Steve makes this statement:
...it's useful to consider that AD is certainly the most pervasive directory and certainly there is no rational reason to try and displace it as the directory for Windows systems.
Obviously, you'll get no argument from me about that statement. However, what struck me is the inference to AD and Windows in a discussion of Red Hat's identity management push. I suddenly realized the complete and total vacuum that Red Hat and all of the other Linux (and Unix) operating systems have: a set of network and identity services that would provide similar benefits as Active Directory, Group Policy and Windows services like distributed system and security logs. Red Hat's IPA is the first step towards filling this vacuum and Red Hat has the advantage of seeing the mistakes that have been made and appear to be building something by starting with identity-based building blocks. Steve draws all this out very nicely in his paper.
I asked the question in my last post: Is this a strategic move for Red Hat or a tactical effort - as Steve paraphrases it - at "AD (Active Directory) containment"?
Answer: I think it is very strategic for Red Hat. I think AD containment is secondary but would be a benefit if the strategy is successful. In order for Red Hat to be successful they need to enable the management of Red Hat machines, identities and services in a distributed, replicated fashion. IPA v2 is the first step towards that goal. If Red Hat builds a foundation based on identity, externalizes authorization, incorporates roles and provides a centralized audit and log capability they will certainly have a leg up on achieving their goal. In the Web 2.0, Identity 2.0, whatever 2.0 world we are heading into there is a big need for "a distributed architecture that enables a policy-driven, dynamic model of managing how users interact with systems and data". That's where Red Hat is heading and it is very strategic. Without this, Red Hat will never break away from its traditional workloads in any significant way nor will it be significantly distinguishable from any of the other Linux or Unix systems that are out there today.
P.S. My thanks to Steve and The 451 Group for allowing me to quote from their report.
identity management, Red Hat, RHT, Active Directory, Microsoft, MSFT, Vintela, Quest Software, QSFT, Kerberos