Imagine a world without HTTP. If WEBsmiths are builders, HTTP servers are nails -- a way to build, and to hold structures together. Without HTTP as a universal protocol for serving hypertext files to browsers, there would be no Web as we know it today.
Network guru Craig Burton thinks we'll soon feel the same way about LDAP -- the Lightweight Distributed Access Protocol. It will do for directory services on the web what HTTP has done for hypertext file services. And it may be even more important in the long run, because directory services are the ultimate enablers of distributed computing.
LDAP had a low profile for a long time. The creation of Tim House and a team at the University of Michigan, it answered 5 million hits per day but remained a YAFLAEIP -- yet another four letter acronym ending in P. Worse, it was a subset of X.500, which is one of the most complex and impenetrable sets of specs ever produced by a standards body. When I visited the LDAP web site yesterday, its root level page showed only 146 hits since it was set up in December 1995.
But Netscape just lifted LDAP out of obscurity and put it on the dashboard of every traveler's Web browser.
How it happened isn't too clear, but the consequence is that Netscape now employs Tim Howes and members of his team, and is in a "partnership" with the University of Michigan that will presumably avoid the rhinodysplasia that the University of Illinois suffered when Netscape first hired Mark Andreessen and his cohorts away from that institution.
The *Netscape press release announces that more than 40 other organizations joined Netscape in supporting the LDAP standard. The release treats the event as a pause for applause while a bunch of companies rise and salute some Good Thing we'll never hear about again. And that's the way the press is covering it. But the way Craig Burton talks about it, this event is ground zero for the biggest explosion of new site construction activity since the Web was created.
If Craig is right, there will be plenty of new work for Websmiths everywhere.
Newt Gingrich says "The key to a monopoly is to get in the middle of an intersection and charge rent." (1) When you think of monopolized intersections, the first one that comes to your mind is probably the phone company's. But the one that comes first to Netscape's mind is Microsoft's.
The Internet today is a vast Manhattan of intersections, and most of its travellers drive Netscape browsers. To the traveller running Netscape on Windows 95, this doesn't look like a competitive issue, because both the browser and the operating system are doing their jobs. But if we're looking for monopolies, our question is, are you forced to use either one? Or does one intend to put the other out of business by doing the jobs of both?
According to David Strom, that is exactly what Microsoft intends to do by "embracing" Internet standards and "extending" its operating systems to include exactly what Netscape's Navigator now does by itself. "There is a reason why Internet Explorer and Windows Explorer share a common surname," he says. "Eventually they will no longer be separated at birth and be one and the same. Say Goodnight, Gracie. Netscape becomes the supplier of technologies to those poor OSs that get left behind, such as Mac and Unix. It isn't a bad living, but it ain't worth $6 billion."(2)
So it's not surprising that Netscape is a little paranoid on the subject of Microsoft. "They want to kill us," Jim Clark says. "That has a polarizing effect." (3)
But, while Microsoft is clearly in a better position to build browsing into Windows than Netscape is to duplicate anything Windows does, things look bad for Netscape only if you confine your view to operating systems and browsers. According to Craig Burton, CEO of The Burton Group, Netscape's scope is a lot larger than that. And they don't intend to duplicate Windows in any way. What they want to do is commoditize it, along with nearly every everything else that works with the Web. If Microsoft operates on Newt's law, Netscape operates on Newt's Corollary: "If, in fact, people invent new intersections at a rate faster than a monopoly can charge rent for the old one, monopolies dramatically lose their meaning." (4)
And this is exactly what Netscape is doing, Craig says, with LDAP.
Technically, LDAP is a subset of X.500 ideals that have been a pie in the networking sky since the ISO published the first specs in 1988. Metaphorically, it is to directory services what HTTP is to hypertext: an open standard everybody can use. Strategically, it's what Craig calls "a bulldozer through the OS intersection."
