How does virtual directory relate to single-sign on solution ? Why do you need a virtual directory when you have SSO ?
They say a picture is worth 1,000 words. So here are four pictures for you.
Picture 1: before SSO
Picture 2: After SSO
As you can clearly see, an SSO solution removes multiple authentications so that a user doesn’t need to type (present) his credentials every time he accesses an application.
The nature of SSO implies that there will be only one central repository for user information and credential, preferably within an LDAP server. So, any additions, modifications, etc. of user information and credentials will have to be performed within this central store.
The reality is far from this simple concept, as described in this excellent blog from Radovan’s single directory paradigm.
This is where virtual directory technology comes to the rescue.
Picture 3: Here’s the picture before a virtual directory
Picture 4: Here’s after a virtual directory
The ultimate goal of a virtual directory is to create a single account (virtualized/centralized) for a user, which is obviously a real improvement.
Single account (end goal of a virtual directory) is not equal to single authentication (end goal of an SSO solution).
Make sense? Please feel free to chime in.
1 comment so far ↓
I’ve always considered a virtual directory to be a translator.
I would say:
-Virtual Directory (~ XSL ) of the Directories (~ XML)
-Virtua Directory (~ view ) / Directory ( ~ Database)
simplified of course.
I don’t think the goal is to create a single account, but the idea is to avoid duplication of data just to have another view. Of course this might reduce your number of directories.
Still in a practical world the directory is related to the protocols it talks. Allthough some products can do protocol translations (SQL/LDAP), I don’t think this is the main goal of a virtual directory.
Leave a Comment