![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ds.tex CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / ds|
Return to ds.tex CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / ds |
1.1 root 1: % -*- LaTeX -*- (really SLiTeX)
2:
3: \def\emph#1{\underline{#1}}
4: \font\xx=cmbx10
5: \font\yy=cmbx7
6:
7: \documentstyle[blackandwhite,landscape,oval,pagenumbers,small]{NRslides}
8:
9: \raggedright
10:
11: %\input trademark
12: \let\tradeNAMfont=\relax
13: \let\tradeORGfont=\relax
14:
15: \begin{document}
16:
17: \title {OSI Directory Services}
18: \author {Christopher W.~Moore\\ The Wollongong Group, Inc.}
19: \date {December 13, 1988}
20: \maketitlepage
21:
22:
\begin{bwslide}
23: \part* {Agenda}
24:
25: \begin{description}
26: \item[Part I:] Introduction to Directory Services
27: \item[Part II:] Directory Services in Detail
28: \item[Part III:] Upper Layer Requirements
29: \item[Part IV:] Reference Points
30: \item[Part V:] Conclusions
31: \end{description}
32: \end{bwslide}
33:
34:
\begin{bwslide}
35: \ctitle {Part I: Introduction to Directory Services}
36: \end{bwslide}
37:
38:
\begin{bwslide}
39: \ctitle {Introduction}
40:
41: \begin{nrtc}
42: \item Specialized distributed database
43: \item Holds and provides access to information about objects
44: \item OSI application
45: \end{nrtc}
46: \end{bwslide}
47:
48:
\begin{bwslide}
49: \ctitle {Scope \& Field of Application}
50:
51: \begin{nrtc}
52: \item Provide Directory Capability Required by:
53: \begin{nrtc}
54: \item OSI Applications
55: \item OSI Management Processes
56: \item OSI Layer Entities
57: \end{nrtc}
58: \item ``User Friendly'' Naming --- Name to Address Mapping
59: \end{nrtc}
60: \end{bwslide}
61:
62:
\begin{bwslide}
63: \ctitle {Scope \& Field (cont.)}
64:
65: \begin{nrtc}
66: \item Is NOT a General-Purpose Database itself; but,
67: \item May be built on a General-Purpose Database
68: \item Transient Conditions
69: \item More Frequent Queries than Updates
70: \end{nrtc}
71: \end{bwslide}
72:
73:
\begin{bwslide}
74: \ctitle {Scope \& Field (cont.)}
75:
76: \begin{nrtc}
77: \item Query results independent
78: \begin{nrtc}
79: \item Identity
80: \item Location
81: \end{nrtc}
82: \item Variances
83: \begin{nrtc}
84: \item Differing access rights
85: \item Unpropagated updates
86: \end{nrtc}
87: \end{nrtc}
88: \end{bwslide}
89:
90:
\begin{bwslide}
91: \ctitle {Directory and Users}
92:
93: \begin{nrtc}
94: \item Directory user
95: \begin{nrtc}
96: \item Person
97: \item Application process
98: \end{nrtc}
99: \item Services obtained by accessing the directory
100: \item Access achieved through directory user agent, {\em DUA}
101: \end{nrtc}
102: \end{bwslide}
103:
104:
\begin{bwslide}
105: \ctitle {Directory and Users}
106:
107: \vskip.5in
108: \diagram[p]{figure1}
109: \end{bwslide}
110:
111:
\begin{bwslide}
112: \ctitle {Directory Information Base\\ (DIB)}
113:
114: \begin{nrtc}
115: \item Information model
116: \item All information to which the Directory provides access
117: \item Not concerned with distributed or centralized architecture
118: \end{nrtc}
119: \end{bwslide}
120:
121:
\begin{bwslide}
122: \ctitle {Directory Access\\ ( Abstract Service )}
123:
124: \begin{nrtc}
125: \item Services provided to DUAs through access points
126: \item Access point supports a specific combination of services, {\em Ports}
127: \item Ports define particular types of interaction with the directory
128: \end{nrtc}
129: \end{bwslide}
130:
131:
\begin{bwslide}
132: \ctitle {Objects}
133:
134: \begin{nrtc}
135: \item Many types of objects will be stored in the directory
136: \item An object may be used by multiple applications
137: \item General set of useful objects and attributes defined by Directory
138: \item Individual applications may define Directory objects and attributes
139: \end{nrtc}
140: \end{bwslide}
141:
142:
\begin{bwslide}
143: \ctitle {Part II: Directory Services in Detail}
144:
145: \begin{nrtc}
146: \item Informational Model
147: \item Functional Model
148: \item Organizational Model
149: \item Security Model
150: \item Applying The Directory
151: \item The Directory Service
152: \end{nrtc}
153: \end{bwslide}
154:
155:
\begin{bwslide}
156: \ctitle {Information Model\\ Directory Information Base}
157: \begin{nrtc}
158: \item Composed of information about objects, {\em entries}.
