Directories

1
Directories

• Erik Andersen
• Consultant, Andersen's L-Service

2
What is a directory?
A repository for information about objects of
particular interest! Examples

• white pages paper telephone directory
• yellow pages paper telephone directory
• price list
• department store catalogue
• e-mail directory
• other electronic directories
• etc.

3
Existing Recommendations

• The X.500 seriesThe OSI Directory
• F.500International public directory services
• E.115 Computerized directory assistance
• F.510Automated directory assistance,white page
  service definition

4
Work in progress

• X.500 extensions
• F.511Directory Profile for the support of the
  ITU-T F.510 Requirements
• F.515Unified Directory SpecificationE.115
  replacement

5
The X.500 Directory Specification

• An X.500 Directory is a general purpose directory
• Gives a set of specifications for
• how objects are represented by entries in the
  Directory
• how objects represented in the Directory are
  named
• how information about objects is created,
  organised, interrogated, updated and deleted

6
The X.500 Directory Specification (cont.)

• An X.500 Directory is distributed allowing
• the establishment of a global Directory
• information to be maintained by the owner of
  information
• a separation between public and private domains
• possibility for replication of information

7
The X.500 Directory Specification (cont.)

• Developed jointly by ISO/IEC and ITU-T as
• ISO/IEC 9594 multi-part International Standard
• ITU-T X.500 Series of Recommendations

8
The X.500 Directory Specification (cont.)

• Available in several editions
• 1988 ISO/IEC 9594 1990 CCITT Rec. X.500
  (1988)
• 1993 ISO/IEC 9594 1995 ITU-T Rec. X.500
  (1993)
• 1997 ISO/IEC 9594 1998 ITU-T Rec. X.500
  (1997)
• 2001 ISO/IEC 9594 2001 ITU-T Rec. X.500
  (2001)

9
X.500 Document Structure
ISO/IEC 9594-1 X.500 Overview of
Concepts, Models, and Services ISO/IEC 9594-2
X.501 Models ISO/IEC 9594-3 X.511 Abstract
Service Definition ISO/IEC 9594-4
X.518 Procedures for Distributed Operation ISO/IE
C 9594-5 X.519 Protocol Specifications ISO/IEC
9594-6 X.520 Selected Attribute Types ISO/IEC
9594-7 X.521 Selected Object Classes ISO/IEC
9594-8 X.509 Public-Key and Attribute Certifica
te Frameworks ISO/IEC 9594-9 X.525 Replication
(post-1988) ISO/IEC 9594-10 X.530 Use of
Systems Management for Administration of
the Directory (post-1993)
10
Directory Information Tree - DIT
11
X.500 extension work

• Support of Distributed Paged Results within ITU-T
  Rec. X.500 ISO/IEC 9594
• Support of Friend Attributes within ITU-T Rec.
  X.500 ISO/IEC 9594
• Enhancements to Public-key and Attribute
  Certificates
• LDAP Alignment
• Related Entries in the Directory

12
X.509
A success story

• Public-Key and Attribute Certificate Frameworks
• Directory as important component of Public-Key
  Infrastructure

13
Basis for most security work

• The Public-Key Infrastructure (X.509) (PKIX)
• The European Electronic Signature Standardization
  Initiative (EESSI)
• S-MIME
• Secure Socket Layer (SSL)
• Etc.

14
Directory in PKI

• Registration of subscriber information
• Certificate generation
• Certificate dissemination
• Certificate revocation management
• Certificate revocation status provision

15
Other ITU-T SG17/Q9 activities
16
F.500 - International public directory services

• Developed based on the 1988 edition of X.500
• Service description for a global directory
  infrastructure
• Was never materialised

17
E.115 - Computerized directory assistance
User
International server
E.115 protocol
Operator
Local server
18
E.115 - Computerized directory assistance

• Very simple protocol based on OSI
• Very efficient databases behind
• Have had little publicity
• Widely implemented
• Limited to a single application
• Does not specify a naming structure
• Difficult to extend to meet future requirements

