Jackson Shaw | Directories and user identities

Jackson Shaw, Quest Software's senior director of product management

It's not surprising that Jackson Shaw lives across the
street from the Microsoft campus in Redmond, Wash. His fortunes,
along with those of Quest Software, where he is a senior director
of product management, are tied to the software giant. In the
1990s, Shaw worked for a start-up named ZoomIt, where he helped
develop Meta-Directory, software that reconciled the contents of
two or more directories. In 1999, Microsoft purchased ZoomIt and
rolled Meta-Directory into its then-budding directory services
software, Active Directory. Shaw stayed with Microsoft until 2005
before moving to Quest, where he is a leading expert in Active
Directory.


GCN: First of all, how did you end up with your house across
the street from Microsoft, and does this allow you to gain
competitive intelligence about the company?


JACKSON SHAW: I moved to Seattle from Canada to work with
Microsoft, and the only thing I knew was that there was a ton of
traffic in Seattle, so I told my real estate agent to find me a
place that I could get to the office from, and that is how I ended
up right there. I still spend a lot of time on [Microsoft's]
campus. I interact quite a bit with the product groups, and we have
an actual office presence on campus.


One of the primary advantages of having an office on campus is
that it shows to Microsoft and to customers that we have a very
strong relationship and a pretty serious commitment to Microsoft as
a partner.


I don't know how much we pay for it, but to have a
presence on campus you'd have to pay a fairly significant
amount of money. And for us, the investment is worth it. We have
other employees located on campus working with the product groups
and having discussions with the marketing people. So it's
still convenient for me to be quite close to Microsoft. I have
enough interaction to make it worthwhile.


GCN: What does Quest Software do?


SHAW: Quest helps you get more from the various big vendors. In a
lot of cases, the tools that you get from a Microsoft or an Oracle
or [another] large player may not be enough to do all that you want
to do. Or they are not as efficient as other ways you could do it.
What we specialize in is building products that allow you to get
more from all those different tools.


Let's say you need to update Active Directory with
people's mobile phone numbers. The only way that can be done
is if the administrator has to change that phone number for you. Or
the administrator has to delegate that capability to someone
else.


The problem with that is that the administrator doesn't
have time to change everyone's phone numbers, and even if you
delegate it, how does that person have access to that [function]?
So we provide a Web user interface that will allow end users to
change the phone number. One click and it is done. And we have
templates so that when someone enters a phone number, it will be
normalized [to the phone number format].


So we provide all kinds of different tools that are basically
additional capabilities over and above the Microsoft tools. Active
Directory was built for interacting with Windows clients. We use
Microsoft industry standard application programming interfaces to
allow Unix, Linux and Java to integrate with Active Directory. This
is not something supplied by Microsoft, but by their provision of
APIs, we're able to provide [added value] on top of that.


GCN: Have you been surprised by the widespread use of Active
Directory?


SHAW: In retrospect, we shouldn't have been
surprised. But [when Microsoft purchased ZoomIt], Active Directory
was looked at by a lot of customers as something that they just
didn't want. Why would I want to have this Active Directory?
It was literally a forklift upgrade. It was a very expensive
migration for customers.


But I think the thing that surprised me the most was that after
the first couple of years, you could really see that there was this
big tidal wave [of use] coming, because of customers starting to
really see how much benefit they would get from having a
distributed directory. So in retrospect I'm not
surprised.


In the first couple of years, it was tough, because there just
wasn't enough expertise out there. There weren't enough
people who knew about it, and there weren't enough
deployments. Now what is rarer is to find a customer who
doesn't run Active Directory. Today almost 90 percent of
companies use Active Directory in some form.


So I feel particularly privileged that I had the opportunity to
work on something that went from literally nothing to the majority
of companies using it. It was an exciting time for me.


GCN: What was the idea behind Meta-Directory?


SHAW: The Meta-Directory was a new concept. In the old days,
when you synchronized two identity directories, you'd take
all the information in one directory and put it in the other and
put all the information in that second directory back into the
first one.


The problem is, you'd have 10,000 people in one directory
and 10,000 in another, and they'd be the same 10,000 people,
but you'd have 20,000 entries in the directory. In one
directory, I was Jackson Shaw and in another directory I'd be
J. Shaw.


The company we first did this for had 70,000 employees. And
after the first day, we turned on our software, they had a quarter
million entries. And nobody knew which J. Shaw to send e-mail to.
So people would send email to all the Shaws. So their e-mail
[system] fell apart.


And this is when the light bulb went on for a number of us
' we should do more than solve a directory problem. So that
is how the Meta-Directory came together. We could anchor the three
directories together and just move the information they need from
one directory to another, not move everything. So that turned into
the industry we have today with identity management and identity
life cycle. That's where it all came from, basically.


GCN: Trying to assign identities, attributes and rights to
individuals seems like a problem.


SHAW: Exactly, and that is a bigger problem now because the
Internet has really taken off. Nowadays the problem is 10 times
bigger. I have a banking identity, a 401(k) identity, a stock
account, a health provider's account. The privacy issues
around how you hook your identities together and how to disclose
certain information to certain providers is a very complex problem
that a lot of people are working on.


The interesting question for the future is how [as an industry]
will we manage all this. I got a letter from my bank saying my
credit card has been compromised. Now this is the second time this
has happened to me, so they are sending me yet another credit card.
That's the type of problem that costs people a ton of money
and costs the industry money. I think that, in the next five years,
solving those problems around identity will be critical for
e-commerce. If we continue to have break-ins to the point where
people lose their ability to do Web transactions, this will be a
huge cost to the industry. I like using my credit card. I
don't want to carry cash.


I'm not sure what is holding us back, but I'd sure
like to get to the bottom of the problem.

inside gcn

  • managing bots (Tarikdiz/Shutterstock.com)

    Bot management 101: What one agency learned from its RPA pilot

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group