159: \item Tree structure, {\em Directory Information Tree (DIT)}
160: \item Entries have {\em Distinguished Names}
161: \item Aliases
162: \item Schema
163: \end{nrtc}
164: \end{bwslide}
165:
166:
\begin{bwslide}
167: \ctitle {Information Model\\ DIT Structure}
168:
169: \vskip.5in
170: \diagram[p]{figure2}
171: \end{bwslide}
172:
173:
\begin{bwslide}
174: \ctitle {Information Model\\ Entries}
175:
176: \vskip.5in
177: \diagram[p]{figure9}
178: \end{bwslide}
179:
180:
\begin{bwslide}
181: \ctitle {Example Directory Tree}
182:
183: \vskip.5in
184: \diagram[p]{figure3}
185: \end{bwslide}
186:
187:
\begin{bwslide}
188: \ctitle {Functional Model}
189:
190: \begin{nrtc}
191: \item The Directory is manifested by one or more DSAs
192: \item Directory System Agent, {\em DSA}
193: \end{nrtc}
194: \end{bwslide}
195:
196:
\begin{bwslide}
197: \ctitle {Functional Model}
198:
199: \vskip.5in
200: \diagram[p]{figure4}
201: \end{bwslide}
202:
203:
\begin{bwslide}
204: \ctitle {Operation of the Functional Model}
205:
206: \begin{nrtc}
207: \item Interactions
208: \begin{nrtc}
209: \item DUAs interact with one or more DSAs
210: \item DSAs interact with other DSAs
211: \end{nrtc}
212: \item Referral
213: \item Chaining
214: \end{nrtc}
215: \end{bwslide}
216:
217:
\begin{bwslide}
218: \ctitle {Operation of the Model\\ Referral}
219:
220: \vskip.5in
221: \diagram[p]{figure5}
222: \end{bwslide}
223:
224:
\begin{bwslide}
225: \ctitle {Operation of the Model\\ Referral (cont.)}
226:
227: \vskip.5in
228: \diagram[p]{figure6}
229: \end{bwslide}
230:
231:
\begin{bwslide}
232: \ctitle {Operation of the Model\\ Chaining}
233:
234: \vskip.5in
235: \diagram[p]{figure7}
236: \end{bwslide}
237:
238:
\begin{bwslide}
239: \ctitle {Operation of the Model\\ Multicasting}
240:
241: \vskip.5in
242: \diagram[p]{figure8}
243: \end{bwslide}
244:
245:
\begin{bwslide}
246: \ctitle {Organizational Model}
247: \begin{nrtc}
248: \item Directory Management Domain, {\em DMD}
249: \begin{nrtc}
250: \item One or more DSAs
251: \item Zero or more DUAs
252: \item External behavior (Multiple DSAs in a DMD)
253: \end{nrtc}
254: \item Administration Directory Management Domain, {\em ADDMD}
255: \item Private Directory Management Domain, {\em PRDMD}
256: \end{nrtc}
257: \end{bwslide}
258:
259:
\begin{bwslide}
260: \ctitle {Security Model}
261: \end{bwslide}
262:
263:
\begin{bwslide}
264: \ctitle {Security Model\\ Security Policy}
265:
266: \begin{nrtc}
267: \item Various authorities provide access to parts of the DIB
268: \item Authorization Policy
269: \begin{nrtc}
270: \item Specify access rights
271: \item Enforce access rights {\em (Access control)}
272: \item Maintain access rights
273: \end{nrtc}
274: \item Authentication Policy
275: \begin{nrtc}
276: \item Identity of DSAs and directory users
277: \item identity of received informations origin
278: \end{nrtc}
279: \end{nrtc}
280: \end{bwslide}
281:
282:
\begin{bwslide}
283: \ctitle {Security Model\\ Local Matters}
284:
285: \begin{nrtc}
286: \item Actual definition of a security policy
287: \item Specifying access rights {\em (Guidelines given)}
288: \end{nrtc}
289: \end{bwslide}
290:
291:
\begin{bwslide}
292: \ctitle {Applying the Directory}
293: \end{bwslide}
294:
295:
\begin{bwslide}
296: \ctitle {Applying the Directory \\ Directory Environment}
297:
298: \begin{nrtc}
299: \item Large scale networks
300: \begin{nrtc}
301: \item Various objects enter and leave
302: \item Connectivity of objects changes
303: \item Characteristic of objects change
304: \end{nrtc}
305: \item Object interrogation is more frequent than object changes
306: \item Object identification methods
307: \begin{nrtc}
