Draft minutes of the San Diego Meeting

[Steve Hardcastle-Kille <S.Kille@cs.ucl.ac.uk>]

Thanks to Justin for timely and comprehensive notes.   Please send any comments
or changes.  I have not been able to fill in all of Justin's gaps.


Steve


OSI-DS Meetings: 7th meeting of the IETF Directory Services Group


 March 12th 1992, Dan Diego

Minutes  by Justin C. Walker, justin@apple.com, and Steve Hardcastle-Kille

Attendees:


Chair:  Steve Hardcastle-Kille

"Claudio Allocchio"           <claudio.allocchio@elettra-ts.infn.it>
"Harald Alvestrand"           <harald.alvestrand@delab.sintef.no>
"John Ballard"                <jballard@microsoft.com>
"Paul Barker"                 <p.barker@cs.ucl.ac.uk>
"William Biagi"               <bbiagi@cos.com>
"Jodi-Ann Chu"                <jodi@uhunix.uhcc.hawaii.edu>
"Alan Clegg"                  <abc@concert.net>
"Richard Colella"             <colella@osi.ncsl.nist.gov>
"James Conklin"               <conklin@bitnic.educom.edu>
"Urs Eppenberger"             <eppen@verw.switch.ch>
"Stefan Fassbender"           <stf@easi.net>
"Mark Fox"                    <m_fox@took.enet.dec.com>
"James Galvin"                <galvin@tis.com>
"Jisoo Geiter"                <geiter@gateway.mitre.org>
"Tony Genovese"               <genovese@es.net>
"Sang-Chul Han"               <schan@garam.kreonet.re.kr>
"Alf Hansen"                  <Alf.Hansen@delab.sintef.no>
"Steve Hardcastle-Kille"      <s.kille@cs.ucl.ac.uk>
"Alton Hoover"                <hoover@nis.ans.net>
"Tim Howes"                   <Tim.Howes@umich.edu.>
"Erik Huizer"                 <huizer@surfnet.nl>
"Ole Jacobsen"                <ole@csli.stanford.edu>
"Barbara Jennings"            <bjjenni@sandia.gov>
"Darren Kinley"               <kinley@crim.ca>
"Mark Knopper"                <mak@merit.edu>
"Eva Kuiper"                  <eva@hpindda.cup.hp.com>
"Sylvain Langlois"            <sylvain@cli53an.edf.fr>
"Kenneth Lindahl"             <lindahl@violet.berkeley.edu>
"Triet Lu"                    <trietl@sparta.com>
"Scott Marcus"                <smarcus@bbn.com>
"Daniel Matzke"               <matzked@cerf.net>
"David Miller"                <dtm@mitre.org>
"Daniel Molinelli"            <moline@gumby.dsd.trw.com>
"Robert Morgan"               <morgan@jessica.stanford.edu>
"William Nichols"             <nichols@took.enet.dec.com>
"Tracy Parker"                <tracy@utexas.edu>
"Emmanuel Pasetes"            <ekp@enlil.premenos.sf.ca.us>
"Rakesh Patel"                <rpatel@rutgers.edu>
"Geir Pedersen"               <geir.pedersen@usit.uio.no>
"David Piscitello"            <dave@sabre.bellcore.com>
"Jon Postel"                  <postel@isi.edu>
"Marshall Rose"               <mrose@dbc.mtview.ca.us>
"Ursula Sinkewicz"            <sinkewic@netrix.nac.dec.com>
"Mark Sleeper"                <mws@sparta.com>
"Mark Smith"                  <mcs@umich.edu>
"Einar Stefferud"             <stef@nma.com>
"Tom Tignor"                  <tpt%@isi.edu>
"Justin Walker"               <justin@apple.com>
"Chris Weider"                <weider@ans.net>
"Brien Wheeler"               <blw@mitre.org>
"Cathy Wittbrodt"             <cjw@nersc.gov>
"Russ Wright"                 <wright@lbl.gov>
"Peter Yee"                   <yee@ames.arc.nasa.gov>
"Wengyik Yeong"               <yeongw@psi.com>
"Ki-Sung Yoo"                 <ksyu@garam.kreonet.re.kr>





Agenda - A paper copy was distributed that updated the previously 
transmitted electronic version.  A copy is appended.

No comments on the Minutes of the San Jose meeting; they were 
accepted as written.  They are available as OSI-DS-MINUTES-6 on 
your neighborhood OSI-DS document archive server.

Matters arising - Steve to prompt George Brett to circulate documents.
It was not known if this had been done.  Action dropped.

Richard Collela was to send a current list of the OIW documents to the osi-
ds mailing list.  The question was asked whether this was done, and 
no one knew for sure.

Other items of business were to be discussed as specific points on the 
agenda.

Liaison Reports:
 
RARE WG3: Erik Huizer reported that the a number of documents 
were discussed.  The "character set" issue was also discussed.  On a 
sad note, the January meeting was for WG3, due to restructuring 
within RARE.  In the future, it will be more like IETF (from may 
onwards).  There will be a followon to WG3, but the form has not yet 
emerged.

ISO/CCITT - No liaison was present.  Availability of the Directory 
root over CONS has been requested by JANET.  This will cause 
reachability problems for CLNS use.  The issues haven't been fully 
addressed yet.

OIW: Russ Wright reported that agreements on replication have gone
stable (1992); 1988 documents on ??? <<<MISSED THIS>>> are stable.
Trying to distinguish between 88, 92 items.  The X.400 and X.500 SIGs
met.  The X.400 folks complained about lack of attribute types for
routing.  EWOS sent a statement about adding transport requirement
(NSAPs don't specify transports).  Major work on international
standard profiles (dealing with DAP) is underway; this should be out by
December.

NADF: Einar Stefferud reported that the pilot proposed for 2/92 is
"underway"; member participation will be "utopian" <<<NOT SURE WHAT I
MEANT BY THIS>>>.  There are interworking issues between this pilot
and the White Pages pilot, due to different naming schemes and the
listing vs. registration models.  Discussions have been held at NADF
to determine that two pilots could *not* be connected.  According to
Wengyik, there is no common naming of schema.  The major problem is
operational (naming of DSAs, etc.).  PSI can not act as broker (there
are knowledge and data sharing problems).  Desire is there, so it
seems that meetings are needed to discuss this.  The NADF pilot work
needs to stabilize before these can reasonably proceed.  The NADF
wants to push knowledge sharing (open DIT; global system).

The White Pages pilot "caused problems" by presuming that it was a 
national authority (which, it is claimed, it isn't).  It was pointed out 
that these were technical assumptions to help deploy early.

NADF is waiting for the 1992 changes to the directory (X.500) to be 
published to determine what membership will do about compliance.

The NADF has issues of competitiveness, tariffs, etc., guiding its pilot 
development.  These are real world assumptions.  The WP 
assumptions were simplifying.  NADF documents are available, 
modulo media issues.

DISI: Chris Weider reported that three new RFCs are out: 1292, 
1308, 1309 (a "real executive summary").  They now have a clean 
slate, so if new documents are needed, speak up.

AARN: Steve Hardcastle-Kille read the following report:

***************************************************************


Report to the IETF OSI-DS WG from the AARNet Directory Project

1. Australian Networkshop in last December

   We conducted a demonstation of the Directory at the recent
   Networkshop which attracted considerable interest, and as resulted
   in 3 more AARNet members joining the pilot.

   The demonstation was spoiled somewhat by the failure of our frame
   grabber and where we had hoped to use colour images, JPEG encoded,
   we had to make do with greyscale imagines (still using JPEG). The
   DIT used for the Networkshop is still available, as
   "c=AU@o=Australian Networkshop", having been migrated from the loan
   machine we had at the Networkshop to one of our project machines.

2. Future of the AARNet Directory Project

   Officially the project has concluded, except for the submission to
   AARNet of our report, but we expect that the Project will continue,
   hopefully with additional funds from AARNet.

