The Continuing Evolution of Directory Services
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on Mar 16, 2008
Jackson Shaw recently wrote "The Meta-directory is Dead". This post seems to be sparked by HP's announcement that they are leaving the identity management business.
However, saying "meta-directories are dead" isn't news to anyone paying attention. The concept of a meta-directory is that you can copy all of your identity information into a single repository to be used by all applications. However, that isn't practically possible - it takes too much time, it's too inflexible and you always run into regulations or internal politics that work to prevent it completely or delay it for years.
What hasn't changed is that the problem that the meta-directory was trying to solve hasn't really gone away.
The fact remains is that for good or bad - LDAP is still the easiest protocol to integrate with for authentication and authorization - in particular for off the shelf applications. And all of the new(er) standards like SAML, Liberty and XACML all build off LDAP directories.
But the trick is that the identity information is often contained in something else and you must be able to bring it together dynamically. That of course is where a virtual directory like Oracle Virtual Directory comes in. And because the source data stays in its existing repositories - it's much quicker and easier to deploy.
Additionally more and more organizations are finding themselves in the situation where they need to store the identity information for customers, partners or vendors as they continue to move more and more business on-line. Or perhaps they already are on-line but because they are integrating with new systems like mobile phones - they need to store additional context about that account.
Thus you may find needing to manage very large amounts of directory data - that Oracle Internet Directory can do very easily on less hard-ware than competing solutions.
Plus we're working hard on achieving that identity "dial-tone" Jackson mentions. In terms of reliability and performance - we are already there but with 11g we will raise that up another notch.
In particular I think we are making significant improvements in further simplifying configuration and operational management of directory services.
Finally Web Services is definitely a hot topic around these parts and it's something we are investing in as well which I will share more about in the future.
* Everyone benefits from having a single point of contact for identity information
* Virtualization of the identity information simplifies the deployment of that single point of contact and improves on the investment of existing systems
* Most organizations will see an increase in the need of manageable, scalable, secure directory storage