X.500
From Wikipedia, the free encyclopedia
X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by ITU-T, formerly known as CCITT. The directory services were developed in order to support the requirements of X.400 electronic mail exchange and name lookup. ISO was a partner in developing the standards, incorporating them into the Open Systems Interconnection suite of protocols. ISO/IEC 9594 is the corresponding ISO identification.
Contents |
[edit] X.500 protocols
The protocols defined by X.500 include:
- DAP (Directory Access Protocol)
- DSP (Directory System Protocol)
- DISP (Directory Information Shadowing Protocol)
- DOP (Directory Operational Bindings Management Protocol)
Because these protocols used the OSI networking stack, a number of alternatives to DAP were developed to allow Internet clients to access to the X.500 Directory using the TCP/IP networking stack. The most well-known alternative to DAP is Lightweight Directory Access Protocol (LDAP). While DAP and the other X.500 protocols can now use the TCP/IP networking stack, LDAP remains a popular directory access protocol.
[edit] X.500 data models
The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers. An entry consists of a set of attributes, each attribute with one or more values. Each entry has a unique Distinguished name, formed by combining its Relative distinguished name (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT. As LDAP implements a very similar data model to that of X.500, there is further description of the data model in the article on LDAP.
X.520 and X.521 together provide a definition of a set of attributes and object classes to be used for representing people and organizations as entries in the DIT is one of the most widely deployed white pages schema.
X.509, the portion of the standard providing for an authentication framework, is now also widely used outside of the X.500 directory protocols. It specifies a standard format for public-key certificates.
[edit] List of X.500 series standards
ITU-T number | ISO/IEC number | Title of Standard |
---|---|---|
X.500 | ISO/IEC 9594-1 | The Directory: Overview of concepts, models and services |
X.501 | ISO/IEC 9594-2 | The Directory: Models |
X.509 | ISO/IEC 9594-8 | The Directory: Public-key and attribute certificate frameworks |
X.511 | ISO/IEC 9594-3 | The Directory: Abstract service definition |
X.518 | ISO/IEC 9594-4 | The Directory: Procedures for distributed operation |
X.519 | ISO/IEC 9594-5 | The Directory: Protocol specifications |
X.520 | ISO/IEC 9594-6 | The Directory: Selected attribute types |
X.521 | ISO/IEC 9594-7 | The Directory: Selected object classes |
X.525 | ISO/IEC 9594-9 | The Directory: Replication |
X.530 | ISO/IEC 9594-10 | The Directory: Use of systems management for administration of the Directory |
[edit] Criticism
The authors of RFC 2693 (concerning SPKI) note that "The original X.500 plan is unlikely ever to come to fruition. Collections of directory entries... are considered valuable or even confidential by those owning the lists and are not likely to be released to the world in the form of an X.500 directory sub-tree." and that "The X.500 idea of a distinguished name (a single, globally unique name that everyone could use when referring to an entity) is also not likely to occur."
[edit] External links
- Chadwick, D W (1994, 1996). Understanding X.500 - The Directory.
- X500Standard.com The X.500 community site that is both a guide to the X.500 Standard and a repository for existing and new work being carried out on the standard.