directory services landscape
play

Directory Services Landscape Services, Technologies, Protocols, - PowerPoint PPT Presentation

Jun 03, 2023 •161 likes •666 views

Directory Services Landscape Services, Technologies, Protocols, Products, and the Medium Mohsen Banan <public@mohsen.banan.1.byname.net> 07/08/2000 1 Outline Directory Concepts X.500 & OSI Directory X.509 & PKI

  1. Directory Services Landscape Services, Technologies, Protocols, Products, and the Medium Mohsen Banan <public@mohsen.banan.1.byname.net> 07/08/2000 1

  2. Outline • Directory Concepts • X.500 & OSI Directory • X.509 & PKI • LDAP • Domain Name System (DNS) • Novel Directory Services (NDS) • SQL & Oracle • Misc. • Predictions & the Future 2 07/08/2000

  3. Basic Directory Concepts • Prior to the initiation of any communication, some addressing and other infrastructural information is needed for interconnection of information processing systems • Directory services provide access to such information • “The Directory” Is an integrated whole, consisting of a set of systems and the directory information they hold, that provide the addressing and other infrastructural information needed for communication 3 07/08/2000

  4. Basic Directory Concepts • The Directory (singular) is an integrated whole one global name space • The Directory is not intended to be a general-purpose database system • A considerably higher frequency of ‘queries’ than of updates is assumed • Transient conditions where both old and new versions of the same information are available, are quite acceptable • Except for unpropagated updates and access rights, the results of directory queries will not be dependent on the identity or location of the inquirer 4 07/08/2000

  5. Directory and Users Directory User DUA The Directory 5 07/08/2000

  6. Outline • Directory Concepts • X.500 & OSI Directory • X.509 & PKI • LDAP • Domain Name System (DNS) • Novel Directory Services (NDS) • SQL & Oracle • Misc. • Predictions & the Future 6 07/08/2000

  7. X.500 Topics • OSI Directory Services standards (The Dreams) – Directory Model – Information Model – Security Model • Directory Services Implementations and Applications (Reality) – Scope and field of application of OSI Directory Services – Expected Evolution of Directory Services – IBM, DEC and others – Internet White-Pages Pilot Project • Conclusions 7 07/08/2000

  8. Information Model • Directory Information Base (DIB) – All information to which the Directory provides access – Without regard to distributes or centralized architecture – Without regard to hierarchy 8 07/08/2000

  9. Informational Model Entries …... Entry Type Values Attribute Attribute Distinguished …... Value Value Value Value Values 9 07/08/2000

  10. Information Model Directory Information Tree (DIT) DIT Alias …... Entry Type Values Attribute 10 07/08/2000

  11. Information Model Schema • The Directory Schema comprises a set of: – DIT structure definition – Object class – Attribute type – Attribute syntax 11 07/08/2000

  12. Functional Model • Distributed Directory Service Model DAP DSA DUA DSA DUA DAP DUA DSA DAP = Directory Access Protocol DUA = Directory User Agent DSP = Directory System Protocol DSA = Directory System Agent 12 07/08/2000

  13. Functional Model • Referrals • Chaining • Multi-casting 13 07/08/2000

  14. Functional Model • Referrals The Directory DSA Request DSA DSA DUA Response DSA 14 07/08/2000

  15. Functional Model • Chaining The Directory DSA Request DSA DSA DUA Response DSA 15 07/08/2000

  16. Functional Model • Multi-Casting The Directory DSA Request DSA DSA DUA Response DSA 16 07/08/2000

  17. The X.500 Recommendation (ISO-9594) • X.500 Overview • X,501 Models • X.509 Authentication Framework • X.511 Abstract Service Definition • X.518 Procedures for Distributed Operations • X.519 Protocol Specifications • X.520 Selected Attribute Types • X.521 Selected Object Classes 17 07/08/2000

  18. Field of Applications of OSI Directory Services • Inter-personal Communication – Provide humans or their agents with information on how to communicate with other humans, or groups thereof • Inter-system Communication – Map application-titles onto presentation addresses • Authentication 18 07/08/2000

  19. X.500 Conclusions • X.500 provides a valuable model and terminology for directory • Implementations of OSI Directory Services that address the local and enterprise-wide directory requirements will soon be available from a number of vendors • “Global OSI Directory” requires completion of the specification • We need to understand our directory requirements and properly apply OSI Directory Services to those requirements • Policies and procedures for administration of an enterprise-wide directory must be very carefully planned 19 07/08/2000

  20. Outline • Directory Concepts • X.500 & OSI Directory • X.509 & PKI • LDAP • Domain Name System (DNS) • Novel Directory Services (NDS) • SQL & Oracle • Misc. • Predictions & the Future 20 07/08/2000

  21. Security Model • Authentication • Public Key Cryptographic Systems (PKCS) • Digital Signatures 21 07/08/2000

  22. Security Model • Public Key Cryptographic Systems (PKCS) • Data encrypted by one key half: Private Data Cipher • Can only be decrypted by matching key half Public Data Cipher 22 07/08/2000

  23. Security Model - Digital Signatures Secret key Public key Xs (Xs) (Xp) [h(info)] E D compare h h info Signer(x) recipient 23 07/08/2000

  24. Outline • Directory Concepts • X.500 & OSI Directory • X.509 & PKI • LDAP • Domain Name System (DNS) • Novel Directory Services (NDS) • SQL & Oracle • Misc. • Predictions & the Future 24 07/08/2000

  25. LDAP- related RFCs • RFC-1777 Lightweight Directory Access Protocol. • RFC-1558 A String Representation of LDAP Search Filters • RFC-1778 The String Representation of Standard Attribute Syntaxes • RFC-1779 A String Representation of Distinguished Names • RFC-1798 Connectionless LDAP • RFC-1823 The LDAP Application Program Interface • RFC-1959 An LDAP URL Format 25 07/08/2000

  26. What is LDAP? • What is LDAP? LDAP is a client-server protocol for accessing a directory service. It was initially used as a front-end to X.500, but can also be used with stand-alone and other kinds of directory servers. • Why do we need LDAP? Why don’t we just use X.500? LDAP does not require the upper layers OSI stack, it is a simpler protocol to implement(especially in clients), and LDAP is under IETF change control and so can more easily evolve to meet Internet requirements. 26 07/08/2000

  27. LDAP Info Model • What can I store in an LDAP directory? The LDAP information model is based on the entry, which contains information about some object (e.g., a person). Entries are composed of attributes, which have a type and one or move values. Each attribute has a syntax that determines what kind of values are allowed in the attribute and how those values behave during directory operations. Examples of attribute syntaxes are for IA5 (ASCII) strings, JPEG photographs, u-law encoded sounds, URLs and PGP keys. 27 07/08/2000

  28. LDAP & X.500 • Can I connect a stand-alone LDAP directory server into an X.500 directory? Yes! See for example the X.500 Enabler. 28 07/08/2000

  29. Outline • Directory Concepts • X.500 & OSI Directory • X.509 & PKI • LDAP • Domain Name System (DNS) • Novel Directory Services (NDS) • SQL & Oracle • Misc. • Predictions & the Future 29 07/08/2000

  30. Domain Name System (DNS) • What is DNS? DNS is a distributed Internet directory service. DNS is used mostly to translate between domain names and IP addresses, and to control Internet email delivery. Most Internet services rely on DNS to work, and if DNS fails, web sites cannot be located and email delivery stalls. 30 07/08/2000

  31. Structure of DNS Name • Each name consists of a sequence of alphanumeric components separated by periods • Examples: – www.eg.bucknell.edu – www.netbook.cs.purdue.edu – charcoal.eg.bucknell.edu • Names are hierarchical, with most-significant component on the right • Left-most component is computer name 31 07/08/2000

  32. DNS naming structure • Top level domains (right-most components; also known as TLDs) defined by global authority • Organizations apply for names in a top-level domain: – bucknell.edu – macdonalds.com • Organizations determine own internal structure – eg.bucknell.edu – cs.purdue.edu 32 07/08/2000

  33. Top Level Domains Assign To Domain Name Com Commercial organization edu Educational institution gov Government organization mil Military group net Major network support center org Organization other than those above arpa Temporary ARPA domain (still used) int International organization A country country code 33 07/08/2000

  34. Name Server Concept • Zone – A zone is part of the name space ( such as ee.usm.maine.edu or bbn.com) delegated to a single server. If a nameserver is listed at the internic (or a higher level nameserver as authoritative for part of the name space, and it has full data on that part of the name space then it is authoritative for that zone. • Domain – A domain is also part of the name space, but it may covers several zones. (maine.edu is a domain that covers both the usm.maine.edu and the caps.maine.edu zones) 34 07/08/2000

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 9: Name Services 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory

Chapter 9: Name Services 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory

Chapter 9: Name Services 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory services 9.6 Summary Learning objectives To understand the need for naming systems in distributed systems To be familiar with the design

682 views • 20 slides
WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

A one-stop shop , district and borough-wide register of local services , events and other assets Professional directory- the information on it is not made available to the wider public. Users can see at a glance what the service can do

294 views • 11 slides
Directories and directory implementation Introduction to directory implementation and the art of

Directories and directory implementation Introduction to directory implementation and the art of

Directories and directory implementation Introduction to directory implementation and the art of attributes Miroslav Milinovic, University Computing Centre, University of Zagreb Jasmina Hodzic, Center for Information Technology Services,

1.65k views • 20 slides
Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory Collection of related objects Files, Printers, Fax servers etc. Directory Service Information needed to use and manage the objects. Source

438 views • 27 slides
Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and looks up entries that match attribute-based specifications (e.g., Microsoft's Active Directory Service, X.500 and LDAP) Case Study - X.500

515 views • 12 slides
Directory Services Status Update (including ARP Op:miza:on) Donald Eastlake, Li Yizhou (Huawei)

Directory Services Status Update (including ARP Op:miza:on) Donald Eastlake, Li Yizhou (Huawei)

Directory Services Status Update (including ARP Op:miza:on) Donald Eastlake, Li Yizhou (Huawei) d3e3e3@gmail.com liyizhou@huawei.com July 2016 TRILL WG 1 Directory Services Related Dra&gt;s In RFC Editors queue

437 views • 11 slides
Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr

Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr

Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr Presentation by the esentation by the Expert W Expert Working Gr orking Group (EWG) oup (EWG) Next Generation gTLD Directory Services

569 views • 15 slides
Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team /

Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team /

Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team / Red Hat, Inc. Directory Services Centralize: management of users management of machines control of security settings configuration management

280 views • 16 slides
Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core Coherence Socrates Demetriades and Sangyeun Cho 20 th Interna+onal Symposium On High Performance

782 views • 31 slides
Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory Unlike the earlier Microsoft Windows NT 4.x Domain directory service which used proprietary DCE/RPC calls, Active Directory is based on standard

557 views • 27 slides
Infrastructure Systems Fred Seaton, Sr. UNIX Administrator SERVICES PROVIDED

Infrastructure Systems Fred Seaton, Sr. UNIX Administrator SERVICES PROVIDED

Infrastructure Systems Fred Seaton, Sr. UNIX Administrator SERVICES PROVIDED Infrastructure: VMWare, UNIX, Windows, and Mac servers Authentication Services: CAS , LDAP, Active Directory, Open Directory Email Services:

128 views • 8 slides
Yasser F. O. Mohammad REMINDER 1: What is X.509? Part of X.500 standard for directory services

Yasser F. O. Mohammad REMINDER 1: What is X.509? Part of X.500 standard for directory services

Yasser F. O. Mohammad REMINDER 1: What is X.509? Part of X.500 standard for directory services Recommended by ITU-T in 1988 Used in many applications SSL/TLS S/MIME IP Security SET etc No specific public key

405 views • 40 slides
EWG Final Report: Next Generation Registration Directory Service (RDS) Overview

EWG Final Report: Next Generation Registration Directory Service (RDS) Overview

EWG Final Report: Next Generation Registration Directory Service (RDS) Overview Expert Working Group on gTLD Directory Services (EWG) 23 June, 2014 Session Agenda About the EWG Overview of the EWGs Final

948 views • 36 slides
DBIS: Directory-Based Information Services A replacement for NIS and RFC2307 by Mark R.

DBIS: Directory-Based Information Services A replacement for NIS and RFC2307 by Mark R.

DBIS: Directory-Based Information Services A replacement for NIS and RFC2307 by Mark R. Bannister dbis.sf.net Background RFC 2307, late 1990s (experimental) RFC 2307bis, 2002-2009 (draft) RFC 4876, 2007 nss_ldap (PADL, Sun

283 views • 9 slides
Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in Azure Active Directory (https://azure.microsoft.com/en- us/services/active-directory/) using the Azure Resource Manager API's. Documentation regarding

925 views • 46 slides
DEPARTMENT OF GENERAL SERVICES PENNSYLVANIA STATE CONSTRUCTION NOTICES DIRECTORY DESIGN

DEPARTMENT OF GENERAL SERVICES PENNSYLVANIA STATE CONSTRUCTION NOTICES DIRECTORY DESIGN

DEPARTMENT OF GENERAL SERVICES PENNSYLVANIA STATE CONSTRUCTION NOTICES DIRECTORY DESIGN PRESENTATION &amp; 2014 ACT 142 COMPLIANCE REVIEW TOPICS Introduction Welcome and a few words from the PA Department of General Services. About The

849 views • 43 slides
Welcome! Manitoulin-S udbury Welcome! Manitoulin-S udbury District S District S ervices

Welcome! Manitoulin-S udbury Welcome! Manitoulin-S udbury District S District S ervices

Welcome! Manitoulin-S udbury Welcome! Manitoulin-S udbury District S District S ervices Board ervices Board District S District S ervices Board ervices Board Annual General Meeting Annual General Meeting 2010 2010 2010

652 views • 43 slides
Early Literacy Grant Program To assist students in kindergarten and first, second, and third

Early Literacy Grant Program To assist students in kindergarten and first, second, and third

Early Literacy Grant Program To assist students in kindergarten and first, second, and third grades to achieve reading competency (HB 12-1238: Section 22-7-1211) 1 READ Act Funding Supports Per-pupil formula funds: Distributed to

402 views • 9 slides
The Confederation Line Project Update and Proposed Temporary Zoning By-Law Amendment Hieu Nguyen

The Confederation Line Project Update and Proposed Temporary Zoning By-Law Amendment Hieu Nguyen

The Confederation Line Project Update and Proposed Temporary Zoning By-Law Amendment Hieu Nguyen Matt Eason Planner II Community Liaison Planning and Growth Management Rail Implementation Office Rideau Transit Group After rigorous

805 views • 16 slides
DRPT Public Transportation Funding Study SJR 297 Statewide Transit Meeting September 6, 2012

DRPT Public Transportation Funding Study SJR 297 Statewide Transit Meeting September 6, 2012

DRPT Public Transportation Funding Study SJR 297 Statewide Transit Meeting September 6, 2012 Mark Aesch, CEO TransPro www.drpt.virginia.gov Presentation Overview Review and Recap Operating Assistance Methodology Capital

767 views • 17 slides
The Ottawa Carleton District School Board (The District) supports all School Councils with their

The Ottawa Carleton District School Board (The District) supports all School Councils with their

The Ottawa Carleton District School Board (The District) supports all School Councils with their initiatives in supporting and providing active play areas for the children. This presentation is to provide information on the process and

230 views • 20 slides
Novel Approaches to Meet Accessibility Standards Jennifer A. Glaab, M.S. Sr. Instructional

Novel Approaches to Meet Accessibility Standards Jennifer A. Glaab, M.S. Sr. Instructional

4/17/2020 Novel Approaches to Meet Accessibility Standards Jennifer A. Glaab, M.S. Sr. Instructional Designer Walker Center for Teaching and Learning University of Tennessee Chattanooga

221 views • 5 slides
Microsoft Accessibility Checker 1 File -&gt; Check for Issues -&gt; Check Accessibility 2

Microsoft Accessibility Checker 1 File -&gt; Check for Issues -&gt; Check Accessibility 2

Microsoft Accessibility Checker 1 File -&gt; Check for Issues -&gt; Check Accessibility 2 Inspection Results Inspection Results Errors Warnings Tips Additional Information Why Fix How to Fix 3 Use built-in features

818 views • 36 slides
Web Content Migration Overview University Relations and Marketing, Bowie State University - 2018

Web Content Migration Overview University Relations and Marketing, Bowie State University - 2018

Web Content Migration Overview University Relations and Marketing, Bowie State University - 2018 2 We're Moving to a New CMS We will be moving our current website from the BigTree CMS to more robust CMS, OUCampus. 3 Web Content Migration

477 views • 22 slides

More recommend