FACTOID # 17: Senior gentlemen might consider a trip to Russia, where there are two women over 65 for every man.
 
 Home   Encyclopedia   Statistics   Countries A-Z   Flags   Maps   Education   Forum   FAQ   About 
 
WHAT'S NEW
RECENT ARTICLES
More Recent Articles »
 

FACTS & STATISTICS    Simple view

  1. Select countries to view: (hold down Control key and click to select several)

     

     

    Compare:

     

     
  1. Select fact or statistic: (* = graphable)

     

     

     

  2. (OPTIONAL) Compare to statistic: (both need to be graphable)

     

     

     

  3. View result as:

     

       
(OR) SEARCH ALL encyclopedia, stats & forums:   

Encyclopedia > Directory service

A directory service (DS) is a software application — or a set of applications — that stores and organizes information about a computer network's users and network resources, and that allows network administrators to manage users' access to the resources. Additionally, directory services act as an abstraction layer between users and shared resources. Application software is a subclass of computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform. ... A computer network is an interconnection of a group of computers. ... The terms network administrator, network specialist and network analyst designate job positions of engineers involved in computer networks, the people who carry out network administration. ... An abstraction layer is a way of hiding the implementation details of a particular set of functionality. ...


A directory service should not be confused with the directory repository itself; which is the database that holds information about named objects that are managed in the directory service. In the case of the X.500 distributed directory services model, one or more namespaces (forests and trees of objects) are used to form the directory service. The directory service provides the access interface to the data that is contained in one or more directory namespaces. The directory service interface acts as a central/common authority that can securely authenticate the system resources that manage the directory data. This article is about computing. ... X.500 is the set of ITU-T computer networking standards covering electronic directory services such as white pages, Knowbot and whois. ... In general, a namespace is an abstract container, which is or could be filled by names, or technical terms, or words, and these represent (stand for) real-world things. ... This page deals with authentication in computing. ...


Like a database, a directory service is highly optimized for reads and provides advanced search possibilities on many different attributes that can be associated with objects in a directory. The data that is stored in the directory is defined by an extendible and modifiable schema. Directory services use a distributed model for storing their information and that information is usually replicated between directory servers. [1] A Logical schema is a data model of a specific problem domain that has more detail than a conceptual schema, but does not include the design considerations and physical storage parameters found in a physical schema. ... Replication refers to the use of redundant resources, such as software or hardware components, to improve reliability, fault-tolerance, or performance. ...

Contents

Introduction

A simple directory service called a naming service maps the names of network resources to their respective network addresses. With the name service type of directory, a user doesn't have to remember the physical address of a network resource; providing a name will locate the resource. Each resource on the network is considered an object on the directory server. Information about a particular resource is stored as attributes of that object. Information within objects can be made secure so that only users with the available permissions are able to access it. More sophisticated directories are designed with namespaces as Subscribers, Services, Devices, Entitlements, Preferences, Content and so on. This design process is highly related to Identity management. In computer science, identity management is the management of the identity life cycle of entities (subjects or objects) during which: (1a) the identity is established: a name (or number) is connected to the subject or object; (1b) the identity is re-established: a new or addtional name (or number) is...


A directory service defines the namespace for the network. A namespace in this context is the term that is used to hold one or more objects as named entries. The directory design process normally has a set of rules that determine how network resources are named and identified. The rules specify that the names be unique and unambiguous. In X.500 (the directory service standards) and LDAP the name is called the distinguished name (DN) and is used to refer to a collection of attributes (relative distinguished names) which make up the name of a directory entry. A namespace is a context in which a group of one or more identifiers might exist. ... X.500 is the set of ITU-T computer networking standards covering electronic directory services such as white pages, Knowbot and whois. ... The Lightweight Directory Access Protocol, or LDAP (IPA: ), is an application protocol for querying and modifying directory services running over TCP/IP.[1] A directory is a set of objects with similar attributes organized in a logical and hierarchical manner. ...


