{"id":983,"date":"2008-05-10T16:15:32","date_gmt":"2008-05-11T00:15:32","guid":{"rendered":"\/?p=983"},"modified":"2008-05-10T16:20:36","modified_gmt":"2008-05-11T00:20:36","slug":"talking-about-the-identity-bus","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=983","title":{"rendered":"Talking about the Identity Bus"},"content":{"rendered":"<p>During the <a href=\"http:\/\/www.kuppingercole.com\/events\/eic2008\" class=\"broken_link\">Second European Identity Conference<\/a>,\u00a0Kuppinger-Cole\u00a0did a number of interviews with\u00a0conference speakers. You can see these on the <a href=\"http:\/\/www.youtube.com\/profile_videos?user=kuppingercole&amp;p=r\">Kuppingercole channel<\/a> at YouTube.<\/p>\n<p><a href=\"http:\/\/vquill.com\/\">Dave Kearns<\/a>, <a href=\"http:\/\/jacksonshaw.blogspot.com\/\">Jackson Shaw<\/a>, <a href=\"http:\/\/daleolds.com\/\">Dave Olds<\/a> and myself <a href=\"http:\/\/www.id-conf.com\/blog\/2008\/05\/02\/interviews\/\">had a good old time<\/a> talking with <a href=\"http:\/\/blogs.kuppingercole.com\/gaehtgens\/\" class=\"broken_link\">Felix Gaehtgens<\/a> about the \u201cidentity bus\u201d.\u00a0 I had a real\u00a0&#8220;aha&#8221; during the interview while I was\u00a0talking with\u00a0Dave about why synchronization and replication are an important part of the bus.\u00a0 I realized part of the disconnect we&#39;ve been having derives from the differing &#8220;big problems&#8221;\u00a0each of us\u00a0find ourselves confronted with.<\/p>\n<p><a href=\"http:\/\/www.id-conf.com\/blog\/2008\/05\/02\/interviews\/\"><img src=\"\/wp-content\/images\/2008\/05\/felix.jpg\" \/><\/a><\/p>\n<p>As infrastructure people\u00a0one of our main goals is to\u00a0get over\u00a0our\u00a0&#8220;information chaos&#8221; headaches&#8230;\u00a0 These have become even worse as the requirements of audit and compliance have matured.\u00a0 Storing information in one authoritative place (and one only) seems to be\u00a0a way to get around these problems.\u00a0 We can then retrieve\u00a0the information\u00a0through\u00a0web service\u00a0queries\u00a0and drastically\u00a0reduce complexity&#8230;<\/p>\n<p>What does this worldview make of application developers who don&#39;t want to\u00a0make their queries\u00a0across the network?\u00a0\u00a0\u00a0Well, there must be something wrong with them&#8230;\u00a0 They aren&#39;t hip to good computing practices&#8230;\u00a0 Eventually they will understand the error of their ways and &#8220;come around&#8221;&#8230;<\/p>\n<p>But the truth is that the world of query looks different from the point of view of an application developer.\u00a0<\/p>\n<p>Let&#39;s suppose an application wants to know the name corresponding to an email address.\u00a0 It can\u00a0issue a query to a remote\u00a0web service or\u00a0LDAP directory and get an answer back immediately.\u00a0 All is well and accords with\u00a0our ideal view.<\/p>\n<p>But the\u00a0questions\u00a0application developers\u00a0want to answer aren&#39;t always of the simple &#8220;do a remote search in one place&#8221; variety.<\/p>\n<p>Sometimes an application needs to do complex searches involving information &#8220;mastered&#8221; in multiple locations.\u00a0\u00a0\u00a0I&#39;ll make up\u00a0a very simple &#8220;two location&#8221; example to demonstrate the issue:\u00a0\u00a0<\/p>\n<blockquote><p>&#8220;What purchases of computers were made by employees who have been at the company for less than two years?&#8221;<\/p><\/blockquote>\n<p>Here we have to query &#8220;all the purchases of computers&#8221; from the purchasing system, and &#8220;all empolyees hired within the last two years&#8221; from the HR system, and find the intersection.<\/p>\n<p>Although the intersection might only represent a few records,\u00a0\u00a0performing this query remotely and bringing down each result set is very expensive.\u00a0\u00a0 No doubt many computers have been purchased in a large company, and a lot of people are likely to have been hired in the last two years.\u00a0 If an application has to perform this type of\u00a0 query\u00a0with great efficiency\u00a0and within a\u00a0controlled response time,\u00a0 the remote query approach of retrieving all the information from many systems and working out the intersection may be totally impractical.\u00a0\u00a0\u00a0<\/p>\n<p>Compare this to what happens if\u00a0all the information necessary to respond to a query is\u00a0present locally\u00a0in a single database.\u00a0 I just do a &#8220;join&#8221;\u00a0across the tables, and the SQL engine\u00a0understands exactly how to\u00a0optimize the query so the result\u00a0involves little computing power and\u00a0&#8220;even less time&#8221;.\u00a0 Indexes are used and distributions of values well understood: many thousands of really smart people have been working on these optimizations in many companies for the last 40 years.<\/p>\n<p>So, to summarize, distributed databases (or queries done through distributed services) are not appropriate for <strong>all purposes<\/strong>. Doing\u00a0certain queries in a distributed fashion\u00a0works, while in other cases it leads to\u00a0unacceptable performance.<\/p>\n<p>The result is that many application developers &#8220;don&#39;t want to go there&#8221; &#8211; at least some of the time.\u00a0 Yet their applications must be part of the identity fabric.\u00a0 That is why the identity metasystem <em>has to include application databases populated through synchronization and business rules.<\/em><\/p>\n<p>On another note, I recommend the\u00a0interview with\u00a0<a href=\"http:\/\/www.youtube.com\/watch?v=3xqCGa6i6hs\">Dave Kearns on the importance of context to identity.<\/a>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Application developers see the world of query differently than infrastructure architects&#8230;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[43,8,58,42],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/983"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=983"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/983\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}