home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1993
/
Internet Info CD-ROM (Walnut Creek) (1993).iso
/
inet
/
internet-drafts
/
draft-rare-nap-x500intro-00.txt
< prev
next >
Wrap
Text File
|
1993-10-26
|
21KB
|
459 lines
Internet Draft A.P. Jurg
Expires: May 1994 SURFnet bv
October1993
Introduction to White Pages services based on X.500
<draft-rare-nap-x500intro-00.txt>
Status of this Memo
This document is an Internet Draft. Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its Areas,
and its Working Groups. Note that other groups may also distribute
working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six
months. Internet Drafts may be updated, replaced, or obsoleted by
other documents at any time. It is not appropriate to use Internet
Drafts as reference material or to cite them other than as a
"working draft" or "work in progress."
Please check the I-D abstract listing contained in each Internet
Draft directory to learn the current status of this or any other
Internet Draft.
Abstract
This document explains why an electronic White Pages service is
indispensable for the global electronic communication community. It
argues that the International ITU-T X.500 (formerly CCITT) and ISO
9594 standard should be used to set up a global White Pages service.
The target group of this document consists of IT managers of
organizations that are using electronic communication on a day to day
basis. This document should help the IT managers to get the necessary
executive commitment to start making available the (address)
information of their organization through X.500.
Jurg Expires: May 1994 [Page 1]
Internet Draft Introduction to X.500 for White Pages October 1993
Table Of Contents
1 Introduction ............................................. 2
2 Concept of X.500.......................................... 3
2.1 Directory model ..................................... 3
2.2 Information Model ................................... 4
3 Benefits of ............................................. 4
4 Organizational aspects of X.500. ......................... 5
5 Applications of X.500 .................................... 7
6 References ............................................... 7
1 Introduction
Due to the tremendous growth and development of international
computer networks we have nowadays the possibility,to overcome -
without having to travel - geographical distances when working
together with other people. Besides the possibility of using the
telephone we may use electronic data exchange to discuss working
documents, new ideas, plans or whatsoever. One of the most popular
means for this is electronic mail, which can be used to exchange all
kinds of electronic data: from informal pure text messages to
formatted and multi-media documents.
As the number of people connected to computer networks grows (and it
does continuously, it is at least doubling each year!), it becomes
more difficult to track down people's electronic (mail) addresses.
Hence, in order to make global communication over computer networks
work, a global White Pages service is indispensable. Such a service
should of course provide people's electronic mail addresses, but
could also easily contain telephone and fax numbers and postal
addresses.
Currently the only technical solution for a globally distributed
White Pages service is X.500 and there exists an international
infrastructure based on X.500 technology called 'Paradise' (Piloting
An inteRnAtional DIrectory SErvice), which contains about 1,5 million
entries belonging to persons and 3.000 belonging to organizations.
Worldwide 35 countries are involved. Paradise is also a project of
the EC. The Project continues until september 1994, but after that
its operational tasks will be taken over by a European service
provider for the R&D community (Dante). The goal of Paradise and
related national initiatives is to stimulate and extend the use of
the X.500 White Pages service. Within the pilot attention is paid to
technical and organizational problems and legal issues.
In the decision process of joining the international X.500
infrastructure and opening (part) of the local (address) information
to the outside world, it is important that an organization fully
understands the technical and organizational
Jurg Expires: May 1994 [Page 2]
Internet Draft Introduction to X.500 for White Pages October 1993
issues involved and the particular benefits of X.500. This document
tries to be of help in this matter by firstly explaining the main
concepts of X.500 (section 2) and subsequently pointing out its
benefits (section 3), what organizational aspects are involved
(section 4), and for which other applications the X.500
infrastructure may be used in the near future (section 5).
2 Concept of X.500
The X.500 standard describes a so-called 'Directory Service', which
among others, can be used for a global White Pages service. The total
concept of X.500 may roughly be divided in the 'Directory model' and
the 'Information model'.
2.1 Directory model
X.500 uses a distributed approach to achieve the goal of a global
Directory Service. The idea is that local (communication oriented)
information of an organization is maintained locally in one or more
so-called Directory System Agents (DSA's). 'Locally' is a flexible
expression here: it is possible that one DSA keeps information of
more than one organization. A DSA essentially is a database
- where the information is stored according to the X.500 standard
(see section 2.2),
- that has the ability, where necessary, to exchange data with other
DSA's.
Through the communication among each other the DSA's form the
Directory Information Tree (DIT). The DIT is a hierarchical logical
datastructure consisting of a 'root', below which 'countries' are
defined. Below the countries (usually) 'organizations' are defined,
and below an organization 'persons' or first additional
'organizational units' are defined (see the simplified illustration
below; only three countries and no organizational units are
presented). The DIT is a representation of the global Directory.
root o
/|\
/ | \
/ | \
countries uk de fr
/| /\ |\
/ | / \ | \
organizations a b c d e f
| | | | | |
persons ... ... .. .. ... ...
