Draft article 'X.500 directory service usage for X.400 e-mail'
Urs Eppenberger <Eppenberger@switch.ch> Thu, 03 June 1993 11:47 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa02187; 3 Jun 93 7:47 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa02183; 3 Jun 93 7:47 EDT
Received: from mercury91.udev.cdc.com by CNRI.Reston.VA.US id aa03878; 3 Jun 93 7:47 EDT
Received: by mercury.udev.cdc.com; Thu, 3 Jun 93 06:45:03 -0500
X-From: Eppenberger@switch.ch Thu Jun 3 06:44 CDT 1993
Received: by mercury.udev.cdc.com; Thu, 3 Jun 93 06:40:35 -0500
X400-Trace: us*attmail*cdc; arrival 03 Jun 93 06:40:10 -0500 action Relayed
X400-Trace: US*_*XNREN; arrival 03 Jun 93 11:40:00 Z action Relayed
X400-Trace: CH*ARCOM*SWITCH; arrival 03 Jun 93 13:38:45 +0200 action Relayed
X400-Internal-Trace: mercury.os.cdc.us; arrival 03 Jun 93 06:40:27 -0500 action Relayed
X400-Internal-Trace: cdc.us; arrival 03 Jun 93 06:40:10 -0500 action Relayed
P1-Message-ID: CH*ARCOM*SWITCH; 930603133845
UA-Content-ID: 2064
Original-Encoded-Information-Types: IA5-Text
Delivery-Options: allow alternate recipients, return contents
Message-Id: <2064*Eppenberger@switch.ch>
Date: Thu, 03 Jun 1993 13:38:45 +0200
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Urs Eppenberger <Eppenberger@switch.ch>
To: mhs-ds@mercury.udev.cdc.com
Subject: Draft article 'X.500 directory service usage for X.400 e-mail'
Dear colleagues, for the next SWITCHjournal I drafted an article on 'X.500 directory service usage for X.400 e-mail'. The readers do use email or know somebody who uses email ;-) . Directory services have been presented in an earlier issue. Could you as the experts have a look at what I wrote and help me where I messed something up. This document is not related to MHS-DS or IETF and it should NOT be spread around wider than just to the MHS-DS discussion list members. A better version of the document is likely to appear end of June. Many thanks for your help, Urs. ------------------------------------------------------------------------------- Urs Eppenberger, SWITCH, Zurich, June 1, 1993 X.500 directory service usage for X.400 e-mail 1 Introduction Directory services are a mandatory requirement for global electronic messaging, this is accepted since years. Only now the first concrete ideas get into shape on how this should be done. Registering persons in the directory is in a quite advanced state already. Registering email routing and distribution list information is in a pilot phase. This article shows the current developments and the implications for end users and service managers. 2 Naming, Addressing and Routing There has always been confusion about the difference between information used for naming, addressing and routing. This chapter should shed some light on these issues based on a concrete example: The NAME of the author is 'Urs Eppenberger', full stop. Since this name is not unique some context is needed to know who exactly is meant. Different contexts exist which uniquely identify the author. For Swiss PTTs postal service the context is 'Urs Eppenberger, who lives in Zurich', for MHS managers it is 'Urs Eppenberger, who works with the MHS Coordination Service'. A directory service is needed to look up the ADDRESS. This function is generally referred to as 'white page service'. The X.500 directory service project has defined to use the organisation and the country where I work as the context to uniquely identify myself. The SEARCH KEY for the directory service is therefore something like 'Urs Eppenberger, SWITCH, CH'. The result is a list of information about the author, the mailbox address only is used to continue the discussion with: S=eppenberger; O=switch; P=switch; A=arcom; C=ch; This is an X.400 OR address uniquely identifying the author's mailbox. An email with this address needs somehow to be routed through the mail systems to the mailbox. At the moment the routing is based on the hierarchical address. The mail systems are manually configured to check for the country, the management domains or the personal name, depending on how far away the mail system is relative to the destination mailbox. A new approach to email routing suggests now to use the directory to find the best route for a message to its destination, thus making it unnecessary to pack routing information in an address. 