Today I want to dip into the mailbag and share some readers' comments on recent newsletters. People had lots to say about the death of the metadirectory, the identity hub/bus and Oracle's 2 billion entry directory. So let's dive right in.

Last week’s story about the 2 billion entry directory from Oracle prompted both of my frequent Australian correspondents, Brian Brannigan and Allen Milgate, to chime in – both with reminiscences of the “good old days” when the battle of the directory stores was raging. Maybe directories are still topics for debate in the land of Oz, or maybe we’re all just showing our age.

Relative youngster Howard Chu, though, wanted to talk about technology. He’s chief architect of the OpenLDAP project and talked about a similar test he did, saying “OpenLDAP has already been there and done that.” And on a budget, evidently: “The server was a simple 2-socket Opteron server with 16GB of RAM. Running on the same SGI Altix that Oracle used, we would beat all of their performance figures by at least a factor of 5. They talk about request latencies on the order of hundreds of milliseconds, which is frankly pathetic on an Altix-class machine.” I take no sides, but suggest a disinterested third party might want to schedule an “LDAP shootout!” Perhaps we could have a “reminiscing” night at Catalyst.

On the death of the metadirectory, former Symlabs VP Felix Gaehtgens (now a consultant with Kuppinger Cole) offered this tantalizing tidbit about Microsoft’s strategy: “Several people working for Microsoft in the field have told me that is was in Microsoft’s interest to have Active Directory as a central component, and believe it against Microsoft’s interest to have a ‘filtered access’, such as a virtual directory in front of AD, abstracting information away from what should be the authoritative source.” He does go on to say that he thinks this strategy is being revised, always a good sign.

Finally, two readers offered nominees for consideration as the identity hub (or identity bus) product I called for. An anonymous poster commented on the newsletter that Covisint’s Trusted Identity Framework was a possibility. Jeff Crume, executive IT security architect for IBM, put forward his company’s Tivoli Federated Identity Manager. While it’s true that both of these offer some of the features that the identity hub needs both are really federation servers (and there are lots of those, from Ping, Oracle, Symlabs, Sun, and more) which perform one-to-many or many-to-one protocol transformation. They also require another federation server to talk to in a point-to-point relationship. It’s a start, but only a start.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.