Monday, January 9, 2012

X.500 Security Feature

X.500 protocol was developed as a directory service standard by the International Organization for Standardization (ISO) and International Telegraph and Telephone Consultative Committee (CCITT). It is not widely deployed even though X.500 was a comprehensive standard. First approved in 1988 and enhanced in 1993. X.500 protocol architecture consists of a Client-Server communicating via the Open Systems Interconnection (OSI) networking model. Client is called Directory Service Agent (DUA) and the Server is called Directory System Agent (DSA). Two sub protocols is used to communicate between systems.

Client (DUA) to Server (DSA) – Directory Access Protocol (DAP)
Server (DSA) to Server (DSA) – Directory System Protocol (DSP) 



A typical X.500 session may proceed like the following: 
Client: Connects and requests access to the server, this is called the Binding operation.  
Server: Server authenticates the client and completes the binding operation.  
Client: Requests a service from the server, such as search for an entry in the directory, and presents any parameter data.  
Server: Performs service and may connect to another X.500 server then communicates a response. 
Client: Receives response and unbinds or terminates the connection.
    Security Features of X.500   
    X.509 Public Key Infrastructure (PKI) 
      X.509 Public Key Infrastructure (PKI)
      A widely used standard for defining digital certificates. It verifies the identity of a server when using Secure Sockets Layer (SSL). The browser will check that the certificate presented by a server has been issued such as digitally signed by one of a list of trusted certificate authorities.

      Reference
      http://cis.sc4.edu/profs/wpilkey/CIS121Chap11.ppt
      http://www.collectionscanada.gc.ca/iso/ill/document/ill_directory/X_500andLDAP.pdf
      http://static.springsource.org/spring-security/site/docs/2.0.x/reference/x509.html
      http://www.javvin.com/protocolX500.html 
       
      Posted by at

      2 comments:

      1. Xue YiJanuary 10, 2012 at 6:04 AM

        HELLOOOOOOOOO YIAN HOCK! :)

        Your post is. Well explained. Colours to show the points given. The content are correct and i'm able to understand fully. Also, where the post is accompanied with the picture makes it much clearer for readers or me to get a big picture of what you are trying to write in the post. Reference are shown to let others understand more other than the points you have given. Great job! :)

        By, XueYi.

        ReplyDelete
      2. AndyJanuary 10, 2012 at 4:37 PM

        Hi yian hock, For the X.500 feature right you have mention about the security feature of X.509 public key infrastructure (PKI), is there still got any other type of security feature in X.500? If there is other type of security, can you show more information of it and will be great to show together with a demonstrate video of it. In addition, it will be great if you give more information about the public key infrastructure and eventually if you have some image or video to show it out to make me more understanding about this security feature. Anyway good effort :D
        Andy Kong Ka Weng
        1006412I

        ReplyDelete

      Subscribe to: Post Comments (Atom)