Jackson Shaw | Directories and user identities

 

Connecting state and local government leaders

GCN Interview: Quest Software's Active Directory guru discusses the future of identity management.<p></p><p></p>

I moved to Seattle from Canada to work withMicrosoft, and the only thing I knew was that there was a ton oftraffic in Seattle, so I told my real estate agent to find me aplace that I could get to the office from, and that is how I endedup right there. I still spend a lot of time on [Microsoft's]campus. I interact quite a bit with the product groups, and we havean actual office presence on campus. Quest helps you get more from the various big vendors. In alot of cases, the tools that you get from a Microsoft or an Oracleor [another] large player may not be enough to do all that you wantto do. Or they are not as efficient as other ways you could do it.What we specialize in is building products that allow you to getmore from all those different tools. The Meta-Directory was a new concept. In the old days,when you synchronized two identity directories, you'd takeall the information in one directory and put it in the other andput all the information in that second directory back into thefirst one.

Jackson Shaw, Quest Software's senior director of product management

It's not surprising that Jackson Shaw lives across the
street from the Microsoft campus in Redmond, Wash. His fortunes,
along with those of Quest Software, where he is a senior director
of product management, are tied to the software giant. In the
1990s, Shaw worked for a start-up named ZoomIt, where he helped
develop Meta-Directory, software that reconciled the contents of
two or more directories. In 1999, Microsoft purchased ZoomIt and
rolled Meta-Directory into its then-budding directory services
software, Active Directory. Shaw stayed with Microsoft until 2005
before moving to Quest, where he is a leading expert in Active
Directory.


GCN: First of all, how did you end up with your house across
the street from Microsoft, and does this allow you to gain
competitive intelligence about the company?


JACKSON SHAW:






One of the primary advantages of having an office on campus is
that it shows to Microsoft and to customers that we have a very
strong relationship and a pretty serious commitment to Microsoft as
a partner.


I don't know how much we pay for it, but to have a
presence on campus you'd have to pay a fairly significant
amount of money. And for us, the investment is worth it. We have
other employees located on campus working with the product groups
and having discussions with the marketing people. So it's
still convenient for me to be quite close to Microsoft. I have
enough interaction to make it worthwhile.


GCN: What does Quest Software do?


SHAW:





Let's say you need to update Active Directory with
people's mobile phone numbers. The only way that can be done
is if the administrator has to change that phone number for you. Or
the administrator has to delegate that capability to someone
else.


The problem with that is that the administrator doesn't
have time to change everyone's phone numbers, and even if you
delegate it, how does that person have access to that [function]?
So we provide a Web user interface that will allow end users to
change the phone number. One click and it is done. And we have
templates so that when someone enters a phone number, it will be
normalized [to the phone number format].


So we provide all kinds of different tools that are basically
additional capabilities over and above the Microsoft tools. Active
Directory was built for interacting with Windows clients. We use
Microsoft industry standard application programming interfaces to
allow Unix, Linux and Java to integrate with Active Directory. This
is not something supplied by Microsoft, but by their provision of
APIs, we're able to provide [added value] on top of that.


GCN: Have you been surprised by the widespread use of Active
Directory?


SHAW: In retrospect, we shouldn't have been
surprised. But [when Microsoft purchased ZoomIt], Active Directory
was looked at by a lot of customers as something that they just
didn't want. Why would I want to have this Active Directory?
It was literally a forklift upgrade. It was a very expensive
migration for customers.


But I think the thing that surprised me the most was that after
the first couple of years, you could really see that there was this
big tidal wave [of use] coming, because of customers starting to
really see how much benefit they would get from having a
distributed directory. So in retrospect I'm not
surprised.


In the first couple of years, it was tough, because there just
wasn't enough expertise out there. There weren't enough
people who knew about it, and there weren't enough
deployments. Now what is rarer is to find a customer who
doesn't run Active Directory. Today almost 90 percent of
companies use Active Directory in some form.


So I feel particularly privileged that I had the opportunity to
work on something that went from literally nothing to the majority
of companies using it. It was an exciting time for me.


GCN: What was the idea behind Meta-Directory?


SHAW:




The problem is, you'd have 10,000 people in one directory
and 10,000 in another, and they'd be the same 10,000 people,
but you'd have 20,000 entries in the directory. In one
directory, I was Jackson Shaw and in another directory I'd be
J. Shaw.


The company we first did this for had 70,000 employees. And
after the first day, we turned on our software, they had a quarter
million entries. And nobody knew which J. Shaw to send e-mail to.
So people would send email to all the Shaws. So their e-mail
[system] fell apart.


And this is when the light bulb went on for a number of us
' we should do more than solve a directory problem. So that
is how the Meta-Directory came together. We could anchor the three
directories together and just move the information they need from
one directory to another, not move everything. So that turned into
the industry we have today with identity management and identity
life cycle. That's where it all came from, basically.


GCN: Trying to assign identities, attributes and rights to
individuals seems like a problem.


SHAW: Exactly, and that is a bigger problem now because the
Internet has really taken off. Nowadays the problem is 10 times
bigger. I have a banking identity, a 401(k) identity, a stock
account, a health provider's account. The privacy issues
around how you hook your identities together and how to disclose
certain information to certain providers is a very complex problem
that a lot of people are working on.


The interesting question for the future is how [as an industry]
will we manage all this. I got a letter from my bank saying my
credit card has been compromised. Now this is the second time this
has happened to me, so they are sending me yet another credit card.
That's the type of problem that costs people a ton of money
and costs the industry money. I think that, in the next five years,
solving those problems around identity will be critical for
e-commerce. If we continue to have break-ins to the point where
people lose their ability to do Web transactions, this will be a
huge cost to the industry. I like using my credit card. I
don't want to carry cash.


I'm not sure what is holding us back, but I'd sure
like to get to the bottom of the problem.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.