Attention application developers: Obey Dave Kearns!

Dave Kearns, knife freshly sharpened, responded to my recent post on metadirectory with the polemic, “Killing the Metadirectory“:

… My interpretation is that the metadirectory has finally given way to the virtual directory as the synchronization engine for identity data. Kim interprets it differently. He talks about the “Identity Bus” and says that “…you still need identity providers. Isn’t that what directories do? You still need to transform and arbitrate claims, and distribute metadata. Isn’t metadirectory the most advanced technology for that? ” And I have to answer, “no.” The metadirectory is last century's technology and it's day is past.

The Virtual Directory, the “Directory as a Service” is the model for today and tomorrow. Data that is fresh, always available and available anywhere is what we need. The behemoth metadirectory with it's huge datastore and intricate synchronization schedule (yet is never quite up to date) are just not the right model for the nimble, agile world of today's service driven computing. But the “bus” Kim mentions could be a good analogy here – the metadirectory is a lumbering, diesel-spewing bus. The virtual directory? It's a zippy little Prius…  [Full article here]

Who would want to get in the way of Dave's metaphors?  He's on a streak.  But he's making a fundamental mistake, taking an extreme position that is uncharacteristically naive.  I hope he'll rethink it.

Applications drive infrastructure

Here's the problem.  Infrastructure people cannot dictate how application developers should build their applications.  Applications – providing human and business value – drive infrastructure, not the other way around.  Infrastructure people who don't get this are doomed. 

Dave's neat little story about web service query needs to be put in the crucible of application development.  We need to get real.

Telling application developers how to live 

Real-time query across web services solves some identity problems very well.  In these cases, application developers will be happy to use them.  But it doesn't solve all their identity needs, or even most of them.  When Dave Kearns starts to tell real live application developers they shouldn't put identity information in their databases, they'll tell him to take his zippy Prius and shove off. 

Application developers like to use databases and tables.  They have become expert at doing joins across tables and objects to produce quite magical results.  As people and things become truly first class objects in our applications, developers will want even more to include them in their databases. 

Think for a minute about the kinds of queries you need to do when you start building enterprise social networks.  “Show me all the friends of friends who work in a class of projects similar to the ones I work in…”  You need to do joins, eh?  So it's not just existing enterprise applications that have the need to support distributed storage – it's the emerging ones too.

Even thinking for a moment just about Microsoft applications – SharePoint provides a good example  – the developers ran into the need to maintain local tables so they can get the kind of performance and complex query they need.  Virtual directory doesn't help them one iota in solving this kind of problem.  Nor do web service queries.

Betting big time against the house 

I admire many aspects of Dave's thinking about identity.  But I pity anyone who follows his really ideological argument that virtual directory solves everything and distributed storage just isn't needed.  We need both.

He's asking readers to bet against databases.  He's asking them to bet against the programming model used by application developers.  He's asking them to forget about performance.  He's asking them to take all the use cases in the world and stuff them into his Prius – which is actually more like a hobby horse than a car.

Once you have identity data distributed across stores you either have chaos or you have metadirectory.  I'll explore this more in upcoming posts.

Meanwhile, if anyone wants to bet against the future of databases and integration of identity information into them, drop me a note and I'll set up a page to take your money.  And at the same time, I recommend that you start training for a second career.

This said, I'm as strong a believer in using web services to query for claims in real time as Dave is.  So on that we very much agree.

Published by

Kim Cameron

Work on identity.