Thursday, July 03, 2008

Metadirectory = Infrastructure

It seems there's a lot of talk around the IdM blogosphere regarding the state of the Metadirectory. Even Jackson Shaw, says in his blog:

Let’s be honest. The meta-directory is dead. Approaches that look like a meta-directory are dead. We talk about Identity 2.0 in the context of Web services and the evolution of digital identity but our infrastructure, enterprise identity “stuff” is decrepit and falling apart. I have visions of identity leprosy with this bit and that bit simply falling off because it was never built with Web services in mind…
Man, but I could not disagree more. Even if one were to take the concept of Identity 2.0 as a given (see my previous thoughts on SaaS) at some point there still needs to be some sort of infrastructure needed to provide information about what's happening back in the infrastructure layer. This infrastructure layer would need to point back to the actual identity information. Matt Flynn, as always brings an interesting twist to the conversation when he bring up the use of the Virtual Directory to describe the necessary infrastructure. Incidentally this is also an approach that Sun Identity Manager takes (although they've also adopted the use of a central database store for IdM information in recent versions) Given the fact that Novell, SAP, IBM and Oracle also use some sort of central store for enterprise identity information I can't see that this concept is either decrepit or leprous, especially since if we look at the time line this makes perfect sense.

Metadirectories and Identity Attributes are the molecules and atoms of the Identity universe which came long before any concept of Identity 2.0, which as a newcomer to the Identity Universe which might wind up being Compounds, if we were to continue my analogy.

I think that Kim Cameron has a more balanced approach on this:

But you still need identity providers. Isn’t that what directories do? You still need to transform and arbitrate claims, and distribute metadata. Isn’t metadirectory the most advanced technology for that? In fact, I think directory / metadirectory is integral to the claims based model. From the beginning, directory allowed claims to be pulled. Metadirectory allowed them to be pulled, pushed, synchronized, arbitrated and integrated. The more we move toward claims, the more these capabilities will become important.

The difference is that as we move towards a common, bus-based architecture, these capabilities can be simplified and automated. That’s one of the most interesting current areas of innovation.

OK, I get it. This whole Identity 2.0 thing is about relationships and what we do with the Identity data. However there still has to be something behind the relationship, and that's got to be the atoms and molecules that I referred to before. We'll have to see if Identity 2.0 will mark not only the introduction of the relationship and federation, but also how Identity Data itself will evolve.


James McGovern said...


Matt Pollicove said...

James, thanks for the link. I'll be commenting on it soon. Jackson raises some excellent points that I think should be addressed, not just about meta/virtual, but of user provisioning as well.