September 14, 1998
Directory standard will be the linchpin of
business commerce
Commerce can't happen if you don't know with
whom you are doing business. That's true in the
real world, and it is doubly so on the Internet.
In the real world, there are many accepted
standards for establishing personal and
professional identities with varying degrees of
reliability: driver's licenses, business cards,
and signatures.
But on the Internet, it's not such a simple
matter -- particularly when you are talking about
business-to-business (often called B-to-B)
commerce. Mere e-mail addresses don't adequately
confirm a business partner's identity. More
sophisticated tools -- such as Pretty Good
Privacy signatures or digital certificates -- are
still too hard to use, are not necessarily
compatible with one another, and are not very
widespread.
That's why, as I recently wrote (see
"Keeping up with the Joneses is tough for
Net directories," Aug. 31, page 46), the
Lightweight Directory Access Protocol (LDAP),
championed by Netscape, is so important.
In fact, LDAP is going to be as critical for
B-to-B I-commerce as Secure Sockets Layer (SSL)
has been for business-to-consumer commerce.
Netscape's most lasting contributions to the
Internet may turn out not to be its Web browsers
or servers, but these two protocols.
Imagine setting up an extranet to expedite
business with the companies that distribute the
products you manufacture. You want to let your
distributors sign on whenever they need to place
an order, notify you that they're returning
excess inventory, and so forth.
If you have many business partners, keeping
track of them and their employees -- and
assigning appropriate extranet access rights to
each of them -- could quickly mushroom into an IT
manager's nightmare. The problem would multiply
if you run many different applications on your
extranet and needed to separately authenticate
users for each one.
The solution Netscape proposed is its LDAP
directory server, cleverly named Netscape
Directory Server. Netscape Directory Server
enables you to create a single repository of
personal information, access rights, and other
data for all extranet users.
What's more, you can delegate maintenance of
your business partners' individual employee
records to the partners themselves. That way,
when distributors hire or fire salespeople, they
can update the employee records themselves.
If you need security beyond simple user names
and passwords, you can incorporate digital
certificates, managed by Netscape's Certificate
Server. These certificates, which function as
unique identifiers of each individual, are stored
with the directory entries.
What is interesting about this scenario is
that, because it is LDAP-based, any
LDAP-compatible client (or even another LDAP
server) can query the directory and retrieve user
information over the Internet.
This interoperability is the great strength of
Netscape's directory strategy, and what makes it
so appropriate for extranets and B-to-B commerce.
It also is Netscape's weak spot. Other
companies can (and do) create LDAP-compatible
directory servers and clients, all of which -- in
theory -- would work as well as Netscape's.
A similar thing happened with SSL: Netscape
pioneered its use, but now virtually every Web
browser and Web server offers SSL support,
creating a de facto standard and obviating
Netscape's early advantage.
So, will Netscape's championing of LDAP be its
salvation or its undoing? You be the judge. Write
to me at dylan@infoworld.com.
Dylan Tweney (dylan@infoworld.com)
has been covering the Internet since 1993. He
edits InfoWorld's intranet and Internet-commerce
product reviews.
Previous
columns by Dylan Tweney
Market
pressures will change the shape of online
advertising
September 7, 1998
Keeping
up with the Joneses is tough for Net directories
August 31, 1998
Real
estate site aims to make a home sweet home on the
Internet
August 24, 1998
Comparison
shopping takes the punch out of online branding
game
August 17, 1998
Every column since August, 1997