📄 rfc1943.txt
字号:
Network Working Group B. Jennings
Request for Comments: 1943 Sandia National Laboratory
Category: Informational May 1996
Building an X.500 Directory Service in the US
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Abstract
This document provides definition and recommends considerations that
must be undertaken to operate a X.500 Directory Service in the United
States. This project is the work performed for the Integrated
Directory Services Working Group within the Internet Engineering Task
Force, for establishing an electronic White Pages Directory Service
within an organization in the US and for connecting it to a wide-area
Directory infrastructure.
Establishing a successful White Pages Directory Service within an
organization requires a collaborative effort between the technical,
legal and data management components of an organization. It also
helps if there is a strong commitment from the higher management to
participate in a wide-area Directory Service.
The recommendations presented in the document are the result of
experience from participating in the Internet White Pages project.
Table of Contents
1.0 Introduction 2
1.1 Purpose of this Document 2
1.2 Introduction to Directory Services 2
2.0 The X.500 Protocol 4
2.1 Introduction 4
2.2 Directory Model 4
2.3 Information Model 5
2.4 Benefits and Uses for X.500 Directory Service 6
2.5 Other Applications of X.500 7
3.0 Legal Issues 8
3.1 Introduction 8
3.2 Purpose of the Directory 8
3.3 User Rights 9
3.4 Data Integrity 9
Jennings Informational [Page 1]
RFC 1943 Building an X.500 Directory Service in the US May 1996
3.5 Protection of the Data 10
3.6 Conclusions 10
4.0 Infrastructure 11
4.1 Introduction 11
4.2 A Well Maintained Infrastructure 11
4.3 DUA Interfaces for End Users 12
5.0 Datamanagement & Pilot Projects 13
5.1 Simple Internet White Pages Service 13
5.2 InterNIC 13
5.3 ESnet 14
6.0 Recommendations 14
6.1 General 14
6.2 Getting Started 14
6.3 Who are the Customers 14
6.4 What are the Contents of the Directory 15
6.5 What are the Rights of the Individuals 15
6.6 Data Integrity 16
6.7 Data Security 16
6.8 Data Administration 17
6.9 Conclusion 17
7.0 References 18
8.0 Glossary 19
9.0 Security Considerations 22
10.0 Author's Address 22
1.0 Introduction
1.1 Purpose of this Document
This document provides an introduction for individuals planning to
build a directory service for an organization in the US. It presents
an introduction to the technical, legal, and organizational aspects
of a directory service. It describes various options to organizations
who want to operate an X.500 Directory service and illustrates these
with examples of current X.500 service providers.
1.2 Introduction to Directory Services
An electronic directory server is an electronic process that provides
a list of information provided via electronic access. This
information is variable in content, however it should be explicitly
defined by the directory purpose. Information about people,
organizations, services, network hardware are just a few examples of
data content that a directory service can provide. The aim of an
X.500 Directory service is to make using the directory intuitive and
as easy to use as calling for directory assistance. The X.500
Directory service is an international standard ratified by the
International organization for Standardization (IS) and the ITU-T
Jennings Informational [Page 2]
RFC 1943 Building an X.500 Directory Service in the US May 1996
International Telecommunication Union formerly (CCITT) in 1988 [1].
The Directory is intended to be global service comprised of
independently operated and distributed Directory Service Agents
(DSAs), that provide information in the form of a White Pages Phone
Directory.
Electronic mail communication benefits from the existence of a global
electronic White Pages to allow network users to retrieve addressing
information in an intuitive fashion. Manual searching for names and
addresses, specifically electronic addresses, can take a great deal
of time. A White Pages directory service can enable network users to
retrieve the addresses of communication partners in a user friendly
way, using known variables such as common name, surname, and
organization to facilitate various levels of searches.
In order to make global communication over computer networks work
efficiently, a global electronic White Pages service is
indispensable. Such a directory service could also contain telephone
and fax numbers, postal addresses as well as platform type to
facilitate in translation of documents between users on different
systems. An electronic White Pages may prove to be useful for
specific local purposes; replacing paper directories or improving
quality of personnel administration for example. An electronic
directory is much easier to produce and more timely than paper
directories which are often out of date as soon as they are printed.
The Internet White Pages Project provides many companies in the US
with an opportunity to pilot X.500 in their organizations.
Operating as a globally distributed directory service, this project
allows organizations in a wide variety of industry type to make
themselves known on the Internet and to provide access to their staff
as desired.
Some organizations, such as ESnet agreed to manage directory
information for other organizations. ESnet maintains data at their
site for all the national laboratories. They provide assistance to
organizations in defining their directory information tree (DIT)
structure. They also provide free access to the X.500 Directory via
Gopher, WWW, DUAs, whois and finger protocols.