Jurg Expires: May 1994 [Page 3]
Internet Draft Introduction to X.500 for White Pages October 1993
Each DSA holds a part of the global Directory and is able to find
out, through the hierarchical DIT structure, which DSA's hold which
parts of the Directory.
The standard does not describe how to distribute different parts of
the Directory among DSA's. In practice a large organization will have
one or more DSA's that hold the part of the DIT from the entry of
this organization down to all leaf nodes below it. Smaller
organizations may share a DSA with other organizations. The
distribution among the DSA's is totally transparent to the users of
the Directory. They are only aware of the global DIT.
A user accesses the Directory through a so-called Directory User
Agent (DUA). The DUA automatically contacts a nearby DSA by means of
which the user may search or browse through the DIT to find the
information s/he needs. Where the first generation of DUA's are
standalone applications, it is expected that in the near future there
will be DUA's available that are integrated with e-mail and other
applications.
2.2 Information Model
Besides the Directory model, the X.500 standard defines also the
information model used in the Directory Service. All information in
the Directory is stored in 'entries', each of which belongs to at
least one so-called 'object class'. In the White Pages application of
X.500, on which we focus here, object classes have been defined such
as 'country', 'organization', 'organizational unit' and 'person'.
The actual information in an entry is determined by so-called
'attributes' that are contained in that entry. The object classes to
which an entry belongs define what types of attributes an entry may
use and hence what information is specific for entries belonging to
that object class. The object class 'person' for example allows
attribute types like 'common name', 'telephone number' and 'e-mail
address' to be used and the object class 'organization' allows for
attribute types like 'organization name' and 'business category'.
Dependent on its type an attribute can take one or more values.
To specify the name of an entry in the DIT, at least one attribute
value of the entry is used. The name of an entry must be unique on
the same level in the subtree of the DIT to which the entry belongs.
3 Benefits of X.500
Why should one use X.500 for a local White Pages service? Here are
some good arguments:
Jurg Expires: May 1994 [Page 4]
Internet Draft Introduction to X.500 for White Pages October 1993
- The flexibility of the service. Besides for public purposes, X.500
may also be used for specific private Directory Service
applications. Whereas the definitions of the DIT, object classes
and attribute types of the public White Pages information within
an organization have to conform to those of the rest of world, the
internal applications may use their own DIT structure and their
own definitions of object classes and attributes (the values being
only visible within (a part) of the organization). Nevertheless
one local infrastructure can be used for the public and private
applications.
- The distributed character of the service. A large organization may
distribute the responsibility for the management of the
information it presents through X.500 by distributing this
information over several DSA's (without losing the overall
structure).
- X.500 security aspects. It is possible to hide certain attributes
of an entry from an unauthorized user. For example the value(s) of
the attribute type 'home telephone number' of a person may be
visible only to his/her colleagues. By means of strong or simple
authentication (using cryptographic keys or simple userid/password
identification respectively) it is possible to prohibit
unauthorized use of (a part of) the Directory Service.
- Good alternative for paper directories. The provision of White
Pages services based on X.500 may be a good alternative for paper
directories, because the latter directories are rarely up-to-date
(due to the printing costs) and because X.500 cannot only be used
by humans but also by applications.
There are many arguments in favor of X.500 for global use. Here we
present some important ones.
- A Global Directory. By its distributed nature X.500 is
particularly suited for a large global White Pages directory.
Maintenance can take place in a distributed way.
- Good searching capabilities. X.500 offers the possibility to do
searches in any level or in any subtree of the DIT. In order to do
a search an attribute type together with a value have to be
specified. Then the Directory searches for all entries that
contain an attribute of that type with the given value. For
example one can search for all persons having a particular job
description, or all persons within a country that have beer as a
favorite drink. It is up to the responsible managers of the DSA's
to decide who may perform such searches and also how many levels
deep a search may be.
Searches can be done on the basis of an exact or approximate
match, etc. It is worth to note here that distributed searches
(that need connections to a lot of DSA's) may be expensive.
Jurg Expires: May 1994 [Page 5]
Internet Draft Introduction to X.500 for White Pages October 1993
- There are DUA's for the White Pages service available for all
types of workstations (DOS, Macintosh OS, Unix).
- X.500 is an international standard. Using a standard obviously
means less problems with interoperability and interworking. Also
the standard is updated according to practical experience.
4 Organizational aspects of X.500
The organizational aspects involved in operating a local X.500
Directory can roughly be divided in three sub-aspects:
datamanagement, legal issues and cost aspects. With respect to cost
aspects there is no publicly known model or experience at the moment.
Therefore we will focus here on datamanagement and legal issues.
Datamanagement refers to issues that are related to bringing
appropriate information into the Directory and keeping it up to date.
The following items are of first importance:
- Executive commitment.
- Structure of the local DIT. In joining the international
infrastructure an organization has to conform to some rules for
the local DIT structure, as presented to the global X.500
infrastructure. A recommendation on how to structure a local DIT
and how to use the available attributes can be found in [namguid].
