Application Security, Part 6
Now, let’s step back to ADAM and merge MIIS into the picture. Data for the users of our application is stored in ADAM. When our application is deployed in an enterprise with one or more directory services, then MIIS can be used to get the data for the users residing in those directory services into ADAM, as well as for keeping the data on those users in ADAM up to date as changes are made in the directory services. In that scenario, the problem of multiple user data repositories is solved by having the meta-directory provided by MIIS keep the repositories coordinated. While there would physically be multiple user repositories, the meta-directory would be the sole logical repository for the data. If our application is deployed in an enterprise with no directory service at all, then ADAM comes along with it as the user data repository, requiring no changes to the organization’s current network administration, and no changes to the application itself.
So, your application is built so as to expect to find its user data in ADAM.
In the first scenario, where MIIS is used to coordinate data among directory services, your application simply finds the data that MIIS will have put there, and gets on with its work.
In the second scenario, where there are no other directory services, your application finds data that has been entered into ADAM through whatever means you would have used to get user data into a relational database, and again, simply gets on with its work.
There is one other scenario to consider, which is where the organization has one or more directory services but declines to use MIIS to coordinate them with one another and with ADAM. After all, whereas ADAM is a technology, a free add-on to Windows Server 2003 and Windows XP Professional, MIIS is very much a product, with prices starting at around $23,000 U.S.. Well, in practice, that scenario is really no different from the one where the application is deployed into an organization with no directory service at all, for in both of those cases, the user data that the application will find in ADAM will have got there by some means other than being funneled through MIIS.
Evidently, building your application to use ADAM as its repository for user data provides for the flexibility to accommodate all of the possible scenarios. Yet, it also allowing you to make your case to your enterprise customers that your application is a good corporate citizen that integrates properly into their computing environments, rather than maintaining it’s own repository of user data that threatens their security and adds to the complexity of their operations.
[This posting is provided "AS IS" with no warranties, and confers no rights.]