The Enterprise Directory Implementation Roadmap
October 2005

The Enterprise Directory Implementation Roadmap is a collection of resources that campuses can use to assist in building enterprise directory services. In this Roadmap, we offer a sample implementation process that has been gleaned from the work and experiences of many campuses, and couple it with technology, policy, and management information and resources. As noted by one of its reviewers:

"The Directory Roadmap is a generally useful introduction to concepts of large scale enterprise transformation, to institutional system and data architecture, and to the maturation of information technology in support of business processes in higher education. It is one of the most useful documents I have ever found for introducing technical folks to non-technical issues, and vice versa."
- Michael Conlon, Director of Data Infrastructure for the University of Florida

This Roadmap was developed through efforts of the Internet2 MACE-Dir Working Group.

A Word about Identity and Access Management and Interoperability
When implementing a directory, the policy/process and technologies should be considered in a broader identity and access management context. Assembling the identity-related information from the systems of record, joining them together so that the data associated with an individual is listed together, then making that available to applications for authentication and authorization is what lies at the heart of an identity management infrastructure. This Directory Roadmap provides guidance for collecting, storing, and making this information available, but stops short of discussing authentication and authorization services. For more information, refer to the Enterprise Authentication Implementation Roadmap (HTML) and Identity and Access Management and Security in Higher Education (PDF).

Campus identity and access management infrastructures built with similar process, policy, and technical standards can be leveraged to enable your faculty, staff, and students to access applications and services managed by other institutions, consortia, government agencies, or vendors. Higher-education practices and tools, such as the eduPerson directory schema, provides a built-in, common corner of infrastructure that functions as a predictable platform to be used by federating technologies such as the Shibboleth® system. This Directory Roadmap also includes pointers to the emerging set of common architectures and practices needed to ensure interoperability.

How to Use the Directory Roadmap
This Roadmap is organized into policy/management and technology/architecture tracks as indicated to your left, and highlights the main points in each. Click on the boxes to review more detailed information, tools, articles, slide decks, and other resources to help you with your implementation.

General understanding of the functions of a directory, its use, and related concepts are assumed. Refer to Introductory Resources for Lightweight Directory Access Protocol (LDAP) Directories for background resources. For unfamiliar concepts or terms, we recommend visiting the Johns Hopkins University Enterprise Services Glossary. In addition to the planning, design, data, and implementation materials on the Roadmap site, refer to the Resource & Bibliography Collection for a compendium of resources from each Roadmap section.

In general, readers should keep the following in mind:

• The institutional business needs must drive the directory project. The goal should be to deploy institutional directory-enabled applications and services, not to implement a directory.

• Much of the process of implementation is iterative. Even after deploying a directory services, adding a new application, for instance, may require a review of your architecture and possibly a change in schema, business, and data-feed processes. In addition, many of the steps can and probably should be done concurrently. Consider the included process as more of a functional checklist than a serial requirement.

• Because implementation depends on your local situation, support, and constraints, not all of these process stages may need to be addressed in the prescribed order or even at all. Directories are a reflection of the technology, data, policy, and political environments in which they are implemented. This Roadmap provides steps that have been used successfully at other institutions, and reflect current practices. However, the requirements at your campus may be different enough that you may need to add (or skip) a few steps. Focus on implementing the functions outlined in a way that best suits your institution and accommodates future inter-institutional application requirements.

This Roadmap is a work in progress. Comments are encouraged and welcome.

NSF Middleware Initiative

Roadmap Change Log

Ann West, Editor
Michigan Technological University

Copyright © 2005 by Internet2 and/or the respective authors
October 2005
Comments to:


This website is a compendium of many people's experience and knowledge. Many thanks are offered to the MACE-Dir working group for content and to the campus liaisons of the NMI Integration Testbed who provided much encouragement for the completion of this project. In addition, the Internet2 Early Adopters Project members contributed the Business Case information. Several individuals - including Mike Conlon from the University of Florida, Brendan Bellina from Notre Dame, Paula Vaughan from University of Colorado-Boulder, Andrea Beesing from Cornell University, Jessica Bibbee from Internet2, Matthew Buss from Michigan Tech, Art Vandenberg from Georgia State University, and Mike Stockwell from Cranking Graphics - contributed additional content and design expertise. All errors, misrepresentations, and confusions are solely owned by the person responsible for the compilation.

This work was supported in part by the NSF Middleware Initiative - NSF 02-028

Bookmark & Print VersionGraphic Version