By Tim Howes, CTO ClearStory Data & Co-inventor of LDAP
Over 20 years ago, my colleagues and I created a novel protocol. We called it Lightweight Directory Access Protocol or LDAP for short. The problem at the time was that it was difficult to create a directory of users and control what they had access to. Mind you this was very early in the PC movement and mainly we were working on Unix-based systems at the University of Michigan. At that time, the X.500 Directory Access Protocol (DAP) was the standard, but it was complex and heavy. So, in an era that we thought was moving more towards TCP/IP, our concept was to simplify the ability for organizations to manage a directory service.
LDAP has held up remarkably well over the years and I think all of us that worked on it early on are a little surprised that it took hold in the way that it did. Directory services platforms such as OpenLDAP and Microsoft Active Directory both were based upon the open source protocol. Systems and applications for the last couple of decades support the ability to authenticate via LDAP and/or convey information via the LDAP protocol. As a standard, LDAP has done its job. Organizations have been able to leverage directory services without complex or largely custom implementations.
Fast forward a couple of decades and the world is a far different place – especially in IT. Technology has integrated with just about every aspect of our lives and no longer are complex systems acceptable. In an era where children have smartphones and most adults have access to computers even in developing nations, the ability to connect business professionals to the systems, applications, and networks that they need is a core IT task. Work wouldn’t get done without this function. Arguably, the model of who can access what in a corporation is about as critical as the physical, underlying network itself.
The challenge for these organizations is that the world isn’t all LDAP, it’s not all behind a firewall, and it isn’t all Microsoft either. That scenario is long gone, replaced by solutions such as AWS, Google Apps or O365, cloud applications, smartphones / tablets, and Mac and Linux devices. Now connecting users to IT resources they need is a great deal more complex. IT organizations need to factor in different locations and security models, different platforms, and new protocols. LDAP isn’t enough.
The future of directory services is a leap from where we are today. Most organizations leverage on-prem solutions to solve this need, but that will change. A cloud-based directory service will be the answer, delivered as a SaaS-based solution. With a world that is racing towards many different platforms and best of breed solutions, an independent directory will be the answer. It will serve IT organizations best by connecting users to a variety of different types of systems, applications, and networks. Those IT resources may be located on-prem or in the cloud. They could support LDAP, or any of a dozen other identity protocols that have emerged. Security will be a foundational element – something that has increased in importance over the last twenty years. IT organizations won’t have to manage the details of the system, but will be able to consume just what they need as they need it. This vision is critical because it is the gateway to every organization maximizing it’s potential by leveraging the IT solutions that are best for it.
Over the last decade the directory service has largely been taken for granted, with little innovation or thought being given to its value and importance. With the advent of the cloud, that has all changed. Building a modern core directory service is a vital task and one that JumpCloud is taking very seriously. Their Directory-as-a-Service® platform represents the future of directory services. I believe it is the model of what IT organizations will leverage over the next two decades.
I’m proud to join JumpCloud’s Technical Advisory Board to advise and support them on the journey of reimagining a directory service.
-Tim Howes, CTO ClearStory Data & Co-inventor of LDAP