308: \item Chosen for ease of allocation
309: \end{nrtc}
310: \end{nrtc}
311: \end{bwslide}
312:
313:
\begin{bwslide}
314: \ctitle {Applying the Directory \\ Directory Service Characteristics}
315:
316: \begin{nrtc}
317: \item Isolate user from frequent changes to network
318: \item Provide ``user friendly'' view of network
319: \begin{nrtc}
320: \item Aliases
321: \item ``Yellow Pages''
322: \end{nrtc}
323: \end{nrtc}
324: \end{bwslide}
325:
326:
\begin{bwslide}
327: \ctitle {Applying the Directory \\ Patterns of Usage}
328: \end{bwslide}
329:
330:
\begin{bwslide}
331: \ctitle {Applying the Directory \\ Look---Up}
332:
333: \begin{nrtc}
334: \item DUA Supplies
335: \begin{nrtc}
336: \item Distinguished name of object
337: \item Attribute type {\em (Optional)}
338: \end{nrtc}
339: \item Directory Returns
340: \begin{nrtc}
341: \item Value(s) requested
342: \end{nrtc}
343: \item Additionally
344: \begin{nrtc}
345: \item Multiple attribute types may be requested
346: \end{nrtc}
347: \end{nrtc}
348: \end{bwslide}
349:
350:
\begin{bwslide}
351: \ctitle {Applying the Directory \\ Naming}
352:
353: \begin{nrtc}
354: \item Names chosen to maximize predictability by humans
355: \item Common among all applications using an object
356: \end{nrtc}
357: \end{bwslide}
358:
359:
\begin{bwslide}
360: \ctitle {Applying the Directory \\ Browsing}
361:
362: \begin{nrtc}
363: \item Combination of list and search
364: \item Enables user to ``guess'' object name
365: \end{nrtc}
366: \end{bwslide}
367:
368:
\begin{bwslide}
369: \ctitle {Applying the Directory \\ ``Yellow Pages''}
370:
371: \begin{nrtc}
372: \item Matching objects for a specific category\\
373: (i.e., Business Category = ``Window Washing'')
374: \item Two Approaches
375: \begin{nrtc}
376: \item Search with filter on attributes
377: \item Construct special subtrees
378: \end{nrtc}
379: \end{nrtc}
380: \end{bwslide}
381:
382:
\begin{bwslide}
383: \ctitle {Applying the Directory \\ Groups}
384:
385: \begin{nrtc}
386: \item Are objects
387: \item Members are objects
388: \item Membership changes over time
389: \item Directory will
390: \begin{nrtc}
391: \item Indicate if object is member of group
392: \item List membership of group
393: \end{nrtc}
394: \item {\em Group member may be a group}
395: \end{nrtc}
396: \end{bwslide}
397:
398:
\begin{bwslide}
399: \ctitle {Applying the Directory \\ Authentication}
400:
401: \begin{nrtc}
402: \item Directory supports applications by storing authentication information
403: \item Directory may uses authentication information
404: \item Directory Contains
405: \begin{nrtc}
406: \item Passwords, {\em Simple Authentication}
407: \item Public encryption keys, {\em Strong Authentication}
408: \end{nrtc}
409: \end{nrtc}
410: \end{bwslide}
411:
412:
\begin{bwslide}
413: \ctitle {Applying the Directory \\ Generic Directory Applications}
414:
415: \begin{nrtc}
416: \item Inter---Personal Communications
417: \item Inter---System Communications
418: \end{nrtc}
419: \end{bwslide}
420:
421:
\begin{bwslide}
422: \ctitle {Applying the Directory \\ Inter---Personal Communications Directory}
423:
424: \begin{nrtc}
425: \item Provide humans with communication information for others
426: \item {\em Some} Typical object classes
427: \begin{nrtc}
428: \item Person
429: \item Organizational role
430: \item Group
431: \end{nrtc}
432: \item Typical attributes retrieved
433: \begin{nrtc}
434: \item Electronic mail address
435: \item Telephone number
436: \item Physical delivery information
437: \end{nrtc}
438: \end{nrtc}
439: \end{bwslide}
440:
441:
\begin{bwslide}
442: \ctitle {Applying the Directory \\ Inter---System Communications Directory}
