Illustration by Steart Biers

Its potential is enormous. Internet service providers (ISPs) plan to use LDAP and directories supporting it to build outsourci ng businesses that will assume in-house corporate server functions. Webmasters plan to use the protocol to create and update home pages dynamically. Internet search engine providers want to tap LDAP-based directories to access information now hidden in databases behind static Web pages (see Network Computing Online interview with HotBot's Ed Anuff, www.NetworkComputing.com).

Novell and Zoomit Corp. are working on plans to bring LDAP-accessible directories to the desktop, so individual users can securely partition their files to share information with select groups or the general public (see Network Computing Online interview with Nov ell's Michael Simpson, www.

NetworkComputing.com, and September 1 H-Report, page 24). And with the kind of universal access that will evolve as LDAP finds its way to the Web browser, corporate users are devising ways to make intranet directories more meaningful--to build user-accessible directories that describe network devices and people in easily understood terms.

Furt hermore, widespread adoption of LDAP, currently supported by 40-plus vendors, is expected to generate a wealth of new workflow applications built around directory services. Administrative applications like those supporting single sign-on or creation of user-tailored desktop configurations at any workstation on the network are apt to evolve first, but user-based applications will follow. Some believe users eventually will be able to view home pages in a directory format that provides a logical view--including helpful abstracts--of the information within a home page.

The ultimate goal of the LDAP movement is to achieve universal browser access to a multiplicity of operating systems, e-mail and other directories that populate today's corporations. LDAP's acceptance also is seen as a way to clear a path for the acceptance of metadirectories, which provide a single view into multiple directories. For application developers, a standards-based approach like that possible with LDAP means the chance to cut costs and time to market and ease the often-expensive task of central directory management.

Bouncing the Baby Of course, all this is like bouncing a baby on your knee and envisioning a rosy future. Before that future can be attained, many hurdles must be cleared. The most critical is that users will need to install a whole new security infrastructure based on standards that are not yet mature. Without strong authentication, directory access becomes an open invitation to wreak havoc on an int ranet or the Internet.

Although authentication is included in LDAP version 3, that specification was approaching only draft status within the Internet Engineering Task Force (IETF) by late August. Before LDAP can be generally used beyond the more secure boundaries of intranets, public key technology and certificate servers must become more widespread.

Even with LDAP, there is the question of whether vendors will--or even should--settle on a single standard for replication and synchronization between servers. Vendors are split on whether there is a need to support a lowest common denominator schema set (Netscape Communication Corp.'s position) or if they should simply presume that multiple schemas will always exist and architectures should be adjusted accordingly (Novell's stance).

Vendor infighting is another hurdle. In fact, the entire industry seems to be engaged in a witch-hunt, with each participant bent on unmasking the proprietary magic of its competitors. There are those who criticize Netscape for using its early support of LDAP to add to the specification, while keeping those enhancements private until the last minute. Others accuse Novell of paying lip service to LDAP while favoring its own Novell Directory Services (NDS). Microsoft stands accused of using its Open Directory Services Interface (ODSI) application programming interface (API) as a stalling tactic while it tries to figure out a directory strategy. And IBM is accused of time traveling, for thinking there's a market for the vintage Distrib uted Computing Environment (DCE) alongside LDAP.

Of course, all vendors deny all charges. But they admit there's little incentive to push for a coalition to work