Some things I think are opportunities we can do:#

2014 LDAP:#

Tools for LDAP in general. There are only a few that are not done by the LDAP server vendors themselves and only a couple that do anything well. I recently got the Softerra LDAP Administrator and it does some nice things, but I think we could do more better.

Novell has an extremely well architected WEB (TOMCAT Based) frame work that does more than anything I have seen and it is customizable. Yet many things are Novell Product specific. Called emFRAME - http://developer.novell.com/ndk/imgrsdk.htm

2014 IAM governance#

Termed by Burton as Identity Access Management Governance.

There are a lot of portals available but there is an emerging standards and business requirements that will drive the wide implementations.

As compliance and audit is ever increasing within the US and EU, the ability to manage identities within the compliance realms and to provide proof of compliance via audits will require extensive increases in automation.

Business Drivers#

This IAM pressure will demand an application framework where:
  • requests for resources can be initiated by a user, manager or automation.
  • Policy can be applied to determine eligibility.
  • Workflow initiated for appropriate approvals
  • Tracking on request status

Some emerging standards will help:

Novell's User Provisioning Application is an example, however, it is not very robust and is ugly.

What is Needed#

What is needed, is a framework that is easily transported and integrated into an Enterprise that can provide

2014 LDAP Report Framework:#

All these enterprises are putting stuff in LDAP and very little abilities are present to get the data out.

A simple function like selecting the desired users and printing mailing labels currently requires a custom program. Almost every thing requires a custom program - Want to print mailing labels to the members of one group ?

Would be nice if we could come up with an ADO for LDAP and either a JDO or use the JNDI for LDAP that would then work transparently with WIN/NET and Java.

2008 ISAPI Filter:#

The LDAP ISAPI filter is still a big one and going to get bigger. Although at nationwide, many of their applications are three teir, the web server talks to an appserver that talks to the LDAP server, there are some that just need url's protected. The three teir stuff is pretty much done, but no one has really looked at the other, yet.

I found this

Several people have asked in news groups for:#

  • Performance tests. - Look at apache jMeter as a framework ?
  • Onetime transfer from one LDAP to another.

The Next Big Thing#

More Information#

There might be more information for this subject on one of the following: