NOSes /

The need for a personal directory

By Dave Kearns
Network World Directories Newsletter, 05/01/02

Last issue, I suggested that an international standards organization should take up the unfinished work left by Microsoft's withdrawal of much of its Hailstorm initiative, and the failure of the competing Liberty Alliance to deliver anything. But what is this " thing " that should be delivered?

I think we need nothing less than a universal directory system into which everyone in the world - or at least those who are interconnected over the worldwide network - can store and move data seamlessly and effortlessly. Microsoft's Passport - and to a lesser extent, Novell's DigitalMe - pointed the way but it has two flaws: first, Microsoft is immediately discounted by many in the industry and second, Redmond chose not to base Passport on its own directory technology, Active Directory. Novell, at least, based DigitalMe on its world-class eDirectory but, being Novell, couldn't find a way to sell the product.

But speaking of Novell reminds me of another technology the Provo company started, stopped and restarted before finally stopping. Called the " personal directory " (see: " Novell nixes personal directory " www.nwfusion.com/newsletters/dir/2000/1113dir1.html) it was described as:

"Novell Personal Directory enables all of a user's personal information to be stored and managed in a [Lightweight Directory Access Protocol]-based personal directory under the direct control of the individual. It also provides controlled sharing of such information to external parties (individuals or organizations). It does not depend on an external server, but it can leverage one if it exists."

What I'm envisioning is something like the personal directory, stored and controlled by each user on their own platform, but linked to the larger, worldwide directory tree (or trees, using some sort of federated technology). Access controls - just like those on the objects and attributes on existing directory trees - would be used to determine which information was shared and with whom it was shared.

Through the use of encryption technology, the information could be replicated to one or more storage areas throughout the network so that the user could access it from any platform.

Secure encryption would insure that the actual storage sites wouldn't matter - only the user could unlock the data. There'd also be no need for Internet vendors to keep data such as shipping and billing addresses, or credit card numbers because these would be instantly available with each new order - and would be (hopefully) more correct and up to date than information stored at the vendor's site for months or years.

This isn't a small project. Microsoft couldn't pull it off, but that was mostly because of the baggage Redmond brings along. I don't necessarily mean by " baggage " the requirements Redmond would impose. There are those in the industry who would claim that day was night if only to disagree with Bill Gates. A good example is the so-called " Liberty Alliance. " This group formed for one purpose, to stop Microsoft's Hailstorm technology. There was never, it seems, any attempt made to develop an alternative: stopping Microsoft was goal enough for Scott McNealy and Sun.

No, it's not a small project and it's one that needs not only a trusted body to run, but a body that's inclusive of everyone involved in the identity business. A single vendor can't do it. A government organization can't do it. An ad-hoc grouping can't do it. There is one group that might be able to do it, though, and next issue we'll examine that possibility.