The InterNIC is another directory services provider on the Internet.
To date [June 1995] they hold X.500 directory data for 52
organizations and provide free access to this data via various
protocols: X.500 DUA, E-Mail, whois, Gopher and WWW.
To find the most current listing of X.500 providers see RFC 1632 -
Catalog of Available X.500 Implementations [2].
Jennings Informational [Page 3]
RFC 1943 Building an X.500 Directory Service in the US May 1996
2.0 The X.500 Protocol
2.1 Introduction
This chapter provides the basic technical information necessary for
an organization to begin deploying an X.500 Directory Service. It
provides a brief introduction to the X.500 protocol and the
possibilities that X.500 offers.
2.2 The Directory Model
X.500 Directory Model is a distributed collection of independent
systems which cooperate to provide a logical data base of information
to provide a global Directory Service. Directory information about a
particular organization is maintained locally in a Directory System
Agent (DSA). This information is structured within specified
standards. Adherence to these standards makes the distributed model
possible. It is possible for one organization to keep information
about other organizations, and it is possible for an organization to
operate independently from the global model as a stand alone system.
DSAs that operate within the global model have the ability to
exchange information with other DSAs by means of the X.500 protocol.
DSAs that are interconnected form the Directory Information Tree
(DIT). The DIT is a virtual hierarchical data structure. An X.500
pilot using QUIPU software introduced the concept of a "root" DSA
which represents the world; below which "countries" are defined.
Defined under the countries are "organizations". The organizations
further define "organizational units" and/ or "people". This DIT
identifies the DIT for the White Pages X.500 services.
Each DSA provides information for the global directory. Directories
are able to locate in the hierarchical structure discussed above,
which DSA holds a certain portion of the directory. Each directory
manages information through a defined set of attributes and in a
structure defined as the Directory Information Base (DIB).
A DSA is accessed by means of a Directory User Agent (DUA). A DUA
interacts with the Directory by communicating with one or more DSAs
as necessary to respond to a specific query. DUAs can be an IP
protocol such as whois or finger, or a more sophisticated application
which may provide Graphical User Interface (GUI) access to the DSA.
Access to a DSA can be accomplished by an individual or automated by
computer application.
Jennings Informational [Page 4]
RFC 1943 Building an X.500 Directory Service in the US May 1996
2.3 The Information Model
In addition to the Directory Model, the X.500 standard defines the
information model used in the Directory Service. All information in
the Directory is stored in "entries", each of which belong to at
least one "object class". In the White Pages application of X.500
object classes are defined as country, organization, organizational
unit and person.
The object classes to which an entry belongs defines the attributes
associated with a particular entry. Some attributes are mandatory
others are optional. System administrators may define their own
attributes and register these with regulating authorities, which will
in turn make these attributes available on a large scale.
Every entry has a Relative Distinguished Name (RDN), which uniquely
identifies the entry. A RDN is made up of the DIT information and the
actual entry.
The Directory operates under a set of rules know as the Directory
schema. This defines correct utilization of attributes, and ensures
an element of sameness throughout the global Directory Service.
Under the White Pages object class "Person" there are three mandatory
attributes:
objectClass commonName surName
These attributes along with the DIT structure above, define the RDN.
An example of an entry under Sandia National Laboratory is shown
here: @c=US@o=Sandia National Laboratory@ou=Employees@cn=Barbara
Jennings
root
/ \
/ \
c=US c=CA
/ \
/ \
o=Sandia National o=ESnet
Laboratory
/ \
/ \
ou=Employees ou=Guests
/ \
/ \
cn=Barbara Jennings cn=Paul Brooks
Jennings Informational [Page 5]
RFC 1943 Building an X.500 Directory Service in the US May 1996
Organizations may define the best structure suited for their DIT.
Typically an organizations DIT will look very much like the
organizations structure itself. A DIT structure is determined by
naming rules and as such, becomes the elements unique Relative
Distinguished Name (RDN). The DIT structure may also be dependent on
whether the DSA information is administered by a flat file or a
database. Extra consideration to designing of the DIT structure
should be taken when using flat files versus a database, as it takes
longer to search through a flat file if the tree structure becomes
too complex or intricate. To obtain information on recommended schema
for DIT structuring see RFC1274 [3].
2.4 Benefits and Uses for X.500 Directory Service
The nature of the X.500 Directory makes it suitable for independently
operated segments that can be expanded to global distribution. The
benefits for local directory use are:
- with the distributed nature of the service, an organization may
separate the responsibility for management of many DSAs and still
retain the overall structure;
- the robustness of this service allows it to provide information to a
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -