[Info-vax] : AUTHORIZE Enhancement

Kerry Main kemain.nospam at gmail.com
Tue Nov 29 21:06:30 EST 2016 

> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of Stephen Hoffman via Info-vax
> Sent: 28-Nov-16 10:28 PM
> To: info-vax at rbnsn.com
> Cc: Stephen Hoffman <seaohveh at hoffmanlabs.invalid>
> Subject: Re: [Info-vax] : AUTHORIZE Enhancement
> 

[snip..]

> 
> > After implementing an enterprise directory, where most
> customers are
> > headed is adding IdM (Identity Management) which adds
> additional layers.
> 
> OpenVMS is not going to implement Enterprise Directory
> services.
> Sure, OpenVMS can load and run Enterprise Directory, but there's
> not going to be much customer interest in OpenVMS doing that
> and efforts in displacing Microsoft Windows Server and Active
> Directory from their
> central role in most organizations.   OpenVMS ceded that
> central-to-the-network position far too many years ago, and
> must now coexist with and interoperate with Active Directory or
> — for those sites using other LDAP servers — Open Directory or
> other services.  For those few sites that are solely OpenVMS,
> sure, load and use Enterprise
> Directory.   That service should be baked in anyway, so that local
> authentication can be migrated from the morass over to LDAP.
> 

Agree ED should be much more integrated. 

We all keep talking about consolidating all of the different repositories on OpenVMS - the natural place to do this is with a fully compliant (albeit a bit rust) X.500 server environment that can fully integrate with other platforms.

You do not have to replace MS AD - simply integrate with it just like any other Directory ...

> Third-party add-ons are not the future of OpenVMS services and
> integration.  They can be a good market for third-party providers
> and there are some excellent products available, but — like
> various other features that are now effectively table stakes in a
> server product – these and other capabilities need to be part of a
> baseline, integrated and expected and normal configuration
> within OpenVMS.  Always present,
> always running, it needs to be there and it needs to work.   Much
> like
> IP and TLS have become integral to any modern server operating
> system — OpenVMS unfortunately still treats far too many of
> these pieces as
> under- or un-integrated layered or add-on products, or depends
> on
> third-party extensions.   The morass of having to load and
> configure
> product dependencies, and for users and third-parties to code
> applications to figure out what's present and what's not is the
> way of
> pain and complexity and subtle errors and abject complexity.
> Think of
> all the "fun" we've had over the years figuring out which IP stack
> is present, if any, within our documentation and our build
> procedures and management tools.  This complexity needs to
> end.
> 
> These capabilities — and more — are already part of systems that
> are
> available in the market.   This is not fantasy, not futurism and not
> even particularly difficult to do with some systems — I'm running
> all of this now, and have OpenVMS authenticating — though I'd
> prefer OpenVMS have much deeper integration — with Open
> Directory running on the servers.
> 

By the way, when I briefly talked to this www.forgerock.com  company, they stated their added IdM product layers are 100% Java and can integrate cleanly with any LDAP V3 compliant directory (I suspect this would work on OpenVMS as well since they stated V1.6 Java was all they needed)

I have not had a chance to follow-up on this, but it also looks interesting:
http://www.idmworks.com/iam-integration-software/openvms-connector/
"The OpenVMS advanced adapter enables provisioning and reconciliation of events within the OpenVMS OS security manager and automates functions that administrators usually perform manually. It functions as a trusted virtual administrator performing tasks such as creating new users and resetting passwords. This reduces administration costs and provides better control of access."

Features

 - LDAP Authentication
- Standard LDAPv3 Interface
- Password Management
- Bi-Directional User Profile Synchronization
- UAF RIGHTS Data Management

"The IdentityForge HP OpenVMS Advanced Adapter offers standard integration with CA Technologies, CloudAccess, Courion, Cyber-Ark, Dell (Quest One,) empowerID, ForgeRock, Hitachi ID, IBM, Identropy, IdentityLogix, Microsoft, NETIQ, OpenIAM, Oracle, Ping Identity, Radiant Logic, RSA Aveksa, Sailpoint, SAP, Tuebora, and VOICETRUST."

Regards,

Kerry Main
Kerry dot main at starkgaming dot com

More information about the Info-vax mailing list