1 / 33

Understanding X.500 Models: Directory Functions and Operations Overview

This document presents an overview of X.500 models, focusing on frameworks used to represent directory functions and operations. It details various models defined in the X.500 suite, including the Directory Informational Model, User Informational Model, and Operational Models. The text elaborates on Directory System Agents (DSAs), their interactions, attribute specifications, and references fundamental to the structure of directory information bases (DIBs). Additionally, it discusses administrative authority models and the importance of security within directory systems.

nara
Télécharger la présentation

Understanding X.500 Models: Directory Functions and Operations Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. X.500 Part 2 Models and Objects CNS 4650 Fall 2004 Rev. 2

  2. X.500 Models • Models are used to snapshot certain function and operations • Usually a distinct portion of the directory • Abstracts the rest of the directory

  3. Models Examined • 1988 X.500 only specified one model, the Directory Informational Model • 1993 X.501 (The Directory: Models) expanded the model definitions • There are a number of models that will not be discussed

  4. Directory Functional Model • The directory is comprise of one or more DSAs with access to the DIB • DSAs can use information stored locally or query other DSAs for information • DSAs can also “refer” to other DSAs

  5. User Informational Model • Directory is a logical tree to the user • The tree contains objects • Objects have attributes • Attributes must respect syntax rules • More discussion at end of lecture

  6. Operational and Administrative Information Model • Directory from the Administator’s view • Objects not only contain “user” attributes, but also administrative attributes • Similar to the User Information Model as far as how the directory is viewed (DIT) • Two types of attributes • Operational • Subentries

  7. Operational Attributes • Three types • Directory Operational • Apply to every DSA (access control) • DSA-shared Operational • Apply to replication between DSAs • DSA-specific Operational • Apply to a single DSA (time stamp of last replica)

  8. Subentries • Used to define a subtree • Applies properties to the subtree • access control • subschema • global properties

  9. DSA Information Model • DSA are organized into a DIT with naming contexts • The DIB may span across multiple DSAs • DSAs must be able access information, either through direct look up or referral • Replicas must be able to access original data at DUAs request • Knowledge Information • DSA-Specific Information

  10. Knowledge Information • Describe relationships between DSAs • References hold information to portions of the DIB that are not local to the DSA • Four mandatory references • Superior • Subordinate • Suppiler • Consumer

  11. Superior Reference • Non-first level DSA must contain one superior reference • References form path to the “root” • Book is incorrect, Immediate Superiors are an optional reference.

  12. Subordinate Reference • References contain naming contexts (children) directly below current naming context • Contain RDN (Relative Distinguished Name) and access point for DSA

  13. Suppiler Reference • Used for replication • Contains the agreement between the supplier and consumer for replication • Access point of Supplier DSA • States whether the Supplier is a master and if not it will contain the access point to the master DSA

  14. Consumer Reference • Contains a copy of the agreement between the supplier and consumer • Access point for the consumer

  15. DSA-Specific Entry • DSE are entries in the DIT that reflect how DSA views a certain object

  16. Directory Distribution Model • A single master DSA will hold a authoritative copy of each object in the respective naming context • A DSA may contain a copy of the master, that DSA is referred to as a shadow • DIB fragment

  17. Directory Administrative Authority Model • Divides the DIT into subtrees • Subtrees allow for delegated management • Subtrees are attached to a container object and extend down to the next subtree • Subtrees are assigned a particular administrative area • Autonomous Administrative Area • Specific Administrative Area • Inner Administrative Area

  18. Autonomous Authority Area • The AAA usually encompasses the entire organization’s DIT • The may be more than one AAA in a DIT

  19. Specific Administrative Area (SAA) • Administrate the attributes that are part of the subtree being administrated

  20. Inner Administrative Area (IAA) • Delegate administration to a local administrator • IAA can be nested, unlike SAAs • Boundaries are somewhat permable, permissions may cross boundaries

  21. (IAP)

  22. (AAP)

  23. (SAP)

  24. Security Model • Defined in the Directory Administrative Authority Model • Security divisions correspond exactly to the administrative divisions

  25. Security Model

  26. Sources • X.500 Information Technology - Open Systems Interconnection- The Directory: Overview of Concepts, Models, and Services, first published in 1988 • X.501 Information Technology - Open Systems Interconnection- The Directory: Models, first published in 1993 • X.518 Information Technology - Open Systems Interconnection- The Directory: Procedures for Distributed Operation, first published in 1988

More Related