What is a directory?
A directory is a product that contains information pertaining to user identities and network resources. Within the directory is information on what each user's identity is, how to properly authenticate their identity, and what resources they are authorized to use.
Most directories implement the LDAP/X.500 protocols for interfacing. These protocols are standard and widely implemented in today's technology. They allow other services to request information from the directory about any of the objects it holds. The objects within a directory can be managed using a directory service. A directory service gives administrators the ability to control how identification, authentication, and authorization take place across network systems and resources.
To illustrate this, let's look at a Windows environment. When a user logs in to their local machine they log in to a domain controller. Within this domain controller is a directory containing information on who you are and what you can do. The directory service provides access to the directory for any applications or resources you may like to use so that they can check anytime you try to access their objects.
Their role in IdM
Directories provide a central place for applications and resources to check if a user is allowed to use something. Rather than having to identify and authenticate yourself every time you'd like to print or view a file, and rather than applications having to look in a hundred different places or store the information themselves, directories provide a simple solution.
So are there downsides? Of course, there always are. Because directories are stand-alone systems, other systems have to be able to communicate with them. This isn't a problem for newer systems as we now have the standard protocols X.500 and LDAP. It can be an issue for any legacy systems, however. If a company has a financial system that was designed in the eighties, chances are it will not be able to communicate with a directory. The solution? Buy new software, or be prepared to configure the system manually.
No comments:
Post a Comment