Re: root knowledge
Colin Robbins <c.robbins@xtel.co.uk> Fri, 08 May 1992 09:00 UTC
Received: from nri.nri.reston.va.us by ietf.NRI.Reston.VA.US id aa03459;
8 May 92 5:00 EDT
Received: from nri.reston.va.us by NRI.Reston.VA.US id aa05063;
8 May 92 5:05 EDT
Received: from bells.cs.ucl.ac.uk by NRI.Reston.VA.US id aa05059;
8 May 92 5:05 EDT
X400-Received: by mta bells.cs.ucl.ac.uk in /PRMD=uk.ac/ADMD=gold 400/C=gb/;
Relayed; Fri, 8 May 1992 08:45:33 +0100
Date: Fri, 8 May 1992 08:45:33 +0100
X400-Originator: osi-ds-request@cs.ucl.ac.uk
X400-Recipients: non-disclosure:;
X400-MTS-Identifier: [/PRMD=uk.ac/ADMD=gold 400/C=gb/;
bells.cs.u.831:08.04.92.07.45.33]
Priority: Non-Urgent
DL-Expansion-History: osi-ds@cs.ucl.ac.uk ; Fri, 8 May 1992 08:45:33 +0100;
From: Colin Robbins <c.robbins@xtel.co.uk>
Message-ID: <"2510 Fri May 8 08:45:22 1992"@xtel.co.uk>
To: pays@faugeres.inria.fr
Cc: S.Kille@cs.ucl.ac.uk,
"(Paul-Andre.PAYS)" <Paul-Andre.Pays@faugeres.inria.fr>,
osi-ds@cs.ucl.ac.uk
In-Reply-To: <705266800.6537.0@faugeres.inria.fr>
Subject: Re: root knowledge
This may be a simplistic response, and I may have missed some of the
points you are making. However, why can't the X.500 protocols
themselves and some caching be used to obtain the knowledge required?
Taking c=GB for example, from the DIT (or local knowledge if you
like), you can establish the controlling DSA is one called "Inca Dove"
Why not bind to this DSA (DAP or DSP), and issue a request of the form:
subtree search baseobject: c=GB
filter: objectclass=organization
service control options: chainingProhibited
Because chaining is prohibited, the DSA will be forced to return a
partial outcome qualifier (POQ). This will contain
DN, DSA Name, DSA address
for each or the DSAs the "Inca Dove" would have to contact inorder to
complete the search. If you cached this information, you could then
use it later to solve queries for the given DNs (i.e., When you need
to chain, look up the DN in a table of cached POQ's, and see if you
have any "DSA Name, DSA address" information. If you do - chain (or
issue a referral) to that DSA.
This will certainly work againt a QUIPU DSA, and I would expect it to
work against most other implementations. There is a chance a DSA
could return "Error: Chaining required" or similar, (QUIPU won't!).
You may also need to bind as a particular authenticated user, as
some DSAs may heuristically prevent this form of searching for an
unauthenticated user - but that not a big problem.
It just seems to be the right way to do it to me, no external agreements
about formats etc are needed, its all defined by X.500!
Colin
- Re: root knowledge pays
- Re: root knowledge Steve Hardcastle-Kille
- Re: root knowledge Sylvain Langlois
- DSAs through ISDN connections Sylvain Langlois
- Re: root knowledge pays
- Re: root knowledge Colin Robbins
- Re: root knowledge Colin Robbins
- Re: root knowledge pays
- Re: root knowledge Colin Robbins
- Re: root knowledge pays
- Re: root knowledge Colin Robbins
- Re: root knowledge pays
- Re: root knowledge Christian Huitema
- Re: root knowledge Steve Hardcastle-Kille
- Re: root knowledge yeongw
- Re: root knowledge Andrew Waugh
- Re: root knowledge yeongw
- Re: root knowledge Andrew Waugh
- Re: root knowledge yeongw
- Re: root knowledge Thomas Johannsen