Network Working Group S. Kille Request for Comments: 2293 Isode Ltd. Obsoletes: 1837 March 1998 Category: Standards Track
Network Working Group S. Kille Request for Comments: 2293 Isode Ltd. Obsoletes: 1837 March 1998 Category: Standards Track
Representing Tables and Subtrees in the X.500 Directory
表示X.500目录中的表和子树
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
This document defines techniques for representing two types of information mapping in the OSI Directory [1].
本文档定义了在OSI目录中表示两种类型的信息映射的技术[1]。
1. Mapping from a key to a value (or set of values), as might be done in a table lookup.
1. 从一个键到一个值(或一组值)的映射,这可能在表查找中完成。
2. Mapping from a distinguished name to an associated value (or values), where the values are not defined by the owner of the entry. This is achieved by use of a directory subtree.
2. 从可分辨名称映射到关联值(一个或多个值),其中值不是由条目的所有者定义的。这是通过使用目录子树实现的。
These techniques were developed for supporting MHS use of Directory [2], but are specified separately as they have more general applicability.
这些技术是为支持MHS使用目录[2]而开发的,但由于它们具有更广泛的适用性,因此单独指定。
1 Representing Flat Tables
1代表平板
Before considering specific function, a general purpose technique for representing tables in the directory is introduced. The schema for this is given in Figure 1. A table can be considered as an unordered set of key to (single or multiple) value mappings, where the key cannot be represented as a global name. There are four reasons why this may occur:
在考虑具体功能之前,先介绍一种表示目录中的表的通用技术。图1给出了这方面的模式。表可以被视为一组无序的键到(单个或多个)值映射,其中键不能表示为全局名称。出现这种情况的原因有四个:
1. The object does not have a natural global name.
1. 对象没有自然全局名称。
2. The object can only be named effectively in the context of being a key to a binding. In this case, the object will be given a natural global name by the table.
2. 对象只能在作为绑定键的上下文中有效命名。在这种情况下,表将为对象指定一个自然全局名称。
3. The object has a global name, and the table is being used to associate parameters with this object, in cases where they cannot be placed in the objects global entry. Reasons why they might not be so placed include:
3. 该对象具有全局名称,并且在无法将参数放置在对象全局条目中的情况下,该表用于将参数与该对象关联。它们可能不被如此放置的原因包括:
o The object does not have a directory entry
o 该对象没有目录项
o There is no authority to place the parameters in the global entry
o 没有权限将参数放置在全局条目中
o The parameters are not global --- they only make sense in the context of the table.
o 这些参数不是全局的——它们只在表的上下文中有意义。
4. It is desirable to group information together as a performance optimization, so that the block of information may be widely replicated.
4. 希望将信息分组在一起作为性能优化,以便信息块可以广泛复制。
A table is represented as a single level subtree. The root of the subtree is an entry of object class Table. This is named with a common name descriptive of the table. The table will be located somewhere appropriate to its function. If a table is private to an MTA, it will be below the MTA's entry. If it is shared by MTA's in an organization, it will be located under the organization.
表表示为单级子树。子树的根是对象类表的一个条目。这是用描述表的通用名称命名的。该表将位于适合其功能的位置。如果某个表是MTA专用的,则该表将位于MTA条目的下方。如果它由MTA在组织中共享,则它将位于该组织下。
The generic table entry contains only a description. All instances will be subclassed, and the subclass will define the naming attribute. Two subclasses are defined:
通用表条目仅包含说明。所有实例都将被子类化,子类将定义命名属性。定义了两个子类:
table OBJECT-CLASS ::= { SUBCLASS OF {top} MUST CONTAIN {commonName} MAY CONTAIN {manager} ID oc-table}
table OBJECT-CLASS ::= { SUBCLASS OF {top} MUST CONTAIN {commonName} MAY CONTAIN {manager} ID oc-table}
tableEntry OBJECT-CLASS ::= { SUBCLASS OF {top} MAY CONTAIN {description} 10 ID oc-table-entry}
tableEntry OBJECT-CLASS ::= { SUBCLASS OF {top} MAY CONTAIN {description} 10 ID oc-table-entry}
textTableEntry OBJECT-CLASS ::= { SUBCLASS OF {tableEntry} MUST CONTAIN {textTableKey} MAY CONTAIN {textTableValue} ID oc-text-table-entry}
textTableEntry OBJECT-CLASS ::= { SUBCLASS OF {tableEntry} MUST CONTAIN {textTableKey} MAY CONTAIN {textTableValue} ID oc-text-table-entry}
textTableKey ATTRIBUTE ::= { SUBTYPE OF name 20 WITH SYNTAX DirectoryString {ub-name} ID at-text-table-key}
textTableKey ATTRIBUTE ::= { SUBTYPE OF name 20 WITH SYNTAX DirectoryString {ub-name} ID at-text-table-key}
textTableValue ATTRIBUTE ::= { SUBTYPE OF name WITH SYNTAX DirectoryString {ub-description} ID at-text-table-value}
textTableValue ATTRIBUTE ::= { SUBTYPE OF name WITH SYNTAX DirectoryString {ub-description} ID at-text-table-value}
distinguishedNameTableEntry OBJECT-CLASS ::= { SUBCLASS OF {tableEntry} 30 MUST CONTAIN {distinguishedNameTableKey} ID oc-distinguished-name-table-entry}
distinguishedNameTableEntry OBJECT-CLASS ::= { SUBCLASS OF {tableEntry} 30 MUST CONTAIN {distinguishedNameTableKey} ID oc-distinguished-name-table-entry}
distinguishedNameTableKey ATTRIBUTE ::= { SUBTYPE OF distinguishedName ID at-distinguished-name-table-key}
distinguishedNameTableKey ATTRIBUTE ::= { SUBTYPE OF distinguishedName ID at-distinguished-name-table-key}
Figure 1: Representing Tables
图1:表示表
1. TextEntry, which define table entries with text keys, which may have single or multiple values of any type. An attribute is defined to allow a text value, to support the frequent text key to text value mapping. Additional values may be defined.
