RFC relevance of organization

As per Relevance of the word organization, we have this rfc below:

Network Working Group B.
Request for Comments: 1943 Sandia National
Category: Informational May 1996

Building an X.500 Directory Service in the

Status of this

This memo provides information for the Internet community. This
does not specify an Internet standard of any kind. Distribution
this memo is unlimited

This document provides definition and recommends considerations
must be undertaken to operate a X.500 Directory Service in the
States. This project is the work performed for the
Directory Services Working Group within the Internet Engineering
Force, for establishing an electronic White Pages Directory
within an organization in the US and for connecting it to a wide-
Directory infrastructure

Establishing a successful White Pages Directory Service within
organization requires a collaborative effort between the technical
legal and data management components of an organization. It
helps if there is a strong commitment from the higher management
participate in a wide-area Directory Service

The recommendations presented in the document are the result
experience from participating in the Internet White Pages project

Table of

1.0 Introduction 2
1.1 Purpose of this Document 2
1.2 Introduction to Directory Services 2
2.0 The X.500 Protocol 4
2.1 Introduction 4
2.2 Directory Model 4
2.3 Information Model 5
2.4 Benefits and Uses for X.500 Directory Service 6
2.5 Other Applications of X.500 7
3.0 Legal Issues 8
3.1 Introduction 8
3.2 Purpose of the Directory 8
3.3 User Rights 9
3.4 Data Integrity 9

Jennings Informational [Page 1]

RFC 1943 Building an X.500 Directory Service in the US May 1996

3.5 Protection of the Data 10
3.6 Conclusions 10
4.0 Infrastructure 11
4.1 Introduction 11
4.2 A Well Maintained Infrastructure 11
4.3 DUA Interfaces for End Users 12
5.0 Datamanagement & Pilot Projects 13
5.1 Simple Internet White Pages Service 13
5.2 InterNIC 13
5.3 ESnet 14
6.0 Recommendations 14
6.1 General 14
6.2 Getting Started 14
6.3 Who are the Customers 14
6.4 What are the Contents of the Directory 15
6.5 What are the Rights of the Individuals 15
6.6 Data Integrity 16
6.7 Data Security 16
6.8 Data Administration 17
6.9 Conclusion 17
7.0 References 18
8.0 Glossary 19
9.0 Security Considerations 22
10.0 Author's Address 22

1.0

1.1 Purpose of this

This document provides an introduction for individuals planning
build a directory service for an organization in the US. It
an introduction to the technical, legal, and organizational
of a directory service. It describes various options to
who want to operate an X.500 Directory service and illustrates
with examples of current X.500 service providers

1.2 Introduction to Directory

An electronic directory server is an electronic process that
a list of information provided via electronic access.
information is variable in content, however it should be
defined by the directory purpose. Information about people
organizations, services, network hardware are just a few examples
data content that a directory service can provide. The aim of
X.500 Directory service is to make using the directory intuitive
as easy to use as calling for directory assistance. The X.500
Directory service is an international standard ratified by
International organization for Standardization (IS) and the ITU-

Jennings Informational [Page 2]

RFC 1943 Building an X.500 Directory Service in the US May 1996

International Telecommunication Union formerly (CCITT) in 1988 [1].

The Directory is intended to be global service comprised
independently operated and distributed Directory Service
(DSAs), that provide information in the form of a White Pages
Directory

Electronic mail communication benefits from the existence of a
electronic White Pages to allow network users to retrieve
information in an intuitive fashion. Manual searching for names
addresses, specifically electronic addresses, can take a great
of time. A White Pages directory service can enable network users
retrieve the addresses of communication partners in a user
way, using known variables such as common name, surname,
organization to facilitate various levels of searches

In order to make global communication over computer networks
efficiently, a global electronic White Pages service
indispensable. Such a directory service could also contain
and fax numbers, postal addresses as well as platform type
facilitate in translation of documents between users on
systems. An electronic White Pages may prove to be useful
specific local purposes; replacing paper directories or
quality of personnel administration for example. An
directory is much easier to produce and more timely than
directories which are often out of date as soon as they are printed

The Internet White Pages Project provides many companies in the
with an opportunity to pilot X.500 in their organizations
Operating as a globally distributed directory service, this
allows organizations in a wide variety of industry type to
themselves known on the Internet and to provide access to their
as desired

Some organizations, such as ESnet agreed to manage
information for other organizations. ESnet maintains data at
site for all the national laboratories. They provide assistance
organizations in defining their directory information tree (DIT
structure. They also provide free access to the X.500 Directory
Gopher, WWW, DUAs, whois and finger protocols

The InterNIC is another directory services provider on the Internet
To date [June 1995] they hold X.500 directory data for 52
organizations and provide free access to this data via
protocols: X.500 DUA, E-Mail, whois, Gopher and WWW

To find the most current listing of X.500 providers see RFC 1632 -
Catalog of Available X.500 Implementations [2].

Jennings Informational [Page 3]

RFC 1943 Building an X.500 Directory Service in the US May 1996

2.0 The X.500

2.1

This chapter provides the basic technical information necessary
an organization to begin deploying an X.500 Directory Service.
provides a brief introduction to the X.500 protocol and
possibilities that X.500 offers

2.2 The Directory

X.500 Directory Model is a distributed collection of
systems which cooperate to provide a logical data base of
to provide a global Directory Service. Directory information about
particular organization is maintained locally in a Directory
Agent (DSA). This information is structured within
standards. Adherence to these standards makes the distributed
possible. It is possible for one organization to keep
about other organizations, and it is possible for an organization
operate independently from the global model as a stand alone system
DSAs that operate within the global model have the ability
exchange information with other DSAs by means of the X.500 protocol

DSAs that are interconnected form the Directory Information
(DIT). The DIT is a virtual hierarchical data structure. An X.500
pilot using QUIPU software introduced the concept of a "root"
which represents the world; below which "countries" are defined
Defined under the countries are "organizations". The
further define "organizational units" and/ or "people". This
identifies the DIT for the White Pages X.500 services

Each DSA provides information for the global directory.
are able to locate in the hierarchical structure discussed above
which DSA holds a certain portion of the directory. Each
manages information through a defined set of attributes and in
structure defined as the Directory Information Base (DIB).

A DSA is accessed by means of a Directory User Agent (DUA). A
interacts with the Directory by communicating with one or more
as necessary to respond to a specific query. DUAs can be an
protocol such as whois or finger, or a more sophisticated
which may provide Graphical User Interface (GUI) access to the DSA
Access to a DSA can be accomplished by an individual or automated
computer application

Jennings Informational [Page 4]

RFC 1943 Building an X.500 Directory Service in the US May 1996

2.3 The Information

In addition to the Directory Model, the X.500 standard defines
information model used in the Directory Service. All information
the Directory is stored in "entries", each of which belong to
least one "object class". In the White Pages application of X.500
object classes are defined as country, organization,
unit and person

The object classes to which an entry belongs defines the
associated with a particular entry. Some attributes are
others are optional. System administrators may define their
attributes and register these with regulating authorities, which
in turn make these attributes available on a large scale

Every entry has a Relative Distinguished Name (RDN), which
identifies the entry. A RDN is made up of the DIT information and
actual entry

The Directory operates under a set of rules know as the
schema. This defines correct utilization of attributes, and
an element of sameness throughout the global Directory Service

Under the White Pages object class "Person" there are three
attributes

objectClass commonName

These attributes along with the DIT structure above, define the RDN

An example of an entry under Sandia National Laboratory is
here: @c=US@o=Sandia National Laboratory@ou=Employees@cn=

/ \
/ \
c=US c=
/ \
/ \
o=Sandia National o=

/ \
/ \
ou=Employees ou=
/ \
/ \
cn=Barbara Jennings cn=Paul

Jennings Informational [Page 5]

RFC 1943 Building an X.500 Directory Service in the US May 1996

Organizations may define the best structure suited for their DIT
Typically an organizations DIT will look very much like
organizations structure itself. A DIT structure is determined
naming rules and as such, becomes the elements unique
Distinguished Name (RDN). The DIT structure may also be dependent
whether the DSA information is administered by a flat file or
database. Extra consideration to designing of the DIT
should be taken when using flat files versus a database, as it
longer to search through a flat file if the tree structure
too complex or intricate. To obtain information on recommended
for DIT structuring see RFC1274 [3].

2.4 Benefits and Uses for X.500 Directory

The nature of the X.500 Directory makes it suitable for
operated segments that can be expanded to global distribution.
benefits for local directory use are

- with the distributed nature of the service, an organization
separate the responsibility for management of many DSAs and
retain the overall structure

- the robustness of this service allows it to provide information to
wide range of applications. Whereas globally integrated projects
conform to a specific DIT, independent X.500 operations may
unique DITs, object classes and attributes as per their
needs

- X.500 is a good alternative for paper directories, offering
ability to update and modify in an interactive mode. This allows
company to provide the most current information with less cost
effort

- because of the electronic base of X.500, other
applications may interact with the application without
intervention

The benefits for global directory use are

- the distributed nature of X.500 is well suited for large
applications such as the White Pages Directory. Maintenance can
performed in a distributed manner

- X.500 offers good searching capabilities from any level in the DIT
Also with "User Friendly Naming" in place, searches are
intuitive

Jennings Informational [Page 6]

RFC 1943 Building an X.500 Directory Service in the US May 1996

- there are DUA interfaces for the White Pages service available
all types of workstations. For an overview of X.500 software
RFC1632.

- X.500 is an international standard. Using such a standard
interoperability within the worldwide base

2.5 Other Applications of X.500

In addition to the White Pages, X.500 can be used as a source for
type of information that needs a distributed storage base

The University of Michigan is using X.500 for electronic
routing. Any mail coming to the university domain, umich.edu;
expanded out to a local address that is stored in the rfc822
attribute. The University also operates a standard X.500 name
which provides name lookup service of over 200,000 names. They
the Lightweight Directory Access Protocol (LDAP) [11].

An implementation of the X.500 Standard directory service has
incorporated into the Open Software Foundation (OSF)
Computing Environment (DCE). This component, known as the
Directory Service (GDS), provides an area where
application clients can find their application servers. The GDS,
response to requests made by other clients, provides the
network address for a particular DCE resource. Because it is
on a international standard, GDS can offer access to resources
users and organizations worldwide. This scalable service can
performed in DCE environments that range in size from the very
to the very large

Lookup services can be implemented into a variety of applications
Cambridge University in Great Britain implemented the X.500
service into an employee locator application. Based on badge
at strategic locations, this application can determine
whereabouts of an employee on the campus. As the individual
about, the sensors register their location in an X.500 Directory

Digital Signature Service (DSS) and Privacy Enhanced Mail (PEM)
on the principal of a directory key server which generates
provide users with "public" codes that match previously
"private" codes. Only the recipient can decipher messages sent
this fashion. The X.509 [4] standard for key certificates easily
within the structure of the X.500 Directory Service

Jennings Informational [Page 7]

RFC 1943 Building an X.500 Directory Service in the US May 1996

3.0 Legal

3.1

Currently in the United States, there are no specific legal rules
the information that is provided via an electronic directory service
Various organizations and groups associated with usage of
Internet, noting a need to address privacy and data integrity issues
have prepared directives to address this issue. Two such
addressed are those of the rights of registrants included in
directory and the responsibility of administrators to guarantee
integrity of such data

Registries containing information that is related to an individual
freely transferred and unregulated in the US, unless the provider
the data is an agency or an holder of sensitive information
defined by federal legislation and further may differ for each state
An agency is defined as: any executive department,
department, Government corporation, Government
corporation, or other establishment in the executive branch of
Government (including the Executive Office of the President), or
independent regulatory agency. Sensitive data can be
records, medical records, and certain legal documents. As
noted, each state has their own legislation on sensitive or
data.The registered persons have little recourse to control
information short of filing a lawsuit against the
provider

For individuals who transfer data across country boundaries, it
important to understand that other countries may have legislation
regulate data. Prior to requesting list information from
countries, an administrator should review applicable legislation
have some mechanism in place to ensure how data will be handled
it is crosses the border. Policy Statements for some countries
been prepared and are provided for via Code of Conduct papers

3.2 Purpose of the

The operational intent including presentation data and
registrants and access rights must be clearly defined and stated
Initially this provides the skeleton of the DIT. Eventually
statement such as this may provide a basis legally justifying
directory

All data presented must be defined in the purpose. If for example,
directory is for the sole purpose of providing
addressing information - an entry would include name, postal address
office telephone, facsimile number, electronic mail address

Jennings Informational [Page 8]

RFC 1943 Building an X.500 Directory Service in the US May 1996

company name. Private address information listing the home
or phone would be prohibited as would any other information
directly related to addressing

3.3 User

The North American Directory Forum (NADF) has published a
that defines the User Bill of Rights [5]. This document defines
individuals rights regarding the public release of personal
private information. Among other issues stated, the user has
right to be notified regarding the inclusion of their information
a data registry as well as the right to examine and have
information changed

This paper is specifically written for the North American
Forum and recommends compliance with US or Canadian laws
privacy and access information

Although current US legislation does not include all the
in this document, it is the responsibility of the controller of
data to respect the rights of the individuals. These
rules can be seen as respect for the individual and the
controller will follow these guidelines within any boundaries
they may be mandated by

3.4 Data

An information provider has the responsibility to guarantee the
that they make available to users. The integrity of a data source
heavily weighted by the accuracy and timeliness of the contents
Interoperable data sources must have concurrence of these factors
well. The degree to which an information provider can guarantee
validity of the data that they present, reflects on the validity
the provider in general. RFC 1355 [6], suggests that a data
enable accuracy statements describing the process that the
NIC will use to maintain accuracy in the database

In the European community, it is a legal requirement that
information provider guarantee accurate data

The controller of the information needs to be certain of the
source of data. When possible, the controller should develop
of random checks to validate the registry data for correctness

Jennings Informational [Page 9]

RFC 1943 Building an X.500 Directory Service in the US May 1996

3.5 Data

A Directory Service with non-authenticated access from the
is difficult to protect from unauthorized use. Unauthorized use
defined by each organization within the directory purpose statement
Typical misuse being by individuals who attempt to duplicate
directory for unauthorized purposes. Other security measures include
Access Control Lists (ACLs), limitations on number of
returned to a query, and time to search flags. The result of
controls will affect the legitimate user as well as the user they
intended to block

An alternative that may provide protection from misuse is to
and display an attribute with each entry stating non-approved usage
This feature will also provide evidence of restricted use in
event that a legal case is necessary to stop unauthorized access

The responsibility again falls on the data provider/implementor
the directory service. Astute programmers will create or make use
existing tools to protect against data destruction, falsification
and misuse

3.6

User Rights, Data Integrity and Protection of data should not
considered merely in an effort to abide by legal rulings; they
be the intention of a good data source. A successful
Service must be aware of the requirements of those
inclusive in the list as well as those of the directory users

In general, at the minimum the following conditions should
observed

1. Define the purpose of the Directory
2. Initially inform all registrants of their inclusion
a Directory
3. Prevent the use of data beyond the stated purpose
4. Limit the attributes associated to an entry
boundaries of the purpose
5. Work towards a suitable level of security
6. Develop a mechanism to correct/remove faulty
or information that should not be in the Directory

Jennings Informational [Page 10]

RFC 1943 Building an X.500 Directory Service in the US May 1996

4.0

4.1

The White Pages Project, currently operated by Performance
International (PSI) provides a reliable QUIPU infrastructure
sites wishing to provide their own X.500 directory. Started in 1989
as the NYSERNet White Pages Pilot Project it was the
production-quality field test of the Open Systems
(OSI) technology running on top of TCP/IP suite of protocols [7].
This pilot X.500 Directory, provided a real-time testbed for
variety of administrative and usage issues that arise. Today,
than 30 countries participate in the globally distributed
with over 1 million entries. The White Pages pilot is one of 37
pilots cooperating to provide information in the Nameflow-
directory; an European project

Initially the software was public domain, QUIPU X.500 [8].
"shareware" application in conjunction with administrative
provided free of charge by PSI, allowed for a truly distributed X.500
Directory Service to operate

In keeping with the Internet rules of operation, the lack of the
regulations, the suggestions of North American Directory Forum
the Internet Engineering Task Force (IETF), the complications
arise from multi-distributed data as a service can be overwhelming
PSI took on the challenge to provide such a service, and continues
ensure operations today

4.2 A Well Maintained

This distributed information service involves the cohesive effort
all of the participating organizations. The ISO
Environment (ISODE) implementation of the OSI Directory, provided
attributes and uniformity to facilitate this effort

The primary DSA for the PSI Project is named Alpaca. Operating on
Sun Sparc 10 with 120 megabytes of memory, this host serves as
Master for the DSAs of 117 organizations under c=US. Redundancy
Alpaca is provided by two sources, Fruit Bat operated by PSI and
Tamarin operated by the InterNIC. Slave updates to this host
provided on a nightly basis from the individual DSAs

The data presentation is hierarchical in nature and emulates
common white pages telephone book. The information provided
at minimum: a common name, voice phone listing, and electronic
addressing. Each entry has a uniqueness associates with it;
relative distinguished name which is comprised of the

Jennings Informational [Page 11]

RFC 1943 Building an X.500 Directory Service in the US May 1996

directory information tree. The DITs may vary slightly, but each
contain an organization, and a person. The nature of the
and the structure of the actual organization for whom the
is being provided contribute to the overall DIT structure.
following is a list of commonly used attributes

commonName physicalDeliveryOfficeName
description photo
userid postOfficeBox
favouriteDrink postalAddress
title rfc822Mailbox

4.3 DUA Interfaces for End

There are a variety of user interfaces on the market today that
provide Directory User Agent access to the X.500 Directory.
protocols such as fred, whois, whois++, finger, are used widely
Interfaces are also available via World-wide Web browsers
electronic mail

Vendors providing DUAs include ISODE Consortium, NeXor, and
Data Corporation. These applications operate in conjunction with
vendor provided DSAs

Historically DUA interfaces were difficult to implement and
the entire OSI stack. Implementing such a product on a PC or
platform required skillful programming. The executable for
platforms were usually very large. The IETF has since defined
standardized the Lightweight Directory Access Protocol (LDAP) [11];
protocol for accessing on-line Directory services which
comparable functionality to the Directory Access Protocol (DAP).
runs directly over TCP and is used by nearly all X.500 clients.
does not have the overhead of the various OSI layers and runs on
of TCP/IP

The functionality varies by specific DUA. Each offers access to
X.500 Directory. Most offer the ability to make modifications
entries. There are a few that offer Kerberos authentication

Further information on LDAP clients for specific platforms can
found on the University of Michigan WWW server
http://www.umich.edu/~rsug/ldap

Another interface that has been tested and recommended for users
our Dutch (Surfnet) colleagues is Directory Enquiry (DE).
developed by University College London for the Paradise project
Europe, the engineers at Surfnet have selected DE as the
interface for "dumb" terminals. They have also translated

Jennings Informational [Page 12]

RFC 1943 Building an X.500 Directory Service in the US May 1996

interface into Dutch for their local users [12].

Ideally, users should be able to access X.500 directly from
electronic mail applications. Vendors (other than the ones
above) have been slow to incorporate the X.500 Standards into
electronic mail applications

5.0 Datamanagement & Pilot

5.1 Simple Internet White Pages

A wide variety of directory services retrieval protocols has
in the time since the original Internet White Pages was begun
1989. To ensure that decentralized implementations will
interoperability with other providers, the IETF Integrated
Services Working Group, is working to create a draft focusing on
common information and operational modeling issues to which
Internet White Pages Services (IWPS) must conform to

Utilizing current information servers, the conceptual model
includes issues regarding naming, schema, query and response
for a narrowly defined subset of directory services. The goal of
paper is to establish a simple set of information objects,
with a basic set of process requirements that will form a basis
can lead to ubiquitous IWPS. With this goal in mind, it will
easier to proved a consistent User view of the various
services

5.2

The InterNIC [9] is a collaborative project of two
working together to offer the Internet community a full scope
network information services. Established in January 1993 by
National Science Foundation, the InterNIC provides
services and directory and database services to the Internet
(Internet a global network of more than 13,000 computers networks
connecting over 1.7 million computers and used by an estimated 13
million people.) In keeping up with the exponential growth of
Internet, the InterNIC provides a guide to navigate the maze
available resources

InterNIC provides two types of services; InterNIC directory
database services and registration services. AT&T provides
directory and database services, acting as the pointer to
resources on the network offering X.500 to help users easily
other users and organizations on the Internet

Jennings Informational [Page 13]

RFC 1943 Building an X.500 Directory Service in the US May 1996

5.3

The Energy Sciences Network [10], is a nationwide computer
communications network whose primary purpose is support
program, open scientific research. As part of this support,
offers networking services including information access
retrieval, directory services, group communications series,
file access services and infrastructure services. As a early
of the White-Pages Pilot Project, ESnet continues to be a part of
worldwide distributed directory service based on the ISO/OSI X.500
standard. There are over nineteen ESnet organization represented
the directory, comprising over 120,000 entries. ESnet provides
to seven other sites via the X.500 DSAs

6.0

6.1

The X.500 Directory technology is available through several options
Vendors can provide consultation for schema design as well as supply
install, and support the software to perform the operations required
For smaller organizations or companies who do not want to
their own DSA, there are providers available who will maintain
DSAs remotely and provide this service to the Internet. Those
network and management expertise, can either operate independently
join one of several white pages directory projects.
consideration must be given to the initial investment required
the required maintenance process

6.2 Getting

Successful initialization of a directory service requires
systematic approach. The complexity of offering this type of
becomes more apparent as implementation progresses. Several
must be considered as this service becomes a cooperative effort
the technical, administrative, organizational, and legal disciplines
Procedures must be defined and agreed to at the initial phase
implementing an X.500 Directory service [13]. The following
issues that should be addressed in these procedures

6.3 Who are the Customers

Defining the customer and the customer requirements will
the scope of service to offer. What is the primary purpose for
directory service? A company may find it desirable to do away with
paper directory while simultaneously providing the current
information. The directory may be for internal use only or
to any users with Internet access. Will the customer use

Jennings Informational [Page 14]

RFC 1943 Building an X.500 Directory Service in the US May 1996

directory for e-mail address only or is other locational
such as postal address and telephone number a requirement

The directory may provide information to electronic customers such
distributed computing applications as well. In this case, the
must be provided in machine readable format

Will the customers extend across country boundaries? Information
be considered private by one country and not by another. It
necessary to be aware of the legalities and restrictions for
locality using the data. Some counties have published a Code
Conduct with the IETF, explicitly stating the legal restrictions
directory and list data. Check the archives to determine if
country with whom information will be shared has presented
information

6.4 What are the contents of the Directory

The information presented in the directory is tightly coupled
the purpose. If the purpose is to provide addressing information
individuals, then customary information would include: Name, address
phone, e-mail address, facsimile number, pager, etc. If the use
the directory is to facilitate electronic mail routing then
destination mail address needs to be included for each user. No
information should be presented in the directory if it is
directly related to the purpose

If the directory is internal only, it may be desirable to include
registrants title as well. Remember that information available on
Internet is generally open to anyone who wants to access it
Individuals wishing to target a specific market may
directories to create customer mailing lists

The structure or schema of the X.500 Directory must be an
consideration. Will the hierarchy follow the company structure or
a different approach more practical? How many entries will there
in the directory five or 50,000? A complex hierarchyfor thousands
users may affect the efficiency of queries

6.5 What are the rights of the individuals

The subjects included in the directory shall have well
rights. These may be mandated by company policy, legal restrictions
and the ultimate use of the directory. For a basic Internet
Pages Service these rights may include

Jennings Informational [Page 15]

RFC 1943 Building an X.500 Directory Service in the US May 1996

1. the option of inclusion in the
2. the right of access to the
3. the right to have inaccurate entries

The terms and conditions for employees of an organization may
these rights. On becoming an employee of any organization,
individual inevitably agrees to forego certain personal privacies
to accept restrictions

Every organization should develop and publish the "rights" that
be expected by the list registrants

6.6 Data

Information that needs to be included in the directory may come
various sources. Demographic information may originate from the
resources department. Electronic mail addresses may be provided
the computer network department. To guarantee data integrity, it
advised that the data be identified and maintained as
information

The required timeliness of the data is unique for each DSA.
to the data may be a frequent as once a day or once a month.
to the data must be provided on a regular basis. In cases where
is time sensitive, an attribute should be included to display
most recent maintenance date

A regular check for data accuracy should be included in the
administration. Faulty information may put an organization in
of any data protection laws and possibly render the company
unreliable

6.7 Data

Securing networked information resources is inherently complex
Attempts must be made to preserve the security of the data. These
include access control lists (ACLs), limiting the number or
allowed to queries, or internal/external access to the directory

The 1993 recommendations have added a complex access control
that is designed to tightly restrict the access that users may
to the information in the Directory. Local protection is
by the implementor. A secure X.500 Directory should provide tools
protect against destruction, falsification, and loss of data

There is not a tool yet that will protect against the misuse of data
There are flags and limits that can be set from within
application that will serve somewhat as a barrier to such

Jennings Informational [Page 16]

RFC 1943 Building an X.500 Directory Service in the US May 1996

use. Any restrictions however, also will affect the legitimate users
One suggestion is to post a notice of illegitimate use within
entry. This of course will only serve as a deterrent and as an
should legal action be required

Again, caution must be taken when transferring data between
and state borders. In the US data regulations differ from state
state

6.8 Data

The decentralized nature of the X.500 Directory service means
each organization has complete control over the data. As part of
global service however, it is important that the operation of the
be monitored and maintained in a consistent manner.
must be given to the local manager of the information and in
cases, the subjects included in the directory may also
modification privileges

Once the service is running, the importance of guaranteed
can not be overstated. Maintenance of the local Directory will be
integral part of normal administrative procedures within
organization and must be defined and agreed upon in the
stages of development

6.9

Establishing a Directory service within an organization will
a great deal of cooperative effort. It is essential to get
from the integral parties of an organization at the onset.
includes the technical, legal, and data managements components of
organization. Executive level commitment will make it much easier
get the cooperation necessary

Operational procedures must be clearly defined, as the inclusion in
globally distributed service has wide visibility. Adherence to
procedures must be maintained to the highest degree possible
misinformation may result in unintentional legal violations
unreliable access or data can adversely affect on a
reputation

An X.500 Directory can be extremely useful for an organization if
operates as designed. It may serve as the "hub" of the
routing and the basis for several everyday activities. A
service will be one of the most important tools for communication
the computer network environment. For people to make use of
service, they must be able to rely on consistent and
information

Jennings Informational [Page 17]

RFC 1943 Building an X.500 Directory Service in the US May 1996

1. CCITT Blue Book, Volume VIII - Fascicle VIII.8, November 1988.

2. RFC 1632; A Revised Catalog of Available X.500
Implementations. A. Getchell; ESnet, S
Sataluri; AT&T

3. RFC 1274; The COSINE and Internet X.500 Schema. P. Barker &
S. Kille

4. CCITT Blue Book, Volume VIII - Fascicle VIII - Rec. X.509,
November 1988.

5. RFC 1295; User Bill of Rights for entries and listing in
Public Directory. Networking Working Group; IETF,
1992.

6. STD 35, RFC 1355; Privacy and Accuracy Issues in
Information Center Databases. Curran, Marine, August 1992.

7. RFC 1006, ISO Transport Class 2 Non-use of Explicit
Control over TCP RFC 1006 extension. Y. Pouffary, June 1995.

8. Colin Robbins, NEXOR Ltd., Nottingham, London
c.robbins@nexor.co.

9. InterNIC; Collaborative effort of AT&T
Network Solutions; info@internic.

10. ESnet; Managed and funded by the US Department of
Energy Research Office in Scientific Computing (DOE/ER/OSC).

11. RFC 1777; Lightweight Directory Access Protocol, W. Yeong
T. Howes, S. Kille, March 1995.

12. Building a Directory Service, Final Report test phase
X.500 pilot project, June 1995.

13. The X.500 Directory Services: a discussion of the
raised by the existence of a global Directory, Julia M. Hill
Vol.2/No.1 Electronic Networking, Spring 1992.

