Application and Directory Management Issues Common Solutions Group

1. Application and Directory Management IssuesCommon Solutions Group Chandler Meeting Berkeley, CA January 6, 2003 Michael R Gettes, Georgetown University

2. Directory Usage Today • High performance white pages • Anonymous access as well as authenticated • Centrally maintained; updated at least daily • 24 x 7 operations • Resource discovery; identity, capabilities (voice, video, etc.) • X.509 Certificates • A directory is not a cap snaffler Common Solutions Group Chandler Meeting @ Berkeley CA

3. White Pages • Web pages backend • Netscape, Mozilla, Eudora, Pine, Outlook*, etc • All are configured to locate people in directories • Very few email clients do NOT have LDAP integration • Calendar systems supporting LDAP white pages • Oracle CorporateTime Common Solutions Group Chandler Meeting @ Berkeley CA

4. LDAP Authentication • Many do so anonymously -- some have harvesting problems, especially via white pages • Require authenticated access, less common • Authentication and FERPA • Proper engineering of app to support FERPA compliance is required. If the app does authN it must do it right for the directory. See LDAP-Recipe Common Solutions Group Chandler Meeting @ Berkeley CA

5. General App issues • Proper authentication (binding), see previous • Don’t care about DN or DIT structure • Flexible mapping of attributes • How to search on names? How to present names and how to present an LDAP object. • Failover support • Many app issues discussed in LDAP-Recipe Common Solutions Group Chandler Meeting @ Berkeley CA

6. Directories part of ID management • Critical component of Enterprise infrastructure integrated into most identity management systems • Service provisioning accessible in directory • Directory plays a role in providing data for authorization decisions • Most schools concentrating on maintaining the directory timely and data flows from the directory Common Solutions Group Chandler Meeting @ Berkeley CA

7. Discovery • Locate people and obtain identifiers about them • Learn capabilities • They accept e-mail • They have calendar service • They have a certificate for secure mail • They have a voice-over-ip phone • They have a video service & contacted “here” Common Solutions Group Chandler Meeting @ Berkeley CA

8. X.509 Certificates • Need flexibility (like Netscape PSM?) to support different methods of handling security services • Currently Certs are in userCertificate attribute as binary blob, not searchable to locate appropriate cert for signing or encryption • New work to expose components of Cert as searchable directory objects (with binary blob still maintained). Common Solutions Group Chandler Meeting @ Berkeley CA

9. Cap Snafflers? • “Those rubber things to twist-off stuck bottle caps” • Directories don’t do everything, make sure there is agreement about appropriate use of a directory • A directory is a special, high-performance mostly read database. There should be generic database support. • There should be support for dynamic mapping of attributes and “learning” of search filters and other methods. Maybe a chandler object that tells the app how to search, map attributes and so on. Common Solutions Group Chandler Meeting @ Berkeley CA

10. Groups, Groups, Groups • Static vs. Dynamic (issues of large groups) • Static Scalability, performance, bandwidth • Dynamic Manageability (search based, but search limits) • See NSF Middleware Initiative for papers on issues around Directory groups • Group Math (&(group=faculty)(!(group=adjunct))(dn=x)) • Should mailing list managers be used or is it time to push MLM abilities into the client with the help of a directory? (hint: MLMs are still good) Common Solutions Group Chandler Meeting @ Berkeley CA

11. Roles • What Chandler Roles might there be? • Groups can be seen as a “poor man’s role” Common Solutions Group Chandler Meeting @ Berkeley CA