openOSI project  

LDAP X500

X.509 Certificates

x509 ISO ITU standards

Discussion

Identification and Autnetication GRID security framework

openosiJMS messaging
   

Back home

X500 is a directory application designed on the top of the OSI stack, able to handle informations for persons as well as objects, according to modular schemas, many of them are standardized (e.g RFC 2927, 2798 ...see also work in progress for UDDI schema), .

Unlike X400, X500 has no real competitors, but a lightweight version LDAP, running directly over the TCP/IP stack.

X500 was designed as a multiprotocol directory application based on OSI stack. But TCP/IP is now dominating the market as a foundation of internet. Therefore, thanks to LDAP, less complexity is available in every day use, lowering implementation and administration costs. 

DAP (Directory Access protocol) is a foundation of X500, with the naming space. LDAP, stands for Lightweight DAP. It's the recognized de-facto standard over the internet. As such it's a foundation for identity management, and therefore authentication procedures, and underlying access control and type enforcement.

The main drawback of the LDAP design is the referral mechanism. Where an X500 directory is able to automatically forward an unanswered request to an other X500 directory, an LDAP directory can only send a named LDAP referral to the client (RFC 3296). Note that MS Active Directory does not yet support either of these mechanisms.

This is a problem concerning a network of directories, or open requests e.g. on the internet. The X500 level appears, now, as a federation level, relaying on distributed operations.

Many professional directory systems are compliant with X500 standard like LDAP based Microsoft Active directory (more...), Novell  NDS, Redhat Directory server.... It is therefore possible to interconnect these products, with a native X500 directory, using appropriate commercial connectors like NOVELL, TITUS, ISODE, BITRIX, . The open source model allows a tight integration using JNDI for X500/LDAP and osiJMS for X400, based on RFC 2156 and 2163.

The X.500 standard itself does not define an API for accessing the directory, nor does LDAP. This is where LDAP could be enhanced using a more general (federation) programming model: JNDI. Note that LDAP directory could be a repository for Java objects and that JNDI has a specific mechanism to handle referrals on the client side.

   

Native X500 is still used in the X400 markets because of the common OSI model. LDAP as a worldwide-recognized standard, is a foundation for identity management, leading to single sign on (Liberty Identity Services Interface Specification - ID-SIS, see ID-SIS-CB contact book and SAML requirements). LDAP is also a foundation for GRID with GT 4.0 WS Monitoring and Discovery Systems (MDS) from GLOBUS.

 

    Theses technologies will feed emerging markets and Internet evolution toward semantic web and semantic GRID, with help of UDDI schemas.  

Sponsors