Novell Reveals eDirectory Revamp

Novell's new directory architecture, called Destiny, focuses on next-generation identity management. Destiny will be rolled out in modules over the next 18 months with the first key release--a UDDI server--due out later this year. The company will also release a software that supports single sign-on based on the newly released 1.0 specification from the Liberty Alliance.

Destiny, launched at The Burton Group's Catalyst conference in San Francisco, will initially consist of modules that run on top of the existing NDS/eDirectory platform, though the company intends to rewrite the code of the core directory to move away from the single root architecture it is now based on to a dynamic XML-based model.

Despite the fact that Novell's announcement is a long-term road map, Novell business partners are hoping Destiny will give them an opportunity to up-sell directory-based applications such as identity and policy management.

"What this means to me is I need to get my engineers up to speed to make sure I'm ready to support the new technology," says Doug Oucts, Novell practice area manager at Ikon Office Solutions.

The new platform introduces significant changes to Novell's directory architecture. In addition to supporting the UDDI specification, Destiny will be based on key Web services standards including XML and SOAP. Just as NDS 8 raised the bar on scalability and native LDAP support, Novell is positioning Destiny as a platform for secure identity management, using XML-based Web services to replace a more static directory with a dynamic one that can support policies and rules within an enterprise and an extended enterprise such as an extranet or private hub. Noteworthy about Novell's UDDI server is it will add access control.

Despite the fact that vendors such as HP, IBM, Sun and Microsoft, among others, have developed UDDI tools, Destiny marks what could be an aggressive push develop secure connectivity between UDDI registries using a network directory-based architecture. UDDI registries can be public or used in private, Internet-based networks to store information about individuals, components, policies and relationships between data. Despite the fact the UDDI effort began in full force almost two years ago, Destiny is Novell's first major statement on the key Web services technology.

"They are really late getting on the UDDI bus," says Burton Group analyst Mike Neuenschwander.

Nevertheless, Neuenschwander says Novell has submitted the schema definitions to the IETF that allow users to securely store UDDI information in an LDAP directory.

"That' was a leading thing to do around UDDI," he says.

Ed Anderson, director of product management for Novell's Identity Services Group acknowledged other vendors offer UDDI registries and tools but says they lack security and access control.

"Yes there are UDDI servers that function as public registries for Web services, the problem is there is no trust associated with them," Anderson says. "Anyone can publish into them and query information out of then but that doesn't match with business requirements our customers have."

For example, if Novell wants to let a business partner share a Web service to access its own travel application, the partner could use a UDDI repository to access the company's Web-based travel application, Anderson says.

Still, Neuenschwander says there are two issues. For one, Novell was initially slow to embrace LDAP in the mid to late 1990s, Neuenschwander says.

"When the whole LDAP thing happened, it took Novell by surprise--they initially did nothing about cross platform support for LDAP for several years," he says. "The good news is they recognize they need to do something here, but the second problem is it takes a while to engineer these things--years."

Despite its 18 month roadmap for delivering the Destiny architecture, it may take much longer.

"I told them I'll believe it when there's engineering behind it and a beta coming up," Neuenschwander says.

Ikon's Oucts says there's no rush--many of his customers are just now upgrading to NetWare 6.0 and the current eDirectory, but he sees secure identity management with products like Novell's existing iChain as a key thrust going forward.

"The clients we've been working with are upgrading their infrastructures but the next phase is account management," Oucts says.

Novell says it plans to deliver the UDDI repository by year's end. Less clear are plans to release the new directory code and other new modules, including a policy engine, support for dynamic identity where relevant data on a user corresponds with specific applications and those querying data, and support for federated trust with support for various forms of authentication and credentials including Microsoft's Passport, the Liberty Alliance and specifications such as the Security Assertations Markup Language (SAML).

Anderson did indicate its pending acquisition of SilverStream will likely play a role in Destiny, particularly its developer tools and Web application server. But Burton Group's Neuenschwander says he's skeptical of the SilverStream deal.

"SilverStream's Web app software is mostly used for testing," he says. "If they bought BEA back, that would have been a Web services move."