ITCS: Enterprise Directory: Executive Summary of the Report and Recommendations of the Directory Services Infrastructure Working Group (November 18, 2003)

Friday November 21 2008

Information Technology Central Services at the University of Michigan

Your Computing AccountE-MailInternetPrintingStoring & Sharing FilesComputers & SoftwareTelephones, Data, VideoSecurity & PrivacyFor IT StaffMore Help ResourcesITCS Service StatusITCS ServicesAbout ITCSSite MapITCS Home

Executive Summary of the Report and Recommendations of the Directory Services Infrastructure Working Group

November 18, 2003

A broad statement of this working group's conclusion is that the campus requires but lacks a comprehensive Enterprise Directory. The campus's goals and ambitions require that we move from the current "white pages" and e-mail forwarding functionality to a much richer and more application-oriented enterprise-wide directory service. Whether or not this new enterprise directory service will be evolve from existing services or be newly formed is an open question.

Defining what this new enterprise directory should be is not straightforward. Two "marketplaces," each with their own approaches to directory services and characterized in this document as "commercial" and "academic" are inherently different and integrating them poses a challenge. In addition, the assessment of the value present in directory services compared to the work required to provide them and maintain related services is not entirely objective. Instead, it reflects the observer's overall biases towards middleware and its impact on the computing environments he or she is most familiar with.

The lack of an enterprise directory on campus carries with it some consequences. With limited alternatives, units that resort to implementing their own directories incur extra costs and produce directories that limit interoperability with other units. Projects that require a consistent and comprehensive campus-wide directory service are not able to proceed. Factors that contribute to this include issues specific to this campus and quite possibly a fundamental difference between how the academic and corporate sectors view directory services and related products.

An enterprise directory would have the following capabilities and attributes. Creating an enterprise directory on campus would require major tasks to develop and improve capacity in these areas:

Identity Management, a sophisticated management of user accounts and consolidation of user profiles. The scope of Identity Management is large, dealing with lifecycles of identities across the enterprise or even beyond, as it may include vendors and others with a variety of relationships to the University. Identity management includes both directory and security services. The goal of identity management systems is to allow the consistent cross-campus use of enterprise-wide identity and security data and management policies.

Roles Data, or the grouping and sharing of user attributes. In combination with an identity management system, roles data would allow for finer grained and better authorization decisions.

Feeds, or the management of data flows into the directory and the resolution of issues related to data precedence, updating and expiration.

Governance, or the oversight and alignment of the overall operation and direction of the directory from an institutional point of view. Governance would cover both policy and operational issues, such as privacy and data organization in the directory.

Leveraging the directory, or allowing units on campus to take advantage of as much centrally provisioned directory services as possible and to minimize the number of isolated unit directories.

Alignment with other directory-related projects or products, or being more consistent with national and international efforts in the academic and research worlds as well as with industry directions.

The work required to address these issues would be organized in the following categories:

Choosing near-term tactical and operational tasks that need to be accomplished in order to provide or maintain basic levels of service in current directory and directory-related services on campus.

Examining farther-reaching architectural and strategic components that would define the enterprise directory. This category consists of two sub-areas that are worth noting as distinct areas.
1. Architecting and selecting components of the new enterprise directory service on campus.
2. An open-ended strategic and scoping discussion of topics such as identity, roles and alignment. How these terms are defined will play a critical role in determining what new functionality would be provided in a campus enterprise directory.
Whether or not there are two or three overall categories of work here may be debated. It is clear work in one will inform and affect work in the other(s). A larger discussion of the cost and benefit of implementing different levels of functionality and what should be implemented as near-term projects will provide the backdrop to these other efforts.

Specific recommendations are provided. The three phases of work are described.

Download the full report (200 KB PDF).

Back to Enterprise Directory Project home page.

This page last verified April 5, 2007

Information Technology Central Services

Michigan Administrative Information Services