Where to use X.500? -Reply
Ed Reed <Ed_Reed@novell.com> Thu, 23 February 1995 06:34 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa15242; 23 Feb 95 1:34 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa15238; 23 Feb 95 1:34 EST
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa23909; 23 Feb 95 1:34 EST
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.00514-0@haig.cs.ucl.ac.uk>; Thu, 23 Feb 1995 06:05:28 +0000
Received: from ns.Novell.COM by bells.cs.ucl.ac.uk with Internet SMTP id <g.26823-0@bells.cs.ucl.ac.uk>; Thu, 23 Feb 1995 06:05:16 +0000
Received: from gw.provo.Novell.com by ns.Novell.COM (4.1/SMI-4.1) id AA24663; Wed, 22 Feb 95 23:06:04 MST
Received: from novell.com by gw.provo.Novell.com (4.1/SMI-4.1) id AA14167; Wed, 22 Feb 95 23:05:50 MST
Received: from PRV-INTERNET-Message_Server by novell.com with Novell_GroupWise; Wed, 22 Feb 1995 23:05:50 -0700
Message-Id: <sf4bc34d.019@novell.com>
X-Mailer: Novell GroupWise 4.1
Date: Wed, 22 Feb 1995 23:01:18 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Ed Reed <Ed_Reed@novell.com>
To: osi-ds@cs.ucl.ac.uk, schleiff@bcstec.ca.boeing.com
Cc: Dale_Olds@novell.com, Dave_Eckert@novell.com, Jeff_Hawkins@novell.com, Paul_Turner@novell.com
Subject: Where to use X.500? -Reply
Your criteria are good to start with. Traditionally, many people have been stuck in their thinking that messaging addresses were the only real application for directory services. That's wrong. Certainly user profile information of the type you mentioned is appropriate. Careful though not to go too far with the HRM data - adequate access controls are necessary to keep inappropriate data out of public readers hands - or hostile recruiters. The most immediate growing use of directory services is becoming authentication/authorization information. Single signon capabilities, or key-chain type mechanisms which give the illusion of such things, can make very effective use of a directory with strong authentication and some encryption. Other application profile information goes nicely into the directory. Services which are directory aware can be administered by adjusting some of their operational characteristics in attributes associated with the service instance in the directory. Not everything - but at least fairly static information including the credentials needed by users who need to establish authenticated connections to the service. Also, traditional name service like stuff, such as network addresses, protocols supported, capabilities ("...this printer supports Pantone color with up to 1600 dpi resolution on 11x17 inch plain bond paper..." for example - in proper attribute/value format, of course). But there's more. User specific configuration information for applications can and ought to be the same regardless of where the user chooses to connect to the network. That brings to mind things that might, in another world, be stored in .ini files on a local disk. Again, not all, but many user preferences and application specific attribute/value choices can and should go into the directory where applications can use them regardless of where they're run for the user. Anything which needs to be easily found by some well known name or attribute makes sense. Software distribution systems can make great use of the directory to advertise the latest version of files, their cryptographic checksums (against which users or their administrative software can compare what's installed, identify whats been tampered with or made obsolete, etc), where trusted storeage of the software/document/whatever can be found, and even access controls set so that only authorized users can even browse what's there... The point about all these directory uses is that they capitolize on the global namespace, partitioning of data, navigation to local replicas, and synchronization of attribute information combined with such opportunistic cacheing as may be employed. Search facilities, combined with distributed indexing and cataloging services will make relational-like database access languages seem more familiar to the casual information miner, while the hierarchical database layout will continue to support high transaction levels for more traditional name service attribute retrieval (what's the network address of the service with this name) operations. Funny, but we're re-inventing the idea of shadowing a hierarchical database (IMS) with a relational extract (DB2) to support ad hoc queries and report generation - part of the industry calls that data wearhousing. And the same strategy has an appropriate role in directory service deployments, too. Eventually, as replication and synchronization algorithms are tuned, other application profiles will be supported. Also, as the directory evolves into a symbiotic relationship with Object Request Broker technologies, it will be easier and straight forward to use the directory to store attribution information about resources which may themselves be reached either through the directory via some proxy relationship, or by referal to some owning process itself. X.500 isn't the end point. It's just the beginning. Ed Reed Directory Services Architect Novell, Inc. Received: from ns.Novell.COM by gw.provo.Novell.com (4.1/SMI-4.1) id AA13202; Wed, 22 Feb 95 21:53:28 MST Received: from haig.cs.ucl.ac.uk by ns.Novell.COM (4.1/SMI-4.1) id AA23731; Wed, 22 Feb 95 21:53:37 MST Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.00303-0@haig.cs.ucl.ac.uk>; Thu, 23 Feb 1995 03:38:29 +0000 Received: from atc.boeing.com by bells.cs.ucl.ac.uk with Internet SMTP id <g.24377-0@bells.cs.ucl.ac.uk>; Thu, 23 Feb 1995 03:38:16 +0000 Received: by atc.boeing.com (5.57) id AA14446; Wed, 22 Feb 95 19:42:30 -0800 Received: from bcstec.ca.boeing.com by splinter.boeing.com with SMTP (1.37.109.14/16.2) id AA267140628; Wed, 22 Feb 1995 19:37:08 -0800 Received: by bcstec.ca.boeing.com (4.1/SMI-4.1) id AA29469; Wed, 22 Feb 95 19:37:57 PST From: schleiff@bcstec.ca.boeing.com (Marty Schleiff) Message-Id: <9502230337.AA29469@bcstec.ca.boeing.com> Subject: Where to use X.500? To: osi-ds@cs.ucl.ac.uk Date: Wed, 22 Feb 1995 19:37:56 -0800 (PST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1464 I'm trying to figure out what types of applications and what types of information could benefit from X.500. So far I'm thinking that X.500 is appropriate for information which meets the following criteria (or a subset thereof): 1) Structured information - Should be able to be represented as an entity with associated attributes. Documents might not be appropriate; but and index to documents probably would be appropriate. 2) Frequently accessed information - If it's not frequently accessed is it worth the expense to carry it in the Directory? 3) Primarily read only information - Even though some level of user-initiated update activity may be acceptable, the ratio of queries to updates should be high. 4) Centrally managed information which is beneficial to many information consumers - Human Resources information is probably the most obvious example. 5) Information which may benefit from replication - e.g., for performance reasons it may be desireable to dedicate a DSA to a specific application and replicate required information to that DSA. 6) Latency tolerant information - If the information is replicated, latency measured in hours should be acceptable instead of latency measured in seconds. If anyone has any comments/additions I would sure appreciate hearing them. Thanks, Marty Schleiff Boeing Corporate Electronic Directory Service (206)957-5667 schleiff@bcstec.ca.boeing.com
- Where to use X.500? -Reply Ed Reed