164617

History of X.500

X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by the Telecommunication Standardization Sector of the International Telecommunication Union. ITU-T was formerly known as the Consultative Committee for International Telephony and Telegraphy. Wikipedia

History of X.500 

OSI (Open System Interconnection) defined X.500 in 1988 and 1993 added additional details. The purpose of OSI is simply to standardize directory services. But this standard has not received a good response in actual use. One reason for this is the Protocol complexity, resource requirements for implementation And there is no example of actual use.

In addition, when it comes to data security regarding the disclosure of data that has never had to be disclosed before, the X.500 specification defines a data model that determines how data is stored in a database called DIB (Directory Information). Base) Each entry in a database is made up of several attributes, each consisting of a type and value field. The type of the attribute determines the possible data values in the list. An attribute may contain multiple values. Each item can have a different number of attributes.

Some of them may be mandatory attributes. Some of these determine whether an attribute is mandatory or an optional value type. Items in a database are stored hierarchically. Such a structure is called DIT(Directory Information Tree), which may be a decentralized database located in various geographic locations. or divided into hierarchies according to the organization chart and distributed across multiple Directory Servers. Each entry in this database has a unique value: DN(Distinguished Name) is a combination of the values of two attributes that identify the country, organization, organizational unit, and common name. If some values are omitted from the DN, the data item is referred to as RDN(Relative).

Distinguish Name) Examples of DNs as shown are / c=USA, /o=Aumsoft, /ou=Documentation, /cn=Dilip X.500 requires the client to establish a session for communicating with the server. Before requesting any service This can be done by Bind, where the client must introduce itself to the server. Security systems available can range from simple systems where passwords are sent in plain text to public key-based algorithms. Each time the connection is disconnected, the client performs Unbind.

Once the client has established a session, it can search, read, edit, add, delete, and cancel operations. A search retrieves data whose attributes meet specified criteria, called a Search Filter. The result of a search may be a list of a set of items. or subtree of a directory Reading data is simply bringing out the specified data. Editing involves changing existing data. X.500 defines an operation called modifyRDN for modifying the name of an item.

X.500 also defines a method for adding and deleting certain items. As for canceling an operation, it will be used to cancel any action. has been determined The actions and results can be signed by either the client’s or the server’s public key. Various applications Can access information in the directory service’s database. in a similar way to Re-solver using a so-called client interface.

DUA(Directory User Agent) The operation of this interface uses the DUA(Directory User Agent) protocol. DAP(Directory Access Protocol) is a protocol that works in the application layer of the ISO/OSI model and is defined using the OSI Transport Stack. Such implementation requires both program development and hardware effort to provide the Protocol Stack. Functional Data exchange between directory servers can be done using protocols. DSP(Directory System Protocol) The X.500 1993 specification describes the protocol. DISP(Directory Information Shadowing Protocol), which defines how multiple servers can be used to perform the same task.

Using multiple servers to work the same way spreads out the server load. and increase the level of redundancy and performance as well. It is also used to move data to a machine that may be more easily accessible. The answer given must always be the same.

The server may not have the information the client needs, but it must be able to satisfy the client by chaining or requesting it from another server. Or it sends the response as a reference or pointer to another server so that the client can request information from that server. Chaining can only be done using DSP, which is a protocol used to communicate between servers. But communication between servers is the result of DUA’s work.

The principle of X.500 Multicasting is similar to Chaining. However, Multicasting causes data requests to be sent out to multiple servers at the same time. Each server responds with the required information. or respond that an error has occurred if the client’s request cannot be performed. There may be more than one answer given. But the client will choose to receive only one desired answer.

LDAP and X.500

• LDAP runs on TCP/IP, while X.500’s DAP protocol requires the OSI Stack.
• LDAP has a Bind command that makes it easy to use. LDAP clients can bind anonymously (Anonymous Bind), that is, without having to be prompted for a password. Passwords can also be sent in plain text, while the X.500 uses a strong encryption system.
• LDAP does not have a Read or List command. Clients must use the Search command to produce similar results. -LDAP clients only connect to one server at a time. and LDAP servers do not provide clients with referral services to other servers.
• LDAP uses a simpler encoding system than x.500.