Explore our New Federated Identity Service at RSA
I’m looking forward to RSA this year, where we’ll announce a major breakthrough in the way companies manage their identity in this increasingly web and cloud-centric world. I’m also proud to see that RSA is integrating our solution into its excellent IdM stack.
I’ll tell you all about it below, but first, I’d like to address a topic that’s been burning up the blogosphere lately.
The Virtual Directory is Dead. Long Live the Virtual Directory!
We all know that it’s not enough to innovate; the success of a new technology is also measured by its degree of integration within the existing ecosystem. I’ve been reflecting on that challenge lately, after reading this piece on Ping Federate’s new authentication chaining capability, which suggests the virtual directory is no longer necessary. Hmm, we know our good friends at Ping Identity are not that radical—just check out the slides from their latest webinar—but I guess you know the old joke: Groucho was a Marxist and Lenin was a Beatle. I will leave it to Nishant Kaushik’s excellent response to explain why authentication chaining is only a very small part of the answer.
Mostly, I’m struck by the fact that the virtual directory—technology my friend Claude and I invented back in the dark ages of last decade—is now such an accepted part of today’s identity infrastructure that people feel free to proclaim its demise. After years of trying to explain what a virtual directory was, that feels like a victory! 
Okay, now let me share some news I’m really excited about.
From Virtual Directory to a Federated Identity Service Powered by Virtualization
Over the years, we’ve advanced virtual directory technology from a proxy-driven routing and remapping engine to a model-driven virtualization solution, which enables you to design the exact identity views required by your applications. Now we’ve taken it a step further, delivering a federated identity service based on virtualization that’s key to the deployment of any secure web application or identity provider (IdP) in a federation—all without disrupting your existing systems. This service hides the heterogeneity of your existing identity sources, and exposes a logical, coherent, secure, and application-friendly view of your users to both internal and external applications. And it drives any business initiative where a global view of identity is essential, including web access management, portal, and cloud integration.
Sounds like a great solution, right? But first, let’s take a look at the problem we’re solving.
Applications, Security Protocols, and Identity Sources—Oh, My!
In any sizeable modern organization, there are many links tying applications, via disparate security and access protocols, to all the different identity sources. I call this the “Star Wars” effect:
For such companies, many internal, external, web, and cloud-based applications (A) must talk to many identity sources (I) using different security protocols (S), with every factor representing some number (N) of links—and every link costing lots of money ($$$) to develop, manage, and maintain.
When you do the math—A x I x S = N links (x $$$)—it’s basically a shoot-out at the Not-OK Corral, where you’re left with a brittle network of links, protocols, and identity representations that require a whole IT team to maintain. And whether your company is revamping its portal, adding a critical cloud-based application, or acquiring a partner, any changes put incredible (and incredibly expensive!) demands on a critical infrastructure.
An Identity Hub to Reduce Complexity and Rationalize your Infrastructure
Fortunately, there is a well-established pattern for solving the problem of too many links. By creating an intermediate layer—a hub—you can reduce the complexity of M x N interactions to more manageable and linear M + N connections. After all, this is why the airlines fly you through Denver or Charlotte or Chicago, instead of offering the chaos of thousands of direct flights between destinations.
Our federated identity service acts as a virtual identity hub, anchoring your identity infrastructure and enabling you to interconnect all the identities across the enterprise, no matter where or how they’re stored, for smarter security, better authentication, and more finely-grained authorization.
Now, this idea of an identity hub is not new—in fact, identity vendors have been trying to develop (or reinvent) some form of an identity hub for years, from the over-centralization of the ”enterprise directory,” to the efficient but inflexible meta-directory, and more recently the flexible but limited “classical” virtual directory based on simple mapping, routing, and proxy. After many years of experience with customer integrations, we know you need to combine the strengths of all these different approaches, and add a little special sauce on top, so let’s take a quick look at the technologies and processes underlying our solution.
By Michel Prompt, Founder & CEO
Last week’s webinar on “Data Clouds”, featuring Lyn Robison, Research Director for Data Management Strategies at Burton, is already generating a buzz in the blogosphere. In his recent blog post responding to the webinar, Jnan Dash expertly captured the data cloud concept. Formerly a senior executive at IBM and Oracle, Jnan’s insight into the architecture and potential of data clouds is impressive.
You’ll Need More than SQL in the Cloud
As Jnan mentioned, our background at Radiant is in directories and LDAP/X500. And in a world dominated by SQL and relational databases, one might wonder what a hierarchical data model could bring to the equation. Didn’t we all learn back in Database 101 that relational is the mother of all hierarchies and networks? Of course, I am being a bit disingenuous here, because unless you live on another IT planet, the buzz around an alternative model to straight-jacket SQL is growing stronger by the day. Just look into NoSQL or check out the excellent post in the identity space by my friend Dave Kearns.
By Michel Prompt, Founder & CEO
I cannot count the number of times customers or prospects have asked us to remap a relational database structure into a directory, or vice versa. So keeping a separate, different database structure for directories is and has been a very expensive operation for most companies.
So let’s take a look at why we need to have a separate database structure, and how we could reduce the pain of synchronization.
Now, in my previous post, I asked why we need directories in the first place. But I’d like to refine that question a little further:
- Do we need a hierarchical structure like a directory? (I’ll be discussing this question in future blog posts, so stay tuned!)
- And the issue behind today’s post: do we need a separate, different kind of database to support such a structure? (After all, didn’t we all learn that relational theory is the alpha and the omega, back in Database 101 class?)
Let’s face it, relational databases are:
- The workhorse of most enterprise applications.
- Well understood, well supported, and transaction-enabled.
- Currently optimized for updates.
- Potentially able to answer to all kind of queries.
So why not implement a directory using a relational model on top of standard SQL engine and avoid the complexity of having to synchronize two very different data models?
By Michel Prompt, Founder & CEO
From Static Directories to Context Servers
Bonjour, and welcome to the Radiant Logic blog!
My team and I will use this as a place to share ideas with you on directory virtualization, data services abstraction, and other topics, with a particular emphasis on identity and context. Now, you may have heard me talk about context before. You may have even thought to yourself, “context, context, it’s always context with this guy Michel.”
So what does digital identity have to do with context? And what does context have to do with directory virtualization? Well, if you’ll bear with me for a little detour through the world of directories, I think it will all begin to come into focus.
Directories: Plateau, Legacy…and Renaissance?
After a period of high excitement and fast adoption, directories (by that I mean essentially LDAP directories or their equivalent) have reached a plateau phase. Technically, there’s not much happening and to some extent they’re now legacy. At least, that’s what conventional wisdom would have you believe.
In fact, it’s the issues facing the current directories (and the whole data service layer, really)—things like difficult integrations and lack of flexibility—that have driven the trend toward virtualization. I’d compare it to the evolution of OS virtualization. In the beginning, IBM virtualization on mainframe and then VMware and other virtualization layers, was just about abstracting the low level hardware/devices, so that one legacy operating system would coexist with another. As progress was made, better understanding of this virtualization layer brought about the current craze of server abstraction and the move toward “elastic” and cloud computing.
