420 likes | 451 Views
Learn about X.500 Directory Specification, a global purpose directory system created jointly by ISO/IEC and ITU-T. Explore the structure, editions, and extensions of X.500.
E N D
Directories Erik Andersen Consultant, Andersen's L-Service
What is a directory? A repository for information about objects of particular interest! Examples: • white pages paper telephone directory • yellow pages paper telephone directory • price list • department store catalogue • e-mail directory • other electronic directories • etc. ITU-T SG17 Tutorial - Geneva, 7 March 2002
Existing Recommendations • The X.500 series:The OSI Directory • F.500:International public directory services • E.115: Computerized directory assistance • F.510:Automated directory assistance,white page service definition ITU-T SG17 Tutorial - Geneva, 7 March 2002
Work in progress • X.500 extensions • F.511:Directory Profile for the support of the ITU-T F.510 Requirements • F.515:Unified Directory SpecificationE.115 replacement ITU-T SG17 Tutorial - Geneva, 7 March 2002
The X.500 Directory Specification • An X.500 Directory is a general purpose directory • Gives a set of specifications for: • how objects are represented by entries in the Directory • how objects represented in the Directory are named • how information about objects is created, organised, interrogated, updated and deleted ITU-T SG17 Tutorial - Geneva, 7 March 2002
The X.500 Directory Specification (cont.) • An X.500 Directory is distributed allowing: • the establishment of a global Directory • information to be maintained by the owner of information • a separation between public and private domains • possibility for replication of information ITU-T SG17 Tutorial - Geneva, 7 March 2002
The X.500 Directory Specification (cont.) • Developed jointly by ISO/IEC and ITU-T as • ISO/IEC 9594 multi-part International Standard • ITU-T X.500 Series of Recommendations ITU-T SG17 Tutorial - Geneva, 7 March 2002
The X.500 Directory Specification (cont.) • Available in several editions: • 1988: ISO/IEC 9594 : 1990 CCITT Rec. X.500 (1988) • 1993: ISO/IEC 9594 : 1995 ITU-T Rec. X.500 (1993) • 1997: ISO/IEC 9594 : 1998 ITU-T Rec. X.500 (1997) • 2001: ISO/IEC 9594 : 2001 ITU-T Rec. X.500 (2001) ITU-T SG17 Tutorial - Geneva, 7 March 2002
X.500 Document Structure ISO/IEC 9594-1 | X.500 Overview of Concepts, Models, and Services ISO/IEC 9594-2 | X.501 Models ISO/IEC 9594-3 | X.511 Abstract Service Definition ISO/IEC 9594-4 | X.518 Procedures for Distributed Operation ISO/IEC 9594-5 | X.519 Protocol Specifications ISO/IEC 9594-6 | X.520 Selected Attribute Types ISO/IEC 9594-7 | X.521 Selected Object Classes ISO/IEC 9594-8 | X.509 Public-Key and Attribute Certificate Frameworks ISO/IEC 9594-9 | X.525 Replication (post-1988) ISO/IEC 9594-10 | X.530 Use of Systems Management for Administration of the Directory (post-1993) ITU-T SG17 Tutorial - Geneva, 7 March 2002
Root Entry representing an object c=GB c=DK o=ALS o=Fallit A/S o=Broke Ltd ou= Udvikling ou=Salg cn=Ole Jensen cn=Per Yde cn=Ole Jensen Name = < cn=Ole Jensen, ou=Salg, o=Fallit A/S, c=DK > Directory Information Tree - DIT ITU-T SG17 Tutorial - Geneva, 7 March 2002
X.500 extension work • Support of Distributed Paged Results within ITU-T Rec. X.500 | ISO/IEC 9594 • Support of Friend Attributes within ITU-T Rec. X.500 | ISO/IEC 9594 • Enhancements to Public-key and Attribute Certificates • LDAP Alignment • Related Entries in the Directory ITU-T SG17 Tutorial - Geneva, 7 March 2002
X.509 A success story • Public-Key and Attribute Certificate Frameworks • Directory as important component of Public-Key Infrastructure ITU-T SG17 Tutorial - Geneva, 7 March 2002
Basis for most security work • The Public-Key Infrastructure (X.509) (PKIX) • The European Electronic Signature Standardization Initiative (EESSI) • S-MIME • Secure Socket Layer (SSL) • Etc. ITU-T SG17 Tutorial - Geneva, 7 March 2002
Directory in PKI • Registration of subscriber information • Certificate generation • Certificate dissemination • Certificate revocation management • Certificate revocation status provision ITU-T SG17 Tutorial - Geneva, 7 March 2002
F.500 - International public directory services • Developed based on the 1988 edition of X.500 • Service description for a global directory infrastructure • Was never materialised ITU-T SG17 Tutorial - Geneva, 7 March 2002
E.115 - Computerized directory assistance User International server E.115 protocol Operator Local server ITU-T SG17 Tutorial - Geneva, 7 March 2002
E.115 - Computerized directory assistance • Very simple protocol based on OSI • Very efficient databases behind • Have had little publicity • Widely implemented • Limited to a single application • Does not specify a naming structure • Difficult to extend to meet future requirements ITU-T SG17 Tutorial - Geneva, 7 March 2002
