As interest in directories continues to heat up, the spotlight is falling on specialist companies in the field, such as Zoomit. Kim Cameron, Zoomit's vice president of tech- nology, spoke to IDG's Matthew Woollacott and Emily Fitzloff about directories and meta directories, and how they'll ease network administrators' livesIDG: Why is the directory market coming to such prominence now?
Cameron: People who are developing applications that involve individuals or involve organisations have had to create their own directories. And so over a period of time, each application, each operating system, and so on has come up with what we call a name space, and these name spaces often have authentication information associated with them like passwords and so on. And there's a tremendous investment in these name spaces in contemporary corporations, because they've deployed millions of dollars worth of systems, but they are all basically disorganised, unrelated, and [they] collide. And so we see these name spaces sort of jammed up against each other, like a logjam.
IDG: How does Zoomit attempt to solve this problem?
Cameron: For many of the vendors, the traditional approach has been to throw out everything else that you've got and put it in a directory that is a much more sophisticated, capable, and magnificent directory. But the tactic has proven itself over and over again not to work, because you don't end up with a comprehensive unifying inclusive directory - you end up with one more log in the logjam. So the way around that, in our view, is to have an inclusive, multicentered approach. Even if your goal is that ultimately there would be one pristine, beautiful directory, you'll never get there without having a multicentred inclusive approach through which all the information in the organisation can be unified and you can develop an overall name space. So that's what we call a meta directory.
In other words, it may not make sense to tell Microsoft users they have to throw out their [Windows] NT domain controller. It may not make sense that one directory has to be the only directory accessed by different applications. What we want is a unified way of getting at those directories.
IDG: How do meta directories benefit users?
Cameron: From the point of view of the user, it's like "here's my Notes directory, here's my NT directory, here's my Novell directory". And each has a password. That is where the user hits the directory logjam. It isn't normally looked at as the same issue [as the meta-directory question], but it's exactly the same issue condensed onto the user. And so the way to solve the single log in problem is through a meta directory, and the way to build a meta directory is through single log-in.
IDG: How do they benefit administrators?
Cameron: Well, for example, when a person leaves an organisation, what systems were they on? A lot of companies have to go through all the systems to make sure they don't end up with accounts on any of them.
You have to resolve the fact that there's a proliferating number of name spaces, so there has to be a unifying directory. If you have directory synchronisation [without a unifying directory] you don't know what the relationship is between different systems. You can end up collecting names, but you can't manage them.
IDG: Single log-in aside, what other applications will meta directories facilitate?
Cameron: Everything will be rethought in the light of directories, so it's not necessarily the type of thing where you wake up one day and there's this great new application. For example, when I send you an [e-mail] attachment, first of all I have to be psychic to know what you've got at the other end, and whether you can read it or not. And secondly, I have to have a PhD to figure out how to pack it up for you - the directory can know all these things.
Take DHCP [Dynamic Host Configuration Protocol]. DHCP is sitting off in a corner giving me a TCP/IP address. Now, it knows my MAC [Media Access Control] address for my card. One day, somebody's card blows up and it starts broadcasting craziness over a segment. Which machine is it coming from?
I can see its MAC address, I can go in the DHCP and I might see a host name, but I still don't know where that machine is.
Now imagine that DHCP is built inside the directory - I search on the MAC address and I can see where that MAC address last was used, what its TCP/IP address is, and who logged in there.
IDG: How important is the Lightweight Directory Access Protocol (LDAP) to all this?
Cameron: I think LDAP is crucial because it intensifies the visibility of the directory and allows us to move toward distributed computing.
On the other hand, LDAP also accentuates the directory chaos: let me use the example of TCP/IP, which provides connectivity - but it doesn't give us the Web.
The Web is information built on top of TCP/IP connectivity, and LDAP gives us access in the same way. But it doesn't provide the information glue, which is why it needs a meta directory built on top.