Directories, Virtual-Directories, and Vendor Independence

Posted on July 8, 2008 | 4 Comments

Nishant Kaushik has some interesting thoughts about the Virtual-Directory vs Meta-Directory debate. He makes some good points, and has this to say about vendor lock-in:

Well, from the standpoint of a deployer/implementer, I can certainly understand the attraction of the above. But as a product architect and technologist, all I can say is “No, No, No”. Why would we want to tie ourselves into a non-competitive, no-way-out scenario that we see repeated over and over in the OS and Mobile Provider worlds? Choice is necessary, nay vital, to innovation and growth. The minute you lock yourself into a single provider model, you are doomed to forever be curtailed by what that provider dictates. Virtual Directory provides a nice abstraction that frees you from having to make these very decisions on which directory to support (something LDAP was supposed to do, but didn’t).

And how are more applications supporting AD anyway? A lot of that has to do with the emergence of Virtual Directory solutions. A number of applications in the Oracle stable today claim to support AD as the identity store. The mechanism for all these is moving to Virtual Directory NOT because Oracle has a Virtual Directory product, but because maintaining adapters/connectors/plugins and what have you for all LDAP variants is a colossal nightmare.

So this is an interesting question. Does moving to a virtual-directory architecture free the customer from vendor lock-in, or does it lock the customer to their choice of virtual-directory providers? Or put another way, could you deploy a set of these products and realistically swap out OVD and replace it with the virtual-directory from OptimalIdM or Red Hat? If technically possible, would Oracle support it? I suspect I know the answer to that last one.

BTW, having written code that supports multiple LDAP vendors at four different companies and three different programming languages, it’s really not all that difficult. The real power in virtual-directories is the ability to consolidate data from disparate sources, not abstracting the vendor for a single directory.

This entry was posted in Identity, Identity Management, LDAP and tagged , , , . Bookmark the permalink.

4 responses to “Directories, Virtual-Directories, and Vendor Independence

  1. Pingback: To AD or not to AD (Talking Identity)

  2. Pingback: Is Connecting to Multiple Directories Really Easy? (Clayton Donley's Blog)

  3. Pingback: Halfway converted « Identity Blogger

  4. Pingback: Is Connecting to Multiple Directories Really Easy? | Oracle

Leave a comment