![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to dir-intro.tex CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / whitepages / user|
Return to dir-intro.tex CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / doc / whitepages / user |
1.1 root 1: % run this through LaTeX with the appropriate wrapper
2:
3:
\section {The OSI Directory}
4: The OSI Directory is designed to provide
5: for the management of information objects.
6: The Directory's representation of an information object,
7: typically called an {\em entry},
8: contains information about a person, a place, an organization, etc.
9: Each entry consists of one or more attributes.
10:
11: Each attribute consists of a type,
12: indicating what kind of attribute it is,
13: and one or more values
14: (one of which is termed the {\em distinguished value\/}).
15: Attribute values are structured using a data definition language
16: called Abstract Syntax Notation One (ASN.1).
17: This structuring is important.
18: With structuring,
19: different programs using the Directory will interpret information in the same
20: way.
21: In addition,
22: the Directory will perform type-checking on the values in order
23: to keep things consistent.
24:
25: \subsection {Naming}
26: One of the attributes of an entry is particularly special:
27: it is referred to as the {\em Relative Distinguished Name\/} (RDN) of
28: the entry.
29: The RDN is formed by taking the name of the attribute and its
30: distinguished value.
31: For example,
32: if the attribute in question was called \verb"countryName" and it had
33: a distinguished value of \verb"US", then we might say that the RDN
34: for the entry was \verb"countryName=US".
35: Of course,
36: this is strictly a ``user-friendly'' notation:
37: the Directory uses a concise binary format for representing an RDN.
38: Fortunately,
39: the pilot project software allows simple textual strings to be used in their
40: place and converts back and forth accordingly.
41:
42: In the OSI Directory,
43: information is primarily organized according to a hierarchical tree
44: structure.
45: The top of the tree is termed the {\em root},
46: and has no explicit name.
47: To find the name of an object,
48: termed its {\em Distinguished Name\/} (DN),
49: one concatenates the RDNs found when traversing the tree by starting
50: at the root and proceeding directly to the object's entry.
51:
52: For purposes of discussion,
53: we write a Distinguished Name as an ordered series of RDNs separated by
54: an \verb"`@'"-sign with the most significant RDN appearing at the left;
55: e.g.,
56: \begin{quote}\small\begin{verbatim}
57: countryName=US@organizationName=NYSERNet Inc.
58: \end{verbatim}\end{quote}
59: refers to an entry with an RDN of \verb"organizationName=NYSERNet Inc."
60: whose parent has an RDN of \verb"countryName=US".
61: In turn,
62: this parent entry is an immediate child of the root.
63:
64: To avoid any potential ambiguity when using an interface to the Directory
65: such as \man fred(1c) or \man dish(1c),
66: one prefixes a \verb"`@'"-sign to a string when referring to a fully
67: qualified Distinguished Name;
68: e.g.,
69: \begin{quote}\small\begin{verbatim}
70: @countryName=US@organizationName=NYSERNet Inc.
71: \end{verbatim}\end{quote}
72: always refers to the same entry regardless of context.
73: Note that this is a convention only for interface programs such as these.
74:
75: As a rule,
76: unless searching,
77: text before the \verb"`='"-sign is not case sensitive,
78: neither is text after the \verb"`='"-sign.
79:
80: The Directory itself is distributed,
81: being composed of {\em Directory System Agents\/} (DSAs).
82: A group of DSAs under a common administration is responsible for a portion of
83: the tree,
84: termed a {\em Directory Management Domain\/} (DMD).
85: When a user wishes to access the Directory,
86: a {\em Directory User Agent\/} (DUA) is invoked.
87: This DUA contacts a DSA and issues requests.
88: The DSA may (or may not) have the information locally available.
89: If not,
90: a decision has to be made:
91: either the DSA can contact another DSA to get the information
92: (this is called {\em chaining\/}); or,
93: the DSA can tell the DUA to contact another DSA directly
94: (this is called {\em referral\/}).
95:
96: In short,
97: the DSAs provide mechanisms for traversing the tree and manipulating the
98: information contained therein.
99:
100: In the context of the pilot project,
101: each participating organization runs its own DMD for that organization.
