OSI stands for "Open Standards for Interconnection" from ISO / ITU
an OSI name is called a "Distinguished name" which is used in all OSI related technologies such as
- Certificates (X509)
- LDAP directories including Microsoft Active directory (X500)
- Military and aeronautical messaging systems (X400)
A "Distinguished name" (DN) is a collection of one or more of the following components
- CN Common name
- OU Organisation Unit
- O Organization
- C Country
- and many others like "givenname","sn surname","l location" ......
or with the alternate DC scheme mostly used in directories.
If you want to participate in the openLDAP referral service (ldap://root.openldap.org) you MUST use the DC scheme and set appropriate SRV records in your DNS.
Common meanings of OU are as follows:
- OU=People # users
- OU=Services # Daemons
openOSI also uses in its naming scheme:
- OU=VirtualPeople # nicknames
- OU=PKI # Certification authorities
In principle you are free to use what you want as DN components value, unless you request a certification authority to certify these values. That is unless you intend a public use of these names to participate in an Internet of trust (similarly to the dns - Domain name system).
You MUST use a "Distinguished name" to generate a certificate request, see fillingDN
For additional information check the various OSI X500 and RFC
There could be links between DNS and OSI naming scheme, especially when domain components are used for distinguished names. Some people stores DNS DB in an LDAP directory (like Microsoft optionally). Most people don't in order to keep loosely coupling between DNS and Directories. There is an interesting use of LDAP directories for certificates when storing these certificates and their revocation list (CRL) in the directories. Therefore you MAY imagine a scheme that facilitate directory searching for your certificate retrieval. That is unless you use a third part directory like openOSI (directory.opensosi.org). openOSI practice is to store your certificate in virtual OU unit according the openOSI naming scheme without relying on the distinguished name of the certificate. See certCheck, and CAcertsRetrieve