Federated identity project on the horizon

* If project pans out, it could be the greatest thing to happen to directory services since LDAP

From time to time in this newsletter we take a look back 10 years to see what we were talking about "back in the day." The newsletter was called "Focus on Directory Services" back then. But going back even further, before there were Network World newsletters, directory services often featured prominently in my Wired Windows column. One idea that was near and dear to my heart was the concept of "federated directories."

This was long before the Liberty Alliance (whose 10th anniversary is still over a year away) changed the meaning of federation, for good or ill.

What we were talking about in the mid 90s was a system whereby individual corporate directories -- for the visionaries, even personal directories -- could somehow "plug in" to a world-wide system and have it all look like one big directory. The benefits of having all of that data in a ubiquitous (always available) and pervasive (available anywhere) system seemed enormous. They still do. But the technology wasn't there -- nor, really, was the platform. So over time, it seemed that those of us who had longed for the federated directory model set our sights much lower. One of those who was talking about that federated model back in the mid 90s was Microsoft's Kim Cameron. And Cameron never lost sight of that vision. He recently recognized that the time might be right to start to develop the system that many of us had envisioned oh so many years ago.

Cameron and I were both at the European Identity Conference last week, where he delivered a keynote address on the federated directory project. He later elaborated on the project in what was billed as "A conversation with Kim Cameron" that I conducted as a program session and elaborated even more in a private chat we had.

This is big stuff.

This is the greatest thing to happen to directory services since LDAP. Maybe even bigger.

But, as Cameron readily admits, a few things needed to happen first. Among them are wide acceptance of Active Directory (and the whole LDAP/x.500 method), claims-based (what I call attribute-based) identification and the ubiquitous cloud platform. Without those things, the federated directory project couldn't happen. With them, it's a possibility -- but not a certainty.

So what's it all about? We'll get into that in the next issue.


Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022