Monday, December 22, 2008
How come there is no innovation in LDAP?
Misc thoughts on LDAP...
1. Regardless of whether you are using Microsoft ADAM, OpenLDAP, OpenDS or Oracle Virtual Directory, the challenge of adding/removing users remains. Maybe they shouldn't think of identity management as something separate but instead figure out how to incorporate support for the SPML protocol directly into the core.
2. There are lots of LDAP tools that will allow you to administer users, browse schemas, etc but none that will allow you to actually model in LDAP. Consider how many tools allow you to produce an ER diagram, so why can't a few do the same for LDAP? I would love to see Mark Wilcox of Oracle take the lead in getting an Eclipse plugin created. Likewise, if Pat Patterson could do the same for Netbeans, it would rock.
3. Someone should figure out a way to incorporate the notion of referential integrity into the protocol such that LDAP stores can have the same functionality as relational databases.
4. Most J2EE application servers support the notion of JDBC connection pooling. What would it take for the LDAP folks to push for a standard way of doing LDAP connection pooling to be incorporated into J2EE containers instead of everyone writing their own?
5. Many within OWASP talk about the importance of protecting against SQL Injection, but the notion of LDAP Injection also exists. What if the LDAP servers could provide an interface that would allow you to at least validate input? Would it be great if you could attach a regular expression to each AttributeClass?
| | View blog reactions1. Regardless of whether you are using Microsoft ADAM, OpenLDAP, OpenDS or Oracle Virtual Directory, the challenge of adding/removing users remains. Maybe they shouldn't think of identity management as something separate but instead figure out how to incorporate support for the SPML protocol directly into the core.
2. There are lots of LDAP tools that will allow you to administer users, browse schemas, etc but none that will allow you to actually model in LDAP. Consider how many tools allow you to produce an ER diagram, so why can't a few do the same for LDAP? I would love to see Mark Wilcox of Oracle take the lead in getting an Eclipse plugin created. Likewise, if Pat Patterson could do the same for Netbeans, it would rock.
3. Someone should figure out a way to incorporate the notion of referential integrity into the protocol such that LDAP stores can have the same functionality as relational databases.
4. Most J2EE application servers support the notion of JDBC connection pooling. What would it take for the LDAP folks to push for a standard way of doing LDAP connection pooling to be incorporated into J2EE containers instead of everyone writing their own?
5. Many within OWASP talk about the importance of protecting against SQL Injection, but the notion of LDAP Injection also exists. What if the LDAP servers could provide an interface that would allow you to at least validate input? Would it be great if you could attach a regular expression to each AttributeClass?
