357 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Token bucket!
Sun, Jun 8th 2014 289
"Employee of the Quarter" (not)
Fri, Dec 27th 2013 327
Geek-o-Terica 17: Accuracy vs. Precision, The Time Drift Chronicles
Mon, Sep 9th 2013 177
Some Interesting Tech I’ve Been Involved With Lately
Sat, Apr 20th 2013 198
The Interesting Difference Between "Exception" and "RuntimeException" (Java)
Sat, Feb 2nd 2013 163
Geek-o-Terica 14: How Using "LimitEntries" Can Mess Up Db Replication (Unintended Side-Effects)
Wed, Jan 16th 2013 187
"Reflections on Reflecting Light" - Java program
Wed, May 9th 2012 143
Top 10
How to get ALL of the documents: db.search() vs. db.AllDocuments vs. AllDocuments view
Mon, Oct 25th 2010 638
"Employee of the Quarter" (not)
Fri, Dec 27th 2013 327
Token bucket!
Sun, Jun 8th 2014 289
Geek-O-Terica 15: Easy conversion of Notes documents to MIME format (Part 1)
Mon, Mar 21st 2011 288
Geek-O-Terica 16: Easy conversion of Notes documents to MIME format (Part 2)
Mon, Apr 4th 2011 213
Some Interesting Tech I’ve Been Involved With Lately
Sat, Apr 20th 2013 198
Geek-o-Terica 14: How Using "LimitEntries" Can Mess Up Db Replication (Unintended Side-Effects)
Wed, Jan 16th 2013 187
Geek-o-Terica 12: Finding databases by Replica ID vs. by path
Mon, Nov 15th 2010 182
Using Fiddler to monitor HTTP traffic in Domino Java agents
Mon, Mar 14th 2011 179
Geek-o-Terica 17: Accuracy vs. Precision, The Time Drift Chronicles
Mon, Sep 9th 2013 177


Market Opportunity: Someone should create a directory service based on RDBMS
Bob Balaban    

Greetings, Geeks!

I had an idea a few years ago that it would be a great idea for IBM (or someone) to create a directory service that could be used BOTH for server and application security AND for application services. Like the directory in Domino does for Notes and Domino app builders today, but based on a platform (RDBMS) that everyone already has.

When I (re-) joined IBM in 2005, I wrote it up on an internal blog site. I think I got 3 comments. But I still think it's a good idea, and, so far as I can tell, nobody's implemented it yet. See what you think.

Here's a series of propositions that lead me to think that directory services should be based on relational database technology, especially to support collaboration technologies:

1.        Collaboration technology rests, as one of its major foundations, on directory services. So do many other kinds of applications.
2.        Most companies treat directories as security mechanisms only
3.        Developing collaboration-based applications depends in part on access to good directory services, and that means a lot more than mere security
4.        LDAP is good, but not good enough for collaboration apps
5.        Directory services would improve dramatically if they were based on a transacted, relational data store
6.        Nobody (that I know of, anyway) is combining these 2 technologies
7.     Somebody should

I don't want this to turn into a book, so I will be brief in addressing these points.

1. Collaboration technology rests, as one of its major foundations, on directory services
Collaboration online, as well as a lot of other things that happen online, depend on the application authenticating the user before allowing access. You have to know who the user is before deciding a) what they're going to be allowed to do, and b) to track what they did when they've done it. Without reliable authentication, you don't have either security OR collaboration (you can't collaborate when you don't know who is contributing to your content/workflow). Authentication and authorization both depend on access to a trusted directory service. Furthermore, directories are the right place to store the organizational information (e.g., "reports-to" hierarchies) that are required for most kinds of workflow apps.

2. Most companies treat directories as security mechanisms only
Again, I think this is obvious by inspection. Certainly Microsoft has this attitude -- just look at any of their so-called Single Sign-on programming examples for .net. They all depend on looking up a password or something in a SQL database, nobody (in her right mind) would try to store that stuff in Active Directory.

3. Developing collaboration-based applications depends in part on access to good directory services, and that means a lot more than mere security
Anyone who has developed a workflow app knows this. Beyond authentication you need authorization. And it has to accommodate per-application role-based stuff, not just coarse-grained access control. And you need it exposed in a way that's easy for AppDev types to use (LotusScript, @functions, whatever), in addition to the usual declarative mechanisms (e.g., ACLs). The directory "schema" needs to be extensible to accommodate random applicatoin needs.