19
F.510 - Automated directory assistance, white
page service definition

• Description of a service to replace the E.115
  service
• Not an implementation specification
• A snapshot of the requirements at the time of
  development
• Basis for considerable extensions to X.500 as
  provided by edition 4

20
F.511 - Directory Profile for the support of the
F.510 Requirements

• Identified the subset of X.500 required for the
  support of F.510
• Defines additional information types for the
  support of F.510

21
F.515, Unified Directory Specification (UDS)

• Developed for "Association for European
  Interworking of Directory Inquiry Services" (EIDQ
  Association)
• To become ITU-T Recommendation F.515
• Replacement of E.115 instead of X.500

22
RationaleX.500 seen as being complex

• Originally developed for other environment
• Resource demanding
• Requires skilled personnel
• Has many functions not needed
• Migration from current E.115 systems difficult

23
Approach taken for first draft of F.515
X.500
Cut-down version of X.500 access protocol(UDAP)
with EIDQ goodies
UDS
Functions
24
UDS Characteristics

• Uses X.500 model and concepts
• Unified Directory Access Protocol (UDAP) encoded
  in ASN.1 and XML
• XML Schema used for the specifications
• Imports attribute types from X.500 and F.511

25
UDS Characteristics (cont.)

• Can be used to access E.115 systems
• Is general in nature and usable for other
  applications (e.g. Electronic Commerce)
• Does not require, but supports naming of entries
• Extensibility is built into the protocol

26
Directory activities outside ITU-T
27
Other directory activities

• LDAP within IETF
• Universal Description Discovery and Integration
  (UDDI)
• ebXML registry
• CEN/ISSS/Electronic Commerce Workshop activity

28
IETF activity
LDAP Lightweight Directory Access Protocol

• Originally developed as simple X.500 access
  protocol
• Solely base on TCP/IP
• Text oriented
• Maps closely to DAP
• Assumes X.500 model
• Low cost entry
• Has evolved to be a specification of an LDAP
  server not being X.500 compatible

29
IETF activity (cont.)
LDAP Lightweight Directory Access Protocol

• Several versions
• University of Michigan implementation
• RFC-1777 - Version 2
• RFC-2251 - Version 3
• An API has been developed aiding implementations

30
W3C related activities
31
WEB servicethe current buss word
32
Web services technology

• Machine-to-machine integration (interoperability
  is the key word)
• Web Services Description Language
• Simple Object Access Protocol
• HTTP
• RPC-style communication

33
Basic Web service architecture

• Service providers deploy and publish services by
  registering them with the Service broker
• Service requesters find services by searching the
  Service broker's registry of published services
• Service requesters bind to the Service provider
  and consume the available services

34
Basic Web service architecture (cont.)
Publish Universal Description, Discovery and
Integration (UDDI) API Find Combination of UDDI
and the Web Services Description Language
(WSDL) Bind WSDL and the Simple Object Access
Protocol (SOAP)
35
Universal Description Discovery and Integration
www.uddi.org
36
Universal Description Discovery and Integration
(UDDI)

• Registry (directory) for Business-to-Business
  (B2B) information
• Framework for a registry of companies
• A warehouse of companies Web services
• Allows companies to find each other
• Jointly operated UDDI Business Registry on the
  Web.
• Leverages industry standards such as HTTP, XML,
  SOAP

37
ebxml.org
ElectronicBusiness XML
38
Electronic Business XML (ebXML)

• ebXML is a XML framework for global e-business
• it allows businesses to find each other, and
  conduct business based on XML messages.
• the framework includes specifications for
• Message Service
• Collaborative Partner Agreements
• Core Components
• Business Process Methodology
• Registry and Repository
• ebXML enables businesses to implement Web
  services protocols (like WSDL, UDDI, SOAP).

39
The ebXML Functional Service View
40
CEN/ISSS/WS/EC activity
41
Yellow Pages Service

• Identify requirements
• Sufficient information for establishing business
  agreement
• XML access
• Mapping between user perception and directory
  structure
• Develop general Directory model and map current
  technologies against it
• X.500
• F.515 (UDS)
• LDAP
• UDDI
• ebXML

42
END