rfc1276.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

private access control should not be transferred.  There may be
bilateral agreements on access control policy of the information
(e.g., size limits on listing), which are implemented by (different)
system specific techniques.


8  New Application Context

A DSA which follows these procedures will support a new
ApplicationContext ``Internet DSP'' defined in Appendix A. This will
be stored in the DSAs entry, so that support of the extensions defined
here can easily be determined.


9  Policy on Replication Procedures

To be effective, a directory configuration must be laid out.  These
protocols will need to be used in the framework of a pilot, and
service providers making available data for replication.
There is a requirement to manage the replication process.  This can be
done by a combination of local configuration (to register shadowing
agreements) and directory operations to set pointers to master and
slave copies of the data.


10  Use of the Directory by Applications


Care must be taken by users of the directory when replication is
available.  This is not a change from current use of X.500, but is
noted here as it is important.  Normal read requests should allow use
of copy information.  If the user of the directory believes that
information may be out of date (e.g., because an association could not
be established), then the request should be repeated and use of copy
data prohibited by service controls.


11  Migration and Scaling

The major scaling limit of this approach is the non-incremental
update.  This will put a limit on the maximum DIT fanout which can be
supported.  Given an average entry size of around a thousand bytes,
and a maximum reasonable transfer size is tens of megabytes, then the


Hardcastle-Kille                                               Page 12




RFC 1276         Internet Directory Replication          November 1991


fanout limit of this approach is of order 10 000.  Note that smaller
organisations will tend to be registered geographically (e.g., in the
US, by State), so that the limit of the number of Organisations is
somewhat larger.  It should be noted that although the replication
technique described here is general, it is only intended for high
levels of the DIT. These figures assume this.
These techniques do not preclude use of other techniques for
replication.  It would be quite reasonable to replicate data using
this approach, and that which will be defined in X.500(92).


References

[HK91a] S.E. Hardcastle-Kille. Encoding network addresses to support
        operation over non-osi lower layers. Request for Comments
        RFC 1277, Department of Computer Science, University College
        London, November 1991.

[HK91b] S.E. Hardcastle-Kille. Replication requirement to provide an
        internet directory using X.500. Request for Comments
        RFC 1275, Department of Computer Science, University College
        London, November 1991.


12  Security Considerations

Security considerations are not discussed in this memo.


13  Author's Address

    Steve Hardcastle-Kille
    Department of Computer Science
    University College London
    Gower Street
    WC1E 6BT
    England


    Phone:  +44-71-380-7294

    EMail:  S.Kille@CS.UCL.AC.UK



Hardcastle-Kille                                               Page 13




RFC 1276         Internet Directory Replication          November 1991


A  ASN.1 Summary and Object Identifier Allocation

There_are_a_few_object_identifiers_needed.__These_are_defined_here.____

InternetDSP  TAGS ::=
BEGIN

IMPORTS
    APPLICATION-SERVICE-ELEMENT, PORT, APPLICATION-CONTEXT,
    aCSE, ABSTRACT OPERATION
        FROM Remote-Operations-Notation-extension {joint-iso-ccitt
        remote-operations(4) notation-extension(2)}

                                                                    10
   id-as-mrse, id-as-mase, id-as-ms
        FROM MTSAccessProtocol {joint-iso-ccitt mhs-motis(6)
        protocols(0) modules(0) object-identifiers(0)}

   chainedReadASE, chainedSearchASE, chainedModifyASE
        FROM DirectorySystemProtocol {joint-iso-ccitt ds(5)
                modules(1) dsp(12)}

   DistinguishedName, RelativeDistinguishedName, Attribute
        FROM InformationFramework {joint-iso-ccitt ds(5)            20
                modules(1) InformationFramework(1)}


   ATTRIBUTE, OBJECT-CLASS
        FROM InformationFramework {joint-iso-ccitt ds(5)
        modules(1) informationFramework(1)};



internet-dsp OBJECT IDENTIFIER ::= {ccitt data(9) pss(2342)         30
        ucl(19200300) internet-dsp(107)}

-- General

at OBJECT IDENTIFIER ::= {internet-dsp at(1)}
oc OBJECT IDENTIFIER ::= {internet-dsp oc(2)}