443:
444: \begin{nrtc}
445: \item OSI Reference Model \emph{Requires} Two Directory Functions
446: \begin{nrtc}
447: \item Application Layer: \\ Application Title to Presentation Address
448: \item Network Layer: \\ NSAP Addresses to SNPA Address
449: \end{nrtc}
450: \item Typical Object Class
451: \begin{nrtc}
452: \item Application Entity
453: \end{nrtc}
454: \item Typical Attribute Retrieved
455: \begin{nrtc}
456: \item Presentation Address
457: \end{nrtc}
458: \end{nrtc}
459: \end{bwslide}
460:
461:
\begin{bwslide}
462: \ctitle {Directory Service}
463: \begin{nrtc}
464: \item Provided to user through DUA
465: \item Responds to requests from DUA
466: \item Request Types:
467: \begin{nrtc}
468: \item Interrogation
469: \item Modification
470: \end{nrtc}
471: \item Requests may be qualified
472: \item Result / Response
473: \begin{nrtc}
474: \item Requests always generate a result
475: \item Normal: Form specific to request
476: \item Error: Common to other requests
477: \end{nrtc}
478: \end{nrtc}
479: \end{bwslide}
480:
481:
\begin{bwslide}
482: \ctitle {Directory Service (cont.)}
483: \begin{nrtc}
484: \item ``Outside'' the Standards
485: \begin{nrtc}
486: \item Addition/Deletion of arbitrary entries
487: \item Management of access Control
488: \item Management of schema
489: \item Management of knowledge information
490: \end{nrtc}
491: \end{nrtc}
492: \end{bwslide}
493:
494:
\begin{bwslide}
495: \ctitle {Directory Service (cont.)}
496:
497: \begin{nrtc}
498: \item Connection oriented
499: \item Peer entity authentication performed at association establishment
500: \end{nrtc}
501: \end{bwslide}
502:
503:
\begin{bwslide}
504: \ctitle {Directory Service --- Service Qualification}
505: Qualifying Requests:
506: \begin{nrtc}
507: \item Service controls
508: \item Security parameters
509: \item Filters
510: \end{nrtc}
511: \end{bwslide}
512:
513:
\begin{bwslide}
514: \ctitle {Directory Service --- Directory Interrogation}
515: Types of requests:
516: \begin{nrtc}
517: \item Read
518: \item Compare
519: \item List
520: \item Search
521: \item {\em Abandon}
522: \end{nrtc}
523: \end{bwslide}
524:
525:
\begin{bwslide}
526: \ctitle {Directory Service --- Directory Modification}
527: \begin{nrtc}
528: \item Add entry
529: \item Remove entry
530: \item Modify entry
531: \item Modify relative distinguished name
532: \end{nrtc}
533: \end{bwslide}
534:
535:
536:
\begin{bwslide}
537: \ctitle {Directory Service --- Outcomes}
538: Requests may result in:
539: \begin{nrtc}
540: \item Normal response
541: \item Errors
542: \item Referrals
543: \end{nrtc}
544: \end{bwslide}
545:
546:
\begin{bwslide}
547: \ctitle {Directory Protocols}
548:
549: \begin{nrtc}
550: \item Directory Access Protocol --- $DAP$ --- $(DUA \longleftrightarrow DSA)$
551: \item Directory System Protocol --- $DSP$ --- $(DSA \longleftrightarrow DSA)$
552: \end{nrtc}
553: \end{bwslide}
554:
555:
\begin{bwslide}
556: \ctitle {Directory Protocols}
557:
558: \vskip .5in
559: \diagram[p]{figure21}
560: \end{bwslide}
561:
562:
\begin{bwslide}
563: \ctitle {Part II: Quick Summary}
564:
565: \begin{nrtc}
566: \item Information Model --- DIB, DIT, Entries
567: \item Functional Model --- ``The Directory''
568: \item Organizational Model --- Directory Management Domains
569: \item Security Model --- Security Policies
570: \item Applying the Directory --- User approach
571: \item The Directory Service --- An internal approach
572: \end{nrtc}
573: \end{bwslide}
574:
575:
\begin{bwslide}
576: \ctitle {Part III: Upper Layer Requirements}
577:
578: \begin{nrtc}
579: \item Association Control
580: \item Remote Operations
