[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Grouping Attributes Together
There has been the requirement for many years to be able to group
together a set of related attributes for an object. Examples include:
all the attributes that describe a PGP key
all the attributes that describe an Email address/post box
This works using the existing X.500/LDAP information model if the
object only has one such set of attributes e.g. one PGP key, or
one email address, but does not work if the object has many such
sets of attributes. The reason it does not work is that multi-valued
attributes comprise a SET and not a SEQUENCE, hence it is not
possible to relate which particular value from attribute 1 belongs
with which particular value from attribute 2.
The X.500 group are working on a solution to this problem, and
have two possible candidate solutions. One is compound
attributes, the other is families of entries.
Compound attributes are attributes whose values are themselves
sets of attributes. In this way a whole set of attributes is related
together via the enclosing compound attribute value.
Families of entries comprise a parent entry with subordinate
entries, where each subordinate entry contains the set of related
attributes. The family can be treated as one compound entry or a
single entry by the user, depending upon the operation.
Both solutions will require additions to the LDAP protocol (via
controls) and to the X.500 information model.
Given that the problem domain is equally applicable to users of
LDAP servers as of X.500/LDAP DSAs, is seems desirable that the
solution chosen to this problem is one that both the IETF LDAP
group and ITU-T X.500 group can readily accept.
I would therefore like to propose that the LDAP-EXT group add this
work item to their charter. I will be present at the Orlando meeting
to further describe the problem and proposed solutions if the group
would like to discuss it some more before making a decision. I also
have the texts of both solutions (families of entries and compound
attributes) that I will make available to the list, so that a technical
choice can be made. (Both solutions are currently in Word/RTF
format and so would need some editing before they are available in
ASCII, although they could be distributed now as is, if people
thought that this was appropriate).
I await your feedback
David
***************************************************
David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 370 957 287
Email D.W.Chadwick@iti.salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
***************************************************