he said.
It has opted to use the Liberty Alliance's
Security Assertion
Markup Language (SAML) 2.0 standard for federated identity
management. However, it has proved hard to find external
contractors willing and able to help BT as most were familiar with
earlier versions of SAML.
Temple noted that relationships between BT and organisations
sharing its federated IDs were plagued by lawyers and contracts.
"In the end, we asked the lawyers politely to get out of the way as
we knew what we were doing," he said.
Temple said this was not to minimise the legal issues, which
required partners to spend a lot of time building trust in each
other.
These lessons would help to reduce the learning curve for user
organisations when the time came for them to make more use of the
web for business applications, he said.