SAN DIEGO - Long thought of as a place to manage end users and organize lists of employees, the enterprise directory is quickly evolving into a platform for e-commerce and a key technology for use with XML-enabled applications.
Find out about the status of the Directory Services Markup Language.
That evolutionary process and its importance for enterprise users will get a thorough examination this week at The Burton Group's Catalyst Conference in San Diego.
IT executives will get a peek at new products from several vendors, including Netegrity and Oblix, that are designed to help firms securely expose their directories to outside users. The directory is key for controlling business partners' access to applications and data, which is a pressing issue among IT executives building e-commerce relationships.
They also will be looking at the Directory Services Markup Language (DSML), an XML specification introduced at the conference last year to great fanfare. The now emerging DSML 2.0, which will be put on a standards track, raises hopes of XML and directory integration, along with concerns over fragmentation of directory access standards.
"The directory has popped up a level in importance and the question now is, 'How do we leverage the directory to build electronic commerce applications?'" says Jamie Lewis, president of The Burton Group, a consulting firm in Midvale, Utah.
Controlling net access
One of the conference's key topics will examine the directory as a platform and explore how to use it to control access to internal systems by potentially thousands of external business partners.
"Access management is the hottest topic for us right now," says Harold Albrecht, chairman of the Network Applications Consortium (NAC), a user organization with the goal of improving interoperability of applications in heterogeneous environments. "I don't want to poke a new hole in my firewall every time someone needs access to an internal system. I need a more flexible way to manage external users across what have traditionally been rigid enterprise boundaries."
Albrecht says the directory is the foundation for solving the issue. In March, the NAC began developing a general-access management model for its members.
Those members will get a look at some new access products this week at Catalyst. Netegrity plans to unveil its Delegated Management Services (DMS), which lets companies delegate user administration to business partners. DMS lets partners manage only their portion of a host directory, deleting and adding users and assigning access rights within a set of guidelines.
Oblix will introduce Web browser-based software, dubbed NetPoint, that lets IT managers control the authentication and access of trading partners and customers to the company's extranets and Web-enabled applications. NetPoint lets customers subscribe to a host's extranet and add or delete user accounts and passwords for its employees and manage workflow processes.
In addition to access, other key issues will find prominence at Catalyst, including DSML 2.0. A year ago at the conference, e-commerce vendor Bowstreet introduced the 1.0 version with backing from Microsoft, Novell and Oracle, among others. Version 1.0 was limited, providing only a description of a directory's content. DSML 2.0 promises to add query and modification capabilities and the ability to manipulate directory data, a critical step allowing developers of XML-enabled applications to add hooks to a directory.
The Organization for the Advancement of Structured Information Standards (OASIS) has created a working group to put DSML 2.0 on a standards track. A draft specification is expected this fall.
"DSML 2.0 is more transactional and opens up a whole new arena for XML apps to use the directory," says James Tauber, director of XML technology for Bowstreet and chairman of the OASIS DSML Technical Working Group.
Many vendors, including iPlanet, Radiant Logic and Sun, will use Catalyst to demonstrate support for DSML. Radiant Logic plans to introduce Radiant One 1.5, which supports DSML 1.0. The software is a "virtual directory" that has an intelligent cache to accelerate LDAP-based access and modification of back-end database information.
But DSML 2.0 is raising some questions as XML and directories continue on a course toward convergence.
Observers are concerned about the overlap of DSML and the Lightweight Directory Access Protocol and whether LDAP, XML's Simple Object Access Protocol (SOAP) or both will become the protocol of choice for accessing a directory. LDAP isn't particularly suited to traverse corporate firewalls, while SOAP is designed just for that purpose.
"The concern is over the ability to get some sort of universal agreement," says The Burton Group's Lewis. "DSML should provide a mechanism that is protocol-independent."
Lewis says with many hands in the DSML pie, including those of OASIS and Microsoft's BizTalk.org, and the speed at which XML efforts are moving, the possibility is high for fragmentation in creating a standard set of XML tags to access the directory.
Lewis says getting a single standard is important to provide developers a simple mechanism for building directory support into XML-based applications without having to use low-level programming techniques.
Scoop: DSMLOne of the latest additions to XML is DSML, the Directory Services Markup Language.
DSML 1.0 provides a standard way for applications to read directory content. More specifically, DSML offers a common way to represent directory schema, the language used to describe a directory's content.
The schema of different directories and even specific deployments of the same directory uses different tags to identify chunks of directory data, called objects. This makes it impossible for those directories to read each other's content. For example, one directory may use "Telephone" to label an object attribute as a telephone number, while another may use "Phone" for the same purpose. DSML would provide a standard XML tag, for example "Tele," to define that attribute, allowing directories to understand each other's schema and share information.
With DSML 2.0, which is under development, users will have a standard way to query a directory and modify its contents. The implications are huge for XML-based e-commerce applications, which could use DSML to talk to any directory.
"Directories are increasingly going to be used in electronic commerce," says James Tauber, director of XML for vendor Bowstreet in Portsmouth, N.H.. "DSML makes it easier to use the directory in your application development."
But IT executives shouldn't look for DSML as a product; those most exposed to it will be application developers looking for an easier route into the wealth of data stored in directories.
DSML means developers won't have to use programming languages like C or Java to get to a directory, but instead can use scripting much like they use to access databases.
DSML will have to work with a wire protocol, such as the Lightweight Directory Access Protocol or XML's Simple Object Access Protocol, to connect to a directory.
In the end, the hope is IT executives won't have to worry if applications are built for specific directories as long as they know DSML is handling the plumbing between the two.
Network World, 12/13/99.
Tech Update: DSML
Details about the Directory Services Markup Language.
Network World, 11/22/99.
Sign up for our E-comm in the Enterprise newsletter
and stay up on all the latest e-commerce news.