Presentation is loading. Please wait.

Presentation is loading. Please wait.

News from the wonderful world of directories

Published byAdam Carroll Modified over 6 years ago

Similar presentations

Presentation on theme: "News from the wonderful world of directories"— Presentation transcript:

1 News from the wonderful world of directories
Erik Andersen Denmark

2 Agenda The position of X.500/LDAP X.500 enhancements
Concept of Friends Attributes Paging on the DSP Maximum alignment with LDAP Enhancements to Public-key and Attribute certificates Enhancements to E.115 Functional enhancements XML access dates

3 The X.500/LDAP Directory An LDAP or X.500 directory is a general purpose directory Gives a set of specifications for: how objects are represented by entries in a directory how objects represented in a directory are named how information about objects is created, organised, interrogated, updated and deleted A directory can be distributed allowing: the establishment of a global Directory information to be maintained by the owner of information a separation between public and private domains possibility for replication of information dates

4 X.500 LDAP LDAP originally developed for X.500 access
Relationship between X.500 and LDAP (Lightweight Directory Access Protocol) X.500 LDAP LDAP originally developed for X.500 access Later developed own server specifications Uses the X.500 model Identical in many ways, except for syntax X.500: Full use of ASN.1 LDAP: Simple ASN.1 and Augmented Backus-Naur Form (ABNF) Most X.500 implementations support LDAP LDAP widely implemented and used dates

5 Editions of X.500 Directory Specifications
Developed by ISO/IEC and ITU-T (former CCITT) as: ISO/IEC 9594 multi-part International Standard ITU-T X.500 Series of Recommendations Four editions so far: Edition 2: ISO/IEC 9594:1995 | ITU-T X.500 (1993) Edition 1: ISO/IEC 9594:1990 | CCITT X.500 (1988) Edition 3: ISO/IEC 9594:1998 | ITU-T X.500 (1997) Edition 4: ISO/IEC 9594:2001 | ITU-T X.500 (2001) dates

6 X.500 5th edition enhancements
Expected publication: During 2005 Concept of Friends Attributes Paging on the DSP Maximum alignment with LDAP Enhancements to Public-key and Attribute certificates dates

7 Friend attributes Attribute subtyping – same syntax:
name commonName localityName surname givenName Friend attributes – possibly different syntaxes: commAddress (RFC 822 syntax) url (RFC 1738 syntax) telephoneNumber (E.164 syntax) dates

8 Paged results on the DSP
DSP paged result Bound-DSA paged result User DUA DSP DSA DAP DSP DSP DSP Bound DSA DSP DSP DSA DSA dates

9 Relationship between X
Relationship between X.500 and LDAP (Lightweight Directory Access Protocol) X.500 LDAP dates

10 Relationship between X.500 and LDAP with maximum alignment
dates

11 Maximum X.500 alignment with LDAP
NOTE – One way alignment Alignment of concepts – add LDAP concepts to make LDAP concepts a subset of X.500 concepts. Simplify specifications – removal of dependency of lower layer documentation Alignment of operations (replace value) Multiple namespaces (Directory Information Trees) Directory consisting of LDAP and X.500 server mix ISO (UTF-8) matching Component matching dates

12 A distributed directory
LDAP server DUA User DSA DAP LDAP DSA DSP DSP A directory LDAP client User DSA DSA DUA LDAP dates

13 keyUsage = digitalSignature policyIndentifier = { a b d }
Matching problem Filter keyUsage = digitalSignature And policyIndentifier = { a b d } Directory entry Attribute Certificate 1 keyUsage = dataEncipherment certificatePolicies = { … policyIdentifier = { a.b.d}} Certificate 2 keyUsage = digitalSignature certificatePolicies = { … policyIdentifier = { a.b.c}} dates

14 Component matching rule
ComponentMatch against component n Component m Component n Component o Attribute value Evaluate to TRUE if match Can be combined by AND, OR and NOT operations in any combination and nesting level onto a particular attribute value of a particular attribute type Evaluates to TRUE if just one attribute value of the attribute type evaluates to TRUE dates

15 DirectoryString DirectoryString { INTEGER : maxSize } ::= CHOICE { teletexString TeletexString (SIZE (1..maxSize)), printableString PrintableString (SIZE (1..maxSize)), bmpString BMPString (SIZE (1..maxSize)), universalString UniversalString (SIZE (1..maxSize)), uTF8String UTF8String (SIZE (1..maxSize)) } dates

16 ISO/IEC 10646 The base character set standard
ISO/IEC Universal Multiple-Octet Coded Character Set (UCS) Every character is coded in 4 octets Allows encoding of all characters used by written languages all over the world The practical realisation is specified in the Unicode standard (produced by a consortium) Supports multiple encoding formats: UTF-8 - octet oriented BMP (UCS-2) - half word oriented UTF-16 - half word oriented UCS-4 (UTF-32) - word oriented dates

17 UCS Transformation Format 8 (UTF-8)
Defined in Annex D of ISO/IEC : 2003, Universal Multiple-Octet Coded Character Set (UCS) Required by (almost) all Internet specifications dates

18 Format of octets in a UTF-8 sequence
Octet usage Format (binary) No. of free bits Max UCS-4-value 1st of 1 0xxxxxxx 7 F 1st of 2 110xxxxx 5 FF 1st of 3 1110xxxx 4 00 00 FF FF 1st of 4 11110xxx 3 00 1F FF FF 1st of 5 xx 2 03 FF FF FF 1st of 6 x 1 7F FF FF FF Continuation 2nd .. 6th 10xxxxxx 6 dates

19 First problem We need to compare names and values
Some characters may be represented in several ways It is not possible to do a simple bitwise comparison to check if two names or values are equal! dates

20 Comparison is most often done disregarding case differences
Second problem Comparison is most often done disregarding case differences All upper case letters have to be converted to lower case letters before comparison dates

21 String preparation Text string 1 Transcoded string 1 Transcoding
Mapped string 1 Mapping Normalised string 1 Normalise Text string 2 Transcoding Transcoded string 2 Mapping Mapped string 2 Normalise Normalised string 2 Octet wise comparison dates

22 X.509 enhancements Notice of future revocation
Notice of revoked group of entries Expired certificates on CRLs Advanced certificate matching rule XML encoded privilege information Clarifications Misc. enhancements to PMI Etc. dates

23 EIDQ Association dates

24 Members (30 as at 17 Feb 2004)

25 E.115 - Computerized directory assistance
User International server E.115 protocol Operator Local server dates

26 ITU-T Rec. E.115 (2005) Computerized Directory Assistance
OSI stack removed Home grown TCP/IP support integrated in text Specifies two versions of the protocol Version 1: The 1995 edition + all agreed extensions All keywords specified in Annex Complete rewrite and restructuring of 1995 edition Added clarifications ASN.1 BER encoding Support mandatory Version 2: Keywords replaced by new fields – keyword concept no longer used Several new enhancements ASN.1 BER and XML (or ASN.1 XER) encoding Future extensions using ITU-T procedure dates

27 Version 2 design criteria
Keep backward compatibility Unchanged fields use same tag Tags reserved for obsolete fields Common text for unchanged fields Keep ASN.1 and XML Schema Definitions (XSD) aligned ASN.1 XER encoding will produce same encoding as the XSD ASN.1 EXTENDED-XER encoding instruction used dates

28 Example of ASN.1 specification
InquiryPart1 ::= [ TAG: APPLICATION 0 ] IMPLICIT SET { messageIndicators [ATTRIBUTE] [TAG: 0] IMPLICIT E115String (SIZE(4)), internationalIndicator [ATTRIBUTE] [TAG: 1] IMPLICIT E115NumericString (SIZE(8)), originatingTerminalCode [ATTRIBUTE] [TAG: 2] IMPLICIT E115String (SIZE(8)), dateAndTime [ATTRIBUTE] [TAG: 3] IMPLICIT E115NumericString (SIZE(12))OPTIONAL, messageNumber [ATTRIBUTE] [TAG: 4] IMPLICIT E115String (SIZE(4)) OPTIONAL } dates

29 Proximity search dates

30 END dates

Download ppt "News from the wonderful world of directories"

Similar presentations

Www.thales-esecurity.com Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.

Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
CS603 Directory Services January 30, 2002. Name Resolution: What would you like? Historical? –Mail –Telephone DNS? X.500 / LDAP? DCE? ActiveDirectory?

CS603 Directory Services January 30, Name Resolution: What would you like? Historical? –Mail –Telephone DNS? X.500 / LDAP? DCE? ActiveDirectory?
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Working with SQL and PL/SQL/ Session 1 / 1 of 27 SQL Server Architecture.

Working with SQL and PL/SQL/ Session 1 / 1 of 27 SQL Server Architecture.
ECA 228 Internet/Intranet Design I Intro to XSL. ECA 228 Internet/Intranet Design I XSL basics W3C standards for stylesheets – CSS – XSL: Extensible Markup.

ECA 228 Internet/Intranet Design I Intro to XSL. ECA 228 Internet/Intranet Design I XSL basics W3C standards for stylesheets – CSS – XSL: Extensible Markup.
Chapter 1 Internet & Web Basics Key Concepts Copyright © 2013 Terry Ann Morris, Ed.D. 1.

Chapter 1 Internet & Web Basics Key Concepts Copyright © 2013 Terry Ann Morris, Ed.D. 1.
Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.
LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.

LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.
1 Email. 2 Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.

Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.
Why XML ? Problems with HTML HTML design - HTML is intended for presentation of information as Web pages. - HTML contains a fixed set of markup tags. This.

Why XML ? Problems with HTML HTML design - HTML is intended for presentation of information as Web pages. - HTML contains a fixed set of markup tags. This.
WORKING WITH XSLT AND XPATH

WORKING WITH XSLT AND XPATH
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
The Directory A distributed database Distributed maintenance.

The Directory A distributed database Distributed maintenance.
1 © Netskills Quality Internet Training, University of Newcastle Introducing XML © Netskills, Quality Internet Training University.

1 © Netskills Quality Internet Training, University of Newcastle Introducing XML © Netskills, Quality Internet Training University.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 4: Active Directory Architecture.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 4: Active Directory Architecture.
What is XML?  XML stands for EXtensible Markup Language  XML is a markup language much like HTML  XML was designed to carry data, not to display data.

What is XML?  XML stands for EXtensible Markup Language  XML is a markup language much like HTML  XML was designed to carry data, not to display data.
Abstract Syntax Notation ASN.1 Week-5 Ref: “SNMP…” by Stallings (Appendix B)

Abstract Syntax Notation ASN.1 Week-5 Ref: “SNMP…” by Stallings (Appendix B)

Similar presentations

Ads by Google