Root DSA
D.W.Chadwick@iti.salford.ac.uk Fri, 28 October 1994 22:56 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa10259; 28 Oct 94 18:56 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa10255; 28 Oct 94 18:56 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa20275; 28 Oct 94 18:56 EDT
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.05262-0@haig.cs.ucl.ac.uk>; Fri, 28 Oct 1994 22:01:51 +0000
Via: uk.ac.salford.io; Fri, 28 Oct 1994 22:01:27 +0000
Received: from mailgate-0.salford.ac.uk by io.salford.ac.uk with SMTP (PP); Fri, 28 Oct 1994 22:04:06 +0000
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: D.W.Chadwick@iti.salford.ac.uk
Date: Fri, 28 Oct 1994 22:57:00 -0000
To: osi-ds@cs.ucl.ac.uk
Subject: Root DSA
X-Mailer: University of Salford cc:Mail/SMTP gateway 1.71
Encoding: 166 TEXT
Message-ID: <9410281856.aa20275@CNRI.Reston.VA.US>
Folks Here is a draft proposal for the upcoming DANTE Nameflow meeting in Holland. Comments appreciated, so that I can update it if needs be before then David Phasing Out The Root DSA Background Information 1. The Root DSA is not a feature of the X.500 standard. It was introduced because of the non-standard nature of the original Quipu knowledge model. 2. The X.500 standard recognises First Level DSAs as being the DSAs at the 'top' of the X.500 hierarchy. First Level DSAs are DSAs that hold an entry immediately subordinate to the root entry. 3. The 1993 edition of the standard explicitly recognises that there can be master and shadow First Level DSAs. (The 1988 edition of the standard does not explicitly recognise this, since it does not recognise shadowing.) A shadow First Level DSA holds a copy of the root context, provided by a master First Level DSA. 4. There is some confusion over the exact definition of the 'root context' as specified in the 1988 standard. Root naming context is also mentioned. For the purpose of this paper, root context and root naming context will be taken to be synonymous terms, and will be defined as: the root entry and the complete set of subordinate references of the root entry. In line with accepted practice, (e.g. functional standards and NADF documentation) NSSRs will not be allowed in the root context. To allow them will cause great inefficiencies in name resolution. (Note that whether a particular DSA holds a root subordinate reference as a subordinate reference or as a cross reference is largely immaterial to this paper and to the external world.) 5. In the current Paradise service, the root context is very small, less than 50 subordinate references. In other words there are less than 50 country and top level locality and organisational entries. It can be expected to remain this small for the next few years, at least until 1993 products come on stream. Furthermore, changes to the root context information happen relatively infrequently. We are thus not talking about a large data management issue, since each subordinate reference only consists of 3 pieces of information: the distinguished name of the first level entry, the distinguished name of its master DSA, and the later's presentation address. It is also possible, as an aid to performance, and to build in redundancy, to hold the access points of shadow DSAs along with that of the master DSA, but this is only expected to cause at most a trebling of the root context information. Proposed Transition Plan 6. The first phase is to ensure that ALL First Level DSAs are based on implementations (Quipu or otherwise) that can hold subordinate references that are conformant to the standard. Until this is achieved the root DSA will continue to be necessary. (Note. If one or more of the First Level DSAs are capable of holding cross references instead of subordinate references, this should be sufficient.) 7. Once this has been achieved each master First Level DSA can be configured with the root context, i.e. a full set of subordinate references, and the root DSA can then be discontinued (since calls will no longer need to be routed via it). 8. The next question to arise, is how is the root context to be managed and distributed. Two alternative solution are proposed, one for the short term (May 1995 for one or two years) and one for the longer term. In neither case is it proposed that any special software need be implemented. 