14. Directory Services and Privacy Issues, E. Jeunik and E
Huizer

Jennings Informational [Page 18]

RFC 1943 Building an X.500 Directory Service in the US May 1996

15. The Little Black Book; Mail Bonding with OSI
Services, Marshall T. Rose, Simon & Schuster Company
1992.

16. NYSERNet White Pages Pilot Project: Status Report;
Technical Report #89-12-31-1, Marshall T. Rose, December 1989.

17. RFC 1798, Connection-less Lightweight Directory
Protocol, A. Young, June 1995.

18. RFC 1781; Using the OSI Directory to Achieve User
Naming, S. Kille, March 1995.

19. draft-ietf-pds-iwps-design-spec-01.txt, Tony Genovese
Microsoft, Work in Progress, July 1995.

20. draft-ietf-ids-privacy-00.txt, B. Jennings; Sandia
Laboratories, S. Sataluri; AT&T, Work in Progress,
1994.

ACL Access Control List; a mechanism to restrict access to
stored in an X.500 Directory

Attribute A collection of attributes belong to an entry in
Directory Service, and contain information
to that entry

c= countryName; Object class definition, specifies a country
When used as part of the directory name, it identifies
country in which the named object is physically located

cn= commonName; Attribute defining common name for
included in a directory. In 1988 standards can be up to 64
characters

CCITT The International Telegraph and Telephone
Committee

DAP Directory Access Protocol; the protocol between a DUA and
DSA

DIB Directory Information Base; a collection of
objects in the Directory

DIT Directory Information Tree; the hierarchy of the
database that makes up an X.500 service

Jennings Informational [Page 19]

RFC 1943 Building an X.500 Directory Service in the US May 1996

DSA Directory System Agent; an application that offers
Directory service, this is the database for the Directory

DUA Directory User Agent; an application that facilitates
access to a DSA

E-Mail Electronic Mail. Entry A Directory Service contains
on people, organizations, countries, etc. Entries belong to
certain class, and information on entries is stored
attributes

ESnet Energy Sciences Network; nationwide computer
communications network

GUI Graphical User Interface

IETF Internet Engineering Task Force; an
represented task force charged with solving the short-
needs of the

Internet A collection of connected networks, international
running the Internet suite of protocols

InterNIC Directory of Directories, a collaborative
between AT&T, and Network Solutions, Inc

IP Internet Protocol; the network protocol offering
conectionless-mode network service in the Internet suite
protocols

ISODE ISO Development Environment, a research tool developed
study the upper-layers of OSI and deploy network
according to the ISO OSI standards and ITU X series
recommendations

ITU International Telecommunication Union; formerly the CCITT

LDAP Lightweight Directory Access Protocol, an Internet
for a lightweight version of DAP running over TCP/IP

Object Entries in a Directory Service belong to an Object Class
Class indicate the type and characteristic; e.g. Object
"person".

OSI Open Standards Interconnection, An
standardization program, facilitated by ISO and ITU to
standards for data networking

Jennings Informational [Page 20]

RFC 1943 Building an X.500 Directory Service in the US May 1996

o= organization; An attribute defining the company
organization that the person works for

ou= organizational unit; An attribute found under organization
Denotes the department, division, or other such sub-unit
the organization that the person works in

PEM Privacy Enhanced Mail; and Internet Standard for
secure Electronic mail

PSI Performance Systems International, Inc.; operator of
Internet White Pages

QUIPU X.500 Directory implementation developed by Colin
while at the University College of London

RDN Relative Distinguished Name; a unique identifier for each
subject, defined by the hierarchy of the DSA

RFC Request For Comments; Internet series

sn= surname; Attribute defining the surname of the person in
directory

TCP/IP Transmission Control Protocol and Internet Protocol;
internet protocols

White-Pages Electronic directory, accessible via Internet suite
protocols

Whois An Internet standard protocol

Whois++ An Internet Directory Services protocol; a
alternative for X.500

White Pages Service a Directory Service that contains information
people and organizations

X.500 A series of recommendations as defined by the ITU,
specify a Directory Services protocol

Jennings Informational [Page 21]

RFC 1943 Building an X.500 Directory Service in the US May 1996

9.0 Security

Security issues are not discussed in this memo

Author's

Barbara
Sandia National
Scientific Computing
P.O. Box 5800
M/S 0807
Albuquerque, NM 87106

Phone: 505-845-8554
Fax: 505-844-2067
EMail: jennings@sandia.

Jennings Informational [Page 22]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX