Lightweight Directory Access Protocol Research Articles

Inventions on LDAP Data Management - A TRIZ Based Analysis

The data model of LDAP is same as X.500 data model. The LDAP protocol assumes there are one or more servers, which jointly provide access to a Directory Information Tree (DIT). The tree is made up of entries. Entries have relative distinguished name (RDN), which must be unique among all its siblings. The concatenation of the relative distinguished names from a particular entry to an immediate subordinate of the root of the tree forms the Distinguished Name (DN) for that entry. (IETF, RFC 2251). LDAP provides add, delete and modify operations for data modification. Each of these LDAP update operation is atomic. That means the whole operation is processed as a single unit of work. If a modify request is supposed to affect multiple attributes within an entry, it has to either affect all the attributes or none of the attributes. As LDAP does not specify any specific mechanism for data storage, different venders implement different storage mechanism, which causes incompatibility in certain operations like directory merging or integration. This article is a TRIZ based study of patents on Lightweight Directory Access Protocol (LDAP) data management. The objective of this article is to find the major concerns in managing LDAP directories, find the IFR and trends of evolution in LDAP data management and predict the future lines of inventions on data management in LDAP directories. This article is a part of the main study made on LDAP based on 60 patents selected from US patent database.

Metadata: Practical, painless, profitable

Metadata: Practical, painless, profitable

Enterprise Integration with Ruby

If you need to glue together multiple technologies, such as databases, Lightweight Directory Access Protocol (LDAP), XML, messaging, Remote Procedure Calls (RPCs), and distributed objects, the Ruby programming language might be the answer to help you do it.

Clustering of LDAP directory schemas to facilitate information resources interoperability across organizations

Directories provide a well-defined general mechanism for describing organizational resources such as the resources of the Internet2 higher education research community and the Grid community. Lightweight directory access protocol directory services enable data sharing by defining the information's metadata (schema) and access protocol. Interoperability of directory information between organizations is increasingly important. Improved discovery of directory schemas across organizations, better presentation of their semantic meaning, and fast definition and adoption (reuse) of existing schemas promote interoperability of information resources in directories. This paper focuses on the discovery of related directory object class schemas and in particular on clustering schemas to facilitate discovering relationships and so enable reuse. The results of experiments exploring the use of self-organizing maps (SOMs) to cluster directory object classes at a level comparable to a set of human experts are presented. The results show that it is possible to discover the values of the parameters of the SOM algorithm so as to cluster directory metadata at a level comparable to human experts

An LDAP-based User Modeling Server and its Evaluation

Representation components of user modeling servers have been traditionally based on simple file structures and database systems. We propose directory systems as an alternative, which offer numerous advantages over the more traditional approaches: international vendor-independent standardization, demonstrated performance and scalability, dynamic and transparent management of distributed information, built-in replication and synchronization, a rich number of pre-defined types of user information, and extensibility of the core representation language for new information types and for data types with associated semantics. Directories also allow for the virtual centralization of distributed user models and their selective centralized replication if better performance is needed. We present UMS, a user modeling server that is based on the Lightweight Directory Access Protocol (LDAP). UMS allows for the representation of different models (such as user and usage profiles, and system and service models), and for the attachment of arbitrary components that perform user modeling tasks upon these models. External clients such as user-adaptive applications can submit and retrieve information about users. We describe a simulation experiment to test the runtime performance of this server, and present a theory of how the parameters of such an experiment can be derived from empirical web usage research. The results show that the performance of UMS meets the requirements of current small and medium websites already on very modest hardware platforms, and those of very large websites in an entry-level business server configuration.

Scripting JAX-WS [JavaScript

If you need to glue together multiple technologies, such as databases, lightweight directory access protocol (LDAP), XML messaging, remote procedure calls (RPCs), and distributed objects, the Ruby programming language might be the answer to help you do it

Inventions on Integrating LDAP with Other Directories - A TRIZ Based Analysis of US Patents

Thus the LDAP architecture allows multiple LDAP servers work together on the same directory tree or multiple directory trees. Besides, LDAP being built on an open architecture, it is quite possible to integrate with other directory servers. LDAP can be mapped onto any other directory system so long as the X.500 data and service model as used in LDAP is not violated in LDAP interface. LDAP server may store data in a Flat file, in RDBMS or in any other database. The LDAP client applications can use LDAP directory interface without having knowledge on the underlying data storage mechanism. However, there are some issues and concerns in integrating multiple LDAP servers or Integrating LDAP directories with other directories. Different directories may use different schema for their directory objects. It is not possible to integrating database of one schema directly with database having another schema. This article is a TRIZ based study of patents on integrating Lightweight Directory Access Protocol (LDAP) with other directories. The objective of this article is to find the major concerns in integrating LDAP with other directories, find the IFR and trends of evolution in LDAP integration and predict the future lines of inventions on integrating LDAP with other directories. This article is a part of the main study made on LDAP based on 60 patents selected from US patent database.

