The best of both directories

The foundation for security and enterprise management

A recent IT World opinion piece ("The decline and fall of the relational database") was very interesting to me because it postulated that one possible replacement for the RDBMS (indeed, the first one listed) was the "hierarchical information model." The author took this to mean an XML system, but old directory (e.g., LDAP) hands know full well that the directory tree is a hierarchical data storage system.

I was reminded of this -- and a different argument, also -- last week while talking to Radiant Logic CEO Michel Prompt. That other argument was the eternal question of virtual directory vs. metadirectory which we talked about here recently ("Not much has changed on the directory front").

Prompt knows all of the pros and cons of hierarchical vs SQL storage, meta  vs. virtual directories, and is confident enough in his product that he's at home with proponents of all of these camps -- because the RadiantOne Virtual Directory Server (Context Edition) makes use of all of these technologies, drawing from the strength of each.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A recent IT World opinion piece ("The decline and fall of the relational database") was very interesting to me because it postulated that one possible replacement for the RDBMS (indeed, the first one listed) was the "hierarchical information model." The author took this to mean an XML system, but old directory (e.g., LDAP) hands know full well that the directory tree is a hierarchical data storage system.

I was reminded of this -- and a different argument, also -- last week while talking to Radiant Logic CEO Michel Prompt. That other argument was the eternal question of virtual directory vs. metadirectory which we talked about here recently ("Not much has changed on the directory front").

Prompt knows all of the pros and cons of hierarchical vs SQL storage, meta  vs. virtual directories, and is confident enough in his product that he's at home with proponents of all of these camps -- because the RadiantOne Virtual Directory Server (Context Edition) makes use of all of these technologies, drawing from the strength of each.

According to Prompt, the metadirectory:

* Builds the right view by synchronizing and correlating information (strength).

* Is scalable because everything is synchronized in a central directory (strength).

* Can't centralize all information such as passwords (weakness).

* Can sometimes compound the problem (the Uberdirectory syndrome) by becoming a bottleneck (weakness).

The virtual directory:

* Requests are delegated securely to appropriate data source (strength).

* Security is enforced locally, e.g. passwords (strength).

*  Deployment is extremely flexible, no synchronization (strength).

*  Not scalable -- as new sources are added query speed drops dramatically (weakness).

*  An absence of correlation can limit the solution to a disjoint set of identities -- no overlap (weakness).

As to the data store, Prompt is happy to use any and all that are available -- relational databases, LDAP directories, even spreadsheets and text files.

Prompt feels these discussions gain us nothing, because time is moving on. He's bought into the notion that "Identity-centric IAM" (his term for what many call "user-centric IAM") is claims based; claims are another name for attributes and many of the needed attributes are context-based.

Often when Prompt says "context" I think "persona" because in his mind a context is a view into the large corpus of attribute data, selecting those attributes (and values) necessary in a given situation (or "context"). You'll need to visit the Radiant Logic Web site to get the full picture of how this works, and why we need it. Then forget the "my data store is better than yours" arguments and get on with solving real world problems.

There's a couple of cloud computing and identity Webinars coming up next week. From the IdM Journal Events calendar:

Dec. 15 -- "Access Assurance in the Cloud" 

Dec. 15 -- "CISO Roundtable: Is The Cloud Ruining Your Security?"  

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.