It seems the furious debate over the Virtual-directory vs the Meta-directory is now devolving into the general agreement that we need an Identity Bus to move forwards. Dave Kearns writes:
Kim talks about a “second generation” metadirectory. Metadirectory 2.0 if you will. First time I’ve heard about it. First time anyone has heard about it, for that matter. There is no such animal. Every metadirectory on the market meets the definition which Kim provides as “first generation”. It’s time to move on away from the huge silo that sucks up data, disk space, RAM and bandwidth and move on to a more lithe, agile, ubiquitous and pervasive identity layer. Organized as an identity hub which sees all of the authoritative sources and delivers, via the developer’s chosen protocol, the data the application needs when and where it’s needed.
I think, I hope, that Kim will agree with me that this ID layer (the “ID bus”) instituted as a hub (or transformation device) is what we need to go forward. I’m not wedded to calling it the Virtual Directory, but I’m certainly not going to call it the metadirectory, either.
In my opinion an Identity Bus should act as both a Virtual-directory and Meta-directory. In fact I have often discussed exactly this with colleagues in the IdM space. Why isn’t there a product on the market today that can be both a Virtual-directory and a Meta-directory? What makes the notion especially appealing to me is that the same connectors (or adapters if you prefer) that can be used for Meta-directory functionality to push data to legacy applications could be turned around to expose the same data virtual directory fashion to other directory enabled applications.
I am looking forward to a discussion about what an Identity Bus would look like. Perhaps I will build a prototype for fun (I’m kind of weird that way). But in this discussion we should always keep in mind that customers cannot move forwards without a means to identity enable the hodge-podge of legacy applications that must still be supported. It may not be sexy to provision users and do password resets to an AS400 application that has been in production since the 90s, but it must be done.
And there is one important thing that must happen. Customers need to start demanding identity enablement of some sort from their vendors. Far too many enterprises don’t make identity enablement an important criterion when selecting a vendor. Thus they wind up with products that force them into a Meta-directory solution. Until that changes, no one is getting on the bus.