F.510 - Automated directory assistance, white page service definition • Description of a service to replace the E.115 service • Not an implementation specification • A snapshot of the requirements at the time of development • Basis for considerable extensions to X.500 as provided by edition 4 ITU-T SG17 Tutorial - Geneva, 7 March 2002
F.511 - Directory Profile for the support of the F.510 Requirements • Identified the subset of X.500 required for the support of F.510 • Defines additional information types for the support of F.510 ITU-T SG17 Tutorial - Geneva, 7 March 2002
F.515, Unified Directory Specification (UDS) • Developed for "Association for European Interworking of Directory Inquiry Services" (EIDQ Association) • To become ITU-T Recommendation F.515 • Replacement of E.115 instead of X.500 ITU-T SG17 Tutorial - Geneva, 7 March 2002
Rationale:X.500 seen as being complex • Originally developed for other environment • Resource demanding • Requires skilled personnel • Has many functions not needed • Migration from current E.115 systems difficult ITU-T SG17 Tutorial - Geneva, 7 March 2002
E.115 Approach taken for first draft of F.515 X.500 Cut-down version of X.500 access protocol(“UDAP”) with EIDQ goodies UDS Functions ITU-T SG17 Tutorial - Geneva, 7 March 2002
UDS Characteristics • Uses X.500 model and concepts • Unified Directory Access Protocol (UDAP) encoded in ASN.1 and XML • XML Schema used for the specifications • Imports attribute types from X.500 and F.511 ITU-T SG17 Tutorial - Geneva, 7 March 2002
UDS Characteristics (cont.) • Can be used to access E.115 systems • Is general in nature and usable for other applications (e.g. Electronic Commerce) • Does not require, but supports naming of entries • Extensibility is built into the protocol ITU-T SG17 Tutorial - Geneva, 7 March 2002
Other directory activities • LDAP within IETF • Universal Description Discovery and Integration (UDDI) • ebXML registry • CEN/ISSS/Electronic Commerce Workshop activity ITU-T SG17 Tutorial - Geneva, 7 March 2002
IETF activity LDAP = Lightweight Directory Access Protocol • Originally developed as simple X.500 access protocol • Solely base on TCP/IP • Text oriented • Maps closely to DAP • Assumes X.500 model • Low cost entry • Has evolved to be a specification of an LDAP server not being X.500 compatible ITU-T SG17 Tutorial - Geneva, 7 March 2002
IETF activity (cont.) LDAP = Lightweight Directory Access Protocol • Several versions: • University of Michigan implementation • RFC-1777 - Version 2 • RFC-2251 - Version 3 • An API has been developed aiding implementations ITU-T SG17 Tutorial - Geneva, 7 March 2002
Web services WEB servicethe current buss word ITU-T SG17 Tutorial - Geneva, 7 March 2002
Web services technology • Machine-to-machine integration (interoperability is the key word) • Web Services Description Language • Simple Object Access Protocol • HTTP • RPC-style communication ITU-T SG17 Tutorial - Geneva, 7 March 2002
Serviceprovider Publish Bind Servicebroker Servicerequester Find Basic Web service architecture • Service providers deploy and publish services by registering them with the Service broker • Service requesters find services by searching the Service broker's registry of published services • Service requesters bind to the Service provider and consume the available services ITU-T SG17 Tutorial - Geneva, 7 March 2002
Basic Web service architecture (cont.) Publish: Universal Description, Discovery and Integration (UDDI) API Find: Combination of UDDI and the Web Services Description Language (WSDL) Bind: WSDL and the Simple Object Access Protocol (SOAP) ITU-T SG17 Tutorial - Geneva, 7 March 2002
Universal Description Discovery and Integration www.uddi.org ITU-T SG17 Tutorial - Geneva, 7 March 2002
Universal Description Discovery and Integration (UDDI) • Registry (directory) for Business-to-Business (B2B) information • Framework for a registry of companies • A warehouse of companies Web services • Allows companies to find each other • Jointly operated UDDI Business Registry on the Web. • Leverages industry standards such as HTTP, XML, SOAP ITU-T SG17 Tutorial - Geneva, 7 March 2002
ebxml.org ElectronicBusiness XML ITU-T SG17 Tutorial - Geneva, 7 March 2002
Electronic Business XML (ebXML) • ebXML is a XML framework for global e-business • it allows businesses to find each other, and conduct business based on XML messages. • the framework includes specifications for: • Message Service • Collaborative Partner Agreements • Core Components • Business Process Methodology • Registry and Repository • ebXML enables businesses to implement Web services protocols (like WSDL, UDDI, SOAP). ITU-T SG17 Tutorial - Geneva, 7 March 2002
The ebXML Functional Service View ITU-T SG17 Tutorial - Geneva, 7 March 2002
Yellow Pages Service • Identify requirements • Sufficient information for establishing business agreement • XML access • Mapping between user perception and directory structure • Develop general Directory model and map current technologies against it: • X.500 • F.515 (UDS) • LDAP • UDDI • ebXML ITU-T SG17 Tutorial - Geneva, 7 March 2002
END ITU-T SG17 Tutorial - Geneva, 7 March 2002