📄 rfc1276.txt
字号:
private access control should not be transferred. There may be
bilateral agreements on access control policy of the information
(e.g., size limits on listing), which are implemented by (different)
system specific techniques.
8 New Application Context
A DSA which follows these procedures will support a new
ApplicationContext ``Internet DSP'' defined in Appendix A. This will
be stored in the DSAs entry, so that support of the extensions defined
here can easily be determined.
9 Policy on Replication Procedures
To be effective, a directory configuration must be laid out. These
protocols will need to be used in the framework of a pilot, and
service providers making available data for replication.
There is a requirement to manage the replication process. This can be
done by a combination of local configuration (to register shadowing
agreements) and directory operations to set pointers to master and
slave copies of the data.
10 Use of the Directory by Applications
Care must be taken by users of the directory when replication is
available. This is not a change from current use of X.500, but is
noted here as it is important. Normal read requests should allow use
of copy information. If the user of the directory believes that
information may be out of date (e.g., because an association could not
be established), then the request should be repeated and use of copy
data prohibited by service controls.
11 Migration and Scaling
The major scaling limit of this approach is the non-incremental
update. This will put a limit on the maximum DIT fanout which can be
supported. Given an average entry size of around a thousand bytes,
and a maximum reasonable transfer size is tens of megabytes, then the
Hardcastle-Kille Page 12
RFC 1276 Internet Directory Replication November 1991
fanout limit of this approach is of order 10 000. Note that smaller
organisations will tend to be registered geographically (e.g., in the
US, by State), so that the limit of the number of Organisations is
somewhat larger. It should be noted that although the replication
technique described here is general, it is only intended for high
levels of the DIT. These figures assume this.
These techniques do not preclude use of other techniques for
replication. It would be quite reasonable to replicate data using
this approach, and that which will be defined in X.500(92).
References
[HK91a] S.E. Hardcastle-Kille. Encoding network addresses to support
operation over non-osi lower layers. Request for Comments
RFC 1277, Department of Computer Science, University College
London, November 1991.
[HK91b] S.E. Hardcastle-Kille. Replication requirement to provide an
internet directory using X.500. Request for Comments
RFC 1275, Department of Computer Science, University College
London, November 1991.
12 Security Considerations
Security considerations are not discussed in this memo.
13 Author's Address
Steve Hardcastle-Kille
Department of Computer Science
University College London
Gower Street
WC1E 6BT
England
Phone: +44-71-380-7294
EMail: S.Kille@CS.UCL.AC.UK
Hardcastle-Kille Page 13
RFC 1276 Internet Directory Replication November 1991
A ASN.1 Summary and Object Identifier Allocation
There_are_a_few_object_identifiers_needed.__These_are_defined_here.____
InternetDSP TAGS ::=
BEGIN
IMPORTS
APPLICATION-SERVICE-ELEMENT, PORT, APPLICATION-CONTEXT,
aCSE, ABSTRACT OPERATION
FROM Remote-Operations-Notation-extension {joint-iso-ccitt
remote-operations(4) notation-extension(2)}
10
id-as-mrse, id-as-mase, id-as-ms
FROM MTSAccessProtocol {joint-iso-ccitt mhs-motis(6)
protocols(0) modules(0) object-identifiers(0)}
chainedReadASE, chainedSearchASE, chainedModifyASE
FROM DirectorySystemProtocol {joint-iso-ccitt ds(5)
modules(1) dsp(12)}
