Wednesday, 11 January 2012

X.500 Security Feature


X.500 Directory Service is a standard way to develop an electronic directory of people in an organization so that it can be part of a global directory available to anyone in the world with Internet access.

Providing an X.500 directory allows an organization to make itself and selected members known on the Internet. Two of the largest directory service providers are InterNIC, the organization that supervises domain name registration in the U.S., and ESnet, which maintains X.500 data for all the U.S. national laboratories. ESNet and similar providers also provide access to looking up names in the global directory, using a number of different user interfaces including designated Web sites,whois, and finger. These organizations also provide assistance to organizations that are creating their own Directory Information Tree (DIT).

X.500 directories are quite often used in government and military environments where X.500's ability to offer a higher-level of security and secure replication in a distributed environment is appreciated.

X.400 and X.500 use the X.509 authentication framework directly:
  • Peer to peer server applications, such as X.500 DISP replication, will generally use two way authentication.
  • Client applications such as X.400 P7 or X.500 DAP may use two way authentication. In some situations one way authentication is also used, which may be when the client does not wish to authenticate the server, and when a client not using strong authentication wishes to strongly authenticate the server.
In addition,there are a number of standard protocols that support strong authentication. Strong authentication was initially developed for X.400 and X.500, and all of the peer protocols support strong authentication. In particular:
  • X.500 DAP, DSP and DISP.
  • X.400 P1, P3 and P7.

No comments:

Post a Comment