Directory Interoperability: Requirements, Standards and Conformance (or, PICS )
|
|
- Marcia Hart
- 6 years ago
- Views:
Transcription
1 Directory Interoperability: Requirements, Standards and Conformance (or, PICS ) Sandi Miklos, Technical Director Security Management Infrastructure National Security Agency samiklo@missi.ncsc.mil 14 January 1999
2 Directory Domains Domain A Domain E Domain B Domain D Bridge CA Domain Domain C
3 Fundamental Premise: NO Client accesses between domains - DOES THIS INCLUDE THE BRIDGE CA? Domain A Domain B Client (B) To Other Clients and Servers Client Access Protocols Client (A) DSA (A) Server to Server Protocols Border DSA* (A) Server to Server Protocols Border DSA* (B) DSA (B) Client (B) DSA (A) To Other Clients and Servers Client (A) Border DSA* ADUA Bridge CA Domain * A Border DSA will provide access to only a subset of the DIB held by its domain, and may support multiple security mechanisms.
4 Domain Directory Common space Import Synchronise Address Book Work Group Database NOS Directory
5 Chaining DSA-2 DUA DSA-1 DSA-3
6 Referrals DSA-1 DUA DSA-2
7 KNOWLEDGE REFERENCES Superior Reference Subordinate Reference Immediate Superior Reference Consumer Reference Supplier Reference Cross reference Non Specific Subordinate Reference
8 Shadowing Update Authority Master DSA Replication Protocols Shadow Consumer DSA Shadow Consumer & Supplier DSA Shadow Consumer DSA Directory user Directory user Directory user
9 preferchaining chainingprohibited* localscope dontusecopy* dontdereferencealiases subentries copyshalldo priority timelimit* sizelimit* scopeofreferral attributesizelimit Service Controls
10 Shadowing agreements Made between DSA administrators May be activated by a shadowing operational binding or they may be made via a method outside the scope of the standard Required before shadowed information may be shared between any pair of DSAs Establishes technical parameters of the agreement update frequency replicated area information to be shadowed
11 Updating the shadowed information Synchronizing the DSAs Coordination of Update operation Requesting Update operation Transferring the Shadowed Information What s reliability criteria that transfer as well as database update occurred? Types of updates Incremental refresh/delta changes only Total refresh/ all shadowed information sent again
12 Example: subtree specification Administrative point Administrative point 1 3 OU=X OU=X 2 Subtree Specification base is OU=x Administrative point OU=X 4 Subtree Specification base is OU = x chop minimum is 1 chop maximum is 3 Administrative point Subtree Specification chop after OU=x Subtree Specification filter on object class = organizationalperson Copyright D.W. Chadwick and Chapman & Hall, Understanding X.500 The Directory
13 Various views of a DSE s attributes DSE Directory Entry User Attributes Directory Operational Attributes DSA Shared Attributes DSA Specific Attributes DSA Administrator s View Directory User s View Directory Administrator s View Copyright D.W. Chadwick and Chapman & Hall, Understanding X.500 The Directory
14 root glue cp entry alias subr nssr supr xr admpoint subentry shadow immsupr rhob sa DSE types root DSA knowledge of a name only context prefix object entry alias entry subordinate reference non-specific subordinate reference superior reference cross reference administrative point subentry shadow copy immediate superior reference relevant hierarchical operational binding information subordinate reference to alias entry
15 Operational attributes Attributes representing operational or administrative information; not normally visible to the user Examples: Creation Timestamp records when the entry was first created Modify Timestamp records when the entry was last modified Creator s Name distinguished name of user that created the entry Modifier s Name distinguished name of user that last modified the entry EntryACI access control information that applies to this entry only
16 Directory Information Tree (DIT) C=US O=U.S. Government OU=DoD OU= Contractor OU=OSD OU=JCS OU=Army OU=Navy OU=AF OU=USMC OU=DFAS OU=Defense Nuclear Agency OU=DIA OU=Defense Logistics Agency OU=Defense Mapping Agency OU=DISA OU=JSF OU=GENSER PLAs OU=SI PLAs OU=ACOM OU= CENTCOM OU=EUCOM OU=PACOM OU= SPACECOM OU=SOCOM OU= SOUTHCOM OU= STRATCOM OU= TRANSCOM
17 Naming Context entry Part of a DIT showing allowed subtrees or naming contexts.
18 Distinguished Name (DN) and Relative Distinguished Name (RDN) RDN DN Root {} Country C=US {C=US} People Org Org Unit O=Corporation (OU=SALES, L=San Jose) CN=John L Smith {C=US, O=Corporation} { C=US, O=Corporation, ( OU=SALES, L=San Jose )} { C=US, O=Corporation, ( OU=SALES, L=San Jose ), CN=John L Smith }
19 Example:Alternate values of names Entry Attribute Attribute... Attribute Attribute Type Attribute Value(s) Defense Logistics Agency DLA
20 The structure of Directory entries Entry Entry DIB Entry Entry... Entry Root DIT Object Entry
21 13 Directory Information Base (DIB) DIB Entry Entry Entry Entry... Entry Attribute Attribute... Attribute Attribute Type Attribute Value(s) Distinguished Attribute Value Attribute Value... Attribute Value
22 Overview of the Directory schema uses Directory Schema Subschema DIT Structure Rule uses Name Form DIT Content Rule Object Class use Attribute Types use ASN.1 type Matching Rule rules for rules for rules for rules for rules for Directory Information Tree belongs to Subschema Administrative Areas Entries Entries belongs to belongs to Attributes Attributes Values belongs to
23 Object class for Certification Authority - X.521 certificationauthority OBJECT-CLASS ::={ SUBCLASS OF { top } KIND auxiliary MUST CONTAIN { cacertificate certificaterevocationlist authorityrevocationlist } MAY CONTAIN { crosscertificatepair } ID id-oc-certificationauthority } *note that v2 CA object class may contain Delta Revocation List attribute
24 Object class for Certification Authority - draft-ietf-pkix-ldapv2-schema-02.txt pkica OBJECT-CLASS ::= { SUBCLASS OF { top} KIND auxiliary MAY CONTAIN {cacertificate certificaterevocationlist authorityrevocationlist crosscertificatepair }} --ID { joint-iso-ccitt(2) ds(5) objectclass(6)pkica(22)}
25 Matching rules Rules to compare a value presented by a user with a value stored in the Directory Each matching rule states the attribute syntax that the matching rule applies to the syntax of a user-presented value how the comparison is performed under what conditions a match is found to be True Built-in matching rules present; equality; substrings; ordering; approximate
26 Security Control Model Access control information represented as a multi-valued operational attribute Subentry prescriptive access control information entry access control information Administrative Area *Presumption - anything that is in a Border DSA is read-only to any entity that has access to that network
27 ISO/ITU DIRECTORY STANDARDS Reflects X.500 Standard PICS More Restrictive Domain Profile More Restrictive ISP
28 Directory specifications Overview of Models, Concepts, and Services Models Authentication Framework Abstract Service Definition Procedures for Distributed Operation Protocol Specifications Selected Attribute Types Selected Object Classes Replication System Management ITU-T X.500 X.501 X.509 X.511 X.518 X.519 X.520 X.521 X.525 X.530 ISO/IEC
29 Protocol Implementation Conformance Statement (PICS) Used to evaluate conformance to the standard by a particular implementation Shows which capabilities and options have been implemented. One PICS associated with each X.500 protocol DAP, DSP, DOP, and DISP ITU - X.583, X.584, X.585, X.586 ISO - ISO/IEC , , , Available at URL: ftp://ftp.bull.com/pub/osidirectory/93specification/picsproforma
30 International Standardized Profiles (ISPs) Directory A-Profile Taxonomy A CO Applications ADY 93 Directory Services ADY 1 DUA Basic Functionality ADY 2 DSA Basic Functionality ADY 4 Security Capabilities ADY 5 Shadowing ADY 6 Adm inistrative M anagement ADY 7 D O P Capa bilities ADY 11 Dir Access Support ADY 12 Distributed operations Support ADY 21 Dir Access Support ADY 22 Distributed operations Support ADY 41 DUA Authentication as DAP Initiator ADY 42 DSA Authentication as DAP Responder ADY 43 DSA Authentication for DSP ADY 45 DSA Access Control ADY 51 Shadowing Using ROSE ADY 52 Shadowing Using RTSE ADY 53 Shadowing Subsets ADY 61 Administrative Areas ADY 62 Estab/Use of Shadowing Ag reements ADY 63 Schema Admin & Publication ADY 71 Shadowing Operational Binding ADY 72 Hierarchical Operational Binding ADY 73 Non-Specific HOB
31 ADY1-DUA Basic Functionality ADY 11 DUA Support of Directory Access Protocol, 16 Jun 98 ADY 12 DUA Support of Distributed Operations, 16 Jun 98 ADY2-DSA Basic Functionality ADY 21 DSA Support of Directory Access Protocol, 16 Jun 98 ADY 22 DSA Support of Distributed Operations, 20 Jan 97
32 ADY4-Security Capabilities ADY 41 DUA Authentication as DAP Initiator, 19 Jun 98 ADY 42 DSA Authentication as DAP Responder, 19 Jun 98 ADY 43 DSA Authentication for DSP, 22 Jul 96 ADY 45 Simplified and Basic Access Control (combined 44 and 45), 12 Jul 98
33 ADY5-Shadowing ADY 51 Shadowing using ROSE, 12 Jul 96 ADY 52 Shadowing using RTSE, no editor ADY 53 Shadowing Subsets, 12 Jul 96 ADY6-Administration Management ADY 61 Administrative areas, 26 Jun 98 ADY 62 Establishment and Utilisation of Shadowing Agreements, 17 Jan 97 ADY 63 Schema Administration and Publication, 10 Jun 98
34 ADY7-DOP Capabilities ADY 71 Shadowing Operational Binding, 30 Jul 96 ADY 72 Hierarchical Operational Binding, Dec 97 - draft-ietf-ldapext-hobs-01.txt ADY 73 Non-specific Hierarchical Binding - no editor Functional Profiles FDY 11 Common Directory Use, 17 Jul 96 FDY 12 Directory System Schema, 17 Jul 96
35 Implementor s Guide Compilation of reported defects and their resolutions to the 1988 and 1993 editions of the ITU X.500 Recommendations and ISO/IEC 9594 standard ISO requires ballot on draft technical corrigenda Categories of defects editorial errors technical errors, such as omissions or inconsistencies ambiguities Version 10 - March 97 ftp://ftp.bull.com/pub/osidirectory/defectresolution/ ImplementorsGuide/V10/
36 LDAP V3 Core documents: RFC 2251 : Lightweight Directory Access Protocol (v3) RFC 2252 : Lightweight Directory Access Protocol (v3) : Attribute Syntax Definitions RFC 2253 : Lightweight Directory Access Protocol (v3) : UTF-8 String Representation of Distinguished Names RFC 2254 : The String Representation of LDAP Search Filters RFC 2255 : The LDAP URL Format RFC 2256 : A Summary of the X.500(96) User Schema for use with LDAPv3
37 LDAP Extensions documents draft-ietf-asid-ldapv3-simple-paged-03.txt draft-ietf-ldapext-sorting-01.txt draft-ietf-asid-ldapv3-dynamic-08.txt draft-ietf-ldapext-lang-01.txt draft-ietf-ldapext-ldapv3-tls-04.txt draft-ietf-ldapext-ldapv3-vlv-02.txt draft-ietf-ldapext-acl-reqts-01.txt draft-ietf-ldapext-authmeth-03.txt draft-ietf-ladapext-ldap-c-api-01.txt draft-ietf-ldapext-x509-sasl-00.txt draft-ietf-asid-ldap-domains-02.txt
38 LDAP Extensions documents, con t draft-ietf-ladpext-referral-00.txt draft-ietf-ldapext-acl-model-01.txt draft-ietf-ldapext-signops-03.txt draft-ietf-ldapext-psearch-01.txt draft-ietf-ldapext-java-api-02.txt draft-ietf-ldapext-trigger-01.txt draft-ietf-ldapext-c-api-vlv-01.txt draft-ietf-ldapext-c-api-psearch-oo.txt draft-ietf-ldapext-ldapv3-dupent-00.txt draft-ietf-ldapext-families-00.txt
39 Other Documents?? draft-good-ldap-changelog-00.txt draft-weiser-replica-req-01.txt draft-ietf-asid-ldap-mult-mast-rep-02.txt draft-ietf-asid-ldap-repl-info-01.txt draft-smith-ldap-inetorgperson-00.txt draft-ietf-asid-ldap-rpcschema-00.txt draft-ietf-asid-schema-pilot-00.txt draft-ietf-asid-nis-schema-01.txt draft-good-ldap-ldif-01.txt draft-ietf-lsd-ldapv3-wp-00.txt draft-ietf-asid-ldapv3-dynatt-01.txt draft-ietf-ldapext-ldapv3-txn-00.txt
40 Open Group LDAP V3 Profiles Defined LDAP V3 profiles for use within the LDAP V3 test suites ( Status of Base Documents, but are not yet Final Documents RO :Read-Only LDAP Server ( core documents) RW:Read-Write LDAP server ( core + referral + tls) CERT:Certification Application Profile (RW + pkix-ipkiopp) WP:White Pages Application Profile (CERT requirements + LIPS) SSO:Single Sign On Application LDAP Profile (very high level requirements)
Category: Experimental March Managing the X.500 Root Naming Context. Status of this Memo
Network Working Group D. Chadwick Request for Comments: 2120 University of Salford Category: Experimental March 1997 Status of this Memo Managing the X.500 Root Naming Context This memo defines an Experimental
More informationInformation technology Open Systems Interconnection The Directory: Models. Recommendation X.501 ISO/IEC
Information technology Open Systems Interconnection The Directory: Models Recommendation X.501 ISO/IEC 9594-2 Contents Foreword... iv Introduction...v SECTION 1: GENERAL 1 1 Scope...1 2 Normative references...2
More informationPart 5: Protocol specifications
INTERNATIONAL STANDARD ISO/IEC 9594-5 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications Technologies de l information Interconnexion
More informationISO/IEC Information technology Open Systems Interconnection The Directory: Protocol specifications
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 9594-5 Fifth edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Protocol specifications
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications
INTERNATIONAL STANDARD ISO/IEC 9594-5 Seventh edition 2014-03-01 Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications Technologies de l'information Interconnexion
More informationManual on Detailed Technical Specifications for the Aeronautical Telecommunication Network (ATN) using ISO/OSI Standards and Protocols
Doc 9880 AN/466 Manual on Detailed Technical Specifications for the Aeronautical Telecommunication Network (ATN) using ISO/OSI Standards and Protocols Part IV Directory Services, Security and Systems ManagementIdentifier
More informationPart 5: Protocol specifications
INTERNATIONAL STANDARD ISO/IEC 9594-5 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications Technologies de l information Interconnexion
