X500 Directory Service
X.500 is
a directory service used in the same way as a conventional name service, but it
is primarily used to satisfy descriptive queries and is designed to discover
the names and attributes of other users or system resources. Users may have a
variety of requirements for searching and browsing in a directory of network
users, organizations and system resources to obtain information about the
entities that the directory contains. The uses for such a service are likely to
be quite diverse. They range from enquiries that are directly analogous to the
use of telephone directories, such as a simple ‘white pages’ access to obtain a
user’s electronic mail address or a ‘yellow pages’ query aimed, for example, at
obtaining the names and telephone numbers of garages specializing in the repair
of a particular make of car, to the use of the directory to access personal
details such as job roles, dietary habits or even photographic images of the
individuals.
Standard
of ITU and ISO organizations
Organized
in a tree structure with name nodes as in the case of other name servers
A wide
range of attributes are stored in each node
Directory Information Tree (DIT)
Directory Information Base (DIB)
X.500 service architecture
The data
stored in X.500 servers is organized in a tree structure with named nodes, as
in the case of the other name servers discussed in this chapter, but in X.500 a
wide range of attributes are stored at each node in the tree, and access is
possible not just by name but also by searching for entries with any required
combination of attributes. The X.500 name tree is called the Directory Information Tree (DIT), and the entire directory structure
including the data associated with the nodes,
is called the Directory Information Base
(DIB). There is intended to be a single integrated DIB containing information
provided by organizations throughout the world, with portions of the DIB
located in individual X.500 servers. Typically, a medium-sized or large
organization would provide at least one server. Clients access the directory by
establishing a connection to a server and issuing access requests. Clients can
contact any server with an enquiry. If the data required are not in the segment
of the DIB held by the contacted server, it will either invoke other servers to
resolve the query or redirect the client to another server.
Directory Server Agent (DSA)
Directory User Agent (DUA)
In the
terminology of the X.500 standard, servers are Directory Service Agents (DSAs), and their clients are termed Directory User Agents (DUAs). Each entry
in the DIB consists of a name and a set of attributes. As in other name
servers, the full name of an entry corresponds to a path through the DIT from
the root of the tree to the entry. In addition to full or absolute names, a DUA can establish a context, which includes a
base node, and then use shorter relative names that give the path from the base
node to the named entry.
An X.500 DIB Entry
Part of the X.500 Directory Information Tree
The data
structure for the entries in the DIB and the DIT is very flexible. A DIB entry
consists of a set of attributes, where an attribute has a type and one or more values.
The type of each attribute is denoted by a type name (for example, countryName, organizationName, commonName, telephoneNumber, mailbox, objectClass).
New attribute types can be defined if they
are required. For each distinct type name there is a corresponding type
definition, which includes a type description and a syntax definition in the
ASN.1 notation (a standard notation for syntax definitions) defining
representations for all permissible values of the type.
DIB
entries are classified in a manner similar to the object class structures found
in object-oriented programming languages. Each entry includes an objectClass attribute, which determines
the class (or classes) of the object to which an entry refers. Organization, organizationalPerson and document
are all examples of objectClass
values. Further classes can be defined as they are required. The definition of
a class determines which attributes are mandatory and which are optional for
entries of the given class. The definitions of classes are organized in an
inheritance hierarchy in which all classes except one (called topClass) must contain an objectClass attribute, and the value of
the objectClass attribute must be the
names of one or more classes. If there are several objectClass values, the object inherits the mandatory and optional
attributes of each of the classes.
Administration and updating of the DIB • The DSA interface
includes operations for adding, deleting
and modifying entries. Access control is provided for both queries and updating
operations, so access to parts of the DIT may be restricted to certain users or
classes of user
Lightweight Directory Access Protocol • X.500’s
assumption that organizations would provide
information about themselves in public directories within a common system
has proved largely unfounded. group at the University of Michigan proposed a
more lightweight approach called the Lightweight
Directory Access Protocol (LDAP), in which a DUA accesses X.500 directory services directly over TCP/IP instead
of the upper layers of the ISO protocol stack.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.