Last week's newsletter ("The other federation technology") about Novell's mid 90's concept of a universal directory system brought out a number of comments that I'd like to share.
First I heard from Novell distinguished engineer and Bandit Project leader, Dale Olds. (You can catch Dale on my “InfoCards in the Enterprise” panel at the European Identity Conference - next month):
“What was internally called ‘Federated Partitions’ was one of my last efforts in NDS/eDirectory before I left Novell in 2000 [he later returned, of course]. It's also a really funny story. I demo’ed it to (then CEO) Eric Schmidt on a machine my son had build from spare parts. It was running Red Hat (either 5.1 or 5.2). Lots of irony there (especially that both my son and Eric later worked for Google), but the demo worked. I had no idea anyone had seen that demo externally, but you described it exactly in your newsletter. Man, that was a good idea. But it takes more than a good idea to make a successful product that customers can actually use.”
Novell has proven time and time again, unfortunately, that “good ideas” aren’t enough.
That newsletter also brought a reminiscence from former Novell Senior Channel Business Development Manager Jim Pasquale who took me way back along memory lane to a project I’d all but forgotten about. As Jim explained it:
“At the tail end of '93 into early '94 one of the Novell OEM Account Executives, Tom Arthur, and a bunch of other folks from San Jose started a conversation about how AT&T was going to be offering applications over the AT&T Frame Relay Business network. Tom and a few other folks started a conversation with the AT&T BSG Business Services Group, and when it was all over AT&T and Novell jointly announced a new service AT&T would create called ‘AT&T NetWare Connect Service.’ Eventually Tom became a VP of the Directory Group for Novell. We finally labeled ourselves the BIS group for Business Internet Services. At the time it made sense....”
I do remember thinking that the NetWare Connect Service could be the “killer app” for directory services. But it was way before it’s time – applications in the cloud, identity as a service – it seemed like Buck Rogers stuff then, but we’re now struggling to make it a reality.
Finally, reader William Schneider, from the Texas Medical Center, wondered “What if directory services were structured like DNS (in terms of rolling up to root systems). A scoped authentication could simply be referred up and out to the authenticating service......LDAP would get modified so that the authN used a SAML assertion instead ...”
It’s certainly a possibility, of course, but I’ll leave the development to those with more technical ability.
New White Paper available: Radiant Logic has just released a study on integrating Active Directory with Sun Directory services. It’s free, and could help you learn how to solve the challenges of integrating internal and external users across directory infrastructures - in a way that's non-intrusive, cost-effective, and easy to deploy.