Information technology

Open Systems Interconnection

The Directory

By Ehsan Mottaghifar
 INTRODUCTION
• DOC.9880.PART IV:The ATN directory service (ATN DIR) application allows ATN users to
obtain directory information about ATN users, applications and services participating in
the ATN. The ATN DIR is composed of three parts:
1- DIB : a directory information base- The information held in the Directory is collectively
known as the DIB.
2- DSAs : directory system agents- application process
(X.501: An OSI application process which is part of the Directory.)
3- DUAs :directory user agents- application process
(X.501: An OSI application process which represents a user in accessing the Directory.)
• The ATN DIR is provided by the implementation over the ATN ICS services of the directory
services specified in ISO/IEC 9594 and CCITT or ITU-T X.500
 INTRODUCTION
• DOC.9880.PART IV:The ATN directory service (ATN DIR) application allows ATN users to
obtain directory information about ATN users, applications and services participating in
the ATN. The ATN DIR is composed of three parts:
1- DIB : a directory information base- The information held in the Directory is collectively
known as the DIB.
2- DSAs : directory system agents- application process
(X.501: An OSI application process which is part of the Directory.)
3- DUAs :directory user agents- application process
(X.501: An OSI application process which represents a user in accessing the Directory.)
• The ATN DIR is provided by the implementation over the ATN ICS services of the directory
services specified in ISO/IEC 9594 and CCITT or ITU-T X.500
 ATN DIR MODEL
• DOC.9880-PART IV:A directory is a collection of systems that cooperate to hold a logical
database of information about a set of objects in the real world. The users of a directory,
including people and computer programs, can read or modify the information, or parts of
it, subject to having permission to do so. Each user accesses the information using a DUA
which is considered to be an application process. (X.500:or an LDAP client)
• LDAP client: An application process which represents a user in accessing the Directory via the
Lightweight Directory Access Protocol (LDAP).
• The Directory plays a significant role in OSI, whose aim is to allow, with a minimum of technical
agreement outside of the interconnection standards themselves, the interconnection of information
processing systems:
– from different manufacturers;
– under different managements;
– of different levels of complexity;
– of different ages.
 Distributed Directory System Model
• in general, the Directory will be distributed. A basic characteristic of the Directory is that,
given a distributed DIB.
• Distributed Operation Definitions , A number of cases of request handling have been
identified:
• a) chaining: attempt by a DSA to satisfy a request by sending one or more chained operations to
other DSAs
• b) referral: to the return of knowledge information to the requester, which may then itself interact
with the DSA(s) identified in the knowledge information.
 Distributed Directory System Model
• a) chaining:
• 1-uni-chaining: the request can be passed through several DSAs before the response is returned.

X.518
 Distributed Directory System Model
• a) chaining:
• 2-multi-chaining: the DSA associated with the DUA or LDAP client carries out the request by forwarding it to two
or more other DSAs and/or LDAP servers, the request to each DSA or LDAP server being identical.

With parallel multi-chaining:the DSA transfers

several outgoing requests simultaneously.
With sequential multi-chaining:the DSA transfers
one outgoing request at a time and waits for the
result or error of one request before sending the
next.
NOTE – A DSA may use a combination of parallel
multi-chaining and sequential multi-chaining.
 Distributed Directory System Model
• b) referral:
• In Figure 5a, DSA C receives a referral from DSA A and is responsible for either conveying the request
to the DSA B (named in the referral from DSA A), or conveying the referral back to the originating DUA.

• In Figure 5c, the DUA receives the referral from DSA C, and is responsible for reissuing the request
directly to DSA A (named in the referral from DSA C).
 Distributed Directory System Model
• c) hybrid : all of the approaches have their merits. In other circumstances, a hybrid approach that
combines a more elaborate set of functional interactions may be needed to satisfy the initiator's request.

Directory protocols
The Directory protocols defined to allow DUAs and DSAs in different open system to cooperate.
1- DAP :the Directory Access Protocol, which defines the exchange of requests and outcomes between a DUA
and a DSA;
2- DSP :the Directory System Protocol, which defines the exchange of requests and outcomes between two
DSAs;
3- DISP :the Directory Information Shadowing Protocol, which defines the exchange of replication
information between two DSAs that have established shadowing agreements;
4- DOP :the Directory Operational Binding Management Protocol, which defines the exchange of
administrative information between two DSAs to administer operational bindings between them.
 Directory Information Tree (DIT)
• The structure of the DIB, called the directory information tree (DIT), defines a hierarchy of
entries contained in the directory.
• The position of an entry in the DIT hierarchy determines that entry’s directory name.
• The information content of each entry is defined by one or more object classes to which
the entry belongs.
• Alias entries point to object entries, and provide the basis for alternative names for the
corresponding objects.
• An object class defines the information
content of an entry as a set of
attributes.
• Each attribute is a piece of information
about the real world object or its entry.
• Attributes are defined by an attribute
type (defining the semantics of the
attribute) and an attribute syntax that
enables extraction and testing of the
value of the attribute.
 Directory Information Tree (DIT)
• an entry consists of a set of attributes:
• Each attribute provides a piece of information
about, or describes a particular characteristic
of, the object to which the entry corresponds.
NOTE 1 – Examples of attributes which might be
present in an entry include naming information
such as the object's personal name, and
addressing information,such as its telephone
number.
• An attribute consists of an attribute type,
which identifies the class of information given
by an attribute, and the
• corresponding attribute values, which are the
particular instances of that class appearing in
the entry.
• A user attribute value may have zero, one, or
more contexts associated with it in its context
list. Operational attribute values shall not
have contexts.
 Directory Information Tree (DIT)
• The entries of the DIB are arranged in the form of a tree. represent the entries. Entries higher in the
tree (nearer the root) will often represent objects such as countries or organizations, while entries
lower in the tree will represent people or application processes.
• Every entry has a distinguished name, which uniquely and unambiguously identifies the entry. These
properties of the distinguished name are derived from the tree structure of the information. The
distinguished name of an entry is made up of the distinguished name of its superior entry, together
with specially nominated attribute values (the distinguished values) from the entry.
• Figure 3 gives a hypothetical example of a DIT. The tree provides examples of some of the types of
attributes used to identify different objects.For example the name:
application entity distinguished name:{C=GB, L=Winslow, O=Graphic Services, CN=Laser Printer}
the residential person, John Jones, whose name is:{C=GB, L=Winslow, CN=John Jones}
 Directory Information Tree (DIT)
• An example which illustrates the concepts of RDN and distinguished name appears in
Figure 5.