581: \item Session {\em --- Version 2}
582: \item Transport
583: \end{nrtc}
584: \end{bwslide}
585:
586:
\begin{bwslide}
587: \ctitle {Lower Layer Requirements}
588:
589: \begin{nrtc}
590: \item ISO/IEC - No specific Transport Class requirement
591: \item CCITT - Transport Class 0 over X.25
592: \end{nrtc}
593: \end{bwslide}
594:
595:
\begin{bwslide}
596: \ctitle {Part IV: Reference Points}
597: \end{bwslide}
598:
599:
\begin{bwslide}
600: \ctitle {Standards \& Status}
601:
602: \begin{nrtc}
603: \item ISO/IEC 9594 --- {\em The Directory}
604: \item CCITT X.500 --- {\em The Directory}
605: \item CCITT F.500 --- {\em International Public Directory Services}
606: \end{nrtc}
607: \end{bwslide}
608:
609:
\begin{bwslide}
610: \ctitle {Directory\\ References}
611:
612: \begin{nrtc}
613: \item {The Directory--Overview of concepts, models and service} (ISO/IEC 9594-1, CCITT Recommendation X.500)
614: \item {The Directory--Models} (ISO/IEC 9594-2, CCITT Recommendation X.501)
615: \item {The Directory--Abstract service definition} (ISO/IEC 9594-3, CCITT Recommendation X.511)
616: \item {The Directory--Procedures for distributed operations} (ISO/IEC 9594-4, CCITT Recommendation X.518)
617: \item {The Directory--Protocol specifications} (ISO/IEC 9594-5, CCITT Recommendation X.519)
618: \item {The Directory--Selected attribute types} (ISO/IEC 9594-6, CCITT Recommendation X.520)
619: \item {The Directory--Selected object classes} (ISO/IEC 9594-7, CCITT Recommendation X.521)
620: \item {The Directory--Authentication framework} (ISO/IEC 9594-8, CCITT Recommendation X.509)
621: \end{nrtc}
622: \end{bwslide}
623:
624:
\begin{bwslide}
625: \ctitle {Remote Operations\\ References}
626:
627: \begin{nrtc}
628: \item {Remote Operations--Part 1: Model, Notation and Service Definition} (ISO/IEC 9072-1, CCITT Recommendation X.219)
629: \item {Remote Operations--Part 2: Protocol Specification} (ISO/IEC 9072-2, CCITT Recommendation X.229)
630: \end{nrtc}
631: \end{bwslide}
632:
633:
\begin{bwslide}
634: \ctitle {Association Control\\ References}
635:
636: \begin{nrtc}
637: \item {Association Control--Service Definition} (ISO/IEC 8649-2, CCITT Recommendation X.217)
638: \item {Association Control--Protocol Definition} (ISO/IEC 8650-2, CCITT Recommendation X.217)
639: \end{nrtc}
640: \end{bwslide}
641:
642:
\begin{bwslide}
643: \ctitle {Implementation Profiles\\ References \& Status}
644:
645: \begin{nrtc}
646: \item NIST: December 1987 {\em (December 1988 to be approved this week)}
647: \item SPAG: Status unknown, work being combined with EWOS
648: \item EWOS: No stable profile at this time.
649: \end{nrtc}
650: \end{bwslide}
651:
652:
\begin{bwslide}
653: \ctitle {Demonstrations}
654:
655: \begin{nrtc}
656: \item Enterprise Networking Event '88 {\em (ENE)}
657: \item CeBIT '89 {\em (Hanover Fair)}
658: \begin{nrtc}
659: \item EurOSInet / OSITOP
660: \item MultiNET
661: \end{nrtc}
662: \end{nrtc}
663: \end{bwslide}
664:
665:
\begin{bwslide}
666: \ctitle {Part V: Conclusions}
667: \end{bwslide}
668:
669:
\begin{bwslide}
670: \ctitle {Summary}
671: \begin{nrtc}
672: \item General introduction to Directory --- Names to Addresses
673: \item Detailed examination of Directory
674: \item Overview of OSI upper layers
675: \item Current activities and references
676: \end{nrtc}
677: \end{bwslide}
678:
679:
\begin{bwslide}
680: \ctitle {Directory}
681:
682: \begin{nrtc}
683: \item Simplifies distribution of large networks
684: \item Allows OSI networks to be self configuring
685: \item Hides complex underpinings from users
686: \end{nrtc}
687: \end{bwslide}
688:
689: \end{document}
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.