   We will continue to champion the Directory as an information
   resource and encourage AARNet members to run their own directories.
   We also intend to use of our machines to provide a service where
   AARNet members can experiment with the Directory without having to
   run their own, as well as providing a registration point for any
   organisation connected to AARNet so that basic information about
   their organisation can be made available through the Directory.

3. Binary distribution of DUAs and DSAs

   The AARNet Directory Project have made available a number of binary
   kits (SPARC, RISC/Ultrix, Sun3 and Pyramid) of the Quipu
   distribution for anonymous ftp on ftp.adelaide.edu.au in the
   pub/white_pages/KITS directory. The main purpose of this is to allow
   other sites to easily access the the pilot, either by making access
   to the Directory available at their site or allow them to easily
   configure a DSA of their own. The kit has been tailored for sites
   wishing to join the pilot in Australia but the binaries could be
   used anywhere.

4. Current state of the Directory in Australia

   There are currently 25 DSAs in Australia, and they master 45,975
   entries. After checking the sites that have fetched a copy of one
   of our binary kits I would hope that there will be 3 more sites in
   Australia starting to run their own DSA shortly.


***************************************************************

The following are the status reports of operational pilots:

FOX: Tom Tignor reported that FOX is waiting on NSF funding; final 
reports have been submitted, and nothing is happening now.
Individual efforts:
SRI - x5whois - whois information in a DSA.  Conversion problems 
overcome, but DSA loading is taking a long time (they have added 
more memory, reduced the number of attributes held).  There are 
150000 entries now.   Interoperability testing (between QUIPU and 
CUSTO) is underway.
PSI - x5rfc, a document retrieval gizmo, x5ftp, and usconfig are 
under development or in test. <<<Need to see Wengyik>>>.
MERIT - Working on making information resources (e.g., k-12, NIC )
avail on X.500; schema documents on these are available.  They are 
looking at storing data as pointers to original information.  The 
University of Michigan is looking into developing a Macintosh DSA 
<<<DSA OR DUA; WHO IS DOING THIS???>>>.
ISI - Currently, they are in a cheerleading mode, and acting as a 
central switchboard for these efforts.  They are just moving to QUIPU 
7.0.  They are looking at a lightweight version of x5whois.

A question was asked regarding the transition to X.500 in Europe: 
have there been real directories mapped into x500?  The consensus 
is no, that most directory efforts have focused on creating new X.500 
databases.  We should then look at any problems arising from 
moving the "whois" base to X.500.

White Pages: <<<MUST GET DETAILS FROM Wengyik >>>. The 
NADF/WP differences were discussed again.

PARADISE: Paul Barker reported that there have been problems 
with (large) getedbs.  PARADISE is moving to ISODE 8.0, and this is 
causing some service upset.  Use of central DUA services on a central 
ULCC  system is rising.  It was 
requested that we all please take some of the lush documents from 
PARADISE.  These describe the services supplied, as well as the user 
interface alternatives provided.  Revisions are being planned for the 
DUA (e.g., loosening up the hierarchy). Multilingual versions of I/F 
are becoming available.  Among others, a management interface for 
simple maintenance; for small or disinterested users (e.g., for those 
with a simple o=, or for lower level updates).  A probe (written in 
C++) is being produced, with better post processing of results.  One 
partner (the Dutch PTT) has sent query to other PTTS on attitudes on 
X500 (most said "X.What"?).  Steve  Hardcastle-Kille and Paul Barker 
are producing 3 metric documents - for DUA, DSA, and Pilots.  These 
will be in the form of questionnaires, and they are looking for details 
on each.



The operational reports being given, we plunged into the individual 
items from the agenda.

Security - The NADF started looking at it last year.  A Directory Bill 
Of Rights has been published as an RFC <<<RFC#?>>>.  Each word of the 
Bill of Rights has been lovingly crafted to both ensure rights and  
require nothing.  Also, security for competitive products has been 
under study.  A revision of this is expected after NADF meeting, 
when it will be revised and published as an RFC (the week of 4/21).

Need for a Directory Operations Group - Does the IETF need a 
WG for Operations, dealing practical issues of running a directory 
service on the Internet.  This group could work on a benchmark 
document, operating specifications, interoperability issues.  During 
the discussion, a question was raised regarding the difference 
between the new group and DISI; the latter was described as an 
educational provider.  Suggested differences: the OSI-DS provides 
implementations of the directory; DISI is for users; and the new 
group is for operators.  It was pointed out that this obeys the Narrow 
Focus admonition of IETF WGs.  A straw poll indicated low interest in 
both having and not having a separate WG for operations (a majority 
abstained from the voting; only a handful cast votes), so the issue 
was put aside for now.

Strategy Document - Some issues need to be resolved, privately, 
before getting closure on this document.  Concern has been raised 
that Steve H-K is generating documents faster than the rest of us can 
read them.  The protagonists are looking for insight on what should 
go into and what should not go into the document.  The problems are: 
the document describes the registration model; attention needs to be 
paid the work of the NADF and listing model.  The document also 
doesn't address deployment issues, e.g., where the resources come 
from.  A section on security is wanting, but should be filled in from 
Steve.  A version is promised by the end of April.  Anyone with 
views should speak with Erik Huizer.

New Object Models - Three papers on new object models have 
been published. The object models are described therein as schemas.
Comments are solicited.  One comment - this doesn't match the X.500 
model of having "objects" that have "real" significance.  What is
"service" (called "resource" in the papers)?  A subgroup meeting was 
suggested for further resolution of the subclass/object definition.
Another comment: how does one search, based on schema?  One must 
distinguish between DIT structure and object models.  The former is 
to be considered in the WAIS BOF.  There followed a discussion of 
how to represent network infrastructure information in the 
directory.  A previous paper thought now to be wrong (by the 
author)   It was suggested that IP representation should be widened 
to include host parts, AD, other information.   Concern was expressed 
that the representation of network addresses not lose information 
(e.g., net masks).

OSI-DS-12 discussion - (and the "list vs. registration" debate)
Earlier, after discussion on the osi-ds mailing list, the document was
modified to add a note on an alternative (championed by Christien
Huitema).  In discussions at RARE, the WG3 folks have
suggested removing the alternative (i.e., going back to the form prior
to Cristien's suggestions were added).  There followed a lively
discussion on the two alternative positions, although noone was
present to support the alternative.  The position taken in the paper
was well and eloquently defended.  Note that the document hasn't been
through the IESG/IAB process yet.  Note also that the disputed section
is really an advisory one, dealing with countries without current
registration authorities.  A straw poll was taken on the question of
removing the "alternative": lots in favor; two abstentions; none
against.

Also, it was observed that Sec 3: the UFN statement makes it (this 
particular UFN syntax) special.  After discussion, it was accepted that 
this section should be deleted.

The subject of "Who Owns The Root?" arose, relating to an ongoing 
concern with resolving the differences between the listing and the 
registration models.  A discussion ensued regarding the effects of 
putting in things to the root, willy-nilly.  o=Internet, small numbers 
of "l="s, , and a small number of DSAs were examples used to 
highlight some of the issues.  No conclusions were reached by the 
meeting.

Registration vs. Listing discussion - In the Listing corner were 
Einar Stefferud and Marshall Rose.  The NADF is leveraging off US 
civil authority (in particular, that resting with the states, counties, 
and "localities").  There is a problem of looking for a company (or a 
person) without knowing its state of incorporation (that is, Delaware, 
not Confused) (or, in the case of a person, the organization chart of 
his (s/he/it's) company).  From this view, the DIT should be 
organized based on search needs.  Therefore, we need to do this at 
national level.  A basic issue is the mapping from civil authority to 
DIT (need not be 1-1).  This is the Listing view.

It is claimed that registration authentication already exists, except 
for registration under c=US.  ANSI does allow registration here (at 
the c=US level) at $2500 a pop; the details have appeared on the net 
a number of times.  Control of the directory (i.e., assuring that we 
don't pollute the directory at too high a level) comes with listing 
charges.

The listing model, following an anecdote from Einar Stefferud, 
emphasizes the need to lose your keys under the light.  The point is 
that you are more likely to find your keys where there is light (even 
if you didn't lose them there).  Similarly, one needs to list oneself in 
the Directory where one would be expected.  Where one is actually 
registered is less of an issue, and depends on vagaries of the domain 
administering your neck of the woods (or DIT).

The membership was advised that no lunch break would be 
forthcoming until this discussion is done.  As a result, our focus 
narrowed.

The registration side view was detailed by Steve Hardcastle-Kille. 
The Directory should leverage off existing civil authority.  It is 
important to separate directory and registration (at least at high 
levels; at lower levels, convenience of the DNS approach may 
override).  Multiple providers are needed, as is naming coherency 
(tied in later).  NADF requires all providers to assure naming 
coherency. There are 3 kinds of registration: ANSI, civil, and derived.
These are the listings.  The point was made that listings are actually 
a form of registration, in that a listing takes up "name space" and 
that listing agents must work to assure that collisions don't occur.  A 
counter argument was made that collisions will naturally clean 
themselves up as a result of the competitive nature of the Directory 
provision market.  The problem seems to be the issue of recursive 
listing authorities.

The debate continued with no clear winner, although the weight of 
evidence seemed to favor the listing folks.  The point was made that 
the NADF model had no implications for components of the DIT 
outside c=US (other than those inherent in its adoption beyond those 
boundaries).  The Listing view starts with the observation that 
names are intellectual property, sanctioned by civil authority within 
some (e.g., c=) boundary.  Listings (following NADF) are 
algorithmically derived from names, hence (at least within the 
domain covered by NADF), no chance for collision.  There was 
disagreement on the issue of listing being an implicit registration.

In the end, the sense of the meeting (by show of hands) was to push 
12 to an RFC.  The Listing vs. Registration debate will continue, with 
efforts being made to align the various pilots for interoperability 
(<<<I don't recall the exact resolution of this>>>).

UFN - Per a suggestion from the IAB, the UFN document will be split. 
The specific string representation (the use of ";" vs. ",") has gotten lots 
of discussion.  The use of UFN itself has received little comment. 
Discussion on the string rep: use ';, ',, or "not both".

On the vote to forward the UFN document, the 'ayes carried (so it will 
be forwarded).

<<<Steve, My notes on this discussion are a little flaky.  Do you or Russ 
remember details?>>>

QOS - There has been no progress on the Quality Of Service issue.
The QUIPU implementation now agrees with "the documentation" 
(the RFC???, not the QUIPU manual).  There are two pieces: the user 
interface and the deployment.  Deployment underway.  To date, 
there has been no user interface defined to allow a user to invoke 
this capability.  A dissenting view on the utility of QOS is that it is up 
to the guy who provides the service to describe QOS, and there is 
little or no uniformity to allow this.  For example, for the provider 
using the ISODE-provided DSA, he may describe it as experimental if 
he is a commercial provider, or as non-experimental if he is a 
university researcher.  The experiments will continue.

JPEG - Support for this should be in the next version of QUIPU.  A 
schema for JPEG photos is not yet ready.  Currently, this is specified 
as an octet string.  There is a conflict with G3Fax, which will be 
resolved by separating attributes (per last meeting).

Character Sets - The paper is partly from discussions in RARE WG3 
and RARE/COSINE groups.  Current DUAs don't support national 
characters and the T61 data type very well.  Europe (at least) has a 
requirement for national characters.  The providers need to add this 
support in a coordinated way.  The directory should have national 
versions of names (I18N).  The solution proposed by the author is

	o Store national characters using T61 string syntax
	o DSA string search algorithms must account for I18N'd names
	o Mapping table
	o DUA presentation to user dictated by the user (to use or not 
use I18N)

Issues include:
	o What are precise requirements?
	o What are the implications for UFN?
	o The necessity to agree on conversion at a national level

Note that UFN is assumed to be defined on abstract character set, so 
I18N not an issue(?).  Remarks:

	o is this only an "operational" issue, or are there other issues?
	o how are I18N strings stored, searched?  X.500 discusses this 
briefly, but that discussion does not seem acceptable.
	o No experimentation is underway, but should be started (e.g., 
between France and Norway).

Counting the DIT - Current work is DSA-specific and is very 
implementation specific.  A suggested new approach is to add new 
attributes (integers all) that count appropriate things at each level.
Counts can be done manually or automatically.  The question arose: 
do we count the # of registered or listed entries?  The sense of the 
meeting was to progress with the experiment; there was a tentative 
volunteer to look at the implementation issues.  <<<DIDN'T GET THE 
VOLUNTEER'S NAME>>>

RFC1274 - The original intent was for Steve and Colin to maintain 
this document.  Problems have arisen with the time needed to 
maintain it (keep it up to date) and how to maintain it.  A suggestion 
is that we try a structured approach a la SNMP.  We need to 
document each "object class" as with a MIB: what are the mandatory, 
optional, and experimental entries.  Another problem is expressed 
concern over the openness of the process to extend attribute and 
class lists.  We could either establish a small committee or a new WG 
to oversee the development of the Directory.  The consensus was for 
a small committee.  The IAB was previously asked about their 
feeling.  The thought was put forward that this could be more like 
Host Requirements, than like SNMP.  A show of hands called for an 
attempt to tack down what the committee would do.  Five brave 
souls stepped forward.  Paul Barker volunteered to restructure the 
main document.  The new structure will include procedures for 
extending the current definition, a list of other documents and 
general purpose attributes; and a mechanism for generating other 
documents as needed.

Schema Publishing - An alternative to the preceding approach is 
"don't write RFCs".  Instead, just write a new schema into the DIT.
Tim Howes and Mark <<<???>>> volunteered to write this up for public 
consumption.  Code to do this is also needed.  There followed a 
discussion of machine generated schema descriptions, e.g., by 
automatically culling appropriately prepared documents from the 
new RFC1274 structure.  Stay tuned.

preferredName attribute discussion - Others deferred to the 
committee.  The attribute type preferreddisplayname is a subtype of 
CN (for 1988 Directories, this would be a duplicate of the CN).  A DUA 
could use this as the display value for CN.  The attribute would not 
be mandatory.

Administrative limits - In a note sent out in January, the idea of 
size and time limits on searches was proposed.  Also, it would be nice 
to have a value to limit the number of DSAs to which to refer during 
a search.  This is thought to be related to issues of QOS.  A document 
discussing these values was proposed for the next meeting.  Note that 
this puts information about Directory use in the Directory.  Doing this 
may require the use of security above that currently available.  
Should these be represented in MIBs?  Steve Hardcastle-Kille 
discussed the use of SNMP as a tool for the management of 
directories.

Adding DNS information to directory - Software has been 
created to load DNS information into the DIT.  "dnsconfig" will create 
the initial EDB hierarchy for the DNS part of the tree.  "dnsupdate" 
loads DNS information into the directory.  "fred" has been modified to 
resolve user@domain.  "dnsconfig" and "dnsupdate" are under test.  
The modified "fred" has not been released yet.  The work is being 
done at PSI, by Wengyik Yeong.

Some comments were offered on RFC1279, based on this work:
using case insensitive string to represent the values of all types of 
DNS records is too simplistic.  However, defining separate attribute 
syntaxes for every DNS record is both impractical and wasteful.  It 
doesn't scale, and the effort is wasted for those less frequently used 
record types.  As a compromise, one can special case those DNS 
records with their own syntaxes.  The others can continue to use case 
insensitive string values.

It was suggested that DNS records that use case insensitive string 
values need to have the sequence in which the TTL, Class, and Type 
fields occur, standardized.  One could fix the sequence (e.g., in the 
order of Class, TTL and Type) with all three mandatory in every 
record; or fix the sequence as above, but let the class be optional and 
default to IN.

Some concern was expressed that ''leaves" in the DNS can be interior 
nodes in the DIT.  This could be a problem, since QUIPU is very slow 
when loading non-leaf entries.

Open Questions
Can we make o=Internet the final resting place for the DNS tree in 
the DIT?

Can we load up all the top level domains (from DNS) without explicit 
consent from domain owners?

Further questions:
1) Where do we put the o=Internet tree?
We assumed this had already resolved, i.e., place it under the root.  It 
was noted that we have no authority to do that, hence perhaps we 
should place it under a c= node.  It is possible that, e.g., CNRI could 
pay ANSI to register it.  One camp says "just do it"; another says "put 
it where it is safe", so we won't have to change further down the 
road.  A straw poll regarding where to place the root was taken.
There were lots for the "under c=somewhere" position, only a few for 
the "under root [few]", and a number of abstentions.

The debate on placement continued for a while, with lots of back and 
forth regarding the effects of each choice of placement of 
"o=Internet".  We ended on the comment that, if we chose to place it 
under the root, this would be one of the few times that Stef would
later say he told us so.

2) Do DSA operators have right to load top level DNS zone files into 
the Directory?  One argument is that, if you permit zone transfers, 
then the door is open.  The counter argument is that DNS never 
agreed to this (X.500) usage, that this is a new usage, and thus 
assumptions should not be made about acceptability.  It was 
uniformly agreed that the following applied: ZONE TRANSFERS 
SHOULD BE NOTED AS LEADING TO POTENTIAL HARM.

3) Further discussion of the interaction between X.500 attributes and 
DNS records.  It was suggested that attribute syntax for common DNS 
records be changed (to fit more neatly into X.500), while less 
common DNS records be standardized using string records.

Vint Cerf-
The Internet Society may be able to register "Internet" for OID and 
RDN.

OIDs- According to Hardcastle-Kille, it doesn't matter where these 
come from.

RDNs- top level o=Internet is desirable.

CAT (Common Authentication Technology) - This discussion was 
concerned with integrating security in a variety of technologies.  The 
presenter (John Linn) was from the <<<???>>> WG, and wanted 
to raise the consciousness of the OSI-DS WG, since many of the issues 
that confronted them involve naming in the X.500 sense.  The CAT 
depends on global naming, in that they are using X.500 DNs in X.509 
certificates.  They are encountering early adopter penalties.

A major issue is that the CAT folks don't want DNs that are used for 
authentication to diverge from those used for other purposes within 
the Directory.  CAT needs to deal with hosts, users, processes (for 
authentication purposes) within the environment and protocols used 
by DNS, accommodating mismatches.  Hosts are currently handled, 
but not users or processes.  This is, fundamentally, a naming issue.

Implementations must support Directory access routines for security 
purposes (i.e., parsing is not needed; the only requirement is for 
matching).

Our respective areas could benefit from naming coexistence (API 
definitions,  available support libraries.  The main question the 
presenter had was:  is this part of OSI-DS charter or current plans?

In the discussion that followed, to comment on the presentation and 
answer John's question, the issue of what problem was being solved 
arose.  It is important to not replace DNS host names, but to provide 
unique names for authentication usage.  John will post a brief 
description of his work, with pointers to his documents.

The sense of the meeting was that this was best pursued in the 
context of the discussion list rather than during the meeting, because 
a clear understanding of the issues is wanting.

Lightweight Protocols - Dixie and DAS are recent alternatives to 
the full OSI stack implementation of a Directory user agent.  They are 
incompatible.  Wengyik Yeong, Tim Howes, and Steve Hardcastle-Kille 
have designed other alternatives.

LDBP - This is the first in a series of protocols.  It is targeted to 
browsing (no name service).  It is session oriented and supports few 
operations.  Its error structures have been flattened (they contain 
only a code and a string).  There is no BER (and no authentication!!), 
and instead, uses its own binary rules (the so-called "string 
encoding").  Passwords are sent in the clear.  This could be used in a 
DUA, bridge, or it could be embedded in a DSA for direct support.