9. Given that the root context data management requirements are small, in the short term it will be cheapest and easiest to have a human controlled central coordinating point. (DANTE are probably the most suitable organisation in Europe to offer this service.) The coordinating person will receive subordinate reference details from all master First Level DSA managers, either by Email, FTP or phone or fax, and will keep this information in a computer file. This file can then be Emailed or FTPed to each master First Level DSA manager every time it is updated. The file should also be FTPable on demand by any manager. The file should be ASCII format, similar to configuration lines from the Quipu tailor file (exact details to be specified later). There would seem to be little point in specifying and procuring custom built software for this purpose, given that 1993 conformant systems, supporting shadowing, will be available within the next year or two. The only software that may be needed is a bulk loading tool to load the root context information into each First Level DSA (although this should be provided by the manufacturer as part of their product range). Shadow First Level DSAs will make their own bilateral arrangements for copying information from master First Level DSAs. In the short term this might be by proprietary replication protocols, and in the longer term by 1993 standard replication protocol. How this is achieved is outside the scope of this paper. The European coordinating point will be responsible for sharing information with the US (NADF in particular), and with other similar points in Europe (if these exist) such as Eurescom. Individual First Level DSA managers do not need to worry about this, since this information will be given to them automatically by the European coordinating point. 10. In the longer term we can expect to see 1993 conformant systems that support the standard shadowing and operational binding protocols. It is hoped that the following scheme can be supported by 1993 standard conformant systems. It is similar to the NADF CAN scheme, but is based on the standard 1993 replication protocols, the DOP and the DISP, instead of on a proprietary intercept protocol. 11. The European coordinating point can operate a (pseudo) root DSA that enters into two bilateral agreements with every master First Level DSA. One of these agreements will be a shadowing agreement, the other a hierarchical agreement. 12. Every master First Level DSA will shadow the root context from the root DSA. This will provide the complete set of subordinate references. This is the shadowing agreement, and should be completely standard (otherwise shadow First Level DSAs could not be supported by the implementation). (Note. On talking to one manufacterer, the expert suggested that a defect report might be needed to the standard to ensure that this is the case. If so this will be done.) The Update strategy should preferably be set to 'on change' and will be supplier initiated, although the exact strategy adopted by any one First Level DSA manager does not affect the overall scheme of things. 13. The root DSA will enter into a hierarchical agreement with every master First Level DSA, in order to obtain a subordinate reference for each first level entry. Whilst hierarchical agreements are standardised, this particular novel use of a HOB is not specifically recognised in the standard so it may cause hiccups with some implementations, although the ASN.1 will support it. (Note. If this HOB proves difficult to support in some implementations, then it would be possible to continue to use the previous manual method for updating the subordinate references in the root DSA, and to only use the standard shadowing protocol for propagating the changes to the other First Level DSAs. For those implementations that do not initially support the HOB, manual updates will need to continue to be used. It will be quite acceptable for some FIrst Level DSAs to use HOBs and some to use manual methods.) 14. When any of the master First Level DSAs change their access points (names or addresses), they can notify the root DSA via the DOP Modify Operational Binding message. Changes to shadow access points and the name of the first level entries will similarly be notified. The root DSA can subsequently notify all the master First Level DSAs of all such changes via the DISP. In this way it should be possible to propagate changes from a First Level DSA to the root DSA, and from there to all other First Level DSAs. 15. An alternative solution, which is much less manageable, but that does without a pseudo root DSA, is for each master First Level DSA to enter into bilateral agreements with every other master First Level DSA, in order to shadow the first level entries and access point operational attributes. However, this solution is not seriously proposed, as the management overheads are too great. D W Chadwick 28 October 1994
- Root DSA D.W.Chadwick
- Re: Root DSA pays
- Re: Root DSA Colin Robbins
- Re: Root DSA Thomas Lenggenhager
- Re: Root DSA Andrew Waugh
- Re: Root DSA D.W.Chadwick
- Re: Root DSA D.W.Chadwick
- Re: Root DSA Steve Kille
- Re[2]: Root DSA D.W.Chadwick