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Open Systems Interconnection The Directory: Procedures for distributed operation
INTERNATIONAL STANDARD ISO/IEC 9594-4 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Procedures for distributed operation Technologies de l'information Interconnexion
More informationInformation technology Open Systems Interconnection The Directory. Part : Procedures for distributed operation
)NTERNAT)ONAL STANDARD ISO/IEC 9594-4 Eighth edition - Information technology Open Systems Interconnection The Directory Part : Procedures for distributed operation Technologies de l information Interconnexion
More informationFederal PKI Directory Profile 1/25/2001
Federal PKI Directory Profile 1/25/2001 1. Introduction This profile defines the requirements for the initial operational Federal Public Key Infrastructure (FPKI) directory system. The FPKI builds upon
More informationDirectory Service. X.500 Directory Service. X.500 Directory Service and Lightweight Directory Access Protocol (LDAP)
X.500 Directory Service and Lightweight Directory Access Protocol (LDAP) What if we know the names of some object/resource, but want to find out more about them What is the telephone no. of X? What department
More informationPrototype PKD Interface Specification
Prototype PKD Interface Specification 2nd Edition 2 March 2005 Ministry of Economy, Trade and Industry New Media Development Association History: 2 March, 2005 by H.Shimada P10: Modification of 6 Tree
More informationSERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory
International Telecommunication Union ITU-T X.500 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2008) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology
More informationEUR AMHS Manual, Appendix G
EUR AMHS Manual EUR Doc 020 EUR AMHS Manual Appendix G European Directory Service Document Reference: Author: EUR AMHS Manual, Appendix G EUROCONTROL, Revision Number: Version 12.0 Date: 28/04/17 Filename:
More informationMODIFYING LDAP TO SUPPORT PKI
MODIFYING LDAP TO SUPPORT PKI D.W.Chadwick, E. Ball, M.V. Sahalayev University of Salford Abstract: Key words: One of the impediments to a successful roll out of public key infrastructures (PKIs), is that
More informationDeficiencies in LDAP when used to support Public Key Infrastructures
Deficiencies in LDAP when used to support Public Key Infrastructures Author: David Chadwick, University of Salford, Salford M5 4WT, England. Email: d.w.chadwick@salford.ac.uk Introduction The lightweight
More informationThe LDAP Protocol. Agenda. Background and Motivation Understanding LDAP
The LDAP Protocol Agenda Background and Motivation Understanding LDAP Information Structure Naming Functions/Operations Security Protocol Model Mapping onto Transport Services Protocol Element Encoding
More informationIdentity Management Technology
Identity Management Technology Version 1.0 Dr. Horst Walther, Software Integration GmbH, 2004-10-20 Lefkosia / Cyprus Technology Evolution how did we get here? Directory services Metadirectory services
More informationNovember Replication and Distributed Operations extensions to provide an Internet Directory using X.500
Network Working Group Requests for Comments 1276 S.E. Hardcastle-Kille University College London November 1991 Replication and Distributed Operations extensions to provide an Internet Directory using X.500
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-10 Third edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Use of systems management for administration of the Directory Technologies
More informationSoftware Product Description
Software Product Description HP OpenVMS Enterprise Directory V5.6 SPD 81.03.05 and HP Administrator for Enterprise Directory V2.2 Description The HP OpenVMS Enterprise Directory V5.6 is the fourth release
More informationWhitepapers. LDAP and X.500. First Published in Messaging Magazine, September What is Common to X.500 and LDAP
Page 1 of 6 Whitepapers Isode's email and directory server products are used around the world by ISPs, Multinational Corporations, Governments, and Universities. LDAP and X.500 First Published in Messaging
More informationThe X.509 attribute Parsing Server (XPS)
The X.509 attribute Parsing Server (XPS) d.w.chadwick@salford.ac.uk The Problem PKI clients cannot search for specific X.509 attributes stored in LDAP directories, e.g. Find the encryption PKC for the
More informationLDAP Directory Services
ATTENTION LDAP Directory Services THE MATERIAL PROVIDED IN THIS DOCUMENT IS FOR INFORMATION PURPOSES ONLY. IT IS NOT INTENDED TO BE ADVICE. YOU SHOULD NOT ACT OR ABSTAIN FROM ACTING BASED UPON SUCH INFORMATION
More informationThe LDAP Protocol. Amrish Kaushik. Graduate Student USC Computer Science (CN)
The LDAP Protocol Amrish Kaushik Graduate Student USC Computer Science (CN) Agenda Background and Motivation Understanding LDAP Information Structure Naming Functions/Operations Security Protocol Model
More informationISO/IEC Information technology Open Systems Interconnection The Directory. Part 9: Replication
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 9594-9 Seventh edition 2017-05 Information technology Open Systems Interconnection The Directory Part 9: Replication
More informationHP Enterprise Directory Problem Solving. Revision/Update Information: Version 5.4
HP Enterprise Directory Problem Solving Revision/Update Information: Version 5.4 October 2004 2004 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or
More informationSecurity Protocols and Infrastructures. Winter Term 2015/2016
Security Protocols and Infrastructures Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 5: Standards for Security Infrastructures Contents Introduction and naming scheme X.509 and its core
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-7 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 7: Selected object classes Technologies de l information Interconnexion
More informationPart 7: Selected object classes
INTERNATIONAL STANDARD ISO/IEC 9594-7 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 7: Selected object classes Technologies de l information Interconnexion
More informationISO/IEC Information technology Open Systems Interconnection The Directory. Part 6: Selected attribute types
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 9594-6 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 6: Selected
More informationSecurity Protocols and Infrastructures
Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 5: Standards for Security Infrastructures November 13, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Introduction
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Fifth edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Fourth edition 2001-08-01 Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks Technologies de l'information
More informationNovember 1998 Expires May Storing Certificates in the Domain Name System (DNS)
November 1998 Expires May 1999 Storing Certificates in the Domain Name System (DNS) ------- ------------ -- --- ------ ---- ------ ----- Donald E. Eastlake 3rd, Olafur Gudmundsson Status of This Document
More informationHigh-performance, highly available, highly reliable and secure LDAP and X.500 directory server and LDAP proxy
Evidian DirX Directory V8.7 High-End Directory Server High-performance, highly available, highly reliable and secure LDAP and X.500 directory server and LDAP proxy Directory services are critical components
More informationSeptember 1997 Expires March Storing Certificates in the Domain Name System
September 1997 Expires March 1998 Storing Certificates in the Domain Name System ------- ------------ -- --- ------ ---- ------ Donald E. Eastlake 3rd Olafur Gudmundsson Status of This Document This draft,
More informationSolstice X.500 Directory Management
Solstice X.500 Directory Management A Sun Microsystems, Inc. Business 2550 Garcia Avenue Mountain View, CA 94043 U.S.A Part No.: 802-5304-10 Revision A, January 1996 1996 Sun Microsystems, Inc. 2550 Garcia
More informationRed Hat Directory Server
Red Hat Directory Server HP User Society / DECUS 17. Mai 2006 Joachim Schröder Red Hat GmbH How Identity Management can Save In a one year period in a typical 10,000 user organization: 54,180 employee
More informationISO/IEC Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 9594-1 Fifth edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Overview of
More informationPublic Key Infrastructure
Public Key Infrastructure Ed Crowley Summer 11 1 Topics Public Key Infrastructure Defined PKI Overview PKI Architecture Trust Models Components X.509 Certificates X.500 LDAP 2 Public Key Infrastructure
More informationExpires in six months 24 October 2004 Obsoletes: RFC , , 3377, 3771
INTERNET-DRAFT Editor: Kurt D. Zeilenga Intended Category: Standard Track OpenLDAP Foundation Expires in six months 24 October 2004 Obsoletes: RFC 2251-2256, 2829-2830, 3377, 3771 Lightweight Directory
More informationApache Directory Studio LDAP Browser. User's Guide
Apache Directory Studio LDAP Browser User's Guide Apache Directory Studio LDAP Browser: User's Guide Version 2.0.0.v20180908-M14 Copyright 2006-2018 Apache Software Foundation Licensed to the Apache Software
More informationRequest for Comments: TIS Labs March Storing Certificates in the Domain Name System (DNS)
Network Working Group Request for Comments: 2538 Category: Standards Track D. Eastlake IBM O. Gudmundsson TIS Labs March 1999 Status of this Memo Storing Certificates in the Domain Name System (DNS) This
More informationExpires: 11 October April 2002
Internet-Draft AAAarch RG Intended Category: Informational David Chadwick University of Salford Expires: 11 October 2002 11 April 2002 The PERMIS X.509 Based Privilege Management Infrastructure
More informationInternet Engineering Task Force (IETF) Request for Comments: 5917 Category: Informational June 2010 ISSN:
Internet Engineering Task Force (IETF) S. Turner Request for Comments: 5917 IECA Category: Informational June 2010 ISSN: 2070-1721 Abstract Clearance Sponsor Attribute This document defines the clearance
More informationFINEID - S5 Directory Specification
FINEID SPECIFICATION 27.3.2007 FINEID - S5 Directory Specification v 2.2 Population Register Centre (VRK Certification Authority Services P.O. Box 70 FIN-00581 Helsinki Finland http://www.fineid.fi FINEID
More informationThe X.500 Directory Standard: A Key Component of Identity Management
The X.500 Directory Standard: Key Component of Identity Management ERIK NDERSEN Erik ndersen is an independent consultant with the company ndersen s L-Service New things generally fascinate people. This
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 9594-8 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 8: frameworks
More informationT A B L E O F C O N T E N T S
T A B L E O F C O N T E N T S PREFACE... v 1.0 INTRODUCTION... 1-1 1.1 Purpose... 1-1 1.2 Background... 1-1 1.3 Scope... 1-3 1.4 Organization of this Document... 1-3 1.5 Government Electronic Directory
More informationLecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.
Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa B 7. [N b ] PKb Here,
More informationUnderstanding the LDAP Binding Component
Understanding the LDAP Binding Component Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 820 6573 Dec 2008 Copyright 2008 Sun Microsystems, Inc. 4150 Network Circle, Santa
More informationInternet Engineering Task Force (IETF) Category: Standards Track March 2011 ISSN:
Internet Engineering Task Force (IETF) K. Zeilenga Request for Comments: 6171 Isode Limited Category: Standards Track March 2011 ISSN: 2070-1721 The Lightweight Directory Access Protocol (LDAP) Don t Use
More informationPerl for System Administration
Perl for System Administration Networking Power Hour: LDAP David N. Blank-Edelman Northeastern University CCIS USENIX 2003 1 Directories Not your grandparents phone books any more! Many kinds of directories
More informationLecture 15 Public Key Distribution (certification)
0 < i < 2 n = N X i,y i random secret keys index i = random (secret) value Merkle s Puzzles (1974) Puzzle P i = {index i,x i,s} Y i S fixed string, e.g., " Alice to Bob" { P 0 < i < 2 i n } Pick random
More informationRequest for Comments: 2589 Category: Standards Track. Innosoft International, Inc. T. Genovese. Microsoft. May 1999
Network Working Group Request for Comments: 2589 Category: Standards Track Y. Yaacovi Microsoft M. Wahl Innosoft International, Inc. T. Genovese Microsoft May 1999 Status of this Memo Lightweight Directory
More informationICAO Directory Specifications. Version 1.0
ICAO Directory Specifications Version 1.0 November 25, 2004 Table of Contents Chapter 1 Overview... 3 1.1 Purpose... 3 1.2 Glossary... 4 1.3 Overall Picture... 6 1.4 Preconditions for estimation of performance...
More informationExpires October 2005 Updates RFC 3280 April 2005
PKIX Working Group S. Santesson (Microsoft) INTERNET-DRAFT R. Housley (Vigil Security) Expires October 2005 Updates RFC 3280 April 2005 Internet X.509 Public Key Infrastructure Authority Information Access
More informationCategory: Standards Track June Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP) Status of This Memo
Network Working Group K. Zeilenga Request for Comments: 4529 OpenLDAP Foundation Category: Standards Track June 2006 Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP)
More informationDirX Directory V8.4. High-end Directory Server. Technical Data Sheet
Technical Data Sheet DirX Directory V8.4 High-end Directory Server DirX Directory provides a standards-compliant, high-performance, highly available, highly reliable and secure LDAP and X.500 directory
More information7. Naming and Directory Services. Distributed Systems Prof. Dr. Alexander Schill
7. Naming and Directory Services Distributed Systems http://www.rn.inf.tu-dresden.de Outline Definitions Requirements Basic Terms & Name Structures Implementation Techniques System Examples Summary Folie
More informationUsing LDAP for Directory Integration
Using LDAP for Directory Integration A Look at IBM SecureWay Directory, Active Directory and Domino LDAP integration guidelines for systems administrators Referrals and schema extensions Examples to help
More informationSmart Grid Security. Selected Principles and Components. Tony Metke Distinguished Member of the Technical Staff
Smart Grid Security Selected Principles and Components Tony Metke Distinguished Member of the Technical Staff IEEE PES Conference on Innovative Smart Grid Technologies Jan 2010 Based on a paper by: Anthony
More informationdraft-ietf-smime-cert-06.txt December 14, 1998 Expires in six months S/MIME Version 3 Certificate Handling Status of this memo
Internet Draft draft-ietf-smime-cert-06.txt December 14, 1998 Expires in six months Editor: Blake Ramsdell, Worldtalk Status of this memo S/MIME Version 3 Certificate Handling This document is an Internet-Draft.
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationIT222 Microsoft Network Operating Systems II
1 ITT Technical Institute IT222 Microsoft Network Operating Systems II Unit 1: Chapters 1 & 2 2 Chapter 1 OVERVIEW OF ACTIVE DIRECTORY Chapter 1: Overview of Active Directory, pp. 1 23 Chapter 2, Implementing
More informationCategory: Standards Track Pearl Crescent, LLC O. Natkovich Yahoo J. Parham Microsoft Corporation October 2004
Network Working Group Request for Comments: 3928 Category: Standards Track R. Megginson, Ed. Netscape Communications Corp. M. Smith Pearl Crescent, LLC O. Natkovich Yahoo J. Parham Microsoft Corporation
More informationCategory: Standards Track Sun Microsystems September Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)
Network Working Group Request for Comments: 3876 Category: Standards Track D. Chadwick University of Salford S. Mullan Sun Microsystems September 2004 Returning Matched Values with the Lightweight Directory
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Naming WHAT IS NAMING? Name: Entity: Slide 3. Slide 1. Address: Identifier:
BASIC CONCEPTS DISTRIBUTED SYSTEMS [COMP9243] Name: String of bits or characters Refers to an entity Slide 1 Lecture 9a: Naming ➀ Basic Concepts ➁ Naming Services ➂ Attribute-based Naming (aka Directory
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Message Handling Systems (MHS): MHS routing
INTERNATIONAL STANDARD ISO/IEC 10021-10 Second edition 1999-12-15 Information technology Message Handling Systems (MHS): MHS routing Technologies de l'information Systèmes de messagerie (MHS): Routage
More informationChapter 1. Glossary access control list (ACL) access control groups access permissions aclentry aclpropagate aclsource
Chapter 1. Glossary access control list (ACL) In computer security, a list associated with an object that identifies all the subjects that can access the object and their access rights. access control
More informationObsoletes: RFC February LDAP: String Representation of Search Filters <draft-ietf-ldapbis-filter-02.txt> 1. Status of this Memo
Network Working Group Request for Comments: DRAFT Obsoletes: RFC 2254 Expires: August 2002 M. Smith, Editor Netscape Communications Corp. T. Howes Loudcloud, Inc. 22 February 2002 LDAP: String Representation
More informationCA IdentityMinder. Glossary
CA IdentityMinder Glossary 12.6.3 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational
More informationExpires: 20 May December 2000 Obsoletes: 1779, 2253
INTERNET-DRAFT Editor: Kurt D. Zeilenga Intended Category: Standard Track OpenLDAP Foundation Expires: 20 May 2001 20 December 2000 Obsoletes: 1779, 2253 Lightweight Directory Access Protocol (v3): UTF-8
More informationACS 5.x: LDAP Server Configuration Example
ACS 5.x: LDAP Server Configuration Example Document ID: 113473 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Directory Service Authentication Using
More informationNoSQL²: Store LDAP Data in HBase
NoSQL²: Store LDAP Data in HBase Stefan Seelmann seelmann@apache.org About me Stefan Seelmann Freelancer Software development with Java LDAP, Identity Management Open Source developer Apache Directory
More informationCisco Expressway Authenticating Accounts Using LDAP
Cisco Expressway Authenticating Accounts Using LDAP Deployment Guide Cisco Expressway X8.5 December 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration 4
More informationUnderstanding Active Directory Level 100
Understanding Active Directory Level 100 Ashwin Venugopal BinaryTitans IT Solutions Pvt. Ltd. What we are going to Learn here? Content What is Directory Service? Active Directory History of Directory Service
More informationInformation technology Security techniques Telebiometric authentication framework using biometric hardware security module
INTERNATIONAL STANDARD ISO/IEC 17922 First edition 2017-09 Information technology Security techniques Telebiometric authentication framework using biometric hardware security module Technologies de l information
More informationFinding Information in an LDAP Directory. Info. Tech. Svcs. University of Hawaii Russell Tokuyama 05/02/01
Finding Information in an LDAP Directory Info. Tech. Svcs. University of Hawaii Russell Tokuyama 05/02/01 University of Hawaii 2001 What s the phone number? A scenario: You just left a meeting and forgot
More informationDirectory Supported Management with SNMPv3
Directory Supported Management with SNMPv3 Salima Omari 1, Raouf Boutaba 2, Omar Cherkaoui 3 1 Laboratoire PRiSM, Université de Versailles, 45 avenue des Etats-Unies, 78 000 Versailles, France osa@prism.uvsq.fr
More informationLDAP Configuration Guide
LDAP Configuration Guide Publication date: 11/8/2017 www.xcalar.com Copyright 2017 Xcalar, Inc. All rights reserved. Table of Contents About this guide 3 Configuring LDAP 4 Before you start 5 Configuring
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 15945 First edition 2002-02-01 Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de l'information
More informationCisco TelePresence Authenticating Cisco VCS Accounts Using LDAP
Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.2 D14465.07 June 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration
More informationLDAP Items.
