RFC 2120 (rfc2120) - Page 3 of 14
Managing the X
Alternative Format: Original Text Document
RFC 2120 Managing the X.500 Root Naming Context March 1997
2 Migration Plan
The NameFLOW-Paradise service is now migrating to X.500 Standard
[X.500 93] conforming products, and it is essential to replace the
Quipu replication protocol with the 1993 shadowing and operational
binding protocols, but without losing the performance improvement
that has been gained for one-level Searches.
It is still the intention of the NameFLOW-Paradise service to have
one master root DSA. This root DSA will not support user Directory
operations via the LDAP, the DAP or the DSP, but each country (first
level) DSA will be able to shadow the root context from this root
DSA, using the DISP. Each first level DSA then only needs to have one
bi-lateral agreement, between itself and the root DSA. This agreement
will ensure that the first level DSA keeps the root DSA up to date
with its country level information, and in turn, that the root DSA
keeps the first level DSA up to date with the complete root naming
context. When a new first level DSA comes on line, it only needs to
establish a bi-lateral agreement with the root DSA, in order to
obtain the complete root context.
This is a much easier configuration to manage than simply a set of
first level DSAs without a root DSA, as suggested in the ISO X.500
Standard. In the X.500 Standard case each first level DSA must have
bi-lateral agreements with all of the other first level DSAs. When a
new first level DSA comes on line, it must establish agreements with
all the existing first level DSAs. As the number of first level DSAs
grows, the process becomes unmanageable.
However, it is also important to increase the amount of information
that is held about every country entry, so that a one-level Search
operation can be performed in each first level DSA, without it
needing to chain or refer the operation to all the other first level
DSAs (as is currently the case with a X.500 Standard conforming
system.)
3 Technical Solutions
3.1 The solution at first appears to be relatively straight forward,
and involves two steps. Firstly, create a root DSA, and establish
hierarchical operational bindings using the DOP, between it and each
master first level DSA. Secondly, each master first level DSA enters
into a shadowing agreement with the root DSA, to shadow the enlarged
root context information. In this way each first level DSA is then
capable of independently performing List and one-level Search
operations, and name resolving to all other first level DSAs.
Chadwick Experimental