directory services - X.500 future? - centroids - pilot proposal
pap pour essai <pays@perignon.inria.fr> Sat, 17 September 1994 11:33 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa01364; 17 Sep 94 7:33 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa01360; 17 Sep 94 7:33 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa03458; 17 Sep 94 7:33 EDT
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.01483-0@haig.cs.ucl.ac.uk>; Sat, 17 Sep 1994 11:46:35 +0100
Received: from concorde.inria.fr by bells.cs.ucl.ac.uk with Internet SMTP id <g.24107-0@bells.cs.ucl.ac.uk>; Sat, 17 Sep 1994 11:46:23 +0100
Received: from perignon.inria.fr (perignon.inria.fr [128.93.2.9]) by concorde.inria.fr (8.6.9/8.6.9) with ESMTP id MAA18889; Sat, 17 Sep 1994 12:46:05 +0200
Received: from [128.93.2.3] (ratafia.inria.fr [128.93.2.3]) by perignon.inria.fr (8.6.8/8.6.6) with SMTP id MAA29872; Sat, 17 Sep 1994 12:45:35 +0200
Message-Id: <199409171045.MAA29872@perignon.inria.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 17 Sep 1994 12:46:45 +0000
To: jern@spaceaix.jhuapl.edu
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: pap pour essai <pays@perignon.inria.fr>
Subject: directory services - X.500 future? - centroids - pilot proposal
Cc: pays@faugeres.inria.fr, ietf-asid@umich.edu, solo@pamir.inria.fr, ietf-ids@umich.edu, wps@surfnet.nl, osi-ds@cs.ucl.ac.uk, punters@nameflow.dante.net
For all I take the opportunity of the answer to a private message to open a wider debate and make a concrete proposal on this directory service issue. My apologies for thos receiveing more than one copy of this message For Bob: I hope you would not mind quoting you and taking the freedom to open this much wider debate. My time is extremely short, and as I started to spend one hour to prepare a private answer by lazyness I shifted to use this answer base to initiate the debate/proposal below. As said in my previous posting I will try to answer with more arguments (though not that long because of my poor english and because as I am starting a new-born software house I have not much time left except nights and week-ends) ----------- Bob quote start Bob. You wrote : Hello... I just wanted to ask about this before engaging in wide open discussion on the matter. I've been working to implement an X.500 server and I trust from the ubiquitous presence of your name in the literature (maybe I exagerate a little - M Rose is ubiquitously named ) that I should weight your comments heavily. I would hate to get six more months and be in the embarassing position of having ignored a warning shot. I've personally struggled with the lack of "how to do it" literature and fought off the nay-saying hounds. I'm not alone but if I'm one of the lemmings charging off the cliff, I think I'd like to reconsider. I agree with your observations about the current state of DUAs et al., but, your FLAME: "I doubt really there is a future for X.500... " has me deeply concerned. I'd rather contribute to something that will be around when I retire (in the not too distant future). Bob Jernigan --------------- end of Bob quote reasons for my doubts about X.500 --------------------------------- 1. observation: A number of key people have spent a lot of efforts to develop/improve/deploy X.500 (real heavy weights such as Marshal Rose, Christian Huitema, Steve Kille, Erik Huizer): the result: disapointing we succeeded to attract many people and org in the pilot they are now abandonning, the number of R&D sites with X.500 is not really larger than 2 years ago, the time:efforts spent is down by a great amount Why? disapointment with the products/technology dispointment with industry involvment disapointment with products operational interworking in fact even conformance is extremely bad all the above has good reasons: X.500 is really complex technology 2. arguments : BUT: the good reason is not that Just X.500 as defined by the standard does NOT MEET user requirements - managers: too complex, too difficult to adapt:customize - operators: too much requirement in term of manpower no chance to meet the performance level required by a large scale deployement - the ISO STACK heavyness (even with RFC1006) - the session BIND heavyness (whereas for most look-ups a connectionless approach is sufficient and necessary) - the heavyness of the code because of the complexity comming from 1; access control, 2. modify/delete - the complexity of the model (multiple AVA RDN, aliases for example propably cost a factor 5 in performance) - the complexity of the navigation model whereas it remains basically limited to hierarchical navigation, obliging to deploy a complex infrastructure, awkward to manage - last but not least: real end-users - the model/architecture is not suited for simple look-ups which will represent 90% of requests and require UDP - on the other hand real searches are not possible you need to have a GOOD guess/knowledge of an entry name to be able to retrieve it in a widelay distributed base. In other term: you nearly need to know an object to be able to retrieve it? - Yellow page usage is not usable except for demos thing of a few millions entries scatered over 1000 DSAs The only application that I may foresee is the deployement of a few DSAs per large service providers (eg. PTTs), certainly not one or more DSA per individual/private organizations. -> that might result usable/useful for them -> that is of no interest for private organizations -> there is only a market for software houses supplying PTTs and large service providers: thus not much to expect for end-users (fonctionalities and price-lists are not in the same categories) ------------------------- The possibly constructive part: =============================== Please have a look at WHIPS draft. I spent a lot of efforts to convince people to start this approach (start from requirements) and finally succeeded in the Seattle IETF meeting to suscitate/initiate the thing. What is needed in (extremely) short? ------------------------------------ 1. a simple model, . which separate clearly and antry official name from the names used by end-users . which enables efficient and cheap implementations . which can be undertood/mastered by any users (not only computer litterates) eg. we need a handfull of templates such as person, orgr, orgunit, device, network and certainly NOT an object model with inheritance giving in fact a huge number of real object classes 2. online modification is a nonsense: heavy and slow products never used : no sensible organisation will never let anyone modify online even his/her phone number attribute (what if I put Clinton or Mitterrand number in it?) -> updates will be an offline manager controlled process no need to overload the server(DSA) with unused code 3. a very simple access control scheme: ACL are clean conceptual stuff BUT real world non-sense when pushed down to entry or attribute level The issue: a manager will identify a very few number of users categories (eg. say typically headquarters, staff, outsiders) and decide (because it is a boss decision) what should be available by category. Full STOP. No hope they will go into details And there exist very simple and efficient solutions for this. The one I have in mind and in fact the only one that is accepted by bosses is the following . set-up 3 data-bases for the 3 catagories . authenticate the access to each base (for which many solutions exists and which integrate nicely in the rest of the security stuff set-up by any org) 4. an efficient support for just FETCH operations simple, UDP based etc.... 5. a powerfull search not limited to naming attributes eg. yellow Page search capability is MANDATORY -> THIS IS WHERE THE DISTRIBUTION/NAVIGATION MODEL GETS IN the hierarchical naming context approach is NOT suited the only sensible solution I have been aware of is indexing (because of the Yellow Page requirement above) the only sensible proposal that has emerged is CENTROIDS thanks to whois++ people YES: I know that centroids have not proven yet on a large scale BUT YES: X.500 approach has proved NOT TO SCALE UP As I am an optimistic guy: let's bet on centroids and hurry to deploy a large/large scale pilot - to get more knowledge - to be able to master them, and know how to configure them to meet the real user demand (see below) What can/should be done at server (DSA equivalent) level? 1. support TCP *AND* UDP queries 2. throw out any modify/delete code (a la X.500) of course provide external accompanying tools to enable managers to update information in the database 3. throw out any access control (but for possibly EXTREMELY simple scheme as suggested above) 4. provide support for indexing (cf. whois++ and solo draft RFCs) 4.1. external indexing : centroids (such as SOLO POLL query) 4.2. internal indexing: the server MUST be able to support non-name-related queries (cf Whips RFC) (5. optional: that is only if you are required to provide X.500 connnectivity -> optional addition of DAP DSP DISP and LDAP through a mapping into the X.500 model In fact I suggest the X.500 people to provide themselves a gateway to what we have -whois++, solo--. If we are successful as I expect, they will have no other option than doing it themselves if they want to go on with X.500 What must be done at centroid level? 1. urgently harmonize all approaches (whois++/solo...) 2. develop/improve existing centroid server software (simple) 3. set up a large (really large) pilot setting-up several centroid infrasructures - org level, national level, thematic community level each corresponding to a well identified user/community and/or type of usage -- PAP proposal: -------- As announced a couple of months ago, I (PAP) am proposing a 3 days meeting in INRIA (Paris France) and inviting all interested parties context: . this is a personal initiative (by now outside of all existing bodies such as RARE or IETF or ...). Moreover as I am about to leave INRIA -because I am launching a new technology oriented company : EdelWeb- . there is no funding by now. Start from the right starting point: if this proves successfull it will not be difficult to get support in due time. . most of the people I have in mind cann't afford many meetings we will have this initial face to face meeting but must be prepared for network cooperation with neraly no meetings. I am NOT ready willing to meet at an IETF rate. . Why not in a full IETF context: I was clearly explained by IETF gurus that IETF is a standard making body. What I am proposing here is mostly a pilot (deployement and experiments) even if it is expected that improvement of existing standards or new standards will result from this activity . the invitation is extended only to people/individuals ready to commit ideas and (MANDATORY) time and resources to really contribute to the pilot . setting up directory servers with real data AND . setting up centroids and managing them (this requires that their home organization will let them enough available time/manpower/computer and network resources to really participate) optionaly ready to commit to contribute software or software improvements actions: 1. if you are interested and estimate you really meet the requirements -> contact me personaly in case enough interest is manifested I will open a distribution list -first organize the meeting, -second act as a working media 2. possible dates: 1. I expect the meeting to take place in late October or November 2. we have to decide soon 3. One possible solution could be just before or just after Interop Paris, else it should be enough far from this event and not conflicting with other such as IETF -> please indicate your preferences and/or impossibilities _________________________________________________________________________ PAP pays@perignon.inria.fr tel +33 1 39 63 54 58 _________________________________________________________________________
- directory services - X.500 future? - centroids - … pap pour essai