Re: Root DSA
D.W.Chadwick@iti.salford.ac.uk Fri, 04 November 1994 22:02 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa09497; 4 Nov 94 17:02 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa09493; 4 Nov 94 17:02 EST
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa17153; 4 Nov 94 17:02 EST
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.03263-0@haig.cs.ucl.ac.uk>; Fri, 4 Nov 1994 19:47:15 +0000
Via: uk.ac.salford.europa; Fri, 4 Nov 1994 19:47:09 +0000
Received: from mailgate-0.salford.ac.uk by europa.salford.ac.uk with SMTP (PP); Fri, 4 Nov 1994 19:47:18 +0000
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: D.W.Chadwick@iti.salford.ac.uk
Date: Fri, 04 Nov 1994 19:28:00 -0000
To: osi-ds@cs.ucl.ac.uk
Subject: Re: Root DSA
X-Mailer: University of Salford cc:Mail/SMTP gateway 1.71
Encoding: 123 TEXT
Message-ID: <9411041702.aa17153@CNRI.Reston.VA.US>
Andrew Waugh <A.Waugh@mel.dit.csiro.au> wrote My suggestion is to define the term 'psuedo-context' (or something equivalent). This is a context consisting of the Root entry and *one* subordinate reference. For example the Australian First Level DSA would hold a psuedo-context containing the root and the subordinate reference for the context <c=AU>. (It would also, of course, normally hold the context <c=AU> as well.) The process described in your note is then simply that of collecting together these psuedo-contexts to form a proper context and redistributing this context to the First Level DSAs. My reply In the 1993 DSA Information Model, subordinate references are defined and modelled. We therefore do not need any new terminology, because what we have is sufficient. WE are actually only passing the subordinate reference of the root to the pseudo root DSA, we are not passing the root entry as well, as your text suggests (otherwise the pseudo root DSA would recieve 50 root entries) AW Your long term solution can then be described as using a HOB to copy the subordinate references from the psuedo-contexts to the Psuedo Root DSA which builds the root context. It then uses a SOB to distribute this context back to the First Level DSAs. My reply Again, I dont believe we need any special terminology here, because a HOB is between 2 naming contexts. In this case it is between the root context and a first level naming context. It is exactly the same as that between any two other naming contexts (except that the superior entry - in this case the root - does not hold any real entry information AW 2) The implementation issues then become: a) Can a Psuedo Root DSA amalgamate the data it is receiving from the HOBs into a full context? DC This is no different to what a Country DSA would have to do for many organisational DSAs, so it should be within the capabilities of a standard implementation of HOBs. (except for the fact that the context prefix is null) # AW b) How will the First Level DSAs handle receiving the root context from the Psuedo Root DSA which includes their own psuedo-contexts? DC This question also needs to be addressed by implementations anyway, as the following example illustrates. An organisation entry is in one DSA, and an OU naming context is in another DSA. The org DSA will have a subr to the OU DSA. Suppose the org DSA wishes to shadow the subordinate naming context. It will then receive the entry for which it has a subr. AW It may be that special code needs to be added to the First Level DSAs to handle these cases. DC Nothwithstanding the above explanations, you might still be correct here! 3) > 11. The European coordinating point can operate a (pseudo) root DSA that > enters into two bilateral agreements with every master First Level DSA. One > of these agreements will be a shadowing agreement, the other a hierarchical > agreement. > > 12. Every master First Level DSA will shadow the root context from the root > DSA. This will provide the complete set of subordinate references. This is > the shadowing agreement, and should be completely standard (otherwise > shadow First Level DSAs could not be supported by the implementation). > > [...] > > 13. The root DSA will enter into a hierarchical agreement with every master > First Level DSA, in order to obtain a subordinate reference for each first > level entry. Whilst hierarchical agreements are standardised, this > particular novel use of a HOB is not specifically recognised in the > standard so it may cause hiccups with some implementations, although the > ASN.1 will support it. > > [...] I would suggest reversing points 12 and 13. First describe how the (pseudo) root DSA receives updates from the First Level DSA (the true masters of each first level context), and then how this (pseudo) root DSA distributes the co-ordinated set of first level contexts to the First Level DSAs. The reason for this change is that, on first reading, it appears that you are suggesting keeping the concept of a root DSA (i.e. having a single master First Level DSA) with all other First Level DSAs being shadows. Reversing the order of the points highlights that the true source of the first level contexts is actually the set of First Level DSAs. DC Point taken. will include this in revised version 4) > 11. The European coordinating point can operate a (pseudo) root DSA that ^^^ will 5) > 15. An alternative solution, which is much less manageable, but that does > without a pseudo root DSA, is for each master First Level DSA to enter into > bilateral agreements with every other master First Level DSA, in order to > shadow the first level entries and access point operational attributes. > However, this solution is not seriously proposed, as the management > overheads are too great. While it is less managable, it has the advantage that there is no single point of failure. This is an issue with the Psuedo Root DSA approach (though not a large one) and should be pointed out. andrew waugh
- Root DSA D.W.Chadwick
- Re: Root DSA pays
- Re: Root DSA Colin Robbins
- Re: Root DSA Thomas Lenggenhager
- Re: Root DSA Andrew Waugh
- Re: Root DSA D.W.Chadwick
- Re: Root DSA D.W.Chadwick
- Re: Root DSA Steve Kille
- Re[2]: Root DSA D.W.Chadwick