Wireless Security Study Guide: Mediocre at Best

This article is a review of the book 'CWSP Certified Wireless Security Professional Official Study Guide (Exam PWO-200)' By Planet3 Wireless published by McGraw-Hill/Osbome, 2003. The book covers a wide range of topics including: local area networks and wireless LAN auditing tools; target profiling; war chalking; social engineering; unauthorized access on wireless LANs; radio frequency jamming; data flooding; wireless client hijacking; US federal regulations regarding information security; corporate policy writing and security best practices; encryption schemes; authentication; virtual private networking; gateway devices; intrusion detection systems; authenticated Domain Name Systems; thin clients; Kerberos; Radius; the Lightweight Directory Access Protocol, and biometrics. The book's goal is to prepare the reader for a certification exam, the reviewer feels the book has little benefit beyond this.

A DAM journey in a mature business

Whirlpool Corporation deployed digital asset management through several implementations. The initial thrust was developing skill sets and an understanding of the available technology within its Creative Works group. This led to an implementation that allowed creative production staff to organize digital assets and assure the ability to locate those assets for repurposing. As technology advanced new tools became available that allowed additional functionality and more robust management of assets. This included support of Lightweight Directory Access Protocol (LDAP) protocols to offer single sign-on, asset-level security to manage assets throughout the lifecycle of the products, and a self-serve environment that allowed creating web services to meet varying needs of a diverse user group. These groups consisted of super users among the creative staff, agencies and marketing department, as well as the more general users of the corporate environment and of our trade partners.

Connector Architecture for Computer-Assisted Design and Manufacturing Systems

Flexible integration concepts for computer-assisted design (CAD) and manufacturing (CAM) systems have been identified as a key to let shipyards select and implement best-in-class software components for their CAD and CAM operations. Current implementations are dominated by bilateral links based on proprietary data exchange formats and are too complex to upgrade parts of a CAD/CAM infrastructure without negative impacts on the other parts. This paper describes the ongoing development of a connector architecture for CAD and CAM systems in shipbuilding. The architecture decouples CAD and CAM systems on the basis of a flexible integration technology, utilizing XML data exchange, lightweight directory access protocol (LDAP), and message-based communication. An enterprise reference model describing all relevant shipbuilding business objects forms the basis for the integration. So-called adapters connect the various CAD and CAM systems to the architecture. An automatic nesting solution is presented as a sample business solution in the connector architecture environment.

LDAP: framework, practices, and trends

Directory services facilitate access to information organized under a variety of frameworks and applications. The lightweight directory access protocol is a promising technology that provides access to directory information using a data structure similar to that of the X.500 protocol. IBM Tivoli, Novell, Sun, Oracle, Microsoft, and many other vendors feature LDAP-based implementations. The technology's increasing popularity is due both to its flexibility and its compatibility with existing applications.

A middleware architecture for distributed systems management

This paper presents a middleware solution for global management of any kind of distributed system, such as networks of PCs/workstations, clusters or server farms. Our approach lies in an object-oriented software architecture that models all kind of management information using the common information model (CIM) developed by the Distributed Management Task Force (DMTF). The classes and attributes obtained after the modeling process are mapped to a Lightweight Directory Access Protocol (LDAP) repository. This paper discusses the key features of our middleware that allows that any element (physical, logical, device, user or system) can be managed using a network-oriented and topology-independent approach. A representative example of management domain illustrates the procedures followed to build management applications using our middleware architecture.

Terminology access methods leveraging LDAP resources.

