Internet-Draft Christine Yoon draft-yoon-dbpg-taxonomy-01 PricewarterhouseCoopers Expires in six months Chris Apple Track: Informational DSI Consulting Richard Burke White Obsidian Inc. Chris Harding The OpenGroup June 2003 A Taxonomy of Directories Best Practice Topics and Concepts Filename: draft-yoon-dbpg-taxonomy-01.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract There are several different topics and concepts appropriate for an LDAP-based Directories Best Practice Guide (DBPG). This document discusses these topics and concepts for interested user communities to learn more about implementing them. 1. Introduction A typical directory environment within a user organization consists of LDAP [1] directories and/or non-LDAP directories such as HR databases. A directory service deployment considers various directory topics. This document discusses these topics and identifies a DBPG section for interested users to learn more about implementing each topics. Expires 12/31/2003 [Page 1] INTERNET DRAFT LDAP Taxonomy June 2002 2. Topics 2.1 LDAP DBPG Framework This section will define and describe a framework of best practices and guidelines with respect to technical issues related to the deployment of LDAP-based directory services within user organizations. Non-technical issues will also be explored at a high level. This section will also describe typical directory services environments of user organizations. User organizations may be categorized depending on the following factors: 1) locations: some organizations may be located at a single place or distributed geographically. 2) size: some organizations may have a small number of workforce and some have a large number of workforce. 3) existing environment: some organizations may have very complex directory environment such as many islands of directory each having different management. Some may have very simple environment. 2.2 Directories and Their use The purpose of this section is to address various directory technologies and a best way to use them. Examples of existing directory technologies are RDBMS, DNS, X.500, LDAP, Virtual directory, and Meta-directory. This section describes various directory technologies, defines several typical operational and deployment scenarios, and profiles the applicability of particular technologies or combinations thereof to those scenarios. 2.3 Glossary of Directory-Related Terms and Concepts This section lists directory-related terms and concepts that are dealt by the DBPG sections. Expires 12/31/2003 [Page 2] INTERNET DRAFT LDAP Taxonomy June 2002 2.4 LDAP Information Modeling Concepts: DIT Structure & Schema Design The section provides best practices and guidelines in designing the DIT structure and schema of an LDAP directory. Different guidelines may be developed depending on the user's directory environments defined in the DBPG Framework section. 2.5 Popular Schema Profiles In addition to common user schema [2], various standard groups and industry consortia have defined different sets of directory schema elements (i.e. object classes and attributes) intended to serve the needs of various vertical and horizontal applications and services. The Internet Messaging standard group defines messaging-related schema elements. DMTF defines schema elements for CIM. This section intends to collect and list descriptions of existing schema elements defined by other standard and/or industry organizations and their references. 2.6 Schema Registration The purpose of this section is to provide best practices and guidelines to develop a schema registration process, which will prevent schema collision when multiple directories are merged or connected within a user organization. This section also facilitates to form collaborative effort of schema design for the same user organization. Furthermore, this section may address problems to be considered when implementing an automated registration service. 2.7 Directory-Enabled Application Development Issues In order for an application to communicate with an LDAP directory service, the application needs to have access to knowledge of the directory service design properties including, but not limited to its schema. This section explores various issues that should be considered by application architects, designers, developers, and testers and, if applicable, addressed during design and development of an LDAP-enabled application. Expires 12/31/2003 [Page 3] INTERNET DRAFT LDAP Taxonomy June 2002 2.8 Engineering Reliable Directory Services Different organizations will have different notions of what constitutes a "reliable" directory service. This section explores various topics within problem spaces including availability, maintainability, operation, performance, administration, and replicated/distributed operation. This section also documents various guidelines and best practices for design and analysis of directory services relative to each topic relevant to directory service reliability considerations. Where applicable, this section will also point out scenarios in which particular design considerations may act as competing constraints during the design of a directory service. 2.9 Directory Deployment Project Milestones: A Sample Project Plan The purpose of this section is to provide a sample project plan sectioning the major stages and high-level tasks for deploying a directory service. Guidelines for successfully accomplishing tasks and milestones in the sample project plan will also be provided. 2.10 Security, Privacy, Legality, Data Management, and All Things Political The general topic of security and directory services will be explored and guidelines on making use of various security-related technologies and techniques will be presented. Because the motivation for using certain security technologies is largely driven by non-technical organizational characteristics, this section will also explore various issues related to privacy,legality, and data management from individual end user, organization, and sociopolitical viewpoints. 2.11 Directory Integration Concepts This section will explore and provide guidelines for the use of various types of directory integration technologies. Typically, these technologies will support LDAP along with one or more non-LDAP information search and retrieval technologies. Commonly used terms to refer to these types of technologies include meta directories, virtual directories, directory integration tool kits, directory synchronization, and data synchronization tools. Expires 12/31/2003 [Page 4] INTERNET DRAFT LDAP Taxonomy June 2002 3. Internationalisation Considerations All DBPG sections consider issues in support of internationalisation, which cover, but not limited to, - support of UTF-8 [3] or Unicode character sets [4] - potential difference in data privacy and security among countries - data administration in multiple languages. 4. Security Considerations This document describing the DBPG sections does not have an impact on the security of the network infrastructure or of Internet applications. It should be noted that all DBP sections are required to examine and understand the security implications of any practices they develop. This analysis must be included in any resulting RFCs in a Security Considerations section. 5. Acknowledgment Alexis Bor has provided his input to this document. 6. References Request For Comments (RFC) and Internet Draft documents are available from numerous mirror sites. [1] Mark Wahl, Tim Howes, Steve Kille, Lightweight Directory Access Protocol (v3), RFC 2251, December 1997. [2] Mark Wahl, A Summary of the X.500(96) User Schema for use with LDAPv3, RFC 2256, December 1997. [3] F. Yergeau, UTF-8, a transformation format of Unicode and ISO 10646, RFC 2044, October 1996. [4] The Unicode Consortium, "The Unicode Standard -- Worldwide Character Encoding -- Version 1.0", Addison-Wesley, Volume 1, 1991, Volume 2, 1992. Expires 12/31/2003 [Page 5] INTERNET DRAFT LDAP Taxonomy June 2002 6. Author's List Christine Yoon PricewarterhouseCoopers LLP 1 Carla Court Holmdel, NJ 07733 U.S.A. Voice: +1 (732)706-3559 E-mail: christine.yoon@us.pwcglobal.com Chris Apple DSI Consulting, Inc. 51 N 3rd Street, Suite 167 Philadelphia, PA 19106 U.S.A. Voice: 610-585-4241 E-mail: capple@dsi-consulting.net Richard Burke White Obsidian 7 Mount Mews Hamton on Thames Great Britain TW12 2SH Voice: +44 2082135191 E-mail: richard.burke@white-obsidian.com Dr. Christopher J. Harding The OpenGroup Apex Plaza, Forbury Road, Reading RG1 1AX, UK Voice: +44 118 902 3018 E-mail: c.harding@opengroup.org 7. Full Copyright Statement Copyright 2002, The Internet Society. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this Expires 12/31/2003 [Page 6] INTERNET DRAFT LDAP Taxonomy JUne 2002 document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Expires 12/31/2003 [Page 7]