Shell’s ID in the cloud

Covisint is now 6 months into its contract with Shell Oil for the provision of cloud-based identity management. New Energy Ecosystem uses a standards-based approach to ‘avoid lock-in.’

Last month we heard Shell’s Johan Krebbers (speaking at the SPE Digital Energy Conference in Houston) describe the migration of authentication to the cloud, leveraging standards-based protocols like SAML ( On the choice of an identity service provider, Krebbers observed, ‘the last thing you want is to be is in bed with Microsoft or another proprietary system.’

Speaking at Energistics’ 2011 Western European Region meeting at Oracle’s London HQ (more in next month’s issue) Scott Klender presented work performed by his company, Covisint, on Shell Oil’s identity management system. Compuware unit Covisint provides a standards-based solution to the issue of access to multiple applications in house, chez partners and in the cloud, from disparate users, locations and devices.

Covisint provides a ‘business to business’ (B2B) ecosystem to the automobile, energy and financial services verticals. The system has been rolled out in Shell for six months and Covisint is now working on a second super major account. Klender observed that ‘passwords are bad, and they are going away.’ This is in part driven by compliance with government regulations. Shell wants to manage 750,000 identities, many more people than just their employees. This would make alternative smart card-based solutions, with a $100/year per card fee, prohibitively expensive.

Covisint’s new ‘Energy Ecosystem’ is based on its ExchangeLink platform, a service-based technology in the cloud providing single sign-on with federated identity and trust management. Shell Oil has a diverse ‘loosely coupled’ workforce spanning joint ventures and various business partners. ExchangeLink provides rapid provisioning and de-provisioning of identity. When an employees leaves, the company can zap his or her identity right away. Audit information such as ‘which external people have access to your systems’ is now all in one place. ExchangeLink is being phased in to the Shell organization, initially with basic identity management from a single point of administration. Subsequently federated application provisioning will leverage SAML, and the OASIS service provisioning markup language (SPML—

Comment—Given that Shell was leery of leveraging a ‘proprietary’ identity system, we asked Klender if Covisint was any different say, from a Microsoft or other proprietary system. He observed that Covisint leveraged standards like SAML and if needs-be ‘we could be swapped out’. More from

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.