Monday, July 07, 2008

A clueless manifesto

A big tip o'the hat to Jeff Bohren for drawing my attention to this note from Alex Karasulu of the ApacheDS project. Now remember, he's working on a Directory Server project. Yet he says:

The VD [Virtual Directory] implementations of today like Penrose, are just hacks without a formal computational basis to them. People trying to get a product to market rapidly to sell a company. We intend to enable virtualization eventually with a solid footing in the LDAP administrative model using this concept of a view. Views, as well as triggers/SPs will enable new ways to easily solve the problems encountered in the identity space. As a teaser just think what could be done in the provisioning space if AD supported triggers? Real technology will yield solid reliable solutions instead of these band aids we’re seeing during this identity gold rush.
Too bad he's not aware of Radiant Logic, Symlabs and the Oracle (nee OctetString) virtual directories - all of which have been around longer than ApacheDS and all of which support triggering mechanisms either through straight SQL or through policy implementations. They're pretty good with "views," also. I'm still looking for that "trigger" mechanism in the LDAP model!

Labels: , , ,

When it comes to Triggers functionality in the LDAP world, I think it's worth mentioning one Directory Services technology that has been providing this 'functionality' for literally ages, and that's Novell's eDirectory.

eDirectory is just about the only Directory product that provides an Event mechanism, in that every change to the Directory provides an alert, to which applications can subscribe. In fact, Novell's Identity Management product relies on that (eDirectory being used as the IDM database), and provides "Event driven" IdM actions (workflows, provisioning/de-provisioning, etc.)

Ofer Gigi
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]