1 / 29

Directory Services Market Trends

Directory Services Market Trends. Gary Hein Senior Analyst Burton Group ghein@burtongroup.com. Agenda. Brief Introduction Directory market trends Meta-directory and provisioning trends Public identity services Questions. Who is Burton Group?.

evelia
Download Presentation

Directory Services Market Trends

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Directory Services Market Trends Gary Hein Senior Analyst Burton Group ghein@burtongroup.com

  2. Agenda • Brief Introduction • Directory market trends • Meta-directory and provisioning trends • Public identity services • Questions

  3. Who is Burton Group? • Burton Group provides integrated consulting, advisory, and research services to support technologists who are responsible for decisions and plans related to network technologies, services, products, and vendors • You know us as…. • Jamie Lewis, CEO and Research Chair • Dan Blum, SVP and Research Director • Analysts Gary Hein and Mike Neuenschwander www.burtongroup.com

  4. LDAP matures creates level playing field Developers and vendors adopt LDAP LDAP servers become commodities Price and margins decrease Innovation around LDAP decreases Innovation moves beyond LDAP standards Decision Point: Rely on directory vendor or others to provide next layer of services? Directory Market Roadmap Directory vendor provides services Others provide services

  5. Directory vendor provides services Highly integrated, directory product specific solutions Others provide services To be directory-agnostic, services must become more intelligent (policy, access controls, configuration) Directory Market Roadmap Rely on directory vendor for extended services (policy, access control, config). Potential for reuse of policy, ACL, etc. Directory Integration New standards emerge, may be retrofitted on directory servers (DSML, SAML) Directory relegated to data repository, so greater choice in products

  6. LDAP: A Blessing and a Curse • LDAP v3 has provided a ubiquitous access method • But most LDAP-enabled applications don’t fully leverage the directory • Common: identity and authentication verification • Uncommon: policy, access controls, configuration • Market opinion is that LDAP is “good enough” and future innovation is unnecessary • This may relegate directories to nothing more than an identity store

  7. Has Innovation Ceased? • Innovation will continue at a different layer, NOT driven by the directory vendors • LDAP – progress has slowed (if not stopped) • DSML – Directory Services Markup Language • XML wrapper of LDAP functions • Incremental improvement over LDAP • Most implementations for exchange of objects, not live queryNo single vendor is driving (like NetScape with LDAP) • SPML – Service Provisioning Markup Language • SAML – Security Assertion Markup Language • XACML – Extensible Access Control Markup Language

  8. Directory and Infrastructure Vendors Compete for the Customer Integrated vs. Best-of-Breed App App App App … Infrastructure Vendors “Next-Layer” Services Privilege Management, Policy, Configuration… Directory Vendors LDAP Other APIs / Protocols Basic Directory Services Advanced/ Proprietary

  9. Battle for Relevancy • Higher-level vendors push down on directory • Directory-independent, identity repository only • Provide higher-level services, like ACLs and policy • Examples • Netegrity – entering portal and provisioning market • IBM / Tivoli – suite of identity-related products • Directory vendors resisting with integrated suites • Novell: iChain, NPS, DirXML, ZENworks Synergy • iPlanet: similar product offerings • Microsoft: bundled in the Windows .NET Server OS

  10. Directory Decision Point • Who will you depend on for enhanced services? • Best-of-breed? • Directory vendor(s)? • Directory middleware? • Radiant Logic, Calendra, OctetString, Maxware, others • General metrics • Application requirements and integration points • Centralized or distributed • Directory skill investment • Vendor, product, or platform commitment

  11. Agenda • Brief Introduction • Directory market trends • Meta-directory and provisioning trends • Public identity services • Questions

  12. Meta-directory Market Overview • Identity crisis: defining “meta-directory” • Identity data throughout the enterprise as objects and attributes • Link or “join” similar objects and synchronize attributes and relationships for the objects • Ensure authoritative data sources are the only writers • Trigger business processes based on data events • Similar to other technologies • Virtual directory and data access middleware • Middleware, enterprise application integration • Resource provisioning

  13. Typical Architecture

  14. Meta-directory Market Overview • Several vendors are clearly meta-directory • Critical Path, iPlanet, MaXware, Metamerge, Microsoft, Novell, Siemens • But other sources exist • Provisioning vendors overlap to varying degrees • Professional services solutions and custom software • Software market was worth about $100 M in 2001 • Professional services added another $200 M • Demand is slowly rising and unlikely to diminish

  15. Meta-directory Market Assessment • No single technology provides the full solution • Meta-directory - linking and synchronization • Virtual directory - views, brokering, access control • Provisioning - process management and workflow • Directories - identity and access policies • Password synchronization - fewer passwords • Products must evolve and will converge • Many meta-directories are too LDAP-centric • Better “business quality” data handling • Security, backup, restore, and other risk reduction • Workflow and business policy engines

  16. Meta-directory Futures • Near-term: technology improvements • Better deployment and administration tools • Improved usability • More workflow capabilities and provisioning features • Synchronization of roles, access controls, groups • Increase in the minimum set of connectors included in the product • Unresolved issues • Common data format for connectors? (DSML/XML?) • Common password format or provider? • How will the technologies converge?

  17. Meta-directory Product Considerations and Criteria • Join engine • Powerful matching rules that are easy to customize • Reusable rules (internal and external to the meta-directory) • Workflow and business process handling • Bi-directional, event-based synchronization (where possible) • Connectors • Mostly application-specific connectivity with generic accesses • “Live” connectors are usually better than file exchanges • Overall • Ease of use, manageability, deployment tools • Scalability and performance • Fit with corporate standards, principles, and expertise • Software price is not a good selection criteria!

  18. Agenda • Brief Introduction • Directory market trends • Meta-directory and provisioning trends • Public identity services • Questions

  19. Public Identity Services • Just when you thought you had your internal directory/identity infrastructure resolved….

  20. Business Context The issue: Using networks to conduct business • It’s about inserting your company into customer processes “just in time” to create and add real value • Increases operating efficiencies, solidifies customer relationships, opens new markets • It’s about delivering personalized services to your customers • The network is “opening,” creating a dichotomy: more flexible access, the need for stronger security • Inevitable intersection of public, private identity structures • Identity and access management, extending to relationship management, remains a strategic issue • Effective infrastructure for managing identities, access privileges, and relationship information cheaper is crucial

  21. Identity and Access Management The challenge: Interoperability and portability Tightly-coupled, Persistent interior Loosely-coupled, Dynamic exterior Extranets Internal Systems & Data The Internet Employees Partner or xSP Customers Less-known Unknown

  22. Identity and Access Management The answer Integration Internally Federation Externally Extranets Internal Systems & Data The Internet Employees Partner or xSP Customers Less-known Unknown

  23. Interoperability and Federation • Internal enterprise issues have not abated • Too many directories, fragmented identity infrastructure • Error prone, expensive to mange • How can enterprises integrate and leverage what they have? • External B2B issues continue to build • Do we have to synchronize every directory on the planet? • Or can we make identity and entitlements portable? • How will you authenticate users? • Do hierarchical trust models work? • What standards will emerge? And what about privacy?

  24. What is Federation • Just what is federation? • Webster’s says it’s a noun related to the adjective “federal,” which it defines as: • Formed by a compact between political units that surrender their individual sovereignty to a central authority but retain limited residuary powers of government; • Of or constituting a form of government in which power is distributed between a central authority and a number of constituent territorial units • According to Roget’s II, a federation is • An association, especially of nations for a common cause • A group of people united in a relationship and having some interest, activity, or purpose in common

  25. Interoperability and Federation • What do you mean when you say federation? • Passport sounds more like the first definition • A strong central authority with cooperating entities • Liberty sounds more like the second definition • Loose association; contrasting “federated” and “centralized” • Neither have said how they’ll really do this • We eagerly wait meaningful detail • What role will P2P and open source play? • P2P appeals to libertarian sensibilities, but will scale? And who do I sue when a fully decentralized system fails? • Open source appeals to those who want a level playing field, but who leads that effort?.

  26. Public Identity Services • There will not be just one • Will force enterprises to address intersection of enterprise identity/role and public identity • If your employees have a Passport or Liberty ID, can they use it internally? • If they need a Passport or Liberty ID to access external services to do their jobs, how will you manage those IDs? • If a partner’s employees have Passport or Liberty IDs, will you accept them? How will both you and the partner manage those IDs?

  27. Interoperability and Federation • Some form of federation and interoperability are requirements • Microsoft has proposed Kerberos; SAML is MIA • Liberty has released precious few details, but claims it won’t re-invent the wheel (does that mean SAML?) • AOL has quietly rolled out Magic Carpet, but no word on how federation will work or its intentions to use Liberty • In short, we are only at the beginning of the discussion, but the market will force interoperability • But don’t be surprised when it gets ugly

  28. Integrated Directory Services Enable Federation Federated Directory Services (internal) Custom Appl. E-mail Meta- Directory HR Web Active Dir. Active Dir. PKI Intranet Enterprise Directory Federated I&AM Services (SAML) Public Identity Services (Liberty, Passport, UDDI, Others) E-biz Directory I&AM Services Extranet/Internet

More Related