Craig knows something about driving strategic bulldozers. He was at the wheel of Novell's bulldozer when that company did to the network hardware business what Netscape is about to do to the operating systems business. Before Novell's NetWare made file service a software issue, a pile of networking companies competed to establish hardware monopolies. After Craig drove Novell's bulldozer through the networking intersection, network hardware was a commodity issue.
While Novell went on to establish a near-monopoly in network operating systems, Craig Burton moved on to create the Burton Group, where he serves as the network industry's most enthusiastic Fool Killer on the subject of open systems and interoperability, especially where they involve the subjects Craig knows best: network services.
It was Craig and his crew at The Burton Group who first insisted that networks are best understood as logical rather than physical entities, and as services (such as file, print, directory, management, security and messaging) rather than as connections between boxes -- a view that has since become standard.
For the decade I've known (and often worked) with Craig, I've come to see him as the Bobby Knight of networking. Like Bobby says about basketball, Craig has already forgotten more about networking most of us will ever learn.
So when I wanted to learn what Netscape's LDAP purchase would mean for Websmiths, I turned to Craig. The interview took place on April 19, 1996.
DS: What is Netscape doing that's so important here?
CB: They introduced standards-based directory services and protocols that are platform independent and integrated with their own products. The obvious news will be about what they're doing with product. They are going to take Suite Spot, which they announced last month -- Catalog Server, Web Server and soforth -- and add to it. When Suite Spot came out, they were really neat, but there were missing pieces... makings of infrastructure that have been missing from the network computing since the beginning. Namely, there was no way to manage and administer services and integrate them together. So they announced directory, security and a new mail server to take advantage of that. All these products will be integrated together.
DS: Sounds pretty dry so far.
CB: It is, but get this: you add a user to the Netscape directory, and it gets added to all those other services. Add an LDAP entry for Doc Searls to the directory and guess what... you and all your attributes get added to the Web Server, the mail server, the proxy server, the catalog server; and the existence of Doc gets managed in all those spaces from only one place.
DS: And this makes it advantageous for me to buy a Netscape server.
CB: Well yes, but guess what... this works with any LDAP directory. Netscape is the first company to adopt the strategy of not trying to control a marketplace by forcing everybody to use their own protocols, APIs and product lines. What they're doing opens opportunities for everybody, not just themselves. This is a real breakthrough.
By standardizing directory services they open the world to all kinds of things that directory enables -- and we'll get into that later -- but they also create a world where they can compete straight up against all comers just by being faster, better, more focussed. They believe the customers will look at them and say "Hey, these guys know what they're doing, so let's look at their whole suite." But both parties know that if the customer would rather have Novell's LDAP directory server, fine. The freedom of choice is there for everybody -- vendors and customers. And now, finally, freedom of choice is the only name of the game.
In this new paradigm, Netscape says, "You know what? We're not gonna get all the business. But we're gonna get business we wouldn't get otherwise.
DS: They get more business and create more business.
CB: Right. For themselves and others. For everybody.
The key thing is, they generated a business model that didn't exist before: one where anybody can play. And this was extremely smart product-wise, because, by adopting LDAP as their native protocol, all they have to do to compete is add features. The other guys have to retool and rearchitect as fast as they can, before they can even start adding features. It's like the browser business: Netscape is already there, and Microsoft has to catch up, retooling their whole strategy in the process.
DS: What is the difference between a 'directory' and a 'directory service?'
CB: Any database with a list of names is a directory. A directory service separates the logical from the physical. With a directory service, I can have a logical representation of the physical things on the network. Before Netscape bought LDAP, I couldn't have that -- not in a universal way.
DS: Bruce Fryer of Novell says a directory service has the "know how" that allows you to "know what, know who, know where and know when."
CB: Yes, and it's more than that. Directory services unburden users of the need to do the work it takes to find all that stuff out. Look at what we do now to find stuff out on the internet. It's a huge chore, a physical chore, that ought to be handled logically by computer intelligence. Directory makes that possible.
DS: I think most people subscribe to the haystack model of the Internet, and see their own stuff as more hay thrown onto the pile.
CB: And they want to have the web crawlers stumble onto their stuff and somehow position it for them.
DS: Or they construct their sites for view and display by the search engines. They'll load their texts with key words, and put descriptive text on top so surfers can read it in a glance on Infoseek and Altavista.
CB: But this method relies on accidental discovery, not deliberate direction. It's ad hoc, and it invites exactly the kind of kluges you get in the absence of real directory services.
Directory services take the "ad hocness" out of finding, accessing and publishing resources on the net. It is the keystone of a network where you can easily find and do things. It brings order to an adhocracy without disturbing it. Until now, we didn't have that.
DS: And you see a paradigm shift here.
CB: I see the completion of a paradigm shift that started with the Net itself. That shift is an abstraction from the physical to the logical. We don't need to keep this hard-wired connection between the physical and logical worlds. The way things are now, I have to know what the file is, what folder it is in, and what its name is. And if any one of those things change, I'm screwed. I'm in a "404 Not Found" situation.
Let's go to another metaphor. Why do I have to change my phone number when I move? Because what they're routing is a physical address through a physical switch. This is a directory problem. My phone number should be 1-800-Craig. It shouldn't matter where I go.
We have the same physical problem on the Internet. If I change my service provider, people who want to reach me get a 404. That's a directory problem. Any time you have network of things that have physical changes that require whole new addresses and other identities, you have a directory problem.
DS: But do people know they have a directory problem? Most people think search engines are pretty cool tools right now.
CB: Search engines are a whole different thing. It's confusing, perhaps, because a directory service has a search model, but the service is not about searching. It's about naming, finding, addressing, protecting, publishing, accessing. Now, these are things people do on their own computers. But these are also things a lot of people do on the Net. The difference is that you have no way of knowing all the stuff that's going on out there -- not like you do on your desktop. And even if you were to know it all at one time, it's going to change.
A directory service deals with change, and provides an infrastructure for dealing with change. The ratio of change to the number of people looking for stuff goes up with every user added to the network. So, what the network really needs to deal with is change management. How do I deal with the rate and type of change that goes on every day on the network? That's a directory problem. How do I maintain order in this incredibly ad hoc changing environment? How is it even possible? The answer is not in a search engine, it's in a directory service.
DS: Change is one of those issues we hardly talk about, because the familiar world of desktop computing tends to look fixed. Even if I change my files, they still look static and stationary.
CB: The physicality of reality and the fact that things also change are in direct conflict with one another. Directory handles that conflict for you. It can't do it all, because it looks outside for direction; but its purpose is to manage the changes.
DS: Okay, describe for us a directory-enabled user experience.
CB: Let's say you're working on a project -- this interview, for example. I'm curious about it. I want to work with you on it, and you say Okay. Now: I don't know where it is. I don't know what apps you're using. I don't know if graphics are involved. A directory tells my computer all that. Your computer says "here are the Java applets, the OLE pieces, that you'll need to look at all this." It facilitates the existence of Craig looking at the existence of Doc and knowing what that is. I can look at it and scroll through it and have no idea where it is and how you created it, and all that stuff that's none of my business. The point is, I don't have to do anything to find any of this out, because the directory service finds it out for me.
DS: You're saying that today it takes a lot of work to do that kind of collaboration, and tomorrow a directory will eliminate most of that work.
CB: Yes. Today you have to identify the file, go get it, convert it, save it in a certain format, UUdecode it, place it in a special folder -- all kinds of stuff that you'll have to remember and communicate to me somehow. This isn't a compatibility problem, it's a directory problem. Going to component based software, all these pieces are modules that are wrappered components that know about themselves and inherit information about other components. If you've got something you want to share with me, your directory client says "oh, here's the existence of Craig, and all I need to do is drag it over, drop it on him, and he now has the ability to look at it, add to it, comment on it. And he doesn't need to do a bunch of work to handle all this.
DS: What can be sold here? What does a directory service business look like?
CB: Well, what does an HTTP-enabled business look like. Like HTTP, LDAP is just a protocol, a method. Its functionality is limited, but it does the job. And because it is the only protocol in a position to become truly universal, it clears the intersection enough to cause a paradigm shift. And the shift occurs when a group of vendors look at it and say "Great! LDAP is it."
DS: Then it really is a lot like HTTP.
CB: It is exactly parallel to HTTP. Only now instead of accessing HTML, what you're accessing is directory service information.
DS: And having a universal protocol for directory service information-- CB: --was something that didn't exist prior to this development. Vendors had their own, each trying to force their proprietary standard on the industry. Now everybody gets to play, and nobody has control.
DS: Just like everybody gets to play in the HTTP game.
CB: Panic, man. Nobody knows what to do. I can tell you that this weekend at Microsoft, things are getting hairy. This is just one more of those acronyms that end in "P" and give Microsoft fits. TCP/IP... HTTP... PPP... SMTP... IMAP... POP...
IMAP 4, the Internet Messaging Application Protocol, is part of Netscape's announcement of the LDAP acquisition, and it's another paradigm shift in the standards arena that will challenge Microsoft to change overnight. Which, of course, they will do.
DS: What exactly will Netscape's purchase of LDAP do to the marketplace ?
CB: Let me put this in perspective.
In 1991, Jamie (Lewis, President of The Burton Group) and I wrote a document called The Directory Services Model (5), which was based on the thesis that a seminal moment -- a new stage -- occurred when NetWare became a hardware-independent file server; and that the next stage was for network services to become operating system independent, just as operating systems became hardware independent.
What finally happened is that, in just eighteen months, Netscape has stepped up to the plate and built a standards based directory with services and applications that are independent of the operating system. With LDAP and X.500 they are going to commoditize the OS. The seminal moment is now.
How is it possible to trivialize something as significant as Windows?
CB: In the world of Marc Andreessen and Netscape, operating systems are nothing more than device drivers. They are there to relieve others of the need to write printer drivers and video drivers and disk drivers. That's all operating systems do.
So, if you believe Netscape, what's happening is not "hollowing out the PC," as George Gilder puts it, but holloing out the OS.
But the plain fact is -- as Bill Gates and Andy Grove will correctly tell you -- that the PC will get more expensive, not less. What are we willing to give up to get a $500 PC? Disk? Sound? Video? The answer is nothing. We want more. But it's the net that creates the need for more, not the OS. The OS, again, is just a device driver.
Sun was correct in the first place: the network IS the computer. They just didn't know how to do what Netscape did, which is make that claim a fact.
LDAP by itself doesn't do anything other than legitimize a standard. Anybody -- any vendor -- can buy it, use it. This forces every vendor that's providing services that are going to run on internets and intranets to compete on features and functions, rather than try to lock customers into proprietary protocols.
Until now, the way and others have tried to do directory was by saying, "This is my protocol and this is how I control the world." Now they're saying, "Oh no, now I've got to do what Netscape does, with the same protocol they do better than we do." That's the new battle. And it's not at the OS level. It's at the network services level.
DS: If we look at how the DIP switches of assumptions are set in people's heads, what we see is the standing belief that this kind of compatibility is provided by one company, not many. It's hard for us to shed that belief. What is Netscape doing as an Internet Big Brother that Microsoft didn't do as a Big Brother on the desktop?
CB: Netscape has clearly taken a mantle of leadership. And moves like this one may catapult them into a rapid development and delivery mode from which they greatly benefit. But they certainly can't be the only ones. There will be room for everybody to play. The difference is, Netscape's intent is to make room for everybody, while Microsoft's intent was to squeeze everybody else out. Now Microsoft will play the game like everybody else.
DS: Did Microsoft have a squeeze-em-out network strategy? Or just a desktop strategy that included the network?
CB: Both at once. Microsoft built its entire services strategy on what it thought was a titanium vise. One side was an object-oriented file system called OSS, which collapsed the directory into the file system. This was Cairo. The other side was a distributed application development framework called OLE, which they owned lock, stock and barrel. They would squeeze those together and the Netscapes of the world would squoosh like jello.
But the Internet blew the jaws of that vise apart. When Microsoft tightened the jaws of that vice, they bent wide open. The world has shifted, and Microsoft is not going to dominate it, at least not by giving people no choice but to use Microsoft. All they can do is what they've shown they can do extremely well: retool for the new reality. They have no choice but to embrace the LDAP business and extend into it. Just like they did with Java. Fast. Any resistance will give it more existence.
DS: Resistance causes existence?
CB: Right. Microsoft resisted Novell for ten years and caused it to be the king. As soon as it embraced Novell, it pushed Novell to the edge, because it was a much stronger competitor. Novell in turn resisted NT, and helped make NT a king. Now Novell is changing its strategy and embracing NT.
Embracing and extending is the only strategy that really works in the new paradigm that the Internet has established. And Netscape is poised to be, in the 90s, what Novell was to Microsoft in the 80s.
DS: And what can Novell do?
CB: Novell can leapfrog everybody with metadirectory, which is the ultimate directory service. We'll just have to see.
DS: What's to stop Netscape from doing metadirectory?
CB: The same thing that's going to stop Microsoft.
DS: What's that?
CB: Netscape. They're so focussed on each other that they miss other opportunities.
DS: So let's say the OS becomes a commodity. This doesn't put Microsoft out of business, does it?
CB: Of course not, but it's scary, and it hurts. The OS is Microsoft's core revenue. Windows is all margin. It funds everything. When Microsoft sells 20000 copies of NT Server per month, which they're doing now, it's all been written off. Every dollar is gravy.
DS: A pretty good business.
CB: I'm aware of that. I was around that at Novell when they were in the same position. Success makes a powerful argument for not changing a thing. This is why Microsoft won't do anything about metadirectory. They're too giddy about all the NT they're selling.
Of course, Microsoft may be better than any other large company at changing everything almost overnight. In fact, they're magnificent at it. That's their creative genius. There isn't a company alive that's quicker to shoot its horse if it can't win a race. Look what they did last fall to the Microsoft Network. It was a fine horse and they loved it, but... Blam! Right in the head. It didn't perform. Look what they did with OS/2. Calling that horse dead and walking away from it might have been the most original thing they've ever done. That took real vision and leadership.
In fact, Microsoft's focus, consistency, tenaciousness -- their willingness to stop what they're doing and turn on a dime -- are totally original. Who else can match it? Even at a smaller size? The way they saddled up and rode into the whole Internet game just blows me away. I've never seen anything like it.
But they'll wait and see on metadirectory; and while they do, it's somebody else's market to grab.
DS: What was it about Cairo that turned out to be lead instead of titanium?
CB: Up until the Internet, the name space that all directories were based on were file systems, namely Windows. And Microsoft planned with Cairo to own that, by combining the file system and the directory into one. Until recently, Novell owned the network file system, and Microsoft was going after that prize possession. But the Internet has blown the game open for both Microsoft and Novell. Both now compete in a different way. There are other name spaces now -- namely HTTP and LDAP -- that neither Microsoft nor Novell has any control over. And in the new paradigm, they aren't even in a position to want that control. Because control is no longer the game.
DS: What's left of it?
CB: The whole client side. Information at your finger tips. Component access, the search model, catalogs, the whole directory-enabled user experience. Microsoft will be delivering all of that for users. They just won't do it architecturally the way they planned it before. The only name space is the file system. Other name spaces are HTTP, LDAP, SNMP, IMAP, DNS. There now cannot be a Windows-only network directory service. There's no market for it. And Microsoft can't force a market to exist because they don't own the world. There are too many intersections, too many choices. And Netscape just drove a bulldozer through the only one Microsoft really controlled, which is the OS.
Interview with Netscape's Eric Hahn