3 Design Goals Email routing is a highly complex task, especially in a global environment. A solution needs to o be understandable for MHS managers The MHS managers get as much support as possible to handle the complex task of routing configuration o be robust Wrong or out of date information should cause minimal and local damage. o deal with link failures by choosing alternative routes o support protocol and format conversion o support different routing policies o support X.400 operation over multiple protocol stacks (TCP/IP, X.25, CLNS, CONS) and in different networks o minimise the delay of a message in transit through the mail system o support a large number of MTAs (>1 Million) and a large number of organisations. o routing updates should propagate automatically through the system o support X.400 and RFC822 routing and be extensible for other protocols 4 The MHS-DS Approach Steve E. Kille has written eight documents which define the information that needs to be stored in the X.500 Directory Information Tree (DIT) and how the MTAs can use this information. An IETF (Internet Engineering Task Force) working group MHS-DS has been created to review the work and start a pilot to investigate the feasibility of the approach. The titles of the documents read o Representing the O/R Address hierarchy in the Directory Information Tree o Representing Tables and Subtrees in the Directory o MHS use of Directory to support MHS Routing o Use of the Directory to support mapping between X.400 and RFC822 Addresses o MHS use of the Directory to support distribution lists o Use of the Directory to support routing for RFC822 and related protocols o MHS use of Directory to support MHS Content Conversion o A simple profile for MHS use of Directory The first two documents define how to store the information. The third document is the core document defining how to use the information for routing. The next four documents extend the functionality with mapping, distribution list support, RFC822 routing and content conversion functionality. The last document defines a subset which should be implemented to support the X.400 routing functionality. The basic idea is to create a separate routing tree in the directory which is formed by the OR address hierarchy. At a node in the tree one finds the routing information for the specified domain, indicating the next hop, which should be as 'close' to the end system as possible. The mechanism is explained in more detail in the following chapters. The most recent Internet Drafts can be retrieved with anonymous FTP from the host nic.switch.ch in the directory standard/internet- draft, check for documents starting with draft-ietf-mhsds. 4.1 The routing information in the DIT The OR address hierarchy defines a tree which is mapped straight forward into the DIT. The same entry is used for the OR address country code as for the Country in the White Page information. The ADMDs are registered below the country, including ' ' (single space) and '0'. The following table shows the supported OR attributes and their hierarchy in the DIT: O/R Object Class Naming Attribute Address C mHSCountry countryName or mHSNumericCountryName ADMD aDMD aDMDName PRMD pRMD pRMDName UA-ID mHSNumericUserIdentifier mHSNumericUserIdentifierName X121 mHSX121 mHSX121Address O mHSOrganisation mHSOrganisationName OU mHSOrganisationalUnit mHSOrganisationalUnitName PN mHSPerson personName CN mHSNamedObject mHSCommonName T-ID mHSTerminalID mHSTerminalIDName DDA mHSDomainDefinedAttribute mHSDomainDefinedAttributeType and mHSDomainDefinedAttributeValue The numeric country code is always stored too as an alias. The Personal name is normalised into a string according RFC1327, S=eppenberger; G=urs would be stored as CN=urs.eppenberger. The author's OR address S=eppenberger; O=switch; P=switch; A=arcom; C=ch; is represented in the directory as the following Distinguished Name (DN): CN=eppenberger, MHS-O=switch, PRMD=switch, ADMD=arcom, C=ch 4.2 The basic routing mechanism The need for having a powerful routing mechanism for various user communities (ADMD service providers, large multinational companies, the R&D community, ...) lead to a complex routing document. The simple profile reduces the functionality to what is needed to globally connect X.400 networks in an open and distributed managed way. The following routing tree might be stored in the DIT, carrying information for two ADMDs and two PRMDs. MTAinfo is used to indicate that a node in the DIT contains MTA connection information. MTAinfo2 PRMD=switch/ ADMD=arcom/ \ MTAinfo3 C=ch/ \ MHS-O=switch/ / MTAinfo1 \CN=eppenberger\ \ MTAinfo3 C=it\ MTAinfo4 ADMD=garr/ \(access restricted) PRMD=infn\ MTAinfo5 If an MTA at SURFnet, NL needs to relay a message to me, it takes my OR address, maps it to a Distinguished Name as explained in 4.1 and finds directly MTAinfo3. If the Dutch MTA is connected to the same network as MTA3, then a connection can be established an the message transferred. If the two MTAs do not share the same network, the least significant attribute of the DN is stripped and the directory might return an MTA which is connectable. Another message might be sent to S=allocchio; O=elettra-ts; P=infn; A=garr; C=it; which gives a DN of CN=allocchio, MHS-O=elettra-ts, PRMD=infn, ADMD=garr, C=it Since the access to PRMD level is restricted by X.500 access control to Italian MTAs only, the Dutch MTA is able to retrieve the connection info stored at ADMD level, MTAinfo4. This MTA is in Italy and can read all the entries and will then be able to do the final delivery. This is how firewalls can be set up with MTAs on both sides of the firewall using the same directory based routing mechanism. A very interesting but not deployed feature is the possibility of storing User Agent capabilities in the directory. The sending MTA will be able determine that the receiving UA cannot handle video and will therefore omit this part of the message. The MTA might also find that the receiving UA does support PostScript, but does not understand G3FAX. It will therefore check the DIT for a relaying MTA which can convert G3FAX to Postscript. 4 Project LONGBUD The IETF MHS-DS working group saw the necessity to gather operational experience with the proposed routing mechanism. A few organisations with operational DSAs and X.400 software supporting MHS-DS functionality will start to populate the routing tree and exchange messages based on X.500 routing information. Amongst the participating organisations are Nordunet(NO), CDC(US), EDF(FR), SURFnet(NL), Nexor(UK), and SWITCH(CH). The directory infrastructure is more or less ready to be used. The pilot project will show if the response times are acceptable and if the functionality offered by the current X.500 implementations and standards matches the requirements for MHS-DS, which are probably different to the requirements of end users searching for white page information.. The plan is to present first results at the next IETF MHS-DS meeting in Amsterdam, July 12-16, 1993. Documents concerning MHS-DS and project LONGBUD can be retrieved with anonymous FTP from quixote.css.cdc.com, directory pub/mhs-ds. 5 EXPLODE Based on the definition on how to use X.500 to support distribution list a software package has been developed in the COSINE initiative to extend the PP X.400 software. The EXPLODE system provides a self subscription electronic mail distribution list system with archive facilities. It works in a multi-protocol mail environment, including support for X.400 (both 84 and 88) and Internet RFC 822 mail. In EXPLODE the distribution list members are stored in the X.500 Directory. When a message is sent to the distribution list, a component called the list expander reads the list of members from the Directory entry and re-distributes the message to each of the members. This Directory entry can be viewed using a standard Directory user agent (DUA), allowing a distribution list to get identified and addressed easily. The expansion mechanism used by the list expander is based upon the process defined by X.400(88). Optionally, all messages sent to an EXPLODE distribution list can also be archived. Users (not necessarily members of the distribution list) can send mail messages to the archive requesting that they be sent a copy of selected messages from the archive. To manage both, the list and archive, a mail based management interface is provided, as well as a line based DUA supporting list management. Both the archive and list expander have a number of policy options available. These are used to control (amongst other things) who can submit messages to the archive, who can add members to the list, the type(s) of messages that can be accepted and how to deal with errors, giving the system a great deal of configuration flexibility, enabling the software to be used in a wide range of configurations. Details on requirements for the EXPLODE software can be found in the document EXPLODE via anonymous FTP from the host nic.switch.ch in the directory e-mail/docs. 6 Conclusion X.500 usage for X.400 email needs still significant research and development efforts. The EXPLODE software is ready to be used, the email interface is subject to change, however, since IETF is considering to standardise the interfaces of mail based servers for the benefit of the users. Project LONGBUD is still in its starting phase and it will take several month until the first results will provide feedback to the design. There is some effort to standardise X.500 usage for X.400 routing in ISO. It is highly probably that CCITT is not going to adopt this approach since it allows to bypass the ADMD infrastructure with end-to-end delivery if the MTAs share the same network.
- Draft article 'X.500 directory service usage for … Urs Eppenberger
- Re: Draft article 'X.500 directory service usage … Jeroen Houttuin
- Re: Draft article 'X.500 directory service usage … Jeroen Houttuin