120 likes | 231 Views
Verisign Referral LDAP Service. Andrew Newton, Verisign Applied Research. Some History. Original NSF contract called for the creation of an X.500 directory service. whois protocol brought in to fill the gap.
E N D
Verisign Referral LDAP Service Andrew Newton, Verisign Applied Research
Some History • Original NSF contract called for the creation of an X.500 directory service. • whois protocol brought in to fill the gap. • Rwhois developed to address the problems of whois, but never adopted by the community. • Whois++ also never adopted by the community.
The Idea • Place domain registration data in LDAP. • Use LDAP referrals to address the distribution of data between the Verisign Global Registry and the certified registrars. • Use LDAP access control capabilities to only allow the "right" people to see the "right" data. • Structure the data using pre-defined objectclasses.
The Components • A registry server containing domain names, name servers, and referrals to domain entries at the registrars. • Registrar servers containing domain names, registrant names, name servers, contact information, referrals to registrants, and more. • Registrant servers containing anything they desire.
What We Have Done • Deployed a registry server. • Deployed a demonstration registrar server. • Deployed demonstration registrant servers. • Deployed a web interface to all of the above. • Released sample Java JNDI query programs. • Crawled the Internet looking for registrant servers.
The Registry LDAP Server • ldap://ldap.research.netsol.com:389/ • Four search bases: • dc=com, dc=net, dc=org, dc=edu • o=tlds • Contains 16+ million domain entries. • Anonymous binds don't see date information • Demo user cn=trademark/attorney sees everything.
The Registrar LDAP Server • ldap://nsiregistrar-ldap.research.netsol.com:389/ • Five search bases: • dc=com, dc=net, dc=org, dc=edu • ou=contacts,o=nsi.com • ou=name servers,o=nsi.com • Anonymous binds don't see everything. • Demo user cn=trademark/attorney and domain contacts see the information they need to see.
Demo Registrants • ldap://ldap.thecobblershoppe.com:389/dc=thecobblershoppe,dc=com/ • ldap://openldap.research.netsol.com:389/dc=netsol,dc=com
The Web Interface • http://www.ldap.research.netsol.com • Contains CGI programs to chase referrals from the Registry, to the registrar, to the registrant. • Sample uses of ldapsearch against the servers. • Screen shots and instructions on setting up Outlook, Outlook Express, and Communicator to use LDAP.
The LDAP Crawler • The purpose was to find registrant referral entries to seed the demonstration registrar server. • 1,020,927 domains searched (so far) • 22,421 servers found • 4,076 entries populated
What We Will Do • Transition of the registry LDAP server to official operations by Verisign Global Registry Services. • Intending to open-source an OpenLDAP back-end to gateway whois-to-LDAP for registrars. • Intending to open-source a Windows & Linux GUI client specific to this use of LDAP.
Beyond Registry/Registrar • Registrant directory servers as common as registrant web pages. • Common use of referrals from the registrars to the registrants. • Use of relationship between registry/registrar/registrant to distribute & manage white pages and B2B data. • Distribution of public keys.