- Insider threat looms large in San Francisco
- Woman fired over death threat
- IT admin pleads not guilty
- Tape storage gets more dense
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
An anonymous reader posted to the Network World forum asking about the Identity Bus: "Using LDAP as the name or protocol for the Identity Bus makes it sound like a virtual directory to me. What would be the difference? How would an Identity Bus be different than a virtual directory?" A perfectly good question, which shows the interest in the concept, but also the need to explain it all just a bit better.
Back in March when I first mentioned the “Identity Bus” as introduced by Microsoft’s Stuart Kwan I also mentioned that the concept I preferred could be called an “Identity hub” - a system to transform protocols and data from one format to another. In some ways, that’s what a virtual directory does.
Boiled down to essentials, a virtual directory is a database of pointers to various data repositories. Many of those repositories are identity datastores (LDAP directories, x.500 directories, Active Directory, username/password stores, etc.) while others (financial databases, e-mail address books, inventory lists, etc.) are data items that can be associated with an identity while not actually being identifiers. The virtual directory presents a single view of all of the data while at the same time relating the various bits of information to a particular identity. It does this by translating a request (via LDAP, SQL, ?ML, etc.) into the native protocol of the datastore from which the request is ultimately being made. It then takes the result and packages it in a format the calling application will understand. (Compare Identity Management products)
The Identity hub would also take requests from applications and services, translate them to the native protocol of the datastore and send them to their destination. The reply would undergo a reverse operation to send the result back to the requesting application or service. That sounds very similar, doesn’t it?
The most important difference, though, is the knowledge inherent in the service (the virtual directory or the Identity hub). A virtual directory, at it’s heart, is what’s called a “join engine.” Before it can successfully operate it needs to know all of the identities throughout the system and know which identifiers refer to the same entity. In other words, it needs to know that dkearns, davek, and DAK all refer to the same entity: me. Thus, it can serve up data from all the authoritative sources about me, when requested to by someone or something with sufficient rights to view the data.
Rss FeedRss Feed
All you guys are fighting about is the fact you can reset the routers. This was childs point. He created...- Daniel
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (5)
Identity Hub - Subset of Virtual directoryBy Anonymous on May 29, 2008, 11:32 amFirst of all I dont agree with the Virtual Directory definition given. I don't agree that virtual directory needs to know all the information about identities,...
Reply | Read entire comment
Re:not sure I get itBy Anonymous on May 29, 2008, 11:28 amIssue you are facing is related to global and consolidated identities and their unique identification. It's combination of data cleaning as well as virtualization. Identity...
Reply | Read entire comment
not sure I get itBy James on May 14, 2008, 2:02 pmI'm in a large global enterprise. One of the biggest problems we have is identifying users across systems as there's (to date) little conformity in how accounts...
Reply | Read entire comment
the ID bus/hubBy David Kearns on May 14, 2008, 12:16 pmAs I see it, the bus/hub isn't aware of the nature of the data (request, response, etc.) it reads the source protocol/schema and the target protocol/schema and performs...
Reply | Read entire comment
could you give some more detail?By Anonymous on May 14, 2008, 11:48 am"But when the reply to that request comes through it doesn’t recognize it as such, just as another request to re-package data and tokens within the right protocol." does...
Reply | Read entire comment
View all comments