[Ietf-not43] a perspective on LDAP v IRIS.

David Blacka davidb at verisignlabs.com
Tue Aug 19 13:56:04 EDT 2003 

On Tuesday 19 August 2003 12:10 pm, Eric A. Hall wrote:
> 
> on 8/19/2003 10:34 AM David Blacka wrote:
> 
> I don't doubt that you ran into the difficulties you did as a result of
> trying to pursue the course you chose.
> 
> > You may wish to keep in mind that the RLDAP project was far more 
> > heavily focused on reuse than FIRS: it strove to not introduce any new 
> > objectclasses, attributes, controls or extended matching rules.
> 
> Exactly right. A couple of the problems you encountered would still exist
> with FIRS, but for the most part, starting with a different objective
> (optimizing the application space accordingly) would have produced some
> significantly different result. As you allude to in the text above (and
> which would probably have been more helpful as intro text rather than
> outro by-the-way), your path doesn't really say much about how well the
> FIRS approach would work.

As far as I can tell, FIRS would be harder to implement at our level, not 
easier.  Which of the problems that I described would be alleviated by 
FIRS?  I will admit that I don't entirely grok FIRS.  It certainly looks 
like the client side would be harder (than RLDAP clients).

One of the main things that I wanted to show through my story was that we 
ultimately rejected LDAP for actual, valid, non-religious reasons.

> > But when we finished, we realized that if we had to 1) essentially 
> > create a custom LDAP server and 2) create custom clients, reusing LDAP
> > was losing its appeal.
> 
> Yes, FIRS optimizes the client and server. Whether or not this diminishes
> the primary benefit depends on how you define the benefit. If your target
> was to reuse LDAP browsers, I can see how the evidence would support that
> conclusion. On the other hand, if the target is general data-availability
> and reuse, then I would argue that the objective was proven once the
> assumptions were adjusted.

Our target was to use technology that would reduce implementation costs on 
both the client and server sides.  And the project proved to us that LDAP 
(in this case) did not do that.

And honestly, from what I can tell (and again, I might be wrong), FIRS is a 
move in the opposite direction from that target.

> >  This led us to a philosophy that, ultimately, led to IRIS.
> 
> Could you possibly clarify how IRIS addresses either of the targets
> described above? I mean, there are a whole lot less clients and servers
> out there, so reusing technology isn't a benefit, nor is reusing data.

I think I don't know what you are talking about when you say "reusing 
data".  What data?

The move towards IRIS was a move towards doing software reuse at a 
different level.  IRIS certainly reuses technology, just not an entire 
application substrate.

There aren't many FIRS clients and servers out there either.  One of the 
points I hoped folks might draw from my little story was that for those 
organizations that will *have* to stand up a CRISP service, they aren't 
any closer to implementing a FIRS solution than an IRIS one. 

> Perhaps you redefined your objectives along the way? And if so, what are
> they now?

I don't think we redefined our objectives at all.  Fundamentally what we 
did was change our engineering approach.  And I, at least, changed my 
underlying directory service philosophy.

-- 
David Blacka    <davidb at verisignlabs.com> 
Sr. Engineer    Verisign Applied Research

More information about the Ietf-not43 mailing list