-- Object Classes needed for association


Hardcastle-Kille                                               Page 14




RFC 1276         Internet Directory Replication          November 1991


                                                                    40
id-ac-idsp  OBJECT IDENTIFIER ::= {internet-dsp ac-idsp(3))}
id-as-idsp  OBJECT IDENTIFIER ::= {internet-dsp as-idsp(4))}
id-ase-replication  OBJECT IDENTIFIER ::= {internet-dsp ase-replication(5))}


-- Attribute Types

master-dsa MasterDSA ::= {at 1}
slave-dsa SlaveDSA ::= {at 2}
subordinate-reference SubordinateReference ::= {at 3}               50
cross-reference CrossReference ::= {at 4}
nssr NonSpecificSubordinateReference ::= {at 5}

-- Object Classes

internet-ds-non-leaf-object InternetDSNonLeafObject ::= {oc 1}
external-ds-object ExternalDSObject ::= {oc 2}


-- Operation and Error bindings                                     60

getEntryDataBlock GetEntryDataBlock ::= 10

eDBVersionError EDBVersionError ::= 10


-- Protocol Definitions

replicationASE APPLICATION-SERVICE-ELEMENT
    OPERATIONS {getEntryDataBlock}                                  70
    ::= id-ase-replication

internet-dsp APPLICATION-CONTEXT
    APPLICATION SERVICE ELEMENTS {aCSE}
    BIND MSBind
    UNBIND MSUnbind
    REMOTE OPERATIONS {rOSE}
    OPERATIONS OF { chainedReadADSm chainedSearchASE,
        chainedModifyASE, replicationASE }
    ABSTRACT SYNTAXES {                                             80
        id-as-acse,
        id-as-idsp }
    ::= id-ac-idsp

Hardcastle-Kille                                               Page 15




RFC 1276         Internet Directory Replication          November 1991








                                                                    90
InternetDSNonLeafObject ::= OBJECT-CLASS
        SUBCLASS OF top
        MUST CONTAIN {masterDSA}
        MAY CONTAIN {slaveDSA}

ExternalDSObject ::= OBJECT-CLASS
        SUBCLASS OF top
        MAY CONTAIN {SubordinateReference, CrossReference,
                NonSpecificSubordinateReference}
                        -- will contain exactly one of these references100

MasterDSA ::= ATTRIBUTE
    WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
    SINGLE VALUE

SlaveDSA ::= ATTRIBUTE
    WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax

SubordinateReference ::= ATTRIBUTE
    WITH ATTRIBUTE-SYNTAX AccessPoint                              110
    SINGLE VALUE

CrossReference ::= ATTRIBUTE
    WITH ATTRIBUTE-SYNTAX AccessPoint
    SINGLE VALUE

NonSpecificSubordinateReference ::= ATTRIBUTE
    WITH ATTRIBUTE-SYNTAX AccessPoint

AccessPoint ::= SET {                                              120
        ae-title [0] Name,
        address  [2] PresentationAddress OPTIONAL }

                -- Same definition as X.500 AccessPoint,
                -- but presentation address is optional

GetEntryDataBlock ABSTRACT-OPERATION

Hardcastle-Kille                                               Page 16




RFC 1276         Internet Directory Replication          November 1991


        ARGUMENT GetEntryDataBlockArgument
        RESULT GetEntryDataBlockResult
        ERRORS {nameError,ServiceError,SecurityError,EDBVersionError}130

EDBVersionError ABSTRACT-ERROR
        PARAMETER versionHeld EDBVersion


GetEntryDataBlockArgument ::= SET {
        entry [0] DistinguishedName,
        CHOICE {
                sendIfMoreRecentThan [1] EDBVersion,
                getVersionNumber [2] NULL,                         140
                getEDB [3] NULL,        -- force retrieval
                continuation [4] SEQUENCE {
                        EDBVersion,
                        nextEntryPosition INTEGER }
                },
        maxEntries [5] INTEGER OPTIONAL
                        -- if omitted return whole EDB in
                        -- one operation
}
                                                                   150
GetEntryDataBlockResult ::= SEQUENCE {
                versionHeld [0] EDBVersion,
                [1] SEQUENCE OF RelativeEntry OPTIONAL,
                        -- if omitted, only version is returned
                nextEntryPostion INTEGER OPTIONAL
                        -- if omitted there are no more entries
        }


                                                                   160
RelativeEntry ::= SEQUENCE {
        RelativeDistinguishedName,
        SET OF Attribute
        }

EDBVersion ::= UTCTime
END

___________________Figure_3:__Summary_of_the_ASN.1_____________________



Hardcastle-Kille                                               Page 17