Australia's largest telco Telstra has lifted the cone of silence on the deployment of Linux over its desktop population in a trailblazing speech by its national manager for security architecture Michael Warner to an identity and access management conference in Sydney.
Speaking to a room of IT corporate and government security managers about the way Telstra intends to focus its identity management strategy, Warner pulled few punches as to the direction the telco was moving:
"Moving to a Microsoft-dominated environment [resolved] a lot of sign-on problems, but it does put a lot of dependency on the one vendor and the one platform. It all [raises questions] about all the noises around Sun ONE and Linux desktops for Telstra staff," Warner said.
He then offered a cautiously diplomatic revelation of the view from Collins Street on Web services.
"Our CIO is generally… um… [he] doesn't typically seem keen on that focus of [a] Microsoft-only environment. That's another area we need to look at. How do we provide single sign-on for non-Microsoft workstations on Microsoft Web services?" Warner asked.
The public flirtation with penguin business was served up with an appraisal of the challenges Australia's neither public-nor-private telephony behemoth has inherited from being a treasury cash cow and a community communications safety net. Warner could say nothing about how past information architecture decisions were made, so he let the statistics say it all for him, and it hurt.
"There are well over one thousand different internal mid-range applications that various staff, and departments access. And a plethora of underlying systems and platforms . . . mid-range systems to mainframes to windows boxes . . . Then there are different organisational groups responsible for maintaining those, [which] provides another angle on all of that…and then [there is] the integration of all of that."
The growth of the Telstra system over almost a century also provided a range of inherited headaches. IT and ID systems face having to provide multiple identities and services for a single account number for businesses and households, necessitating ad hoc solutions like forced entries into the HR or billing systems just to keep the show on the road, with little regard for identity management issues.
Again, Warner called it just as he saw it.
"In the customer space, we're either a whole lot better or a whole lot worse. We have a unique customer identifier number for telephony customers, and that maps well to a lot of the attribute information about them including all of their accounts and services.
"For our ISP customers, again, we have unique identifiers, but they bear no resemblance or mapping back to the customer identifier numbers for telephony type services. All of those applications have, I guess, grown up in isolation, and have gone for the easiest, quickest service approach [available to them at the time].
Warner also revealed that PKI certificates killed off non-corporate customers. "From the start we used digital certificates . . . and really, the pain that we experienced with that [has] meant [we'll be] moving away from that. Still, we have around four to five hundred thousand actual users registered. A lot of the focus of that activity has been on identifiers rather than understanding the complexity of . . . [user] attributes underneath it that actually provide the value," he said.
Telstra's circa 1996 smartcards for executive staff will also get the bullet due to escalating support costs, Warner said.
The best, however, was left until last. After explaining the many successes single sign-on had in welding disparate parts of the enterprise back together came the Warner's objectives for the future - and a few home truths.
"In terms of major achievements, we do have single sign-on across a broad range of applications . . . Those thousands of legacy mid-range systems are still a problem. There will always be legacy users, you have to be very flexible; you can't afford to try and build [a solution that is] all-singing, dancing and will solve world hunger . . .
"Finally, getting away from the proprietary Microsoft-based systems and looking at how we can provide Web-based single sign-on that's much more technology neutral."
Well, someone had to say it.