The most important recommendation in the latter document is to
keep the local part of the DIT as simple (flat) as possible. The
reason is that users from outside the organization may otherwise
have difficulties in finding entries of persons within the
organization (searches in the DIT are often only allowed one level
deep).
- Attributes to be used. For the existing infrastructure the objects
and associated attributes that are globally used are documented in
[RFC1274].
- Sources of the data. An organization has to find out where to get
what kind of data and develop procedures for uploading its DSA(s).
- Delegating responsibilities for updates. Procedures have to be
developed for updates of the local Directory. These procedures
have to include who is responsible for what.
- Security procedures. Rules have to be set for access and security.
Who may contact the DSA? Who will have access to which subtrees
and what attributes?
A study of the legal consequences of presenting (address) information
via X.500 lead to the main conclusion that in Europe an organization
has to formally register its data collections. Registration implies
defining a goal for the
Jurg Expires: May 1994 [Page 6]
Internet Draft Introduction to X.500 for White Pages October 1993
application. This has to be done for the White Pages service as well
as for any deviating local application of X.500. However, the
different national laws may differ with respect to legal
restrictions. For more information on this subject we refer to
[legal].
Among the Paradise members there are several pilots running at the
moment with the goal to evaluate the organizational aspects. Case
studies coming from these pilots can be found in the document
[casestud].
Small or medium size organizations that have not too many entries to
insert in the Directory may make use of one of the different national
initiatives concerning a 'central DSA'. These central DSA's are
operated by national service providers and contain the White Pages
information of a lot of small and medium size organizations. For
organizations in countries without such a national service there is
also a European central DSA (Paradise) and an American central DSA
(InterNIC). It is noteworthy that the central DSA services are
generally only technical services, i.e. a participating organization
still has to cover organizational issues. However, part of the
central DSA service may be a consult with respect to this matter.
5 Applications of X.500
Besides for White Pages, X.500 can be useful for all kinds of
distributed information storage from which humans or machines can
benefit. Examples that are likely to use X.500 in the near future
are: distribution list mechanism, public key distribution for Privacy
Enhanced Mail (PEM), routing of X.400 messages, distribution of EDI
identifiers, etc. For more information we refer to [RFC1491]. Here we
briefly discuss the first three applications.
The distribution list mechanism uses X.500 for finding the e-mail
addresses of the persons that have subscribed to a list. The
distributed approach of X.500 makes it possible that people change
their e-mail address without having to change their subscription to
distribution lists.
PEM (RFC1421-1424) uses a public key mechanism for exchanging secure
e-mail messages. For example: One will be able to send a secure
message by encrypting a message with the publicly known (public) key
of the recipient. Only the recipient of the message can decipher the
message using his/her private key. In order to make such a mechanism
work one must have access to the public keys of all possible
recipients. X.500 can be used for that.
Jurg Expires: May 1994 [Page 7]
Internet Draft Introduction to X.500 for White Pages October 1993
At this moment a world-wide pilot is running in which X.400 routing
is done by means of X.500. X.400 MTA's use special DUA's to find via
the Directory the MTA's to which the recipients of a message want
their mail to be delivered. The distributed approach of X.500 will
mean much less routing management (currently tables are used that
have to be updated/exchanged periodically).
6 References
[RFC1274]P. Barker, S. Kille, "The COSINE and Internet X.500
Schema", RFC1274, University College London, November 1991
[RFC1421]J. Linn, "Privacy Enhancement for Internet Electronic
Mail:Part I: Message Encryption and Authentication
Procedures", RFC 1421, DEC, February 1993.
[RFC1422]S. Kent, "Privacy Enhancement for Internet Electronic
Mail:Part II: Certificate-Based Key Management", RFC 1422,
BBN, February 1993.
[RFC1423]D. Balenson, "Privacy Enhancement for Internet Electronic
Mail: Part III: Algorithms, Modes, and Identifiers", RFC
1423, TIS, February 1993.
[RFC1424]B. Balaski, "Privacy Enhancement for Internet Electronic
Mail: Part IV: Notary, Co-Issuer, CRL-Storing and CRL-
Retrieving Services", RFC 1424, RSA Laboratories, February
1993.
[RFC1491]C. Weider, R. Wright, "A Survey of Advanced Usages of
X.500", Merit Network, Inc., Lawrence Berkeley Laboratory,
July 1993
[namguid] P. Barker, S.E. Kille, T. Lenggenhager, " Naming and
Structuring Guidelines for X.500 Directory Pilots",
working draft
[casestud] Some case studies from the European R&D community,
work in progress
[legal] E. Jeunink, E. Huizer, "Directory Services and
Privacy Issues", work in progress
For a good technical introduction to X.500 we also recommend:
M.T. Rose, "The Little Black Book", PSI Inc., Prentice
Hall Inc., New Jersey, 1992
D. Steedman, "The Directory standard and its application",
Technology Appraisals, Twickenham (U.K.), 1993.
Jurg Expires: May 1994 [Page 8]