In 2003, the company launched a pilot project that integrated various internal and external systems. The proof-of-concept requirements included validating the ID-FF 1.1 specification and building a model production environment using firewalls and proxies as well as the Internet. GM, along with Workscape Inc., the Framingham, Mass., company that manages MySocrates, worked with GMs 401(k) provider on the federation project. Because MySocrates was built using Sun Microsystems Inc.s Sun ONE Portal Server, GM and Workscape decided to use Suns Java System Access manager, which supports Liberty Alliances ID-FF specification. Sun is another founding member of the alliance.Jackson said federating identity for the portal was easier, in part, because GM used the publicly available Liberty Alliance specification. "Since youre both going through a publicly available specification, youre both talking the same language as youre doing so, which simplifies the issues," Jackson said. "It also abstracts the simplification of our site to your siteregardless of the identity solution youre using." GM is fully deploying federated SSO for 70,000 users of its employee portal. While Jackson estimated the technology should take no longer than two months to deploy, he said legal and business issues may cause the project to take as much as one year to complete. For example, GM still needs to work out what will happen if something goes wrong during authentication. "There are issues around the business that still need to be resolved," Jackson said. "But these issues are not limited to General Motors. They affect any company trying to federate identity." GM is looking at other services it wants to enable using Liberty Alliance federation. Because the automaker has systematically outsourced business processes, Jackson said it makes sense for it to federate with as many third-party providers as possible. GM units have built systems using a standard set of products, but each has its own solution, such as a portal for the engineering division and another for manufacturing. Because of this, Jackson said, federation may also be handy internally. "General Motors is a big business to run globally," he said. "Rather than try to build one large infrastructure for the entire company, it may make more sense to federate." Senior Writer Anne Chen can be reached at firstname.lastname@example.org. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
The pilot enables users to log on to MySocrates and choose whether to opt in to federated single sign-on. Users who opt in authenticate just once to the portal, then can access their 401(k) information and other data without having to reauthenticate. To provide a seamless interface between MySocrates and the 401(k) providers Web site, GM chose to use JSP (JavaServer Pages) technology.