Monday, October 29, 2007

Using AD within Linuz for authentication

Does Active Directory top Linux authentication options?

http://searchenterpriselinux.techtarget.com/originalContent/0,289142,sid39_gci1279624,00.html

Integration issues between Linux and Active Directory discussed by Enk (Gartner) – metadirectories and other solutions – LDAP and Kerberos are discussed as a disadvantage because most organizations do not have people with LDAP expertise -

cross-platform authentication market will probably remain in flux until at least 2009”

Thursday, October 25, 2007

Common Virtual Directory Scenarios

Excerpts from this posting... good stuff...

http://360tek.blogspot.com/2006_03_01_360tek_archive.html

"
  1. Protocol Translation
  2. Web Service Enablement
  3. Multi-Repository Search
  4. Joined Identity View
  5. Permission-Based Results
  6. Dynamic DIT
  7. Authentication
  8. Real-Time Data Access

Virtual Directory technologies eliminate boundaries. Hassles related to LDAP object types, attribute definitions and other schema-related issues are eliminated by virtualizing the view into the backend identity stores. You're no longer limited by the existing data format or database branding. There's no requirement to migrate the data from a relational database into an LDAP directory in order to make the data LDAP- or Web Service- accessible."


He talks about these issues quickly, but don't think they are not HUGE issues in deployment.

Also, some virtual directories offer more interfaces than standard just LDAP, he alludes to this fact as "web service- accessible", but still implies the use of LDAP for the web service. Some virtual directories could present information by other protocols such as DSML (for web services), SQL, SOAP, SAML, etc. Make sure the virtual directory you use supports different protocols for application access.

Metadata

What is metedata? describing metadata and basic application of metadata
http://www.addsimplicity.com/adding_simplicity_an_engi/2007/10/what-metadata.html

Metadata can be very useful in managing identities, knowing the context of users is critical for IDM initiatives (e.g. authorization) leveraging existing policy, groups, and roles means a more consistent enforcement of business logic and better security across your organization.

In this case metadata refers to how the system currently defines a user, I like to refer to this information as context. Why? because the metadata allows me to see the context in which the user operates - what the actor does inside the system.

Understanding your metadata means you can leverage it, as always "knowledge is power"...

read more | digg story

synchronization versus virtualization

virtual directories vs. meta-directory - most of the story is right on, but misses features of a virtual directory focusing on a virtual directory as only a proxy engine, which it is not. virtual directories can offer real-time synchronization AND persistent data, negating most of his "disadvantages". Meta is old, Virtual is new and more adaptive

read more | digg story