Use of LDAP Directory in support of AMHS



ACP WGN02-WP17

ACP/SGN3 WP/1-8

07/11/03

AERONAUTICAL COMMUNICATIONS PANEL(ACP)

Working Group N - NETWORKING

SUBGROUP N3 – GROUND-GROUND Applications

Bangkok, November 2003 (SGN3 first meeting, WGN second meeting)

Agenda Item 3 : ATS Message Handling Services

Use of LDAP Directory in support of AMHS

Presented by Jean-Marc Vacher

Summary

The ACP Working Group N has been tasked by the ANC to consider the use of TCP/IP protocols in the provision of aeronautical internetworking.

The goal of this paper is to make a first general analysis of the potential benefits and constraints in the AMHS context of the Lighweight Directory Access Protocol (LDAP), which is part of the “TCP/IP protocol suite”, and supports directory services.

The idea is to use LDAP in support of AMHS, in addition or as a substitute for ATN X.500 Directory Services.

TABLE OF CONTENTS

1 Introduction 3

2 SHORT presentation OF LDAP 3

3 Potential use in the AMHS context 3

4 Interoperability issues 4

5 Recommendations to the meeting 5

REFERENCES

[1] Manual of Technical Provisions for the Aeronautical Telecommunication Network (ATN), ICAO Doc 9705, Third Edition - Sub-Volume III, Ground-Ground Applications

[2] Manual of Technical Provisions for the Aeronautical Telecommunication Network (ATN), ICAO Doc 9705, Third Edition - Sub-Volume VII, ATN Directory Services

[3] Comprehensive ATN Manual (CAMAL), ICAO Doc 9739, Second Edition

[4] RFC3377 Lightweight Directory Access Protocol (v3): Technical Specification

[5] RFC2251 Lightweight Directory Access Protocol (v3)

[6] RFC2252 Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions

[7] RFC2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names

[8] RFC2254 The String Representation of LDAP Search Filters

[9] RFC2255 The LDAP URL Format

[10] RFC2256 A Summary of the X.500(96) User Schema for use with LDAPv3

[11] RFC2829 Authentication Methods for LDAP

[12] RFC2830 Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security

[1”] The Lightweight Directory Access Protocol: X.500 Lite (CITI Technical Report 95-8, Timothy A. Howes)

Introduction

The ACP Working Group N has been tasked by the ANC to consider the use of TCP/IP protocols in the provision of aeronautical internetworking.

The Lighweight Directory Access Protocol (LDAP) is a protocol standardized by the Internet Engineering Task Force, which is part of the “TCP/IP protocol suite”, and supports directory services.

The goal of this paper is to make a first general analysis of the potential benefits and constraints of LDAP in the AMHS context. The idea is to use LDAP in support of AMHS, in addition or as a substitute for ATN X.500 Directory Services. This solution could be particularly applicable in ICAO Regions with a ground IP interwork infrastructure.

SHORT presentation OF LDAP

LDAP is a protocol which enables access to Directory Servers implementing X.500 Directory Information Tree (DIT) and Directory Information Base (DIB). It assumes the same information model and namespace as X.500.

LDAP comes as a substitute of the X.500 DAP (Directory Access Protocol). It relies directly upon TCP/IP lower layers, without use of OSI presentation and session layers (nor of course of OSI or ATN lower layers).

It offers a more limited number of directory operations than DAP, and simplifies the syntax and encoding of these operations.

The current LDAP standard to-date is LDAPv3. It has been standardized in RFC3377 [4] which itself refers to a set of nine RFCs (see [5] to [12]).

General information about LDAP can be found very easily on the web (see [1”] for example, which provides a brief comparison with X.500) or in technical publications. Detailed information is also available.

From another perspective, the LDAP protocol and Directory servers implementing LDAP are widely available commercially, from a variety of vendors. LDAP is not hit by the reduction of commercially available implementations that can be observed for ISO OSI protocols. Conversely, X.500 protocols such as DAP, DSP, and more strongly shadowing and replication protocols such as DISP, which rely upon fully compliant OSI protocol stacks, are hit by this market evolution.

Potential use in the AMHS context

The main benefit of LDAP in the AMHS context is that its compatibility, in terms of Directory Information tree (DIT) and Directory Contents, with a X.500 Directory.

This means that the work already performed in the ATN environment can be used without changes, as far as the DIT structure is concerned. In practice, this means that the ATN DIT and Directory Information Base (DIB)specified in ICAO Document 9705 Edition 3, Sub-Volume 7, (ref. [2]) can be re-used potentially without change.

This is particularly useful in Regions such as the ICAO EUR Region, where it has been decided that AMHS implementation would make use of TCP/IP lower layers. Although it would be technically feasible to implement X.500 DAP/DSP protocols over TCP/IP, using an OSI upper layer stack and a RCF1006 interface, it might be significantly easier to directly implement LDAP over TCP/IP.

The use of ATN Directory Services in support of AMHS is specified in ICAO Document 9705 Edition 3, Sub-Volume 3, (ref. [1]), as part of the Extended ATS Message Service, and it is further explained in Doc 9739, Part III Chapter 6 about ATSMHS (ref [3]).

In a first analysis, the concepts described in these documents appear to applicable in a LDAP Directory environment. This is particularly true for AMHS address conversion based on Directory, making use of a distributed (Directory-based) Address Publication Service (APS). Such a function is considered extremely useful for transition from AFTN/CIDIN environments to AMHS.

Interoperability issues

The question of interoperability with fully-compliant ATN implementations obvious arises with such a technical solution.

In the same way as for ATS Message Servers, overall interoperability can be achieved by means of dual-stack systems. This means that a Directory Server acting as an Inter-Regional Gateway would provide interconnections between the LDAP Directory environment (typically a Region with a ground IP internetwork infrastructure) and the full-ATN compliant environment.

Such an Inter-Regional Boundary Directory Server would implement two protocol stacks:

• LDAP over TCP/IP, and

• X.500 over a full ATN-compliant stack for ATN Directory Services.

The Inter-Regional Directory Server could include a full replication of Directory information held in the “LDAP Region”, and/or it could map LDAP protocol operations onto X.500 protocol operations.

It is proposed that such gatewaying facilities be implemented at the Regional level, to avoid the need for many Directory servers of implementing both stacks.

Such a combined architecture is depicted in Figure 1.

Figure 1 – Interoperability between LDAP and ATN/X.500 Directory Servers

Recommendations to the meeting

The meeting is invited to confirm the potential benefit of LDAP-based Directory architectures for ground communications between ATSOs.

The working group is invited to further analyse such benefits, potential constraints, and to develop detailed specifications for the use of LDAP Directory in support of AMHS, including appropriate provisions to ensure interoperability between ATN Directory Services and LDAP-based Directory Services.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download