BT is experimenting with a federated identity management system that could be rollled out to its eight million internet users and corporate customers.
A commercial version would allow users to identify themselves for websites and applications and other users to access data, do work and transact business, said Robert Temple, BT's chief security architect.
Using CA's Siteminder software, BT is giving internal staff web access to applications such as Peoplesoft, Siebel, Oracle Financials, Citrix, an XML gateway, and a voice-verification system from Persay.
Temple said the company's intention is to provide managed user identity as a "common capability" of the kind relatively common in IT but rare in telecommunications.
Temple said BT runs 32 discrete different networks. As a result it has too many Radius identity authentication servers. Learning how to consolidate how it manages user identities on all these networks is the only way it would be possible to extend similar safeguards to BT customers, he said.
It has opted to use the Liberty Alliance's Security Assertion Markup Language (SAML) 2.0 standard for federated identity management. However, it has proved hard to find external contractors willing and able to help BT as most were familiar with earlier versions of SAML.
Temple noted that relationships between BT and organisations sharing its federated IDs were plagued by lawyers and contracts. "In the end, we asked the lawyers politely to get out of the way as we knew what we were doing," he said.
Temple said this was not to minimise the legal issues, which required partners to spend a lot of time building trust in each other.
These lessons would help to reduce the learning curve for user organisations when the time came for them to make more use of the web for business applications, he said.