As CTO of an award winning Microsoft Software Services consultancy I spend the early hours of each morning catching up on the blogs and technology papers from the previous day/week/month. – my wife refers to it as ‘feeding the monster’. An item that caught my attention this morning was one around the Windows Azure AD Developer Preview – now over the last few years I have been involved with a number of Central Government projects where Identity Management has been a major issue/component.

Typically for me my usual recourse in this area is to Kim Cameron’s identity blog or twitter feed. I wasn’t disappointed with a couple of new articles Yes to SCIM , Yes to Graph and Diagram No.2, No Hub, No Centre. What intrigued me was the use of the word Graph and Graph API. To that end, more for my own benefit than anything else, I thought I’d blog about Graph in particular and in this context..

So to quote Kim:

the **central importance of graph technology in being able to manage connectedness** – something that is at the core of the digital universe. Treating the world as a graph allows us to have a unified approach to querying and manipulating **interconnected** objects of many different kinds that exist in many different relationships to each other.

So in my world for the last 40 plus years a graph has tended to be mean charts full of results. Of course that is not really true and as one definition puts it: a graph is mathematical structures used to model pairwise relations between objects from a certain collection. Now what I’m interested in today is Graph as used when referring to networks and the like. So some simple definitions are the order of the day here:

**Graph:** A graph is a way of specifying relationships among a collection of ‘things’. This collection in these terms is referred to as a a node.

**Node: **A node is a collection of objects that are connected by links called edges.

**Edge: **An edge is a link between neighbouring nodes.

Diagram 1

This is a three node graph with three edges. The nodes – A, B and C are connected to their neighbours by edges. Note: this is referred to as an *undirected* graph. Where the edges have arrows would then the graph would be *directed.*

In the context I’m looking at today a graph can be seen as a mathematical model of network structures. With this in mind we can swap out our simple model and replace it with an imaginary companies office network:

Diagram 2

This particular graph brings in two other important aspects: *Paths* and *Cycles.*

A* path* is a sequence of nodes and edges that provide a route between nodes. For example the route from 1 to 3 has 3 possible paths: 1 to 3, 1 to 4 to 3 and 1 to 2 to 3.

A *cycle* is a group of nodes that form a circle in a graph. So 1 to 4 to 3 to 2 to 1 is a cycle as is 2 to 3 to 4 to 2…

The importance of these is that by design should 1 edge fail the nodes can still communicate all be it in a more indirect way. This approach started with ARPNET in 1970 and is the basis of the internet today.

**Graph API** This takes me full circle back to where I started my thinking – what is a Graph API. So in this context it is an API I can call that will provide me with the nodes, edges for a particular network to allow me query it to understand it and where needed give me the paths and cycles.

Now that is interesting as it goes but where does the Identity thing come in? Well a network does not have to be a network of servers or offices as we said at the start it is about nodes – a collection of objects. Those objects can easily be the attributes of people or their identities.

A good example of this type of Graph API is the Facebook Graph API using this we are able to explore our ‘friends’ network and just like in diagram 2 we can discover the paths and cycles in this network.

So one of the things the Windows Azure AD Developer Preview is giving us is a Graph API -a REST-based directory graph API onto our AD. Which is something that is quite exciting. Watch this space in the coming months as we delve into this and it’

Filed under: Identity, Windows Azure AD Developer Preview