102: This usually consists of a single DSA containing information on that
103: organization,
104: with some of this information being replicated on additional DSAs.
105:
106:
\section {Ramifications on the White Pages Service}
107: In order to appreciate the ``feel'' of the white pages service,
108: it is instructive to compare the white pages to an existing facility.
109:
110: You might be familiar with an older facility called WHOIS.
111: This uses a centralized database to keep track of information on various
112: people, networks, hosts, and so on.
113: This facility has proven useful for many years.
114: Only recently,
115: with the explosive growth of the Internet,
116: has the WHOIS mechanism become unworkable.
117:
118: \subsection {Unique Identification of Users}
119: Each entry in the WHOIS database is identified by a unique key,
120: called a {\em handle}.
121: This is (typically) a short string such as \verb"MTR".
122: For a community many orders of magnitude larger than the current entries in
123: the WHOIS database,
124: a handle must contain some structure.
125: This makes it possible to delegate naming authority to different organizations
126: and thus de-centralize management of the white pages service.
127:
128: In the white pages service,
129: a Directory Distinguished Name is used to uniquely identify a person.
130: Thus,
131: while \verb"MTR" might be enough to identify someone named ``Marshall Rose''
132: in the WHOIS database,
133: the DN
134: \begin{quote}\small\begin{verbatim}
135: c=US
136: @o=Performance Systems International
137: @ou=Research and Development
138: @ou=Mountain View
139: @cn=Marshall Rose
140: \end{verbatim}\end{quote}
141: serves as the handle for the same person in the white pages service.
142: (That's progress for you!)
143:
144: Of course,
145: you don't {\em really\/} have to type all that information in.
146: The user interfaces provided with the pilot project allow you to manage very
147: short strings to refer to these DNs.
148: These interfaces also provide a means for incrementally building up a DN from
149: scratch.
150:
151: Actually,
152: the handle in the example above is probably a somewhat longer than the average.
153: In terms of the pilot project,
154: a handle probably looks closer to:
155: \begin{quote}\small\begin{verbatim}
156: c=US@o=Organization Name@ou=Unit Name@cn=FirstName LastName
157: \end{verbatim}\end{quote}
158: While this is still a far cry from a simple three or four letter acronym,
159: it is the price one pays for using a service designed to meet the needs of a
160: global (or galactic) population.
161:
162: \subsection {Searching the White Pages}
163: When the WHOIS database is searched,
164: {\em all\/} entries in the database are examined for a match.
165: Since the current size of the WHOIS database is estimated at roughly 70,000
166: entries,
167: this is an appropriate strategy.
168:
169: Unfortunately,
170: the potential size of the white pages is many orders of magnitude larger than
171: that of the WHOIS database.
172: As such,
173: the information contained in the white pages is distributed.
174: This makes management of the information a shared responsibility,
175: and has the potential to address organization-specific privacy concerns.
176:
177: Thus,
178: when the white pages service is invoked,
179: searches are performed relative to a particular {\em area}.
180: This is similar to the White Pages of the telephone system~---~there are
181: several white pages, one for each particular geographical area.
182: As such,
183: before you can find someone's entry in the white pages,
184: you have to already know the area in which they are listed.
185:
186: The default area is the portion of the Directory corresponding to your own
187: organization.
188: Of course,
189: if you specify a user's handle (a fully-qualified Distinguished Name),
190: this bypasses the default area and goes directly to the portion of
191: the Directory containing the desired entry.
192:
193: Usually,
194: when you are trying to find an entry,
195: you have only partial information.
196: For example,
197: you might know parts of the name of the organization and the person you're
198: looking for.
199: In this case,
200: it is natural to use an iterative process to find the information you desire.
201: You begin by finding the organization(s) likely to contain the entry,
202: you then initiate a search starting at that area.
203:
204: Having said that,
205: I'll let you in on a little secret:
206: in addition to people,
207: organizations and organizational units also have entries in the Directory.
208: As such,
209: searching an {\em area\/} is nothing more than starting a search at a
210: particular node at the tree.
211: Thus,
212: you might look for the organization starting at the \verb"@c=US" node.
213: In order to make searching easy,
214: the pilot project requires that all organizations be listed directly under
215: this node.
216: How the subtree is structured beyond that is an organization-specific matter,
217: although the pilot project provides various guidelines.
218:
219: Thus,
220: to find someone,
221: you look for the organization name in the \verb"@c=US" area.
222: This should give you back a single entry in the Directory,
223: perhaps two or three at the most.
224: You then look for that person in the area corresponding to that entry.
225: To make this easier,
226: the white pages user interface, \pgm{fred}, has a special command syntax
227: which directs it to find out the names of the likely organizations and then
228: search each one for the person you're looking for, automatically!
229:
230: Of course,
231: if you have the cycles and network bandwidth to burn,
232: in theory there is nothing to stop you from simply going to the top of the
233: tree and searching for the person.
234: However,
235: this is {\em very\/} resource-expensive,
236: particularly in terms of time.
237: Since time is probably the most valuable resource you have,
238: it is worth it to issue two commands which complete quickly,
239: rather than one command which may take hours.
240:
241: There are two user interfaces provided with the pilot software.
242: With the ``simple'' one,
243: you follow this two-step process.
244: With the ``complicated'' one,
245: you can form {\em arbitrarily\/} complex queries to the Directory.
246: Thus,
247: if you want to type just one command and don't mind typing a bit more,
248: you can still have an optimized search.
249: Both of these interfaces will be introduced in due course.
250:
251: \subsection {Structure of Information}
252: In addition to a handle,
253: an entry in the WHOIS database consists of a {\em type},
254: which indicates what kind of user is recorded by the entry
255: (e.g., a person);
256: and,
257: several {\em fields}, each containing a textual description.
258:
259: For example,
260: an entry for a person might look like:
261: \begin{quote}\small\begin{verbatim}
262: Rose, Marshall T. (MTR) [email protected]
263: PSI, Inc.
264: PSI California Office
265: POB 391776
266: Mountain View, CA 94039
267: (415) 961-3380
268: \end{verbatim}\end{quote}
269: The first line contains both the handle and all fields available for searching.
270: Here,
271: the handle is \verb"MTR",
272: and there are two fields available for searching:
273: a name and a mailbox.
274: The remainder of the entry is a textual annotation.
275:
276: Because the Directory must accommodate many kinds of access from various users
277: and programs.
278: It is important that the information contained therein be highly structured.
279: As noted earlier,
280: this allows universal understanding of the information,
281: and hence consistent interpretation.
282: Fortunately,
283: most of the information is represented by textual strings.
284:
285: It is important to remember however that all information associated with an
286: entry is contained in an attribute.
287: This attribute has a type,
288: describing both its syntax and semantics.
289: For example,
290: the \verb"surName" attribute of a person has a textual string syntax and
291: semantics corresponding to someone's last name.
292:
293: How the information associated with an entry is displayed to you
294: is {\em strictly\/} a function of the interface you use when talking to the
295: Directory.
296: The Directory will enforce all of the syntactic constraints associated with
297: the attributes,
298: but only the users of the Directory can assign meaning to the attribute
299: semantics.
300:
301: With this in mind,
302: here's an entry associated with a person,
303: as it might be displayed by a user interface:
304: \begin{quote}\small\begin{verbatim}
305: Marshall Rose (3) [email protected]
306: aka: Marshall T. Rose
307:
308: Principal Scientist
309: PSI, Inc.
310: PSI California Office
311: POB 391776
312: Mountain View, CA 94039
313:
314: Telephone: +1 415-961-3380
315: FAX: +1 415-961-3282
316:
317: Mailbox information:
318: Internet: [email protected]
319: UUCP: uupsi!mrose
320:
321: Principal Implementor of the ISO Development Environment
322:
323: Name: Marshall Rose, Mountain View, ...
324: \end{verbatim}\end{quote}
325: Of course,
326: there are dozens of possible ways that this information could have been
327: displayed.
328: Or {\em not\/} displayed~---~for example,
329: there are other attributes which the interface may not care (or be able) to
330: display,
331: such as access control information, passwords, and so on.
332:
333: Appendix~\ref{person:attributes} on page~\pageref{person:attributes} lists all
334: of the attributes which may be present for a person participating in the pilot
335: project.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.