Mention directory servers to the average person and you’ll get either a blank stare or a knowing look and a yawn. That’s because these servers, which manage lists of users on a computer network, play a decidedly prosaic role within corporate information systems. But as we enter the increasingly interconnected world of Web services, directory servers — newly dubbed “identity-management solutions” — will be critical.
First, let’s get the terminology out of the way. “Directory servers” are essentially glorified company phone books that list employees, departments, business partners with authorized access to your network, or customers with accounts on your corporate website. A directory server is like the person standing in front of a trendy nightclub with a clipboard, waving the VIPs in and telling everyone else to stay behind the velvet rope. (The firewall — and related security technology — is like the bouncer who makes sure no one crashes the party after having been turned away.)
The directory market is controlled by Novell’s eDirectory and Sun Microsystems’s Sun One Directory Server, with competition from Microsoft, IBM, and Oracle. Standardization of how directories store and retrieve information means that the market has become commoditized, and prices are extremely low — often, you’ll get a directory server for almost nothing when you buy other servers (say, Web and application servers) from the same vendor. Despite the standards, there’s no question that integration and maintenance are simpler for your IT staff when everything is on the same platform, so directories are a stalking-horse for the rest of a vendor’s line of servers. Scott McNealy and Bill Gates, chairmen of Sun and Microsoft respectively, “have the view that he who owns the directory owns the account,” says Scott Silk, VP for marketing at ePresence , a provider of directory and identity-management consulting services.
But tracking who’s who is getting more complicated. As Web services help companies become more and more interconnected, it can be a chore just to keep tabs on all the parties to a transaction. Therefore, directories are gradually evolving into more capable identity-management systems, which let companies track a whole range of customer, employee, and business partner identities — and make changes to those identities quickly when, for instance, an employee is hired or fired. Naturally, identity management is more expensive than mere directory services: ePresence typically charges between $250,000 and $500,000 to design, build, and manage a full-blown identity-management system.
What’s more significant, perhaps, is that identity-management systems are gradually gaining the ability to talk with one another through the infrastructure provided by competing Microsoft’s Passport and the competing Liberty Alliance project — a coalition of corporations, led by Sun, that released its first identity-management specification last week at the Burton Group’s Catalyst conference in San Francisco. Passport and Liberty simplify Web commerce by enabling companies to exchange information about their customers’ identities. For example, when you buy a plane ticket on an airline’s website, the airline may want to refer you to a particular hotel chain for a preferred rate. Instead of making you log in a second time once you’re at the hotel’s site, the airline’s directory servers could simply tell the hotel’s servers who you are and that you’ve already logged on to the airline site (or, in the parlance of identity management, that you have been “authenticated”). The hotel could then pull up its own records on your account.
If you’re starting to get a little nervous about consumer privacy, you should be. Microsoft says Passport will allow companies to share information about customers only if those customers have previously authorized it, and Liberty doesn’t yet support the exchange of consumer data other than individuals’ names and whether they have been authenticated. But there’s no doubt that such technologies will eventually make it easier for companies to share detailed customer data.
Before all this can happen, however, directories and identity-management systems need to get better at exchanging authentication information with one another. This process is under way, with standards such as the secure authentication markup language (SAML) and Web services security (WS-security) nearing completion. But it will likely be several years before the sharing of such information is truly seamless. In the meantime there’s a bewildering array of potential standards for your IT staff to choose from. For the near future, expect delays, kinks, and hitches in any identity-management project that involves sharing information with other companies or with directories in other parts of your organization.
For companies, however, exchanging identity information is a powerful boon, and it will be key to making business-to-consumer and business-to-business commerce flow more smoothly. After all, if you don’t know who you’re doing business with, how can you even get started? Directories, and now identity management, will help ensure that people really are who they say they are.
Link broken? Try the Wayback Machine.