The X.500 directory service is a global directory service. Its components cooperate to manage information about objects such as countries, organizations, people, machines, and so on in a worldwide scope. It provides the capability to look up information by name (a white-pages service) and to browse and search for information (a yellow-pages service).
The information is held in a directory information base (DIB). Entries in the DIB are arranged in a tree structure called the directory information tree (DIT). Each entry is a named object and consists of a set of attributes. Each attribute has a defined attribute type and one or more values. The directory schema defines the mandatory and optional attributes for each class of object (called the object class). Each named object may have one or more object classes associated with it.
The X.500 namespace is hierarchical. An entry is unambiguously identified by a distinguished name (DN). A distinguished name is the concatenation of selected attributes from each entry, called the relative distinguished name (RDN), in the tree along a path leading from the root down to the named entry.
X.500 security features
•Authentication (Hashing and asymmetric encryption)
Hashing is the transformation of a message into a usually shorter fixed-length value string that represents the original string using some algorithm. The algorithm must have the characteristic that it is virtually impossible to create a message resulting in a given hash value. A hash value will typically change considerably if just one bit is changed in the original message. This allows for message integrity. If the hash value is attached to the message when transmitted, the receiver can create its own hash value and compare it to the one attached. If different, the message has been changed and should be discarded.
Asymmetric encryption requires the use of an encryption key pair consisting of a private key and a corresponding public key. A message encrypted using one of these keys can only be decrypted using the other key. The owner of the key pair is in the position of the private key. Copies of the public key may be distributed to several parties. A message encrypted by
a public key can only be decrypted by the holder of the private key. This can be used, for example, to encrypt e-mails sent to the holder of the private key
•Decryption
Digital Signatures
A message encrypted by the private key can be decrypted by anyone holding a copy
of the public key. If decryption is possible, only the holder of the private key could have sent this message. This technique is used to create digital signatures.
References
http://docs.oracle.com/javase/jndi/tutorial/ldap/models/x500.html
hello wai kit,your post regarding X.500 security feature was very good and detailed.And I know you did a lot of research for this title. However,the information was quite lengthy as there were too many words,users can not immediately know what do you want to mean just by looking at the amount of words above.Nevertheless,this is a good post as it clearly explains the knowledge of X.500 security to others.You also include some images of X.500 security so that it does look good for the reader,this make your post to be more interesting.Your paragraphing of information was good though.
ReplyDelete