LDAP Items d.w.chadwick@salford.ac.uk Peter.Gietz@daasi.de Contents LDAPv3 Profile New strings for RDNs LDAP schema for attribute extraction LDAPv3 protocol update LDAP schema for component matching Finding
More informationTechnical Trust Policy
Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality
More informationPublic Key Establishment
Public Key Establishment Bart Preneel Katholieke Universiteit Leuven February 2007 Thanks to Paul van Oorschot How to establish public keys? point-to-point on a trusted channel mail business card, phone
More informationRequest for Comments: 2218 Category: Standards Track Sandia National Laboratory October A Common Schema for the Internet White Pages Service
Network Working Group Request for Comments: 2218 Category: Standards Track T. Genovese Microsoft B. Jennings Sandia National Laboratory October 1997 A Common Schema for the Internet White Pages Service
More informationCategory: Experimental March 2010 ISSN: Lightweight Directory Access Protocol (LDAP) Transactions
Independent Submission K. Zeilenga Request for Comments: 5805 Isode Limited Category: Experimental March 2010 ISSN: 2070-1721 Abstract Lightweight Directory Access Protocol (LDAP) Transactions Lightweight
More informationOpen SSO Management. Joint Session Desktop + Security + Distributed System Management
Open SSO Management Joint Session Desktop + Security + Distributed System Management LDAP Contents TOG LDAP Project Overview Other LDAP-Related Work SSO Management Recap SSO Requirements Review of General
More informationObsoletes: RFC May The String Representation of LDAP Search Filters <draft-ietf-ldapbis-filter-01.txt> 1. Status of this Memo
Network Working Group Request for Comments: DRAFT Obsoletes: RFC 2254 Expires: 7 November 2001 M. Smith, Editor Netscape Communications Corp. T. Howes Loudcloud, Inc. 7 May 2001 The String Representation
More informationNDK: LDAP Tools. novdocx (ENU) 01 February Novell Developer Kit. LDAP TOOLS. February 28, 2007
NDK: LDAP Tools Novell Developer Kit www.novell.com February 28, 2007 LDAP TOOLS Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,
More informationServer-based Certificate Validation Protocol
Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional
More informationNaming in Distributed Systems
Distributed Systems, WS 2014 Naming in Distributed Systems Hong-Linh Truong Distributed Systems Group, Vienna University of Technology truong@dsg.tuwien.ac.at dsg.tuwien.ac.at/staff/truong DS WS 2014 1
More informationPKCS #10 v1.7: Certification Request Syntax Standard (Final draft)
PKCS #10 v1.7: Certification Request Syntax Standard (Final draft) RSA Laboratories May 4 th, 2000 Editor s note: This is the final draft of PKCS #10 v1.7, which is available for a 14-day public review
More informationActalis Object Identifiers (OIDs)
Actalis Object Identifiers (OIDs) Author: Verified by: Approved by: Riccardo Minet Actalis S.p.A. Flavio Fanton Exentrica srl Adriano Santoni Actalis S.p.A. Data Data Data Data Document code: 013OID -
More informationIPv6 Support for LDAP
The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an IP network. The feature module describes the
More informationNetwork Working Group. Category: Standards Track Netscape Communications Corp. May 1999
Network Working Group Request for Comments: 2596 Category: Standards Track M. Wahl Innosoft International, Inc. T. Howes Netscape Communications Corp. May 1999 Use of Language Codes in LDAP Status of this
More informationHowes.book Page 879 Friday, April 4, :38 AM. Index
Howes.book Page 879 Friday, April 4, 2003 11:38 AM Index : (colon), in DNs, 93 96 ( ) (parentheses), grouping search terms, 78 & (ampersand), AND operator within search filters, 78 * (asterisk), wildcard
More information