Watching application teams struggle implementing access control systems brings me to a talk I gave at ApacheCon a couple of years ago.
Here’s the audio: feathercast.apache.org
And the slides: Apache-Fortress-ACEU-2016-v2
At SCaLE16X conference this week in Pasadena for a conversation about the Next Generation Directory-based User Management for Cloud Infrastructure.
Slides are here
This post is loosely based on a lightning talk last week in Brussels. We had a few minutes to fill and I felt compelled to spill my guts, despite having nothing prepared.
For those that have never heard about LDAPCon, it’s a biennial event, first held in ’07, with rotating venues, always in interesting places. The talks are a 50/50 split between technology providers and usages.
You can check out this year’s talks, along with sides — here.
It’s not a ‘big’ conference — attendance hovers between 70 and 80. It doesn’t last very long — about two days. There’s very little glitz or glory. You won’t find the big vendors with their entourages of executives and marketing reps, wearing fancy suits, sporting fast talk and empty promises. Nor are there giveaways, flashy parties or big name entertainers. For the most part the media and analysts ignore it; participants don’t get much exposure to the outside world. Everyone just sits in a single, large conference room for the duration and listens to every talk (gasp).
So what is it about this modest little gathering that I love so much?
Not my first rodeo. The end of my career is much closer than its beginning, and I’ve been to dozens of conferences over the decades. Large, small and everything in between. For example, I’ve attended JavaOne twelve times and been to half a dozen IBM mega conferences.
Let’s start with relevance. Contrary to what you may think LDAP is not going away. It’s not sexy or exciting. Depending on your role in technology you may not even have heard of it (although I can guarantee that your information is housed within its walls). But it’s useful. If you’re interested in security you better understand LDAP. If you choose not to use it you better have good reasons. Ignore at your peril.
I’ve been working with LDAP technology (as a user) for almost twenty years. When I first started, back in the late ’90’s there was a fair amount of hype behind it. Over the years that hype has faded of course. As it faded, I found myself alone in the tech centers. In other words, I was the only one who understood how it worked, and why it was needed. As the years passed, I found my knowledge growing stale. Without others to bounce ideas there’s little chance for learning. You might say I was thirsting for knowledge.
My first LDAPCon was Heidelberg in ’11. It was as if I had found an oasis after stumbling about in the desert alone for years. AH — at last others who understand and from whom I can learn and work with.
Many conferences are rather impersonal. This is understandable of course, because the communities aren’t well established or are so large that it would be impossible to know everyone, or even a significant minority.
The leaders of these large technology communities are more like rock stars than ordinary people. Often (not always) with oversized egos fed by the adoration of their ‘fans’. This is great if you are seeking an autograph or inspiration, but not so much if you’re wanting help or validation of ideas.
Not the case at LDAPCon. You’ll still find the leaders and architects, but not the egos. Rather, they understand the importance of helping others find their way and encourage interaction and collaboration.
Sprinkle in with these leaders earnest newcomers. Much like when I arrived in Heidelberg the pattern repeats. These newcomers bring energy and passion that fuels the ecosystem and helps to stave off obsolescence. There is a continuous stream of ideas coming forth ensuring the products and protocols remain relevant.
The newcomers are welcomed with open arms and not ignored. This creates a warm atmosphere for collaboration. New ideas are cherished not shunned. Newcomers are elevated not marginalized.
Not a marketing conference. You won’t find booths (like at a carnival) where passersby are cajoled and enticed by shiny lights and glitzy demos. Where on the last day they warily pack up their rides and go to the next stop on the circuit.
Not a competitive atmosphere, rather collaborative. Here is where server vendors like Forgerock, Redhat, Microsoft, Symas, and others meet to work together on common goals, improving conditions for the community. They don’t all show up to every one, but are certainly welcome when they do.
Here, on the last day, there is some sadness. We go and have some beer together, share war stories (one last time) and make plans for the future.
The next LDAPCon will probably again be held in Europe. Perhaps Berlin or Brno.
I can hardly wait.
Had a great time this week at ApacheCon. This talk was presented on Thursday…
ApacheCon is just a couple months away — coming up May 16-18 in Miami. We asked Shawn McKinney, Software Architect at Symas Corporation, to share some details about his talk at ApacheCon. His presentation — “The Anatomy of a Secure Web Application Using Java EE, Spring Security, and Apache Fortress” will focus on an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. McKinney explains more in this interview.
Project Link: Apache Fortress Demo Project
David Goodman’s keynote, LDAP 2020 Paradise Lost or Regained?, provides a retrospective for us to contemplate. In it, he describes LDAP’s roots (X.500), where it’s been (U of Mich, Netscape, Sun, Symas, Microsoft, ForgeRock, etc.), and offered insights of what needs to change.
Bottom line, it’s healthy to continually ask the question – Is LDAP dead? For the answer, we’ll only slightly alter Mark Twain’s famous quotation:
Reports of LDAP’s death have been greatly exaggerated.
Why is that? For starters, because of conferences like LDAPCon. More than its in-depth technical analysis and tutorials, is what happens in the spaces between the talks.
These spaces nurture the protocol by allowing free discussions on the flaws, and room to create plans for corresponding fixes/enhancements.
See you at LDAPCon 2017!!
With next week being my 12th time at JavaOne, here’s some wisdom for those who’ve never been.
If you’re lucky you might snag a bar seat at the Slanted Door which is one of the best restaurants in town.
Need a laugh? Check out Pier 39’s Sea Lions at the Wharf.