Directory services Finding someone on the Net

1
Directory services(Finding someone on the Net)

• Miroslav Milinovic
• Croatian Academic and Research Network - CARNet
• Zagreb, Croatia

5th CEENet Workshop on Network Technology,
Budapest, Hungary, August 1999.
2
Content

• What is directory service?
• Actual standards (services)
• Basic concepts
• Data model
• Distributed or centralized?
• Query language
• Access control and security
• Good directory service
• Actual situation and services
• Who will win?
• Which one to use?

3
What is directory service?

• holds information about
• people - individuals (White Pages)
• other things (Yellow Pages)
• analogy with the telephone directory
• service for locating information about
  individuals, companies, resources, ...
• has searchable database with corresponding
  information

4
Directory services

• can be
• global or local
• distributed or centralized
• typically accessed through
• WWW pages (interfaces)
• telnet
• e-mail clients

5
Actual standards (services)

• LDAP
• X.500
• Whois / Whois
• Netfind
• CCSO (ph)
• RWhois
• services based on WWW
• other services

6
Basic concepts

• data model
• distributed or centralized?
• query language
• access control and security
• maintenance

7
Data model

• NO general standard
• almost all services use
• attribute-value pair model
• database consists of records
• special field to identify the type of record
• whois uses template field
• X.500 uses object class field
• list of record types, attributes and their
  possible values depends on actual service

8
Distributed or centralized?

• distributed
• many servers tied together
• administrative structure (hierarchical)
• X.500, LDAP, WHOIS, RWhois
• centralized
• NETFIND
• services based on WWW
• can have mirror (peer) sites
• independent services - local (CCSO)

9
Query language

• servers enable query on values of attributes
• exact matches, substring matches
• depends on
• service
• implementation (client or server capabilities)
• WWW interfaces
• make searching easier
• doesnt provide full functionality

10
Access control and security

• ability to control
• who sees what data
• who updates what data
• privacy
• protocols enable filtering of attributes
• main issue to be easy but safe

11
Good directory service

• 3 main features
• easy and efficient access, searching and updating
  of information
• access control (who sees/updates what)
• privacy (right to be unlisted)

12
Actual situation

• Directory services are actual Internet problem
• NO standards for cooperation between services
• privacy .vs. currency of information
• global Internet Directory service
• Do we need it?
• Can it be done efficiently?
• Who will put the information and keep it current?

?
13
Actual situation

• Yellow pages services
• solved with WWW Catalogs and Search Engines
• DNS - intuitive directory service (?!)
• www.company_name.com
• directory services for (Inter)NIC purposes
• http//www.networksolutions.com/cgi-bin/whois/whoi
  s/
• http//ds.internic.net/ - operates no longer!
• emphasis on White Pages services

14
Netfind

• White Pages service
• global centralised
• database (SeeedDataBase) administration
• software
• list of peer (mirror) servers available
• based on finger
• also uses DNS and SMTP

?
15
Netfind

• available data depends on finger implementation
  on actual host
• query parameters
• name of a user
• rough description of where the user works
• can be accessed through
• telnet or www interface
• has NO future !!
• one of avaliable servers
• http//ds.carnet.hr/netfind/netfinde.html

16
Whois

• RFC 1835
• developed from whois protocol (RFC 954)
• designed to solve X.500 problems
• global, distributed
• one successful implementation
• Digger from Bunyip (free to download)
• http//www.bunyip.com/products/digger/index.html

?
17
Whois

• data model
• database records are uniquely identified with a
  handle
• type of record (list of attributes and allowed
  values) is defined with a template
• templates are standard but can be defined by
  server administrator
• servers are tied together in hierarchical
  structure (indexing mesh)

?
18
Whois servers mesh
index servers
base level servers
?
19
Whois

• searching
• select a server to start search
• server either gives information or refers to
  server that holds information
• server knows about its parents and children
• it is possible to search by value of any
  attribute
• access through WWW interfaces
• http//services.bunyip.com8001
• http//ds.carnet.hr/whois/diggere.html

20
RWhois

• Referral Whois
• RFC 1777
• designed to provide functions required by NICs
• software available on the Internet

21
X.500

• ISO standard for directory services
• global, distributed
• first solid version in 1988. (second in 1993.)
• documentation - several RFCs

?
22
X.500

• data model
• based on hierarchical namespace
• Directory Information Tree (DIT)
• geographically organized
• entry is defined with its dn (Distinguished Name)
• searching
• you must select a location in DIT to base your
  search
• a one-level search or a subtree search
• subtree search can be slow

?
23
X.500 - DIT
World
. . .
cHR
cUSA
. . .
oIRB
oSRCE
. . .
cnMiro
dn cnMiro, oSRCE, cHR
?
24
X.500

• accessible through
• telnet (client programs known as dua, dish, ...)
• WWW interface (example http//www.dante.net8888/
  )
• hard to use and very heavy
• and therefore LDAP was developed

25
LDAP

• LDAP - Lightweight Directory Access Protocol
• LDAP v2 - RFC 1777, RFC 1778
• LDAP v3 - RFC 1779
• developed to make X.500 easier to use
• provides basic X.500 functions
• referral model instead original chaining
• server informs client to ask another server
  (without asking question on the behalf of
  client)
• LDAP URL format
• ldap//server_address/dn
• (ldap//ldap.carnet.hr/cnMiro,oSRCE,cHR)

?
26
LDAP

• available server software
• SLAPD (University of Michigan Directory Server)
• Netscape Directory Server
• available clients for almost all platforms (v.2)
• LDAP support in
• Netscape MS IE browsers (since ver 4.0)
• latest mail clients (Eudora, )
• available access via WWW, gopher, telnet
• available link to X.500 directory (X.500 enabler)

?
27
LDAP

• usefull URLs
• http//www.umich.edu/dirsvcs/ldap/index.html
• http//developer.netscape.com/software/index.html
• http//www.critical-angle.com/ldapworld/
• available services (examples)
• http//www.dante.net/np/pdi.html
• http//ldap.surfnet.nl8888/
• http//www.emailman.com/ldap/public.html

28
LDAP/X.500
29
CIP (Common Indexing Protocol)

• defined by IETF WG FIND (I-Drafts at
  http//www.ietf.org/ids.by.wg/find.html)
• The Common Indexing Protocol (CIP) allows
  servers to form a referral mesh for query
  handling
• uses extension of indexing model used in whois
  directory service
• CIP index server has links (referrals) to
  different directory servers

?
30
CIP model
31
WWW services

• centralized
• part of well know Search Engines or Catalogs
• standalone tools
• http//www.four11.com/
• http//www.iaf.net/
• http//www.whowhere.com/
• http//www.switchboard.com/

32
Who will win?

• LDAP (with some Whois features added)
• main questions
• how to proceed from this point?
• standard for cooperation between services (CIP ?)
• remember LDAP is winning but
• Pity the poor fanatic, when he loses sight of
  his objective
• he doubles his efforts, Einar Stefferud

33
Which one to use?

• to find someone
• use service that suites your needs
• DS PROBLEM how to be global and current?
• if you are building directory service
• LDAP is winning (IETF - WP BCP)
• Whois (Digger) - easy installation and
  administration
• RWhois - if you are running NIC

34
Questions ?