SOS - Based on the observation that many applications make little 
use of the upper layers of OSI, SOS allows direct mapping to a 
transport layer(either CONS or CLNS).  A streaming proposal is 
incompatible with X.400/X.500 security issues (because access to the 
full PDU is required).  Steve Hardcastle-Kille hasn't looked at related 
OSI work on <<<???>>> (application environments) and <<<???>>> 
(reorganizing application layers, putting the session goo in the 
transport layer, removing the presentation layer).

Note that SOS really transcends X.500 - it is a much more general OSI 
issue.  This differs from the "Skinny Stack", a multi-layer collapsing 
of a local stack, due to Van Jacobson.  Note that the presence of the 
skinny stack is not seen at the remote end, unlike the case for SOS.  X 
is the first to use the skinny stack (cf. implementors agreements).
Concern was expressed that, because of the above observation, this is 
beyond the scope of this WG.

Colin's message (on DS 26) is: is LDBP needed in the face of SOS?
Also, Colin had question on "DAP lite" - why not work on this, 
providing interoperability with existing DSAs, rather than new 
protocols (e.g., add skinny stacks).

How do these affect "homogeneity" for having a global directory?
What are motivations, tradeoffs, payoffs.

Final agenda item: Next meeting - it was decided that the next OSI-DS 
meting will be at the 24th IETF meeting (July, 1992, in Boston).  We 
will postpone DSA Naming discussions until then.



Agenda for seventh meeting of
IETF Directory Services Group
Version 3

S. E. Hardcastle-Kille

March 12, 1992

Date
	Monday 16th March 1992

Time
	09:30-19:00

Venue
	San Diego IETF
	Hyatt Islandia-B

	Draft Agenda Follows

9:30 Introduction
	o Agenda
	o Minutes of San Jose Meeting (OSI-DS-MINUTES-6)
	o Matters arising

9:45  Liaisons
	o RARE WG3 (Erik Huizer)
	o ISO/CCITT
	o OIW (Russ Wright)
	o NADF (Einar Stefferud)
	o DISI (Chris Weider)
	o AARN (Steve Hardcastle-Kille)

10:00  Operational Status of Pilots
	o FOX (Tom Tignor)
	o PSI WPP (Wengyik Yeong)
	o Paradise (Paul Barker)

10:10 Security Document (Marshall Rose)

10:15 Need for Directory Operations Group (Steve Hardcastle-Kille)

10:20 Progress on Strategy Document (Eric Huizer)

10:25 Progress on representing Management Information in the 
directory.  The new object models (OSI-DS 14, 16, 17, 19; Chris 
Weider, et alia) *** NEW VERSIONS COMING SOON ***

10:45 Naming Guidelines (OSI-DS 12.4)

11:00 ISOC role in Registration (Message from Vint Cerf)

11:05 User Friendly Naming/String Representation of DN (OSI-DS 
23.1, 24.1)

11:30 The QOS Experiment (OSI-DS 15) Russ Wright, Tim Howes

11:40 Report on JPEG Progress (Russ Wright)

<<AT THIS POINT TIME, on the agenda, GETS A LITTLE SQUIRRELLY>>
11:25 Character Sets (OSI-DS 32) Geir Pederson

11:40 Counting the DIT (OSI-DS 30) Steve Hardcastle-Kille

11:50 Date of next meeting

11:55 AOB

12:00 Lunch

13:30 Difficulties with RFC 1274 approach to schema

13:45 New approach: Document restructuring + reorganization 
(possible new WG)

14:15 Schema Publishing

14:30 New attributes for DSA objects (Erik Huizer presenting a 
message from Paul-Andre Pays)

14:35 Detailed work on new attributes for RFC 1274

15:30 Tea

16:00 DNS and X.500: progress on RFC 1279 (Wengyik Yeong)

16:20 Relationship to CAT (Common Authentication Technology) 
(John Linn)

16:45 Lightweight directory protocols
		LDBP - Yeong, Howes, Hardcastle-Kille (OSI-DS 26, 27)
		SOS - Hardcastle-Kille (OSI-DS 31)

17:30 DSA Naming (OSI-DS 13)

18:00 Close