rfc1943.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Network Working Group                                        B. Jennings
Request for Comments: 1943                    Sandia National Laboratory
Category: Informational                                         May 1996


             Building an X.500 Directory Service in the US

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   This document provides definition and recommends considerations that
   must be undertaken to operate a X.500 Directory Service in the United
   States.  This project is the work performed for the Integrated
   Directory Services Working Group within the Internet Engineering Task
   Force, for establishing an electronic White Pages Directory Service
   within an organization in the US and for connecting it to a wide-area
   Directory infrastructure.

   Establishing a successful White Pages Directory Service within an
   organization requires a collaborative effort between the technical,
   legal and data management components of an organization. It also
   helps if there is a strong commitment from the higher management to
   participate in a wide-area Directory Service.

   The recommendations presented in the document are the result of
   experience from participating in the Internet White Pages project.

Table of Contents

   1.0     Introduction                                            2
   1.1     Purpose of this Document                                2
   1.2     Introduction to Directory Services                      2
   2.0     The X.500 Protocol                                      4
   2.1     Introduction                                            4
   2.2     Directory Model                                         4
   2.3     Information Model                                       5
   2.4     Benefits and Uses for X.500 Directory Service           6
   2.5     Other Applications of X.500                             7
   3.0     Legal Issues                                            8
   3.1     Introduction                                            8
   3.2     Purpose of the Directory                                8
   3.3     User Rights                                             9
   3.4     Data Integrity                                          9



Jennings                     Informational                      [Page 1]

RFC 1943     Building an X.500 Directory Service in the US      May 1996


   3.5     Protection of the Data                                 10
   3.6     Conclusions                                            10
   4.0     Infrastructure                                         11
   4.1     Introduction                                           11
   4.2     A Well Maintained Infrastructure                       11
   4.3     DUA Interfaces for End Users                           12
   5.0     Datamanagement & Pilot Projects                        13
   5.1     Simple Internet White Pages Service                    13
   5.2     InterNIC                                               13
   5.3     ESnet                                                  14
   6.0     Recommendations                                        14
   6.1     General                                                14
   6.2     Getting Started                                        14
   6.3     Who are the Customers                                  14
   6.4     What are the Contents of the Directory                 15
   6.5     What are the Rights of the Individuals                 15
   6.6     Data Integrity                                         16
   6.7     Data Security                                          16
   6.8     Data Administration                                    17
   6.9     Conclusion                                             17
   7.0     References                                             18
   8.0     Glossary                                               19
   9.0     Security Considerations                                22
   10.0    Author's Address                                       22

1.0     Introduction

1.1     Purpose of this Document

   This document provides an introduction for individuals planning to
   build a directory service for an organization in the US. It presents
   an introduction to the technical, legal, and organizational aspects
   of a directory service. It describes various options to organizations
   who want to operate an X.500 Directory service and illustrates these
   with examples of current X.500 service providers.

1.2     Introduction to Directory Services

   An electronic directory server is an electronic process that provides
   a list of information provided via electronic access. This
   information is variable in content, however it should be explicitly
   defined by the directory purpose. Information about people,
   organizations, services, network hardware are just a few examples of
   data content that a directory service can provide. The aim of an
   X.500 Directory service is to make using the directory intuitive and
   as easy to use as calling for directory assistance. The X.500
   Directory service is an international standard ratified by the
   International organization for Standardization (IS) and the ITU-T



Jennings                     Informational                      [Page 2]

RFC 1943     Building an X.500 Directory Service in the US      May 1996


   International Telecommunication Union formerly (CCITT) in 1988 [1].

   The Directory is intended to be global service comprised of
   independently operated and distributed Directory Service Agents
   (DSAs), that provide information in the form of a White Pages Phone
   Directory.

   Electronic mail communication benefits from the existence of a global
   electronic White Pages to allow network users to retrieve addressing
   information in an intuitive fashion. Manual searching for names and
   addresses, specifically electronic addresses, can take a great deal
   of time. A White Pages directory service can enable network users to
   retrieve the addresses of communication partners in a user friendly
   way, using known variables such as common name, surname, and
   organization to facilitate various levels of searches.

   In order to make global communication over computer networks work
   efficiently, a global electronic White Pages service is
   indispensable. Such a directory service could also contain telephone
   and fax numbers, postal addresses as well as platform type to
   facilitate in translation of documents between users on different
   systems. An electronic White Pages may prove to be useful for
   specific local purposes; replacing paper directories or improving
   quality of personnel administration for example. An electronic
   directory is much easier to produce and more timely than paper
   directories which are often out of date as soon as they are printed.

   The Internet White Pages Project provides many companies in the US
   with an opportunity to pilot X.500 in their organizations.
   Operating as a globally distributed directory service, this project
   allows organizations in a wide variety of industry type to make
   themselves known on the Internet and to provide access to their staff
   as desired.

   Some organizations, such as ESnet agreed to manage directory
   information for other organizations. ESnet maintains data at their
   site for all the national laboratories. They provide assistance to
   organizations in defining their directory information tree (DIT)
   structure. They also provide free access to the X.500 Directory via
   Gopher, WWW, DUAs, whois and finger protocols.

   The InterNIC is another directory services provider on the Internet.
   To date [June 1995] they hold X.500 directory data for 52
   organizations and provide free access to this data via various
   protocols: X.500 DUA, E-Mail, whois, Gopher and WWW.

   To find the most current listing of X.500 providers see RFC 1632 -
   Catalog of Available X.500 Implementations [2].



Jennings                     Informational                      [Page 3]

RFC 1943     Building an X.500 Directory Service in the US      May 1996


2.0     The X.500 Protocol

2.1     Introduction

   This chapter provides the basic technical information necessary for
   an organization to begin deploying an X.500 Directory Service. It
   provides a brief introduction to the X.500 protocol and the
   possibilities that X.500 offers.

2.2     The Directory Model

   X.500 Directory Model is a distributed collection of independent
   systems which cooperate to provide a logical data base of information
   to provide a global Directory Service. Directory information about a
   particular organization is maintained locally in a Directory System
   Agent (DSA). This information is structured within specified
   standards. Adherence to these standards makes the distributed model
   possible. It is possible for one organization to keep information
   about other organizations, and it is possible for an organization to
   operate independently from the global model as a stand alone system.
   DSAs that operate within the global model have the ability to
   exchange information with other DSAs by means of the X.500 protocol.

   DSAs that are interconnected form the Directory Information Tree
   (DIT). The DIT is a virtual hierarchical data structure. An X.500
   pilot using QUIPU software introduced the concept of a "root" DSA
   which represents the world; below which "countries" are defined.
   Defined under the countries are "organizations". The organizations
   further define "organizational units" and/ or "people". This DIT
   identifies the DIT for the White Pages X.500 services.

   Each DSA provides information for the global directory. Directories
   are able to locate in the hierarchical structure discussed above,
   which DSA holds a certain portion of the directory. Each directory
   manages information through a defined set of attributes and in a
   structure defined as the Directory Information Base (DIB).

   A DSA is accessed by means of a Directory User Agent (DUA). A DUA
   interacts with the Directory by communicating with one or more DSAs
   as necessary to respond to a specific query. DUAs can be an IP
   protocol such as whois or finger, or a more sophisticated application
   which may provide Graphical User Interface (GUI) access to the DSA.
   Access to a DSA can be accomplished by an individual or automated by
   computer application.







Jennings                     Informational                      [Page 4]

RFC 1943     Building an X.500 Directory Service in the US      May 1996


2.3     The Information Model

   In addition to the Directory Model, the X.500 standard defines the
   information model used in the Directory Service. All information in
   the Directory is stored in "entries", each of which belong to at
   least one "object class". In the White Pages application of X.500
   object classes are defined as country, organization, organizational
   unit and person.

   The object classes to which an entry belongs defines the attributes
   associated with a particular entry. Some attributes are mandatory
   others are optional. System administrators may define their own
   attributes and register these with regulating authorities, which will
   in turn make these attributes available on a large scale.

   Every entry has a Relative Distinguished Name (RDN), which uniquely
   identifies the entry. A RDN is made up of the DIT information and the
   actual entry.

   The Directory operates under a set of rules know as the Directory
   schema.  This defines correct utilization of attributes, and ensures
   an element of sameness throughout the global Directory Service.

   Under the White Pages object class "Person" there are three mandatory
   attributes:

        objectClass     commonName      surName

   These attributes along with the DIT structure above, define the RDN.

   An example of an entry under Sandia National Laboratory is shown
   here: @c=US@o=Sandia National Laboratory@ou=Employees@cn=Barbara
   Jennings

                                   root
                                   /  \
                                  /    \
                                c=US    c=CA
                                /  \
                               /    \
                  o=Sandia National   o=ESnet
                    Laboratory
                   /   \
                  /     \
            ou=Employees  ou=Guests
              /                \
             /                  \
     cn=Barbara Jennings        cn=Paul Brooks



Jennings                     Informational                      [Page 5]

RFC 1943     Building an X.500 Directory Service in the US      May 1996


   Organizations may define the best structure suited for their DIT.
   Typically an organizations DIT will look very much like the
   organizations structure itself. A DIT structure is determined by
   naming rules and as such, becomes the elements unique Relative
   Distinguished Name (RDN). The DIT structure may also be dependent on
   whether the DSA information is administered by a flat file or a
   database. Extra consideration to designing of the DIT structure
   should be taken when using flat files versus a database, as it takes
   longer to search through a flat file if the tree structure becomes
   too complex or intricate. To obtain information on recommended schema
   for DIT structuring see RFC1274 [3].

2.4     Benefits and Uses for X.500 Directory Service

   The nature of the X.500 Directory makes it suitable for independently
   operated segments that can be expanded to global distribution. The
   benefits for local directory use are:

   - with the distributed nature of the service, an organization may
   separate the responsibility for management of many DSAs and still
   retain the overall structure;

   - the robustness of this service allows it to provide information to a