General Motors Corp., has played a key role in getting Microsoft Corp. and Sun Microsystems Inc. to cooperate on cross-platform identity management. Fred Killeen, director of systems development and chief technology officer at GM's Information Systems and Services organization, says single-sign-on capability has been the automaker's top priority for the two vendors. Without it, GM would have to turn to a customized and likely costly solution. Now the two vendors have detailed a single-sign-on specification and said the new capabilities will likely appear in products next year. In an interview with Computerworld US, Killeen explained why this effort is important.
What input is GM having in this effort by Microsoft and Sun? GM was a big driver in pulling the companies together; we have a large infrastructure of both [companies]. GM was represented on the technical advisory council as one of the key customers, [telling Microsoft and Sun], "You need to solve this problem for large customers."
To what degree have users been frustrated by the lack of interoperability? Clearly, as users, we would like to have our life simplified, we would like to have fewer IDs and fewer passwords. So I think from a GM perspective, we really view it as a security component as well, because the more IDs and passwords you have ... users tend to write them down, and they tend to put them in places which, in fact, actually make you less secure than more secure.
Do the specifications solve the problems, or will it depend on what's included in the products? The components that will be helpful for us [will be] putting the federation capabilities in the Active Directory environment and being able to do that in a compatible way with the Sun identity management products.
What will federation accomplish? There [are] two ways you can do it. One is fundamentally an external federation. How do we integrate with other partners, like we integrate with Fidelity [Investments]? The other piece is ... we will probably split the organization into multiple domains [and] do some federation within the company.
In terms of identity management, what impact will this have on cost? Do you have an estimate? I don't think we know enough yet. Certainly, there are lots of estimates on percentages of calls to your help desk for password resets. This isn't going to make all of them go away, because you still have lots of other applications out there. But it can certainly reduce them. We believe it can help reduce our help desk cost and help reduce some of the access management requirements -- how do you acknowledge that you added or deleted users? It would integrate the identities there. If we were going to integrate as is, because we're in an outsourced environment, we would pay a supplier to develop these interfaces, maintain those interfaces over time and refresh them every time these suppliers upgrade their products.
Sun and Microsoft also want to improve management capabilities of their systems and make it easier to write applications that run in both environments. What's your take on their future plans? What do you want to see them accomplish next? I can't speculate on what they are going to do. [But] I think they are not done with identity management. I think we need to continue to drive this [and] look at the integration issues and how you pull these two environments together. Down the road, I think the other technologies that they have talked about are great opportunities, but at least for right now, this is the one that we highlighted, and I think we want to make sure that we drive this one to closure.
Are they moving fast enough for you? The challenges are a lot of these things get tied to release cycles that they have for products, and I think that's some of the constraint. If we had our choice, it would be great if it were done today.
Should people still be skeptical about how this is going to unfold? I believe, based on what I've seen, [that Microsoft and Sun] are committed to it. They've shared how they're working on it. They have engineers at each others' sites; they're participating in each other's conferences.
What would be a nice time frame to have single sign-on deployed in GM's 1 million-user environment? Yesterday -- [but] I think, quite honestly, it will take a couple of years. If you think about the size of a million users, just doing some of the data cleanup and reconciliation that it takes ... it's going to take a little bit of time. Certainly, we want to continue to be aggressive and drive this hard. We're doing it incrementally. Virtually every day, every week, we're working on what the next step is to keep getting us closer to it. So when the capability is there, we can turn it on.
If this cooperation effort by Microsoft and Sun were to somehow unravel, what effect would it have on your systems? I think you can do it; it's just a question of custom integration. There are no standards, you maintain the ongoing cost of the interfaces and development, and you lose the leverage out of what they could bring to bear. I think you can do it whether they have the relationship or not. What we're saying is that our problem is not unique. Anybody that has Sun and Microsoft out there in the industry that's using it, they need this, too. This is a big customer need that's out there. -- Computerworld (US online)
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.