The foollowing few weeks (just this Tuesday series) is my attempt at covering a few important portal technologies at a very high level. It’s tough to do them justice, but in my conversations, I’m finding that many HR practitioners and ven some HRIS people don’t understand this stuff. It’s very difficult to cover these in summary form, but here’s my attempt.
LDAP is “Lightweight Directory Access Protocol.” When you hear LDAP, think “directory.” I’ll explain that a little bit. A directory allows you to store information about people. What job they are in, where they live, really, whatever you want. But most of the time, we think of LDAP as a place to store what software applications an employee has access to.
- Most often, the directory will store what systems and information about the user such as the related passwords allowing access to that system.
- LDAP and other directory access systems will define what software you have access to (you can see the LMS, TMS through the portal, but you don’t have access to writing reports)
- If you have access to a specific software application, it may also define the level of access you have (what functional areas – can you enroll employees into training, or can you only view training summaries)
- It may also define who you have access to (view your department only if you are a manager, or yourself only)
Do you have any idea how long it takes me to draw this stupid stuff??? I love those blue blob guys.
Ok – I’ve tried to lay this out simply. As you can see, even though there are different user types, each one may have slightly different access. Even for a single system (EPS) a manager might have one type of access and an employee another. You also see how I have an HR practitioner using LDAP, but going right to the HRMS system. Employees and managers are filtering all their transactions through the portal.
Allowing the “directory” to control types of access profiles and assigning employees to those profiles is important – possibly more important than the single sign-on. The directory is the set of rules while the single sign-on is the execution of a rule.
Next Week: we really jump into Web Services
Previous Posts in this series:
4 responses to “Web Services Part 1 – LDAP”
LDAP is a tried and true means of managing user information/access internally. One of the tough nuts to crack with highly distributed services oriented architectures is “federated identity” or “portable identity” management. This is a rather geekly topic (would you expect anything else from me?), but I was surprised at this year’s HR Technology Show that I did have three corporate HRIT folks stop by to ask about federated identity management and, specifically, the Liberty Alliance Project http://www.projectliberty.org/ This is a very complex topic, but it is good to see that it is beginning to get on the radar scope of the HRIT community.
Thanks Chuck:
The next couple posts are on XML, SOAP and federated networks. I’ll be very interested in your opinions in particular.
I’m also going to do a post in the future about Oracle Fusion and how these types of technologies might provide a new direction for application communications.
-Wes
I believe that the reason that HRIT isn’t asking the question is that Microsoft is telling their IT support folks that AD will take care of all this.
[…] Web Services Part 1 – LDAP Print This Post or E-Mail This Post […]