Re: Root DSA

D.W.Chadwick@iti.salford.ac.uk Fri, 04 November 1994 22:02 UTC

Via: uk.ac.salford.europa; Fri, 4 Nov 1994 19:47:09 +0000
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: D.W.Chadwick@iti.salford.ac.uk
Date: Fri, 04 Nov 1994 19:28:00 -0000
To: osi-ds@cs.ucl.ac.uk
Subject: Re: Root DSA
Encoding: 123 TEXT
Message-ID: <9411041702.aa17153@CNRI.Reston.VA.US>

 Andrew Waugh <A.Waugh@mel.dit.csiro.au> wrote

My suggestion is to define the term 'psuedo-context' (or something equivalent).
This is a context consisting of the Root entry and *one* subordinate reference.
For example the Australian First Level DSA would hold a psuedo-context
containing the root and the subordinate reference for the context <c=AU>. (It
would also, of course, normally hold the context <c=AU> as well.)

The process described in your note is then simply that of collecting together
these psuedo-contexts to form a proper context and redistributing this context
to the First Level DSAs.

My reply
In the 1993 DSA Information Model, subordinate references are defined and
modelled. We therefore do not need any new terminology, because what we have is
sufficient. WE are actually only passing the subordinate reference of the root
to the pseudo root DSA, we are not passing the root entry as well, as your text
suggests (otherwise the pseudo root DSA would recieve 50 root entries)


AW
Your long term solution can then be described as using a HOB to copy the
subordinate references from the psuedo-contexts to the Psuedo Root DSA which
builds the root context. It then uses a SOB to distribute this context back
to the First Level DSAs.

My reply
Again, I dont believe we need any special terminology here, because a HOB is
between 2 naming contexts. In this case it is between the root context and a
first level naming context. It is exactly the same as that between any two
other naming contexts (except that the superior entry - in this case the root -
does not hold any real entry information


AW
2) The implementation issues then
become:
   a) Can a Psuedo Root DSA amalgamate the data it is receiving from the
      HOBs into a full context?

DC
This is no different to what a Country DSA would have to do for many
organisational DSAs, so it should be within the capabilities of a standard
implementation of HOBs. (except for the fact that the context prefix is null)
                                                                             #


  AW
   b) How will the First Level DSAs handle receiving the root context from the
      Psuedo Root DSA which includes their own psuedo-contexts?

DC
This question also needs to be addressed by implementations anyway, as the
following example illustrates. An organisation entry is in one DSA, and an OU
naming context is in another DSA. The org DSA will have a subr to the OU DSA.
Suppose the org DSA wishes to shadow the subordinate naming context. It will
then receive the entry for which it has a subr.

  AW
It may be that special code needs to be added to the First Level DSAs to
handle these cases.

DC
Nothwithstanding the above explanations, you might still be correct here!

 3)

> 11. The European coordinating point can operate a (pseudo) root DSA that
> enters into two bilateral agreements with every master First Level DSA. One
> of these agreements will be a shadowing agreement, the other a hierarchical
> agreement.
>
> 12. Every master First Level DSA will shadow the root context from the root
> DSA. This will provide the complete set of subordinate references. This is
> the shadowing agreement, and should be completely standard (otherwise
> shadow First Level DSAs could not be supported by the implementation).
>
> [...]
>
> 13. The root DSA will enter into a hierarchical agreement with every master
> First Level DSA, in order to obtain a subordinate reference for each first
> level entry. Whilst hierarchical agreements are standardised, this
> particular novel use of a HOB is not specifically recognised in the
> standard so it may cause hiccups with some implementations, although the
> ASN.1 will support it.
>
> [...]

I would suggest reversing points 12 and 13. First describe how the (pseudo)
root DSA receives updates from the First Level DSA (the true masters of each
first level context), and then how this (pseudo) root DSA distributes the
co-ordinated set of first level contexts to the First Level DSAs.

The reason for this change is that, on first reading, it appears that you are
suggesting keeping the concept of a root DSA (i.e. having a single master First
Level DSA) with all other First Level DSAs being shadows. Reversing the order
of the points highlights that the true source of the first level contexts is
actually the set of First Level DSAs.

DC
Point taken. will include this in revised version


 4)

> 11. The European coordinating point can operate a (pseudo) root DSA that
                                      ^^^ will

5)

> 15. An alternative solution, which is much less manageable, but that does
> without a pseudo root DSA, is for each master First Level DSA to enter into
> bilateral agreements with every other master First Level DSA, in order to
> shadow the first level entries and access point operational attributes.
> However, this solution is not seriously proposed, as the management
> overheads are too great.

While it is less managable, it has the advantage that there is no single point
of failure. This is an issue with the Psuedo Root DSA approach (though not a
large one) and should be pointed out.

andrew waugh

Root DSA D.W.Chadwick
Re: Root DSA pays
Re: Root DSA Colin Robbins
Re: Root DSA Thomas Lenggenhager
Re: Root DSA Andrew Waugh
Re: Root DSA D.W.Chadwick
Re: Root DSA D.W.Chadwick
Re: Root DSA Steve Kille
Re[2]: Root DSA D.W.Chadwick