A directory service is a shared information infrastructure for locating, managing, administrating, and organizing common items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is an important component of a NOS (Network Operating System). In the more complex cases a directory service is the central information repository for a Service Delivery Platform. For example, looking up "computers" using a directory service might yield a list of available computers and information for accessing them. Network operating system (NOS): Software that (a) controls a network and its message (e. ... The term Service Delivery Platform (SDP) refers to a recently embraced architectural style applied to telecommunications infrastructure problems. ...


Replication and Distribution have very distinct meanings in the design and management of a directory service. The term replication is used to indicate that the same directory namespace (the same objects) are copied to another directory server for redundancy and throughput reasons. The replicated namespace is governed by the same authority. The term distribution is used to indicate that multiple directory servers, that hold different namespaces, are interconnected to form a distributed directory service. Each distinct namespace can be governed by different authorities.


Comparison with relational databases

There are a number of things that distinguish a traditional directory service from a relational database. A relational database is a database that conforms to the relational model, and refers to a databases data and schema (the databases structure of how that data is arranged). ...

  • Depending on the directory application, the information is generally read more often than it is written. Hence the usual database features of transactions and rollback are not implemented in some directory systems. Data may be made redundant, but the objective is to get a faster response time during searches.
  • Data can be organized in a strictly hierarchical manner which is sometimes seen to be problematic. To overcome the issues of deep namespaces, some directories dismantle the object namespace hierarchy in their storage mechanisms in order to optimize navigation. That is, these directories find the item based on their data attributes and then determine their namespace values as this is faster than navigating large namespaces to find the item. In terms of cardinality, traditional directories do not have many-to-many relations. Instead, such relations must be maintained explicitly using lists of distinguished names or other identifiers (similar to the cross table identifiers used in relational databases).
  • Originally X.500 type directory information hierarchies were considered problematic against relational data designs. Today Java based object-oriented databases are being developed and XML document forms have adopted an hierarchical object model - indicating an evolution from traditional relational data engineering.
  • A schema is defined as object classes, attributes, name bindings and knowledge (namespaces).
  • An objectClass has:
    • Must-attributes that each of its instances must have
    • May-attributes that can be defined for an instance, but could also be omitted when the object is created. The lack of a certain attribute is somewhat like a NULL in relational databases
  • Attributes are sometimes multi-valued in directories allowing multiple naming attributes at one level such as machine type and serial number concatenated or multiple phone numbers for "work phone".
  • Attributes and objectClasses are standardized throughout the industry and formally registered with the IANA for their object ID. Therefore directory applications seek to reuse much of the standard classes and attributes to maximize the benefit of existing directory server software.
  • Object instances are slotted into namespaces. That is, each objectClass inherits from its parent objectClass (and ultimately from the root of the hierarchy) adding attributes to the must/may list.
  • Directory services are often a central component in the security design of an IT system and have a correspondingly fine granularity regarding access control: who may operate in which manner on what information. Also see: ACLs

Directory design is quite different from relational database design. With databases one tends to design a data model for the business issues and process requirements, sometimes with the online customer, service, user management, presence and system scale issues omitted. With directories however, if one is placing information into a common repository for many applications and users, then its information (and identity) design and schema must be developed around what the objects are representing in real life. In most cases, these objects represent users, address books, rosters, preferences, entitlements, products and services, devices, profiles, policies, telephone numbers, routing information, etc. In addition one must also consider the operational aspects of design in regard to performance and scale. A quick check on the operational design is to take eg. 1 million users, 50 objects each with users or applications accessing these objects up to 5000 times a second, minute, or hour (to authorize and update their service environments), and check if the server and network machinery considered can support this. In mathematics, the cardinality of a set is a measure of the number of elements of the set. There are two approaches to cardinality – one which compares sets directly using bijections and injections, and another which uses cardinal numbers. ... The Internet Assigned Numbers Authority (IANA) is the entity that oversees global IP address allocation, DNS root zone management, and other Internet protocol assignments. ... This article or section does not cite any references or sources. ... This article describes how security can be achieved through design and engineering. ... In computer security, an access control list (ACL) is a list of permissions attached to an object. ...


The major difference with databases and directories is at the system level where a database is used to automate a process with a dedicated (relational) data model, but a directory is used to hold "identified" objects that can be used by many applications in random ways. A Directory service is applied where "multi governance" (many applications and users) are, for integrity and efficiency reasons, using the same information. This approach to system design gives greater scale and flexibility so that the larger scale functions such as Service Delivery Platforms can be specified correctly. SDPs now need to support 100s of millions of objects (HSS/HLR, address books, user entitlements, VOIP telephone numbers, user and device information, etc) in real time, random ways and be managed from BSS/OSS/CRM type systems as well as the customer self care applications. The term Service Delivery Platform (SDP) refers to a recently embraced architectural style applied to telecommunications infrastructure problems. ...


Symptomatic of database designs is that the larger companies have hundreds (if not thousands) of them for different processes and are now trying to converge their user and service identity information and their online goods and services management, and deliver these in real time, cost effectively. So a large scale directory service should be in their solution architecture.


Implementations of directory services

Directory services were part of an Open Systems Interconnection (OSI) initiative to get everyone in the industry to agree to common network standards to provide multi-vendor interoperability. In the 1980s the ITU and ISO came up with a set of standards - X.500, for directory services, initially to support the requirements of inter-carrier electronic messaging and network name lookup. The Lightweight Directory Access Protocol, LDAP, is based on the directory information services of X.500, but uses the TCP/IP stack and a string encoding scheme of the X.500 protocol DAP, giving it more relevance on the Internet. This article or section does not adequately cite its references or sources. ... The International Telecommunication Union (ITU; French: Union internationale des télécommunications, Spanish: Unión Internacional de Telecomunicaciones) is an international organization established to standardize and regulate international radio and telecommunications. ... “ISO” redirects here. ... X.500 is the set of ITU-T computer networking standards covering electronic directory services such as white pages, Knowbot and whois. ... The Lightweight Directory Access Protocol, or LDAP (IPA: ), is an application protocol for querying and modifying directory services running over TCP/IP.[1] A directory is a set of objects with similar attributes organized in a logical and hierarchical manner. ... X.500 is the set of ITU-T computer networking standards covering electronic directory services such as white pages, Knowbot and whois. ... The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. ... X.500 is the set of ITU-T computer networking standards covering electronic directory services such as white pages, Knowbot and whois. ...


There have been numerous forms of directory service implementations from different vendors. Among them are:

There are also plenty of open-source tools to create directory services, including OpenLDAP and the Kerberos protocol, and Samba software which can act as a Domain Controller with Kerberos and LDAP backends. The Network Information Service or NIS is Sun Microsystems’ “Yellow Pages” (YP) client-server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. ... Yellow Pages or YP as is commonly known, was the original name for the Network Information Service (NIS), a directory service created by Sun Microsystems. ... Sun Microsystems, Inc. ... Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®, sometimes also written as or ® with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... iPlanet is the name of a computer software company. ... Netscape Communications Corporation was the publisher of the Netscape Navigator web browser as well as many other internet and intranet client and server software products. ... Sun ONE stands for the Sun Open Net Environment. ... Novell eDirectory (formerly called Novell Directory Services [NDS]) is an X.500 compatible directory service software product released in 1993 by Novell, Inc. ... For the road bicycle racing team previously known as Novell, see Rabobank (cycling). ... Windows redirects here. ... NetWare is a network operating system and the set of network protocols it uses to talk to client machines on the network. ... This article is about operating systems that use the Linux kernel. ... Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®, sometimes also written as or ® with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... In computer science, identity management is the management of the identity life cycle of entities (subjects or objects) during which: (1a) the identity is established: a name (or number) is connected to the subject or object; (1b) the identity is re-established: a new or addtional name (or number) is... For other uses, see Red Hat (disambiguation). ... Red Hat Enterprise Linux (often abbreviated to RHEL) is a Linux distribution produced by Red Hat and targeted toward the commercial market, including mainframes. ... Fedora Core is an RPM-based Linux distribution, developed by the community-supported Fedora Project and sponsored by Red Hat. ... The Fedora Directory Server (FDS) is an LDAP (Lightweight Directory Access Protocol) server developed by Red Hat, as part of Red Hats community-supported Fedora Project. ... Typically Active Directory is managed using the graphical Microsoft Management Console. ... Microsoft Corporation, (NASDAQ: MSFT, HKSE: 4338) is a multinational computer technology corporation with global annual revenue of US$44. ... Windows 2000 (also referred to as Win2K) is a preemptive, interruptible, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. ... Windows Server 2003 is a server operating system produced by Microsoft. ... Apple Inc. ... Mac OS X Server is the server-oriented version of Apples operating system, Mac OS X. Mac OS X, in both desktop and server versions, is a Unix operating system based on technology that Apple acquired from NeXT Computer. ... Open Directory is the directory service and network authentication services architecture at the core of Mac OS X Server from Apple Computer. ... The Lightweight Directory Access Protocol, or LDAP (IPA: ), is an application protocol for querying and modifying directory services running over TCP/IP.[1] A directory is a set of objects with similar attributes organized in a logical and hierarchical manner. ... Apache Software Foundation Logo The Apache Software Foundation (ASF) is a non-profit corporation (classified as 501(c)(3) in the United States) to support Apache software projects, including the Apache HTTP Server. ... The Apache Directory Server is an open source project of the Apache Software Foundation. ... Oracle Corporation (NASDAQ: ORCL) is one of the major companies developing database management systems (DBMS), tools for database development, middle-tier software, enterprise resource planning software (ERP), customer relationship management software (CRM) and supply chain management (SCM) software. ... The Sun Java System Directory Server is Sun Microsystems scalable LDAP directory server and a component of Java Enterprise System. ... Sun Microsystems, Inc. ... OpenDS is an open source directory service platform. ... Sun Microsystems, Inc. ... Banyan VINES (for Virtual Integrated NEtwork Service) is a computer network operating system and the set of computer network protocols it uses to talk to client machines on the network. ... IBM Tivoli Directory Server (ITDS), formerly known as IBM Directory Server is an IBM implementation of the LDAP protocol. ... Typically Active Directory is managed using the graphical Microsoft Management Console. ... OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP). ... The Fedora Directory Server (FDS) is an LDAP (Lightweight Directory Access Protocol) server developed by Red Hat, as part of Red Hats community-supported Fedora Project. ... For other uses, see Open source (disambiguation). ... OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP). ... Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. ... Samba logo. ... Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. ...


Notes

IBM Directory Server: this is the IBM product implementing Directory Services.

  1. ^ Carter, Gerald (2003) "LDAP System Administration". O'Reilly pp 3–4

See also

The Domain Name System (DNS) associates various sorts of information with so-called domain names; most importantly, it serves as the phone book for the Internet by translating human-readable computer hostnames, e. ... The LDAP Data Interchange Format (LDIF) is a standard data interchange format for representing LDAP directory content as well as directory update (Add, Modify, Delete, Rename) requests. ... Directory Service Markup Language (DSML) is a representation of directory service information in an XML syntax. ...

References

  • Carter, Gerald (2003). LDAP System Administration. O'Reilly Media. ISBN 978-1-56592-491-8. 

Programming Perl is a classic OReilly book. ...

External links

  • Directory Technology Review - An investigation into the use of directories for developing a management application which can manage both data and network services, specifically for the web hosting industry.
  • EngNet Engineering Directory Online Directory categorized by products and services within engineering and industry disciplines

 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments
Please enter the 5-letter protection code

Want to know more?
Search encyclopedia, statistics and forums:
 


Lesson Plans | Student Area | Student FAQ | Reviews | Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms.