[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: X.500 and LDAP alignment

To: "'Erik Andersen'" <era.als@get2net.dk>, "'RL 'Bob' Morgan'" <rlmorgan@washington.edu>
Subject: RE: X.500 and LDAP alignment
From: "Slone, Skip" <skip.slone@lmco.com>
Date: Thu, 31 Aug 2000 16:24:18 -0400
Cc: osidirectory@az05.bull.com, IETF ldapext WG <ietf-ldapext@netscape.com>, IETF ldapbis WG <ietf-ldapbis@OpenLDAP.org>
Content-return: allowed
Bob,

I would just like to add a few thoughts to what Erik has mentioned. First, I
would like to reiterate that the new work item is very broadly stated and to
emphasize that the express purpose as stated in the NWI is to "improve
alignment and thereby co-existence and interoperability with LDAP."  

Exactly where we will go is yet to be determined, but from my perspective
some of the most important work we can do is to break down barriers to
interoperability.  One very important such barrier that is nearing
completion is the removal of X.500's dependency on OSI's upper layer
protocols. This is being done by providing a thin convergence layer (called
the Internet Directly Mapped protocol, or IDM) between the X.500 protocols
and TCP, thereby allowing implementers the choice of implementing X.500 on
an OSI stack or on TCP. (Note that this is different from RFC-1006 in that
1006 assumed that the OSI upper layers had already been implemented -- IDM
bypasses all that.) 

Additional barriers that can (and IMHO should) be removed are things like:
 - allowing LDAP operations to be chained within DSP
 - allowing an X.500 directory to return an LDAP referral
 - allowing distributed name resolution to proceed through the X.500, LDAP,
and DNS (most notably SRV record) namespaces without the user having to care
 - allowing subrequests resulting from the X.518 request decomposition
process to propagate to LDAP as well as X.500
 - allowing the X.500 results merging process to incorporate results from
LDAP as well as X.500 resident entries
 - allowing search-with-join operations to be performed on related entries,
regardless which type of directory holds the entries in question
 - allowing some form of interoperable X.500/LDAP replication

Obviously this is quite a list, none of which is formalized as of yet, but
I'm hoping it gives you a better sense of where this activity may be headed.
I'm also hoping it helps achieve the ever-elusive goal of interoperability! 

I would also like to say that I was pleased to read in your note that those
involved in LDAP are pleased that this work is getting underway. I think
both camps will benefit if we can establish good communication and minimize
duplication of effort.

Best regards,

 -- Skip Slone
    Lockheed Martin

-----Original Message-----
From: Erik Andersen [mailto:era.als@get2net.dk]
Sent: Wednesday, August 30, 2000 12:06 PM
To: 'RL 'Bob' Morgan'
Cc: osidirectory@az05.bull.com; IETF ldapext WG; IETF ldapbis WG
Subject: X.500 and LDAP alignment


Hi Bob,

The new work item on LDAP is very loosely defined (to achieve maximum
alignment 
with LDAP) not to constrain the work. As it is an X.500 work item, we can
only 
specify alignment in one direction. We see several ideas in the LDAP work
that 
could be useful to incorporate. However, we see alignment in both directions
as 
very important. As the LDAP protocol is the most used X.500 access protocol,

extension to LDAP to support most of the features below is very desirable.

Within X.500, we have or are in the progress of adding a large number of new

features. The following are completed and stable items:

a)  Facilities to control and constrain the service given to different user 
groups using a concept called search-rules.

b)  Families of entries, for which David Chadwick has issue an Internet
draft. 
We would be very interested in seeing that progressed.

c)  Hierarchical groups, which allow hierarchies to be established
independent 
of the DIT hierarchy.

d)  Mapping-based matching with emphasis on geographical (zonal) matching
which 
allows mapping between the real world as seen by users and the model of the 
world as it is reflected in a directory.

e)  Matching rule substitution allowing a great flexibility in matching to 
ensure more successful searches

f)  Much user related diagnostic information to be returned to users to
guide 
in making a new, more successful search

Of new items, the most important is probably "Related Entries in the 
Directory". This is a way to access in one request information from
different 
directories having different naming spaces (or disjoint naming spaces). This
is 
a very significant work item that in many respects will align X.500 to the
real 
world instead of trying the reverse. It will also bring X.500 closer to the 
LDAP philosophy. Personally, I see it as a tool to provide interworking
between 
LDAP and X.500 servers (and possibly other types of directories).

Hope that helps.

Erik Andersen
Mobile: +45 20 97 14 90
E-mail;  era.als@get2net.dk
Internet: http://www.cenorm.be/isss/Workshop/DIR/Default.htm


-----Original Message-----
From:	RL 'Bob' Morgan [SMTP:rlmorgan@washington.edu]
Sent:	30. august 2000 16:57
To:	Erik Andersen
Cc:	David Chadwick; osidirectory@az05.bull.com; IETF ldapext WG; IETF
ldapbis 
WG
Subject:	RE: Matching Rules for Constructed Syntaxes


On Wed, 30 Aug 2000, Erik Andersen wrote:

> I do not see why we should not include it in our first draft for the LDAP
> alignment works. David, hope to see you in Orlando. Your presence would be
> very useful.

Can someone from the X.500 community describe and/or offer a pointer to
the "LDAP alignment" activity?  I think everyone involved with LDAP is
pleased that this is happening, but especially in the context of the
ldapbis work, one of whose items will be (I think) clarifying LDAP's
dependencies on X.500, it does raise questions of who is aligning with
whom.

Thanks,

 - RL "Bob"
Prev by Date: Re: What can you do to the ASN.1 wo getting into trouble with the IESG?
Index(es):
- Chronological
- Thread