Browse Prior Art Database

Splicing Together Heterogeneous Directory And Security Registries

IP.com Disclosure Number: IPCOM000123743D
Original Publication Date: 1999-Apr-01
Included in the Prior Art Database: 2005-Apr-05
Document File: 7 page(s) / 309K

Publishing Venue

IBM

Related People

Hahn, T: AUTHOR

Abstract

In the computing industry today, a multitude of directory services exist. These have grown over time out of necessity by individual applications, companies and operating systems. There is a need to be able to provide a consolidated view of this information and to allow update to this information through a central point. The work described in this disclosure defines an algorithm for accomplishing this using the X.500 Directory model as the consolidated view of the information. This algorithm keeps the storage location of the information where it exists today but allows query and update of the information through what appear as updates to information in the X.500 Directory model.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 26% of the total text.

Splicing Together Heterogeneous Directory And Security Registries

   In the computing industry today, a multitude of directory
services exist.  These have grown over time out of necessity by
individual applications, companies and operating systems.  There is a
need to be able to provide a consolidated view of this information
and to allow update to this information through a central point.  The
work described in this disclosure defines an algorithm for
accomplishing this using the X.500 Directory model as the
consolidated view of the information.  This algorithm keeps the
storage location of the information where it exists today but allows
query and update of the information through what appear as updates to
information in the X.500 Directory model.

   The merging of this information is termed "splicing" in
this disclosure.

   The Directory Service model that is targeted is the
Directory model described in the X.500 set of standards.  In this
Directory model, a Directory service stores information in a
hierarchical tree of entries.  Each entry in the hierarchy can
contain information.  The information in each entry is organized
into a set of attributes.  Each attribute has a name (called the
attribute type) and one or more attribute values.  Each attribute
type must be defined to be of a certain syntax.  The syntax of the
attribute type indicates the format of the attribute values.  Each
entry also has a descriptor of which attributes are allowed to
appear in the entry.  This descriptor is called the object class.  An
object class in the Directory model is a description of which
attribute types must and which attribute types may appear within an
entry.  An entry in the tree can be made up of multiple object
classes.  In this case, the set of attribute types that can be part
of the entry consists of the union of the set of attributes defined
for each object class.

   In addition to having an object class setting, and one or
more attribute types, each having one or more values, each entry in
the hierarchical tree of information has a unique name.  This name,
called the distinguished name, consists of the distinguished name of
the entry's parent entry in the hierarchical tree along with a set of
one or more attribute value pairs taken from the entry information.
These attribute value pairs constitute the relative distinguished
name of the entry.  Using this method, each entry in the directory
has a unique distinguished name.

   The object class(es) of an entry are held as part of the
information contained in the entry.  This information is stored in a
well-known attribute type called objectClass.  For example, if an
entry in the hierarchy were defined to contain information in the
form of two object classes, the objectClass attribute type would
contain two attribute values, each value consisting of the name of
the object class.

   Object classes can be defined to be either structural or
auxiliary.  An entry can be...