What happened to Directory Services?
OATH, OAUTH, OpenID - this is all getting too complicated. We need simple identification for the future.
The reason it caught my attention was not because I agree with him (I do), but because the idea of simple authentication, especially among disparate systems, has been the Holy Grail of IT, and every time we think we have it solved, the solution seems to fall apart in our hands. In fact, OpenID/OAUTH/OATH is only the most recent attempt at solving the authentication problem. The last attempt was a little standard called X.500, and Jan's tweet this morning reminded me, not only of x.500 and its promises, but how far the standard has failed, because of its complexity.
I have not really thought about Directory Services lately because I have been in so many shops where it has been so badly implemented (or not) that it is almost not worth thinking about, even though millions of users use it, or rather its baby brother, LDAP, every single day, most notably in the form of Active Directory, but also Novell Directory Services, Oracle Directory Services, Fedora Directory Services and other LDAP systems, too numerous to mention, most depending on some form of the OpenLDAP project.
But Directory Services were, themselves, an attempt to solve the user virus problem of large, disparate, interconnected networks where tools like NIS and NIS+ were functionally running out of gas, while providing access to other, more secure authentication features as this thing we call the Internet was really beginning to take off. The X.500 standards were designed to make it easier to interconnect systems using a standard lookup mechanism. It was, of course, a hideous disaster, as anyone who has had to work with a pure X.500-based system can tell you, at least from a functional standpoint, but from a theoretical standpoint, it was the right direction.
In the 1990s, companies like Oracle and Novell both posited that there needed to be some form of interconnected directory service that would facilitate the ability to prove you were who you were without having to register with each and every web site and system that you needed to connect to, whether you were on your private intranet or the public Internet. And like simple authentication, the idea of single sign on has been a snipe most of us have spent our careers chasing.
For example, I worked at an organization where Microsoft's Active Directory was the law of the land. It controlled everything from how your desktop looked and performed (if you were running Windows of course) to how you accessed your email, to how you accessed the VPN. But when you connected to the education and training system, you had to have a completely different set of credentials. And since most people only connected to the system yearly for those mandatory sessions we all have to take in the corporate world, there would be a huge flush of trouble tickets at the beginning of the year for password resets (the system did not have an automated password reset system either - that was for security reasons...yeah, yeah, I know, I did not design the system, I just had to use it, but I digress). The point here is that when the system was being designed, there were discussions about how to integrate authentication with the Active Directory structure and the powers at large decided that it would be a bad idea to do that. This was not some antique mainframe that could not be connected without a Herculean effort, this was a simple web site, running on Microsoft software.
If you use LDAP, you know how much of a challenge it can be to not only set up, but integrate and manage. Creating a usable LDIF file is almost an arcane science (and a hold over from the X.500 days), and integrating LDAP authentication with some systems is easier than with others. It has gotten better than in the early part of the century, but it is still not as easy or as seamless as we would like it to be, especially when you are going across platforms to some that are less LDAP aware or even support a different implementation of LDAP.
Several years ago, I actually signed up for an OpenID. Between then and now, something in the OpenID standard must have changed, because my OpenID credentials from then no longer work now, which really defeats the purpose.
The point here, though, is that in 2010 we are still looking for a method to connect to systems without having to register with all of them. And with all our current solutions, we still have not quite got that problem solved. And if someone mentions web of trust I might scream. Because, after all, that is the root of the problem, or at least one of them.
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- Stunnel Security for Oracle
- The Firebird Project's Firebird Relational Database
- SUSE LLC's SUSE Manager
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Managing Linux Using Puppet
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- Doing for User Space What We Did for Kernel Space
- Google's SwiftShader Released
- SuperTuxKart 0.9.2 Released