Registry&Directory Infrastructure�Themes / Philosophies, cont’d
How effectively user-oriented applications can leverage off of a directory infrastructure is directly proportional to how well-formed and well-specified the system’s notions of identifiers & names are.
The currently prevalent directory access protocols, in and of themselves, are not “strong” authentication protocols.
Directory technology is a key underlying enabler for Authorization Services (among lots of other possibilities).
Like the “single-sign-on” notion morphing into “fewer-sign-ons”, the “single directory repository per administrative domain” notion should more realistically be “fewer repository/directories, with cleanly-crafted roles and data feeds”.