The Open Group

DCE Program Group

“Directory Services?”

January 29th 1998

Amsterdam

The Open Group

Structure– What information should a name reveal?

• For example, X.500 conventions often reflect organisational structure but is that information you want to make public?

– Multiple ‘views’ of the same data?• Organisational - Reflects enterprise structure

• Functional - Based on application usage

• Administrative - Related data in conveniently administered.

• External - Restricted information based on privilege.

– A lot comes down to how you use the directory• JP Morgan “DCE Project Namespaces” work because of the

nature of the application development and usage.

– Must be able to cope with change• If you model an organisation, can the directory keep up with

reality?

The Open Group

Usage• Different people have different expectations

– Administration staff (on the whole) realise and expect that the directory is mostly “read” and “writes” have delay.

– End-users expect optimisation for read-write operations, any of these to be instantaneous ... oh, and it has to be continuously available. Thank you!

– How do we ensure efficiency as directory scales and distributes to satisfy all ‘customers’ ?

The Open Group

Federation• Highly unlikely any major corporation will utter

“We want a single directory for everything”(and live to see it ...)

– Legacy of existing technologies and vested interests.

– Management is the killer (of the directory and organisation).

• Recognise the need for a level of “peaceful co-existence”.

• Boundary issues become very important.

– Recognise and traverse junctions with other directories.

– Preserve security, manageability etc. across boundaries.

The Open Group

Access• LDAP is a Good Thing but there are other issues.

– The management of a directory is more complex than its use.– LDAP may provide a unified view but someone has to manage

the diversity behind the scenes.

• Optimised “point solutions” will continue.

– DNS, network file systems, etc. work well and are familiar.– Inconsistent access mechanisms are only a problem if a user

sees them as arbitrarily inconsistent.

The Open Group

Content• What ‘should’ we be storing in a directory?

– Support for truly dynamic information such as process-ids? Nice in theory but ...

– Definite requirement to handle ‘moving’ references; something like the way changing URLs have been approached?

– Side Question: Whatever happened to URNs ???

– How do you keep multiple directories ‘consistent’?

The Open Group

Consistency• How do we keep directories consistent?

– A contractor’s HR system feeds a client’s HR directory ...

– The HR directory inputs to the Phone directory ...

– The Phone directory is cross-checked with the e-mail directory ...

– Local administrative practice drives user account directories but must be traceable to HR systems ...

• Propagation delays can be huge.

• Should data be tagged with a “use by” date?

• This leads on to ...

The Open Group

Who owns the information?• Human Resources - Employee IDs?

• System admin - Login characteristics?

• Applications - Service information?

• End Users - Personal information?

• Directory admin - It’s all theirs anyway?

– Each organisation may answer differently.

– A single owner is the “easy” answer.

– Multiple partial owners is the “hard” (and true) one.

The Open Group

Can of Worms !• On-line, Offline operations

• Cache

– What ?– When ?– Lifetime ?

• All those things we have yet to think about…...