Health terminologies have become more complex, more massive, and more ubiquitous in the modern healthcare enterprise. Present technology makes the use of these terminologies by humans, unaided by machines, virtually impossible. However, system and message interoperability can be severely compromised if the software services deploying terminology content and interfaces are themselves non-standard. We review some characteristics for good terminology services and introduce an open-source, robust, widely deployed and widely available software resource to underpin terminology service implementations. The Lightweight Directory Access Protocol, or LDAP, is compared with alternative technologies. We describe a reference implementation of terminology services built around the HL7 Common Terminology Services using LDAP methods. We propose that LDAP is well suited as a common platform for federated, synchronized, and algorithmically distributed terminology content from multiple sources.

그룹통신을 이용한 견고한 LDAP 서버

LDAP(Lightweight Directory Access Protocol) 디렉토리 서비스는 인터넷이나 인트라넷 등 네트워크 상에 있는 파일이나 장치들과 같은 자원의 위치를 찾을 수 있도록 정보를 제공한다. LDAP는 인터넷에서 표준 디렉토리 서비스 구조로 폭넓게 받아들여지고 있으므로, 다수의 LDAP 서버들 사이에 디렉토리 정보를 중복하여 유지함으로써 특정 서버와의 네트워크 단절(Partition)과 같은 결함이 발생되는 상황에서도 투명하고 지속적으로 서비스를 제공하는 것이 바람직하다. 본 논문에서는 JACE 그룹통신 시스템의 프로세스 그룹으로 동작하는 견고한 LDAP 서버 시스템과 자바 응용 프로그램에서 서비스를 사용할 수 있도록 그룹통신을 이용하는 LDAP 서비스 제공자의 설계와 구현에 대하여 기술한다. LDAP (Lightweight Directory Access Protocol) Directory Service provides information for locating resources like files and devices over the network such as Internet or Intranet. Since LDAP is widely accepted as one of the standard directory service structure for the Internet, it is desirable that a group of LDAP servers works transparently and continuously even if the related network partitions temporally, through maintaining replicated directory information among those LDAP servers. In this paper, we describe the design and implementation of a robust LDAP sewer, which runs as a process group in JACE group communication system, and the associated LDAP service provider which enables Java applications to use the developed LDAP directory service.

An enhanced message networking topology: Multimedia messaging with the Intuity™ interchange server

This paper describes the features and benefits of message networking and the Intuity™ Interchange, a new, intelligent, multiprotocol and multivendor networking server used in multimedia (voice, fax, e-mail, and/or binary) messaging networks. The Interchange integrates Lucent Technologies' multimedia messaging servers — for example, Intuity/DEFINITY®/R1 AUDIX®, and Overture Aria/Serenade — as well as non-Lucent messaging systems, into one seamless and expandable messaging network. In addition to supporting Lucent's digital and analog protocols, the Interchange also supports or will support open standard interfaces, such as Audio Message Interface Specification (AMIS) analog, Voice Profile for Internet Mail (VPIM), and Simple Message Transfer Protocol/Multipurpose Internet Mail Extensions (SMTP/MIME), for communication with other vendors' voice-mail systems (for example, Northern Telecom's Meridian Mail) and e-mail systems (for example, Microsoft∗ Exchange∗). Because the Interchange is built on an open platform, additional add-on applications are being rapidly developed to co-reside on the hub server. One such application is Enterprise Lists, which allows large enterprise-wide broadcast lists to be defined statically or dynamically. Anyone in the entire network having permission can reach these lists. Application directions include such features as the lightweight directory access protocol (LDAP), which allows for intelligent enterprise network directory access and builds on the existing centralized directory synchronization already available in the Interchange.

Applying lightweight directory access protocol service on session certification authority

Lightweight Directory Access Protocol (LDAP) service is a new technology being applied on the Internet. On large-scale network systems using Transmission control protocol (TCP)/Internet protocol (IP), there is no standard suggested for single directory––certainly without one to be routinely used on the scale of intranets. LDAP service has many great features, such as providing quick and advanced search, quick response and hierarchy view of data. It also can be utilized to many different applications. Certification Authority (CA) is a trusted system, and it plays an important role just like a notary bridging between end-entities and helps end-entities to establish a secure environment. If someone wants to trade or communicate with others, he or she needs the certificate issued by the CA to help him or her get the trust from others. When a number of end-entities need this service, the load of CA may become huge. Using distributed CAs may sound like a good idea, but it costs too much. In this paper, we have designed a Session CA using a directory system to share its load without the necessity to maintain the Certificate Revocation List (CRL) because the lifetime of the attribute certificate is very short. With these great features of LDAP service mentioned above, it becomes desirable that we can apply them to design a new CA system. By using LDAP service, we can reduce the load of certification significantly between CA and end-entity. In addition, this new technology can reduce the maintenance work of administration and improve the efficiency of our new proposed CA. Furthermore, combining with Role-Based Access Control (RBAC) and attribute certificate, the security of our system is greatly improved.

Use of LDAP to partially implement the OGIS discovery service

The geographical information systems (GIS) community has over the years captured and generated large amounts of geographical data. Discovery of these heterogeneous data sets is our main concern. Research described in this paper is focussed on one component of a Georesource Centre, an infrastructure facilitating the sharing of geographical data and processes among organizations. The role of this component, the Selector Broker, is to process metadata queries in the search for appropriate data sets. Processing of queries within the Selector Broker involves translation of the metadata semantics and query syntax. There are several ways such a translation can be done and we have adopted the direct translation of semantics and syntax in this paper. In direct translation, semantic and syntactic differences are mapped directly between systems without going through an intermediate system. In the design of the Centre, organizations use the Lightweight Directory Access Protocol (LDAP) to store entries of geographical data sets they have collected. The Selector Broker processes these entries using pre-defined semantic and syntactic mappings to translate the initial queries. The service provided by the Selector Broker is accessed through the Common Request Broker Architecture (CORBA).

Access control and session management in the HTTP environment

As the only ubiquitous public data network, the Internet offers business partners a communications channel that previously existed only in unique situations with private, special-purpose networks. Well-publicized security risks, however, have limited the deployment of business-to-business extranets, which typically use the Internet's public data network infrastructure. These risks extend behind firewalls to intranets, where any user gaining entry to a facility is often implicitly authenticated to access unprotected services by simply plugging a portable computer into an unused network port. The author describes an approach that uses role-based access controls (RBACs) and Web session management to protect against network security breaches in the HTTP environment. The RBAC and session management services augment network-level security, such as firewalls, inherent in the deployment of any Web based system with untrusted interfaces. The RBACs are implemented through the Internet Engineering Task Force's Lightweight Directory Access Protocol (LDAP). Session management is implemented through cryptographically secured, cookie-based ticket mechanisms.

The LTAP trigger gateway for LDAP directories

LDAP (Lightweight Directory Access Protocol) directories are being rapidly deployed on the web. They are currently used to store data like white pages information, user profiles, and network device descriptions. LDAP directories offer scalability advantages over current database technologies, as well as being more flexible. However, as users begin to use them for Directory Enabled Networking tasks such as provisioning network services, allocating resources, reporting, managing end-to-end security, and offering mobile users customized features that follow them, LDAP's limited functionality becomes a significant barrier to progress. For example, LDAP directories do not have active database functionality (i.e., triggers). However, triggers are necessary for monitoring changes to directories and taking appropriate actions, just as they are for databases. Such functionality is crucial to take full advantage of proposals such as the Directory Enabled Network (DEN) initiative. Currently, trigger functionality is non-standardized for LDAP and each vendor's solution is non-portable. We built the Lightweight Trigger Access Process (LTAP) gateway to provide a portable way to add triggers to a LDAP directory. We describe the trigger language, the gateway's implementation, as well as our experiences gained both during implementation and from our users. LTAP is currently being used in several projects. LTAP can be downloaded at http://ltap.bell-labs.com. Copyright © 2000 John Wiley & Sons, Ltd.

LDAP directory services- just another database application? (tutorial session)

The key driving force behind general-purpose enterprise directory services is for providing a central repository for commonly and widely used information such as users, groups, network service access information and profiles, security information, etc. Acceptance of the Lightweight Directory Access Protocol (LDAP) as an access protocol has facilitated widespread integration of these directory services into the network infrastructure and applications. Both directory and relational databases are data repositories sharing the characteristic that they have mechanisms for dealing with schema and structure of information and are suitable for systematically organized data. This tutorial describes characteristics of directories such as schema information, query language and support, storage mechanisms required, typical requirements imposed by applications, etc. We then explain the differences between a directory and relational database, and show how the two are required to co-exist in a typical enterprise. An essential characteristic assumed for information stored in directories is that it is relatively static and that the queries are mostly read only. We describe typical directory applications to validate this assumption and project the requirements imposed on them as these applications evolve. We then describe areas of overlap between traditional databases and directories, describe some database and directory integration solutions adopted in the market, and identify areas in which directory deployment can benefit from the experience gathered by the database community.