Wednesday, July 16, 2008
Dominant does not mean all-encompassingOracle's Nishant Kaushik took some heat ("Is AD really the dominant Identity Store out there?") for not caving in to the "Active Directory is everywhere" litany. Bravo!
What some off his detractors fail to realize is that there are few, if any, organizations with more than 100 users who use AD as their sole identity datastore. Identity data - which includes not only name, rank and serial number, but also all of the attributes associated with the identity - is stored in myriads of places which can be local to the user, somewhere in the enterprise, or out in the internet cloud. And AD has no mechanisms whatsoever for getting at that data.
A service or application which wishes to consume identity data could search all possible datastores - provided, of course, it knew where they were and what protocols they supported for exporting data. How much easier, though, for the application developer to hit one datastore for everything that's needed? That should call forth no arguement from the AD-boosters - that's the argument they're using. But, as I said, AD has no way to get the data out of all of those other datastores. One thing does, though - the virtual directory.
Comments: Post a Comment
© 2003-2006 The Virtual Quill, All Rights Reserved Home