DistinguishedName, RelativeDistinguishedName, Attribute
FROM InformationFramework {joint-iso-ccitt ds(5) 20
modules(1) InformationFramework(1)}
ATTRIBUTE, OBJECT-CLASS
FROM InformationFramework {joint-iso-ccitt ds(5)
modules(1) informationFramework(1)};
internet-dsp OBJECT IDENTIFIER ::= {ccitt data(9) pss(2342) 30
ucl(19200300) internet-dsp(107)}
-- General
at OBJECT IDENTIFIER ::= {internet-dsp at(1)}
oc OBJECT IDENTIFIER ::= {internet-dsp oc(2)}
-- Object Classes needed for association
Hardcastle-Kille Page 14
RFC 1276 Internet Directory Replication November 1991
40
id-ac-idsp OBJECT IDENTIFIER ::= {internet-dsp ac-idsp(3))}
id-as-idsp OBJECT IDENTIFIER ::= {internet-dsp as-idsp(4))}
id-ase-replication OBJECT IDENTIFIER ::= {internet-dsp ase-replication(5))}
-- Attribute Types
master-dsa MasterDSA ::= {at 1}
slave-dsa SlaveDSA ::= {at 2}
subordinate-reference SubordinateReference ::= {at 3} 50
cross-reference CrossReference ::= {at 4}
nssr NonSpecificSubordinateReference ::= {at 5}
-- Object Classes
internet-ds-non-leaf-object InternetDSNonLeafObject ::= {oc 1}
external-ds-object ExternalDSObject ::= {oc 2}
-- Operation and Error bindings 60
getEntryDataBlock GetEntryDataBlock ::= 10
eDBVersionError EDBVersionError ::= 10
-- Protocol Definitions
replicationASE APPLICATION-SERVICE-ELEMENT
OPERATIONS {getEntryDataBlock} 70
::= id-ase-replication
internet-dsp APPLICATION-CONTEXT
APPLICATION SERVICE ELEMENTS {aCSE}
BIND MSBind
UNBIND MSUnbind
REMOTE OPERATIONS {rOSE}
OPERATIONS OF { chainedReadADSm chainedSearchASE,
chainedModifyASE, replicationASE }
ABSTRACT SYNTAXES { 80
id-as-acse,
id-as-idsp }
::= id-ac-idsp
Hardcastle-Kille Page 15
RFC 1276 Internet Directory Replication November 1991
90
InternetDSNonLeafObject ::= OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN {masterDSA}
MAY CONTAIN {slaveDSA}
ExternalDSObject ::= OBJECT-CLASS
SUBCLASS OF top
MAY CONTAIN {SubordinateReference, CrossReference,
NonSpecificSubordinateReference}
-- will contain exactly one of these references100
MasterDSA ::= ATTRIBUTE
WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
SINGLE VALUE
SlaveDSA ::= ATTRIBUTE
WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
SubordinateReference ::= ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AccessPoint 110
SINGLE VALUE
CrossReference ::= ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AccessPoint
SINGLE VALUE
NonSpecificSubordinateReference ::= ATTRIBUTE
WITH ATTRIBUTE-SYNTAX AccessPoint
AccessPoint ::= SET { 120
ae-title [0] Name,
address [2] PresentationAddress OPTIONAL }
-- Same definition as X.500 AccessPoint,
-- but presentation address is optional
GetEntryDataBlock ABSTRACT-OPERATION
Hardcastle-Kille Page 16
RFC 1276 Internet Directory Replication November 1991
ARGUMENT GetEntryDataBlockArgument
RESULT GetEntryDataBlockResult
ERRORS {nameError,ServiceError,SecurityError,EDBVersionError}130
EDBVersionError ABSTRACT-ERROR
PARAMETER versionHeld EDBVersion
GetEntryDataBlockArgument ::= SET {
entry [0] DistinguishedName,
CHOICE {
sendIfMoreRecentThan [1] EDBVersion,
getVersionNumber [2] NULL, 140
getEDB [3] NULL, -- force retrieval
continuation [4] SEQUENCE {
EDBVersion,
nextEntryPosition INTEGER }
},
maxEntries [5] INTEGER OPTIONAL
-- if omitted return whole EDB in
-- one operation
}
150
GetEntryDataBlockResult ::= SEQUENCE {
versionHeld [0] EDBVersion,
[1] SEQUENCE OF RelativeEntry OPTIONAL,
-- if omitted, only version is returned
nextEntryPostion INTEGER OPTIONAL
-- if omitted there are no more entries
}
160
RelativeEntry ::= SEQUENCE {
RelativeDistinguishedName,
SET OF Attribute
}
EDBVersion ::= UTCTime
END
___________________Figure_3:__Summary_of_the_ASN.1_____________________
Hardcastle-Kille Page 17
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -