Future of directories in question

* The explosion of identity-rich applications poses a challenge to the earlier belief that dictories would be the backbone identity systems for the Internet

My dear fiend Vikas Mahajan (he's the manager for Enterprise Identity Management at AARP), a former colleague on Compuserve's NetWire, has always been available to talk over IdM issues with me since before it was IdM (we go back 20 years, it seems). He chimed in to me about the recent "Relational database: An ongoing debate" issue with some important points that I think are worth sharing with you. Edited only for clarity (and to fit the size of your screen, as the TV movies say), this is what he had to say.

"I don't believe the issue is so much RDBMS vs. LDAP directories as it is directories keeping up with the times to meet the needs of the modern-day identity-enabled Internet world. As we know, the LDAP standards do not dictate what the back-end repository of a directory service should be, so vendors are free to choose the database of their choice (B-Tree, XML, RDBMS, hybrid, proprietary, whatever). There are always strengths and weaknesses in different database products, and so these also play themselves out when it comes to LDAP directories, which are essentially applications that are built on-top of the database.

"In my opinion, its the future of directories themselves that is in question. The last five or so years has seen an explosion in growth of identity-rich applications, namely social networks. When directories were all the rage in the late 90s shortly after the ratification of LDAP v3, we touted their strengths in scaling to millions (or billions) of users. Ultimately, we thought, these would be the backbone identity systems for the Internet.

"But reality has played itself out quite differently. Yes, we have multi-million user directories, primarily in government and commercial sector spaces. But I'm guessing the big social networks and Internet Web sites (Facebook, Myspace, Amazon, Google, etc.) are not using LDAP directories. So why didn't they choose LDAP directories? Where did that technology fail to meet their identity needs? Why did they go to heavily customized solutions to handle these needs, what led to the creation of the NoSQL databases (which, essentially, are loosely-consistent databases, much like an LDAP directory).

"I put a lot of the blame on the IdM industry itself. We failed to evolve LDAP past v3. We failed to continue to adapt and tailor it to the evolving needs of the Internet. The last major breakthrough was the virtual directory, but that didn't really address any fundamental issues with LDAP directories, just helped to settle down the explosions of the meta-directory and the need to put everything into one uber-directory). But the basic issues still remain. For example, why is replication still so slow? If I've got two LDAP directories in the same rack on the same network, connected by gigabit ethernet, it still take 30 seconds to a minute to get the data replicated over. It doesn't matter if its an RDBMS or other directory in the back end. I haven't seen any real improvement in this area from any of the major vendors. So what happens when you've got a very large, very distributed system and a user changes their e-mail address or password and has to go back to log in? They wait...and wait...and wait. Or, more than likely, they try and fail over and over again. This is not acceptable in today's world.”

Vikas had a lot more to say about where directory development ought to go, but we're out of room here so I'll continue it next time.


Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022