1. TextEntry,它使用文本键定义表条目,文本键可以有任何类型的单个或多个值。定义一个属性来允许文本值,以支持频繁文本键到文本值的映射。可以定义其他值。
2. DistinguishedNameEntry. This is used for associating information with globally defined objects. This approach should be used where the number of objects in the table is small or very sparsely spread over the DIT. In other cases where there are many objects or the objects are tightly clustered in the DIT, the subtree approach defined in Section 2 will be preferable. No value attributes are defined for this type of entry. An application of this will make appropriate subtyping to define the needed values.
2. 区分名称条目。这用于将信息与全局定义的对象关联。当表中的对象数量很少或分布在DIT上的对象非常稀疏时,应使用这种方法。在DIT中有许多对象或对象紧密聚集的其他情况下,第2节中定义的子树方法更可取。没有为此类型的条目定义值属性。应用此项将进行适当的子类型化,以定义所需的值。
This is best illustrated by example. Consider the MTA:
这最好用例子来说明。考虑MTA:
CN=Bells, OU=Computer Science, O=University College London, C=GB
CN=Bells, OU=Computer Science, O=University College London, C=GB
Suppose that the MTA needs a table mapping from private keys to fully qualified domain names (this example is fictitious). The table might be named as:
假设MTA需要一个从私钥到完全限定域名的表映射(这个示例是虚构的)。该表的名称可能为:
CN=domain-nicknames, CN=Bells, OU=Computer Science, O=University College London, C=GB
CN=domain-nicknames, CN=Bells, OU=Computer Science, O=University College London, C=GB
To represent a mapping in this table from "euclid" to "bloomsbury.ac.uk", the entry:
要在此表中表示从“euclid”到“bloomsbury.ac.uk”的映射,条目:
TextTableKey=euclid, CN=domain-nicknames, CN=Bells, OU=Computer Science, O=University College London, C=GB
TextTableKey=euclid, CN=domain-nicknames, CN=Bells, OU=Computer Science, O=University College London, C=GB
will contain the attribute:
将包含以下属性:
TextTableValue=bloomsbury.ac.uk
TextTableValue=bloomsbury.ac.uk
A second example, showing the use of DistinguishedNameEntry is now given. Consider again the MTA:
现在给出了第二个示例,展示了DifferentiedNameEntry的使用。再次考虑MTA:
CN=Bells, OU=Computer Science, O=University College London, C=GB
CN=Bells, OU=Computer Science, O=University College London, C=GB
Suppose that the MTA needs a table mapping from MTA Name to bilateral agreement information of that MTA. The table might be named as:
假设MTA需要从MTA名称到该MTA的双边协议信息的表映射。该表的名称可能为:
CN=MTA Bilateral Agreements, CN=Bells, OU=Computer Science, O=University College London, C=GB
CN=MTA Bilateral Agreements, CN=Bells, OU=Computer Science, O=University College London, C=GB
To represent information on the MTA which has the Distinguished Name:
要表示具有可分辨名称的MTA上的信息,请执行以下操作:
CN=Q3T21, ADMD=Gold 400, C=GB
CN=Q3T21, ADMD=Gold 400, C=GB
There would be an entry in this table with the Relative Distinguished Name of the table entry being the Distinguished Name of the MTA being referred to. The MTA Bilateral information would be an attribute in this entry. Using a non-standard notation, the Distinguished Name of the table entry is:
此表中会有一个条目,该条目的相对可分辨名称为所引用MTA的可分辨名称。MTA双边信息将是此条目中的一个属性。使用非标准符号,表项的可分辨名称为:
DistinguishedNameTableKey=<CN=Q3T21, ADMD=Gold 400, C=GB>, CN=MTA Bilateral Agreements, CN=Bells, OU=Computer Science, O=University College London, C=GB
DistinguishedNameTableKey=<CN=Q3T21, ADMD=Gold 400, C=GB>, CN=MTA Bilateral Agreements, CN=Bells, OU=Computer Science, O=University College London, C=GB
2 Representing Subtrees
2表示子树
A subtree is similar to a table, except that the keys are constructed as a distinguished name hierarchy relative to the location of the subtree in the DIT. The subtree effectively starts a private "root", and has distinguished names relative to this root. Typically, this approach is used to associate local information with global objects. The schema used is defined in Figure 2. Functionally, this is equivalent to a table with distinguished name keys. The table approach is best when the tree is very sparse. This approach is better for subtrees which are more populated.
