Directories and X.500: An Introduction

March 14, 1997

1. Introduction

Printed directories, alphabetical or classified lists of resources containing names, locations and identifying information, are important information tools in the provision of library services. Most often these are directories of people and organizations, listing inhabitants of a specified locality (e.g., a city directory), users or clients connected with a particular profession or occupation (e.g., a directory of manufacturers, a "who's who"), or those who subscribe or use a particular service (e.g., a telephone directory).

The purpose of electronic directories is not much different from that of printed directories, that is: to provide names, locations and other information about people and organizations. In a LAN or WAN, this directory information may be used for e-mail addressing, user authentication (e.g., logins and passwords), or network security (e.g., user-access rights). A directory may also contain information on the physical devices on a network (e.g., PCs, servers, printers, routers and communication servers) and the services available on a specific device (such as operating systems, applications, shared-file systems, print queues). This information may be accessible to computer applications as well as being eye-readable for end users.

Early network directories were most often developed specifically for a particular application. In these proprietary directories, system developers had little or no incentive to work with any other system. But systems users, in an effort to rationalize their ever-increasing workload, sought ways to share access to and maintenance of directory databases with more than one application. This dilemma engendered the concept of the directory as a collection of open systems that cooperate to hold a logical database of information. In this view, users of the directory, including people and computer programs, would be able to read or modify the information or parts of it, as long as they had the authorization to do so. This idea grew into the definition of X.500.

In the client-server environment of the application layer of the Open Systems Interconnection (OSI) model, directory functionality (directory administration, authentication and access control), was initially developed to handle management of e-mail addresses in conjunction with the OSI Message Handling application (X.400). However, it was recognized as having potential use with many applications and, therefore, was defined as a separate module or standard: ITU-T Recommendation X.500 (also known as ISO/IEC 9594: Information Technology -- Open Systems Interconnection -- The Directory).

2. Client/Server Architecture

In the X.500 directory architecture, the client queries and receives responses from one or more servers in the server's Directory Service with the Directory Access Protocol (DAP) controlling the communication between the client and the server. (Figure 1)

2.1 The Client: Directory User Agent (DUA)

The Directory client, called the Directory User Agent (DUA), provides the standardized functionality that supports the users in searching or browsing through one or more directory databases, and in retrieving directory information. The DUA provides standardized functionality that can be implemented in all sorts of user interfaces through dedicated DUA clients, Web-server gateways, or e-mail applications. DUAs are currently available for virtually all types of workstations (e.g., DOS, Macintosh, OS/2, Unix).

2.2 The Server: Directory System Agent (DSA)

A Directory System Agent (DSA) is the database in which the directory information is stored. This database is hierarchical in form, designed to provide fast and efficient search and retrieval. With the nature of this information, daily updating is often not considered critical. In fact, it is assumed that the number of database queries will exceed the number of updates by at least one order of magnitude.

2.3 Directory Protocols

The rules that govern communication between the directory client (DUA) and/or among one or more directory servers (DSAs) are known as Protocols. The Directory System Protocol (DSP) controls the interaction between two or more Directory System Agents. This is done in such a way that an end user can access information in the Directory without needing to know the exact location of that specific piece of information. The Directory Access Protocol (DAP) is used for controlling communication between a Directory User Agent and a Directory System Agent.

3. X.500 or LDAP: Win, Lose or Draw?

The X.500 standard was first approved in 1988. It has matured under the aegis of the International Telecommunications Union (ITU) and was enhanced in the 1993 edition, currently in force. Although the coverage was comprehensive, implementors have criticized it as being too complex and therefore too difficult to implement. Until recently, there were few "pure" X.500 implementations in operation.

To address the issue of the X.500 Directory Access Protocol (DAP) being, in practical terms, too complex for most directory implementations, the University of Michigan developed a simpler TCP/IP-based version of DAP, the Lightweight Directory Access Protocol (LDAP), for use on the Internet. LDAP offers much of the same basic functionality as DAP and can be used to query data from proprietary directories as well as from an open X.500 service. Within the past year, most major suppliers of e-mail and directory-services software have expressed interest in LDAP, which is fast becoming a de facto directory protocol for the Internet.

Although LDAP started as a simplified component of the X.500 Directory, it is evolving into a complete directory service. Using Internet naming services, developers are building layers of security and adding capabilities that exist within X.500 directory components other than the DAP. Some analysts fear that when the missing functionality is added (e.g., security control, replication of data between multiple sites, and the use of characters sets more complex than plain ASCII), LDAP will be just as complex as the X.500 suite is currently judged to be.

At the same time, after almost a decade of being ignored, there is renewed interest in X.500. This could be attributed, in part, to the maturation of X.500 products based on the 1993 version of the standard. The resolution of prior shortcomings that had held back widespread deployment of the earlier version of X.500 made these new products more practical for mainstream implementation.

Some industry watchdogs are now predicting that within the next five years, X.500 directories will be the standard. It is hoped that the industry will foster the coexistence of X.500 and LDAP servers, rather than expect X.500 or LDAP alone to solve the problems of directory integration.

4. Meta Directories

Coexistence of X.500 and LDAP servers may come with the development of the Meta Directory, a directory of directories. Industry analysts predict that this will be a focus over the next year and promises to be an important component of a migration from proprietary directories to standards-based directories. Acting as a clearinghouse for synchronizing an organization's directories, the meta directory provides a unified set of information drawn from the contents of the X.500 directory and proprietary directories, such as the Novell Directory Services (NDS). Both the X.500 directory and LDAP have been identified as key components in the development of meta directories --X.500 provided the central directory, controlled and facilitated access to data in proprietary directories; and LDAP controlled the communication from directory users, and retrieved and populated the proprietary directories with the core information. This, if not strictly following the rules of OSI, embraces the spirit of Open Systems Interconnection: "To allow, with a minimum of technical agreement outside the interconnection standards, the interconnection of computer systems from different manufacturers, under different managements, and of different levels of complexity..."

5. Reference

5.1 Journal Articles

• Cellucci, Joseph; Hill Russell; Simon. Alan. -- "You Are Here -- New developments in directory services have managers wondering which way to take their corporate networks." -- Communications Week. -- November 11, 1996, issue 637. -- Section: CloseUp -- Directory Services.

  URL: http://www.techweb.com/se/directlink.cgi?CWK19961111S0073

• Jackson Higgins, Kelly. -- "Primary Protocol -- Adapted standard promises to let clients access any directory service."-- Information Week. -- November 4, 1996, issue 604 -- Section: Networking.

  URL: http://www.techweb.com/se/directlink.cgi?IWK19961104S0052

• Schwartz, Jeffrey. -- "Is X.500 in your future? -- The latest version of the OSI global-directory standard could help electronic-mail addresses become as easy to access as telephone numbers." Communications Week. -- June 17, 1996, issue 615 -- Section: CloseUp -- E-Mail.

  URL: http://www.techweb.com/se/directlink.cgi?CWK19960617S0077

5.2 World Wide Web Sites

X.500 Directories

• URL: http://www.nexor.co.uk/users/cjr/x500.html

Directory Services

Links to information about X.500-based directory services and other related areas:

• URL: http://www.bath.ac.uk/~ccsap/Directory/

• URL: http://www.ewos.be/dir/gtop.htm

5.3 Future Issues of Network Notes

• "Directories and X.500: The Canadian Government Electronic Directory Service"

• "Directories and X.500: Library Implementations"

This phrase is found in the Introduction of each of the ISO Open Systems Interconnection standards documents, such as ISO/IEC 959401:1995 (E) Information technology - Open Systems Interconnection - The Directory: Overview of concepts, models and services. p. iv