4. LDAP is good, but not good enough for collaboration apps
The beauty of using a standard protocol like LDAP to access directory services is that you don't have to care how the service is implemented, right? Well, only if "you" are an application developer. Then you don't, but if you're an admin, you sure do have to worry about it, because you have to build, populate and maintain it. These things are expensive, especially the maintenance part. Extensibility is difficult, because the underlying schemas are usually too rigid (this is an area where Domino really shines, the directory is "just another database", and it's not hard to extend the schema). I had the misfortune recently to have to use Active Directory APIs in a .NET app I built to test whether a given string represented a valid user name. Sheesh. All I can say is, it might be inflexible, but at least it's really hard to use.

J2ee says nothing about directories -- "just use LDAP". So they punt, which is reasonable for an app server, it gives you the ability to plug in the best available product. If you were going to implement a directory server with large data storage requirements, and with the ability to do a number of the things I mentioned above, what would you pick? I, for one, would NOT pick ISAM files. I've already said I like the flexibility provided by Domino's NSF solution, but of course that's not practical for all enterprises (especially if they don't have or want to install Domino).

5. Directory services would improve dramatically if they were based on a transacted, relational data store
What are the characteristics a "good" directory service MUST have? Accessibility (no problem). Standard protocols (you can layer LDAP on top of nearly anything). Easy to administer/populate/query/maintain volatile data (that's what relational is all about). Secure (duh). Must be EASY to extend to handle arbitrary, per-application, per-user and per-group data (this is almost trivial in the relational model, just create a new table and join....).

6. Nobody is combining these 2 technologies
I know Microsoft isn't (yet), nor is IBM. I discussed this topic with a Microsoft exec a few years ago (again, before I was an IBMer). I asked why they weren't doing this already (they have a good dbms too). "Too hard" he said. Personally, I don't think much of that as an excuse. If it's important enough, you find a way. But it's good news for everyone else -- it's a wide open space, with no other serious players. Google has yet to release an enterprise directory service of any kind, let alone the kind I'd like to see...

9. The opportunity is there!
Someone could take a neglected area of online computing infrastructure and elevate it into a first-class member of a collaboration suite. They could own THE directory technology foundation of the next 25 years. Think of the patents! The market share! Think of all those happy, happy application developers (not to mention end-users)!

Of course, there are problems. You need more than just fast lookups and the ability to handle a lot of data. You need to add application artifacts (which, by definition, are not knowable in advance) seamlessly. And eventually that means that you have to modify the directory schema in some way or other. In the worst case, you might have to modify it for each class of applications that your enterprise needs to deploy (and that can be a lot). Sure, you can create generic schemas for application artifacts, up to a point, but the more you do that, the more you lose the ability to index in meaningful ways, and the more you slow down access. Sooner or later you're going to want to modify the schema.


(Need expert application development architecture/coding help?  Want me to help you invent directory services based on RDBMS?? Contact me at: bbalaban, gmail.com)
Follow me on Twitter @LooseleafLLC
This article ©Copyright 2010 by Looseleaf Software LLC, all rights reserved. You may link to this page, but may not copy without prior approval.


---------------------
http://www.bobzblog.com/tuxedoguy.nsf/dx/market-opportunity-someone-should-create-a-directory-service-based-on-rdbms
Sep 10, 2010
69 hits



Recent Blog Posts
289


Token bucket!
Sun, Jun 8th 2014 11:10a   Bob Balaban
Greetings, geeks! I came across this problem on a project I'm doing: given a RESTful API on a web application server, how do you "throttle" calls so that a given authenticated user can only make a certain number of calls (N) per time interval (W), where both N and W are configurable. The solution I came up with is basically a “Token Bucket” with a sliding time window. What surprised me when I got something working was how easy it really was to implement. The context in whi [read] Keywords: application applications java server twitter
327


"Employee of the Quarter" (not)
Fri, Dec 27th 2013 2:20p   Bob Balaban
Greetings, geeks! This one is not a technical topic, so feel free to move on. In my work email today, I received a shotgun message announcing the current "Employee of the Quarter". The lucky designee receives preferential parking (near the building entrance) for 3 months. There was a long-ish description of how great the EotQ is, and why they were selected for this honor. Not to take away from someone who is obviously (from the email description) a very hard worker, get-it-done typ [read] Keywords: email twitter
177


Geek-o-Terica 17: Accuracy vs. Precision, The Time Drift Chronicles
Mon, Sep 9th 2013 5:20a   Bob Balaban
Greetings, geeks! Ever need a software timer to see how long it took to do something? This is a common task, right? And the basic technique is simple: capture the current time, do your thing, preferably for a while so that you average out a large number of operations to eliminate random perturbations, capture the current time again, and report on the difference between the two times. Sounds easy, right? But there are complications. Such as: What is the relative granularity of the time span you a [read] Keywords: applications java laptop network server twitter vm
198


Some Interesting Tech I’ve Been Involved With Lately
Sat, Apr 20th 2013 8:00p   Bob Balaban
Greetings, geeks! Some of you have been wondering what I've been up to lately. No, not a stealth-mode startup, not a new API for Notes/Domino, nothing like that. In fact, I'm at about the 6-month mark in a whole new (to me) tech area: storage and storage management. It's one of those things that's a whole lot more complicated than you'd ever think, until you start to dig into it. Me, I thought a "disk" started and ended with that box on the end of a USB cable that you plug into a la [read] Keywords: domino notes laptop twitter
163


The Interesting Difference Between "Exception" and "RuntimeException" (Java)
Sat, Feb 2nd 2013 6:30p   Bob Balaban
Greetings Geeks! I hope everyone who attended Lotusphere IBMConnect '13 had a good time and has returned home safely. I didn't attend (again, I stopped going after the first 17), but I've been hearing that it was pretty good. I learned something new about certain types of exceptions in Java programming the other day. Here's the context: I had an Enum class with a few items in it I had a String that came from outside the program that I wanted to convert into an enum'ed constant Thi [read] Keywords: lotusphere application java twitter
187


Geek-o-Terica 14: How Using "LimitEntries" Can Mess Up Db Replication (Unintended Side-Effects)
Wed, Jan 16th 2013 12:12p   Bob Balaban
Greetings, Geeks! This one is going to get uber-geeky real fast, so hang onto your gaming consoles. We need a little background, but I'll keep it brief. Most of you probably know that whenever a document is saved (written to disk in the NSF), 2 list items automatically get updated: $UpdatedBy is a list of the names of the people who modified (and, initially, created) the document. The $Revisions item is a list of date/time values indicating the times at which the updates occurred. So, t [read] Keywords: lotus notes ods application database development properties twitter




143


"Reflections on Reflecting Light" - Java program
Wed, May 9th 2012 6:10p   Bob Balaban
Greetings Geeks! Today it is my very great pleasure to introduce to you a new guest blogger: my son David. He has graciously allowed me to prevail upon him to write about his recent science fair project, titled "Reflections on Reflecteing Light". That may sound innocuous, but to quote one of my favorite movies, "That's no ordinary rabbit!". David took this project through our local high school's science fair, was invited to the regional fair, and then to the Massachusetts state science [read] Keywords: blogger email java
144


Happy 5th? Yeah, 5th
Tue, Apr 10th 2012 8:40p   Bob Balaban
Greetings Geeks! So. March 30, 2007 was my first blog entry. Evidently I missed my own 5th Blanniversary! :-( Better late than never, I suppose. In theory, anyway :-) I know I don't post here often, but I do hope that when I do post, it's worth reading. For some people, anyway. I'll quote from a nice person who commented on that first post: "energetic,funny,cute--that's what I feel about you from your special explanation about "In Theory".I think you must be very content while wr [read] Keywords: lotus notes xpages application development twitter
135


"Programming Domino With Java" - Final Flush
Mon, Jan 2nd 2012 3:10a   Bob Balaban
Happy New Year, Geeks! Here's the 7th (and final) installment of the book. Thanks again for all the positive feedback. The first installment can be found here The 2nd installment is here The 3rd is here The 4th is here The 5th is here and the 6th is here All of the book content (as is all of the content on this blog) is Copyright 1998 and 2011 by Looseleaf Software, Inc. You may not reproduce or distribute the book's content without permission from me. Some Caveats and ex [read] Keywords: domino ibm lotus notes R5 application development java twitter
140


"Programming Domino With Java" - Sixth Sip
Tue, Dec 6th 2011 10:30a   Bob Balaban
Greetings, Geeks! Here's the 6th installment of the book. Thanks again for all the positive feedback. The first installment can be found here The 2nd installment is here The 3rd is here The 4th is here The 5th is here All of the book content (as is all of the content on this blog) is Copyright 1998 and 2011 by Looseleaf Software, Inc. You may not reproduce or distribute the book's content without permission from me. Some Caveats and explanations: - This book is now 12 ye [read] Keywords: domino ibm lotus lsx notes R5 application development interface java microsoft twitter




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition