ViewDS Directory & Discovery Server

Discovery Server
ViewDS 7.1 was released in mid-September 2010. The focus of version 7.1 enhancements to the server has been to provide a greater level of integration with existing Identity Management technologies. These key features include:

GSSAPI SASL Authentication Mechanism for LDAP
Support for GSSAP SASL Authentication mechanism for LDAP allows ViewDS to be accessed within Kerberos based Single Sign On environments. The main benefit of supporting GSSAPI is that users are able to access ViewDS leveraging their Microsoft Domain (or any other Kerberos server) account. This removes the requirement for a user to have passwords stored within ViewDS.

SPML v2 (Service Provisioning Markup Language)
Support for SPML provides an additional XML based protocol for applications to access and provision with ViewDS. This allows a greater level of interoperability with other Identity Management provisioning products. DSMLv2 Profile of SPMLv2 is the chosen profile that are supported by ViewDS 7.1.

DSML (Directory Service Markup Language) v1 and v2 data
ViewDS supports the ability to dump information in DSML v1 and DSML v2 data formats. This comes in addition to the ViewDS SDUA format, LDIF and ELDIF. By allowing ViewDS's data to be exported into a DSML representation, other systems are able to load and use the ViewDS data more readily.

Changelog
Support for changelog makes it easier for Identity Management synchronization and provisioning software to utilize ViewDS as an authoritative source of information. Changelog allows applications to efficiently identify the changes that have occurred within ViewDS, without issuing expensive and time consuming search operations.

Virtual List Views for LDAP
Virtual List Views (VLV) allows LDAP clients to search ViewDS and obtain a sorted subset of results. This allows large result sets to be obtained in usable portions. This feature allows ViewDS to interoperate with a wider variety of client applications that use VLV when displaying lists to users.

Workflow for Approval & Update
The Workflow capability is aimed at providing a facility for ViewDS updaters in Agencies or Departments to undertake an approval workflow process for changes in the ViewDS directory solution. In the Approval workflow an updater is authorised to create an update to an entry (either Add, Modify, Move or Delete) and then that is passed to an Approver (the Approver will be sent an email asking them to log on and approve the update). The Approver can approve/reject/edit the update request. If rejected then a message is sent back to the Updater with reasons for the rejection. The process ends with the Approver publishing the change into the ViewDS Server. The new workflow capability also allows for the Directory Administrator (in effect a Super User) to be able to make Important changes such as Organisational Name being wrong or non compliancy with privacy regulations with all changes being logged for audit purposes.

User Self Service for Password Change
As part of the Workflow process we are also adding in a Password Reset workflow and approval for End Users.

User and Management Interfaces
The ViewDS 7.1 WebDUA and Management Agent are enhanced to provide a richer set of data management and presentation capability.

• Global Changes allows updaters to make bulk changes to content of ViewDS.

• Searching Form enhancements offers greater flexibility for searching and customizing the display of search results. The WebDUA provides controlled vocabulary enhancements for constrained data types.

• Schema Management within the Management Agent are enhanced to simplify the process of importing and removing schema elements.

• XML Editing capabilities are incorporated into the Management Agent to provide a native XML look and feel when viewing, editing and creating XML information.

ViewDS version 7.0 was released in October 2009 and the features that have been included in ViewDS 7.0 are:

ViewDS Management Agent
The ViewDS Management Agent is a Windows application that allows the central management of one or more ViewDS servers.

The ViewDS Management Agent replaces the View500 AdminDUA. Certificate-based authentication is used between the ViewDS Management Agent and DSA, and between the ViewDS Management Agent and RAS.

Remote Administration Service
The Remote Administration Service (RAS) is a new component that is provided with the ViewDS server. The RAS allows the Management Agent to completely manage a ViewDS server, including file system settings and the ability to start and stop a ViewDS server.

Updated Documentation Suite
The ViewDS documentation is provided as three documents; the Installation and Operations Guide, the Technical Reference Guide for the Directory System Agent, and the Technical Reference Guide for the User Interfaces.

Role and Time based Access Control
The Basic Access Control scheme has been extended to allow dynamic user inclusion for an access control item. User inclusion can be based on a search filter which allows a user's inclusion to be based on the attributes of the user's entry.

This extension to the Basic Access Control scheme facilitates attribute based access control, role based access control and access controls based on times (e.g. day of week, hour if day, etc).

Word List Management
The management of word lists, such as synonyms, noise words and truncations can be managed at runtime and are now stored within the DIT.

By storing these words in the DIT, they can now be replicated to other ViewDS servers.