子树类似于表,只是键被构造为相对于子树在DIT中的位置的可分辨名称层次结构。子树有效地启动了一个私有“根”,并具有相对于该根的可分辨名称。通常,此方法用于将局部信息与全局对象关联。所使用的模式如图2所示。在功能上,这相当于具有可分辨名称键的表。当树非常稀疏时,表方法是最好的。这种方法更适合于子树的填充。
The subtree object class defines the root for a subtree in an analogous means to the table. Information within the subtree will generally be defined in the same way as for the global object, and so
subtree对象类以类似于表的方式定义子树的根。子树中的信息通常以与全局对象相同的方式定义,依此类推
subtree OBJECT-CLASS ::= { SUBCLASS OF {top} MUST CONTAIN {commonName} MAY CONTAIN {manager} ID oc-subtree}
subtree OBJECT-CLASS ::= { SUBCLASS OF {top} MUST CONTAIN {commonName} MAY CONTAIN {manager} ID oc-subtree}
Figure 2: Representing Subtrees
图2:表示子树
no specific object classes for subtree entries are needed.
子树条目不需要特定的对象类。
For example consider University College London.
例如,考虑伦敦大学学院。
O=University College London, C=GB
O=伦敦大学学院,C=GB
Suppose that the UCL needs a private subtree, with interesting information about directory objects. The table might be named as:
假设UCL需要一个私有子树,其中包含有关目录对象的有趣信息。该表的名称可能为:
CN=private subtree, O=University College London, C=GB
CN=私有子树,O=伦敦大学学院,C=GB
UCL specific information on Inria might be stored in the entry:
Inria的UCL特定信息可能存储在条目中:
O=Inria, C=FR, CN=private subtree, O=University College London, C=GB
O=Inria, C=FR, CN=private subtree, O=University College London, C=GB
Practical examples of this mapping are given in [2].
[2]中给出了这种映射的实际示例。
3 Acknowledgments
3致谢
Acknowledgments for work on this document are given in [2].
[2]中给出了对本文件工作的确认。
References
工具书类
[1] The Directory --- overview of concepts, models and services, 1993. CCITT X.500 Series Recommendations.
[1] The Directory --- overview of concepts, models and services, 1993. CCITT X.500 Series Recommendations.
[2] Kille, S.E., "X.400-MHS use of the X.500 directory to support X.400-MHS routing," RFC 1801, June 1995.
[2] Kille,S.E.,“X.400-MHS使用X.500目录支持X.400-MHS路由”,RFC 18011995年6月。
4 Security Considerations
4安全考虑
Security considerations are not discussed in this memo.
本备忘录中未讨论安全注意事项。
5 Author's Address
5作者地址
Steve Kille Isode Ltd The Dome The Square Richmond TW9 1DT England
Steve Kille Isode有限公司位于英格兰里士满TW9 1DT的圆顶广场
Phone: +44-181-332-9091 EMail: S.Kille@ISODE.COM
Phone: +44-181-332-9091 EMail: S.Kille@ISODE.COM
A Object Identifier Assignment
对象标识符分配
mhs-ds OBJECT IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) isode-consortium (453) mhs-ds (7)}
mhs-ds OBJECT IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) isode-consortium (453) mhs-ds (7)}
tables OBJECT IDENTIFIER ::= {mhs-ds 1}
tables OBJECT IDENTIFIER ::= {mhs-ds 1}
oc OBJECT IDENTIFIER ::= {tables 1} at OBJECT IDENTIFIER ::= {tables 2}
oc OBJECT IDENTIFIER ::= {tables 1} at OBJECT IDENTIFIER ::= {tables 2}
oc-subtree OBJECT IDENTIFIER ::= {oc 1} oc-table OBJECT IDENTIFIER ::= {oc 2} 10 oc-table-entry OBJECT IDENTIFIER ::= {oc 3} oc-text-table-entry OBJECT IDENTIFIER ::= {oc 4} oc-distinguished-name-table-entry OBJECT IDENTIFIER ::= {oc 5}
oc-subtree OBJECT IDENTIFIER ::= {oc 1} oc-table OBJECT IDENTIFIER ::= {oc 2} 10 oc-table-entry OBJECT IDENTIFIER ::= {oc 3} oc-text-table-entry OBJECT IDENTIFIER ::= {oc 4} oc-distinguished-name-table-entry OBJECT IDENTIFIER ::= {oc 5}
at-text-table-key OBJECT IDENTIFIER ::= {at 1} at-text-table-value OBJECT IDENTIFIER ::= {at 2} at-distinguished-name-table-key OBJECT IDENTIFIER ::= {at 3}
at-text-table-key OBJECT IDENTIFIER ::= {at 1} at-text-table-value OBJECT IDENTIFIER ::= {at 2} at-distinguished-name-table-key OBJECT IDENTIFIER ::= {at 3}
Figure 3: Object Identifier Assignment
图3:对象标识符分配
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。