Network Working Group                                          C. Apple
Request for Comments: 2116                            AT&T Laboratories
FYI: 11                                                       K. Rossen
Obsoletes: 1632                                         MCI Systemhouse
Category: Informational                                      April 1997
Page 1

X.500 Implementations Catalog-96

Status of this Memo

This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Abstract

This document is a revision to [RFC 1632]: A Revised Catalog of Available X.500 Implementations and is based on the results of data collection via a WWW home page that enabled implementors to submit new or updated descriptions of currently available implementations of X.500, including commercial products and openly available offerings. [RFC 1632] is a revision of [RFC 1292]. We contacted each contributor to [RFC 1632] to request an update and published the URL of the WWW home page survey template in several mailing lists to encourage the submission of new product descriptions.

This document contains detailed description of 31 X.500
implementations - DSAs, DUAs, and DUA interfaces.

Table of Contents

1. Introduction
1.1 Purpose
1.2 Scope
1.3 Disclaimer
1.4 Overview
1.5 Acknowledgements
2. Keywords
2.1 Keyword Definitions
2.1.1 Availability
2.1.2 Conformance with International Standards
2.1.3 Conformance with Proposed Internet Standards
2.1.4 Consistence with Other Relevant Standards and Profiles
2.1.5 Consistence with Informational and Experimental RFCs
2.1.6 Support for Popular Schema Elements
2.1.7 Miscellaneous Functionality
2.1.8 Implementation Type


Page 2

2.1.9 Internetworking Environment
2.1.10 Pilot Connectivity
2.1.11 Miscellaneous Information
2.1.12 Operating Environment
2.2 Implementations Indexed by Keyword
3. Implementation Descriptions
(for individual description page numbers see Table 2-1, p. 15) 4. References
5. Security Considerations
6. Editors' Addresses

1. Introduction

This document catalogs currently available implementations of X.500, including commercial products and openly available offerings. For the purposes of this survey, we classify X.500 products as,

DSA

A DSA is an OSI application process that provides the Directory functionality,

DUA

A DUA is an OSI application process that represents a user in accessing the Directory and uses the DAP to communicate with a DSA, and

DUA Interface

A DUA Interface is an application process that represents a user in accessing the Directory using either DAP but supporting only a subset of the DAP functionality or a protocol different from DAP to communicate with a DSA or DUA.

Section 2 of this document contains a listing of implementations cross referenced by keyword. This list should aid in identifying implementations that meet your criteria.

To compile this catalog, the IDS Working Group solicited input from the X.500 community by publishing a URL for a set of on-line description forms deployed on the WWW as a home page on an InterNIC server. This URL


Page 3

(http://www.internic.net/projects/x500catalog/catalogtop.html) was advertised on the following directory-related mailing lists: iso@nic.ddn.mil, isode@nic.ddn.mil, osi-ds@cs.ucl.ac.uk,
ids@merit.edu, ietf-asid@umich.edu, mhs-ds@mercury.udev.cdc.com, nadf-l@ema.org, and dssig@nist.gov.

Readers are encouraged to submit comments regarding both the forms and content of this memo. New submissions are welcome. Please direct input to the Integrated Directory Services (IDS) Working Group (ietf-ids@umich.edu) or to the authors. IDS will produce new versions of this document when a significant number of substantive comments have been received or when significant updates and/or modifications to X.500-related standards documents have been ratified. This will be determined by the IDS chairpersons.

1.1 Purpose

The Internet has experienced a steady growth in X.500 piloting activities. This document hopes to provide an easily accessible source of information on X.500 implementations for those who wish to consider X.500 technology for deploying a Directory service.

1.2 Scope

This document contains descriptions of both free and commercial X.500 implementations. It does not provide instructions on how to install, run, or manage these implementations. The descriptions and indices are provided to make the readers aware of available options and thus enable more informed choices.

1.3 Disclaimer

Implementation descriptions were written by implementors and vendors, and not by the editors. We worked with the description authors to ensure uniformity and readability, but cannot guarantee the accuracy or completeness of the descriptions, nor the stability of the implementations.


Page 4

1.4 Overview

Section 1 contains introductory information.

Section 2 contains a list of keywords, their definitions, a cross reference of the X.500 implementations by these keywords and a table containing implementor name, implementor abreviation, and the page of this document on which the description begins for a particular implementor.

Section 3 contains the X.500 implementation descriptions.

Section 4 has a list of references.

Section 6 lists the editors' addresses.

1.5 Acknowledgments

The creation of this catalog would not have been possible without the efforts of the description authors and the members of the IDS Working Group. Our special thanks to the editors of [RFC 1632], Linda Millington and Sri Sataluri who graciously contributed the nroff source file used to structure their version of the catalog.

2. Keywords

Keywords are abbreviated attributes of the X.500 implementations. The list of keywords defined below was derived from the
implementation descriptions themselves. Implementations were indexed by a keyword either as a result of: (1) explicit, not implied, reference to a particular capability in the implementation description text, or (2) input from the implementation description author(s).

2.1 Keyword Definitions

This section contains keyword definitions. They have been organized and grouped by functional category. The definitions are ordered first alphabetically by keyword category, and second alphabetically by implementation name within keyword category.

2.1.1 Availability

Available via FTP

Implementation is available using FTP.


Page 5

Commercially Available

This implementation can be purchased.

Free

Available at no charge, although other restrictions may apply.

Limited Availability

Need to contact provider for terms and conditions of distribution.

2.1.2 Conformance with International Standards

PICS-AVAIL

Completed PICS per X.581/X.582

DAP

Support for the DAP protocol

DSP

Support for the DSP protocol

DISP

Support for the DISP protocol

DOP

Support for the DOP protocol

BAC

Support for Basic Access Control

SAC

Support for Simplified Access Control

2.1.3 Conformance with Proposed Internet Standards

These RFCs specify standards track protocols for the Internet community. Implementations which conform to these evolving proposed standards have a higher probability of interoperating with other implementations deployed on the Internet.


Page 6

RFC-1274

Implementation supports [RFC 1274]: Barker, P., and S. Kille, The COSINE and Internet X.500 Schema, University College, London, England, November 1991.

RFC-1276

Implementation supports [RFC 1276]: Kille, S., Replication and Distributed Operations extensions to provide an Internet Directory using X.500, University College, London, England, November 1991.

RFC-1277

Implementation supports [RFC 1277]: Kille, S., Encoding Network Addresses to support operation over non-OSI lower layers, University College, London, England, November 1991.

RFC-1567

Implementation supports [RFC 1567]: Mansfield, G., and Kille, S., X.500 Directory Monitoring MIB, AIC Systems Laboratory, ISODE Consortium, January 1994.

RFC-1777

Implementation supports [RFC 1777]: Yeong, W., Howes, T., and Kille, S., Lightweight Directory Access Protocol, March 1995.

RFC-1778

Implementation supports [RFC 1778]: Howes, T., Kille, S., Yeong, W., and Robbins, The String Representation of Standard Attribute Syntaxes, March 1995.

RFC-1779

Implementation supports [RFC 1779]: Kille, S., A String Representation of Distinguished Names, March 1995.

RFC-1798

Implementation supports [RFC 1798]: Young, A., Connection-less Lightweight Directory Access Protocol, June 1995.


Page 7

2.1.4 Consistence with Informational and Experimental Internet RFCs

These RFCs provide information to the Internet community and are not Internet standards. Compliance with these RFCs is not necessary for interoperability but may enhance functionality.

RFC-1202

Implementation supports [RFC 1202]: Rose, M. T., Directory Assistance Service. February 1991.

RFC-1249

Implementation supports [RFC 1249]: Howes, T., M. Smith, and B. Beecher, DIXIE Protocol Specification, University of Michigan, August 1991.

RFC-1275

Implementation supports [RFC 1275]: Kille, S., Replication Requirements to provide an Internet Directory using X.500, University College, London, England, November 1991.

RFC-1278

Implementation supports [RFC 1278]: Kille, S., A string encoding of Presentation Address, University College, London, England, November 1991.

RFC-1279

Implementation supports [RFC 1279]: Kille, S., X.500 and Domains, University College, London, England, November 1991.

RFC-1558

Implementation supports [RFC 1558]: Howes, T., A String Representation of LDAP Search Filters, December 1993.

RFC-1562

Implementation supports [RFC 1562]: Michaelson, G. and Prior, M., Naming Guidelines for the AARNet X.500 Directory Service, December 1993.


Page 8

RFC-1608

Implementation supports [RFC 1608]: Johannsen, T., Mansfield, G., Kosters, M., and Sataluri, S., Representing IP Information in the X.500 Directory, March 1994.

RFC-1609

Implementation supports [RFC 1609]: Mansfield, G., Johannsen, T., and Knopper, M., Charting Networks in the X.500 Directory, March 1994.

RFC-1617

Implementation supports [RFC 1617]: Barker, P., Kille, S., and Lenggenhager, T., Naming and Structuring Guidelines for X.500 Directory Pilots, May 1994.

RFC-1781

Implementation supports [RFC 1781]: Kille, S., Using OSI Directory to Achieve User Friendly Naming, March 1995.

RFC-1801

Implementation supports [RFC 1801]: Kille, S., MHS Use of the X.500 Directory to support MHS Routing, June 1995.

RFC-1803

Implementation supports [RFC 1803]: Wright, R., Getchell, Howes, T., Sataluri, S., Yee, P., and Yeong, W.,
Recommendations for an X.500 Production Directory Service, June 1995.

RFC-1804

Implementation supports [RFC 1804]: Mansfield, G., Rajeev, P., Raghavan, S., and Howes, T., Schema Publishing in X.500 Directory, June 1995.


Page 9

2.1.5 Consistence with Other Relevant Standards and Profiles

ADI12

Implementation support ISO/IEC pdISP 10615-2: DSA Support of Directory Access.

ADI21

Implementation supports ISO/IEC ISP 10615-3: Directory System: DSA Responder Role.

ADI22

Implementation supports ISO/IEC ISP 10615-4: Directory System: DSA Initiator Role.

ADI31

Implementation supports ISO/IEC pdISP 10615-X: DUA Support of Distributed Operations.

ADI32

Implementation supports ISO/IEC pdISP 10615-X: DSA Support of Distributed Operations.

FDI11

Implementation supports ISO/IEC pdISP 10616: Common Directory Use.

FDI3

Implementation supports ISO/IEC pdISP 11190: FTAM Use of The Directory.

XDS

Implementation supports the XDS API defined in IEEE 1224.2

2.1.6 Support for Popular Schema Elements

NADF

Implementation supports the directory schema defined in NADF SD-4.


Page 10

Other Popular Schemas

Implementation supports other popular schema elements.

2.1.7 Miscellaneous Functionality

DYN-OBJ

Implementation allows the object class of an entry to be changed dynamically (not allowed in X.500[1988], allowed in 1993)

ALIAS-CONSISTENCY

Implementation incorporates facilities for maintenance of alias integrity in the face of modification or deletion of the aliased object.

2.1.8 Implementation Type

API

Implementation comes with an application programmer's interface (i.e., a set of libraries and include files).

DSA Only

Implementation consists of a DSA only. No DUA is included.

DSA/DUA

Both a DSA and DUA are included in this implementation.

DUA Interface

Implementation is a DUA-like program that uses either DAP, but supporting only a subset of the DAP functionality, or uses a protocol different from DAP to communicate with a DSA or DUA.

DUA Only

Implementation consists of a DUA only. No DSA is included.

LDAP

DUA interface program uses the Lightweight Directory Access Protocol (LDAP).


Page 11

2.1.9 Internetworking Environment

CLNS

Implementation operates over the OSI ConnectionLess Network Service (CLNS).

OSI Transport

Implementation operates over one or more OSI transport protocols.

RFC-1006

Implementation operates over [RFC 1006] with TCP/IP transport service. [RFC 1006] is an Internet Standard.

X.25

Implementation operates over OSI X.25.

2.1.10 Pilot Connectivity

DUA Connectivity

The DUA can be connected to the pilot, and information on any pilot entry looked up. The DUA is able to display standard attributes and object classes and those defined in the COSINE and Internet Schema.

DSA Connectivity

The DSA is connected to the DIT, and information in this DSA is accessible from any pilot DUA.

2.1.11 Miscellaneous

Included in ISODE

DUAs that are part of ISODE.

Limited Functionality

Survey states that the implementation has some shortcomings or intended lack of functionality, e.g., omissions were part of the design to provide an easy-to-use user interface.


Page 12

Motif

Implementation provides a Motif-style X Window user interface.

OpenView

Implementation provides an OpenView-style X Window user interface.

X Window System

Implementation uses the X Window System to provide its user interface.

Language Support

Implementation supports single or multiple languages.

Documentation Language Support

Documentation for implementation is available in single or multiple languages.

Number of Implementations

Implementor gave an estimate of the number of instantiations of their implementation are deployed in live directory services.

Existing Database Support

Implementation includes support for a non-X.500 DIT repository, synchronization with non-X.500 DBMS, or non-X.500 DBMS to X.500 DIT repository format conversion tools.

2.1.12 Operating Environment

MS Windows

Implementation runs under Microsoft Windows.

MS Windows NT

Implementation runs under Microsoft Windows NT.

MS Windows95

Implementation runs under Microsoft Windows95.


Page 13

386

Implementation runs on a 386-based platform.

486

Implementation runs on a 486-based platform.

Pentium

Implementation runs on a Pentium-based platform.

Bull

Implementation runs on a Bull platform.

CDC

Implementation runs on a CDC MIPS platform.

DEC ULTRIX

Implementation runs under DEC ULTRIX.

DEC UNIX

Implementation runs under DEC UNIX.

DEC OpenVMS AXP

Implementation runs on a DEC AXP platform running OpenVMS.

DEC OpenVMS VAX

Implementation runs on a DEC VAX platform running OpenVMS.

HP

Implementation runs on an HP platform.

IBM PC

Implementation runs on a PC.

IBM RISC

Implementation runs on IBM's RISC UNIX workstation.


Page 14

ICL

Implementation runs on an ICL platform.

Macintosh

Implementation runs on a Macintosh.

Multiple Vendor Platforms

Implementation runs on more than one hardware platform.

Sequent

Implementation runs on a Sequent platform.

SNI

Implementation runs on a Siemens Nixdorf platform.

Solbourne

Implementation runs on a Solbourne platform.

Sun

Implementation runs on a Sun platform.

Tandem

Implementation runs on a Tandem platform.

UNIX

Implementation runs on a generic UNIX platform.

2.2 Implementations Indexed by Keyword

This section contains an index of implementations by keyword. You can use this list to identify particular implementations that meet your chosen criteria.

Table 2-1 shows the implementations about which information can be found in this document as well as the abreviation used to represent this implementation and the page number on which each implementation description begins.


Page 15

   Implementation Name                   |Abbreviation    | Page
   ======================================|================|======
   A-Window-To-Directory                 |AWTD            |  33
   --------------------------------------|----------------|------
   Critical Angle X.500 Enabler          |CAXE            |  35
   --------------------------------------|----------------|------
   cxdua                                 |cxdua           |  39
   --------------------------------------|----------------|------
   Cycle (tm) LiveData (tm)              |Cycle           |  41
   --------------------------------------|----------------|------
   DC X500                               |DCX500          |  43
   --------------------------------------|----------------|------
   Directory Enquiries                   |DE              |  52
   --------------------------------------|----------------|------
   Digital X.500 Directory Server        |DXDS            |  55
   --------------------------------------|----------------|------
   DIR.D(tm) V2.6                        |DIR.D           |  61
   --------------------------------------|----------------|------
   DIR.X(tm) V3.1                        |DIR.X-3.1       |  64
   --------------------------------------|----------------|------
   DIR.X(tm) V4.0                        |DIR.X-4.0       |  70
   --------------------------------------|----------------|------
   DIR.X-SYNC(tm) V2.0                   |DIR.X-SYNC      |  76
   --------------------------------------|----------------|------
   DX500 OpenDirectory(tm)               |DX500           |  80
   --------------------------------------|----------------|------
   FORUM LOOK'UP(tm)                     |FORUM           |  82
   --------------------------------------|----------------|------
   FX*500(tm)                            |FX*500          |  87
   --------------------------------------|----------------|------
   Global Directory Server               |GDS             |  95
   --------------------------------------|----------------|------
   i500 Enterprise Directory Server      |i500            | 101
   --------------------------------------|----------------|------
   ISODE Rel. 3.0 X.500(1993) Directory  |ISODE.r3        | 105
   --------------------------------------|----------------|------
   ISOPLEX DS (tm) DSA                   |ISOPLEX         | 109
   --------------------------------------|----------------|------
   LDAP Implementation                   |LDAP            | 113
   --------------------------------------|----------------|------
   maX.500 Macintosh DUA Interface       |maX.500         | 117
   --------------------------------------|----------------|------
   Messageware DSA                       |MDSA            | 120
   --------------------------------------|----------------|------

Table 2-1: Table of Implementation Identifiers (cont.)


Page 16

   Implementation Name                   |Abbreviation    | Page
   ======================================|================|======
   Messageware PC-DUA                    |MDUA            | 124
   --------------------------------------|----------------|------
   NonStop Directory Services            |NSDS            | 127
   --------------------------------------|----------------|------
   ORG.D(tm) V2.0/V2.1                   |ORG.D           | 132
   --------------------------------------|----------------|------
   OSIAM X.500-88                        |OSIAM-88        | 136
   --------------------------------------|----------------|------
   OSIAM X.500-93                        |OSIAM-93        | 139
   --------------------------------------|----------------|------
   PMDF-X500                             |PMDF            | 145
   --------------------------------------|----------------|------
   TransIT500                            |T500            | 149
   --------------------------------------|----------------|------
   waX.500 :: Windows Access to X.500    |waX.500         | 163
   --------------------------------------|----------------|------
   X500-DS                               |X500-DS         | 165
   --------------------------------------|----------------|------
   X500-DUA                              |X500-DUA        | 165
   --------------------------------------|----------------|------

Table 2-1: Table of Implementation Identifiers (cont.)

The index is organized as follows: keywords appear in alphabetical order; implementations characterized by that keyword are listed alphabetically as well.

For formatting purposes, we have used the abbreviations for implementation names as defined above in Table 2-1.

   ADI12                                 ADI21

        AWTD                                  AWTD
        DIR.X-3.1                             DIR.X-3.1
        DIR.X-4.0                             DIR.X-4.0
        DXDS                                  DXDS
        GDS                                   GDS
        i500                                  i500
        OSIAM-88                              OSIAM-88
        X500-DS                               X500-DS
        X500-DUA                              X500-DUA


Page 17

ADI22

        AWTD                                  FORUM
        DIR.X-3.1                             FX*500
        DIR.X-4.0                             GDS
        DXDS                                  i500
        GDS                                   ISODE.r3
        i500                                  LDAP
        OSIAM-88                              MDSA
        X500-DS                               NSDS
        X500-DUA                              OSIAM-88
                                              OSIAM-93
   ADI31                                      PMDF
                                              X500-DS
        AWTD                                  X500-DUA
        DIR.X-3.1
        DIR.X-4.0                        Available via FTP
        GDS
        OSIAM-88                              CAXE
        X500-DS                               cxdua
        X500-DUA                              LDAP
                                              maX.500
   ADI32                                      MDSA
                                              waX.500
        DIR.X-3.1
        DIR.X-4.0                        BAC
        GDS
        i500                                  DCX500
        OSIAM-88                              DIR.X-4.0
        X500-DS                               DXDS
        X500-DUA                              FX*500
                                              GDS
   ALIAS-CONSISTENCY                          i500
                                              ISODE.r3
        AWTD                                  MDSA
        FORUM                                 PMDF
        GDS
        i500                             Bull
        NSDS
        X500-DS                               AWTD
        X500-DUA                              OSIAM-88
                                              OSIAM-93
   API                                        X500-DS
                                              X500-DUA
        AWTD
        Cycle                            Commercially Available
        DCX500
        DIR.X-3.1                             AWTD


Page 18

        DIR.X-4.0                             CAXE
        DXDS                                  cxdua

        Cycle                            DEC UNIX
        DCX500
        DIR.D                                 DXDS
        DIR.X-3.1                             ISODE.r3
        DIR.X-4.0                             LDAP
        DIR.X-SYNC                            MDSA
        DXDS                                  PMDF
        FORUM
        FX*500                           DEC OpenVMS AXP
        GDS
        i500                                  DXDS
        ISODE.r3                              PMDF
        MDSA
        NSDS                             DEC OpenVMS VAX
        ORG.D
        OSIAM-88                              DXDS
        OSIAM-93                              LDAP
        PMDF                                  PMDF
        X500-DS
        X500-DUA                         DISP

   DAP                                        DCX500
                                              DIR.X-4.0
        AWTD                                  DXDS
        CAXE                                  FORUM
        Cycle                                 FX*500
        DCX500                                GDS
        DIR.X-3.1                             i500
        DIR.X-4.0                             ISODE.r3
        DXDS                                  MDSA
        FORUM                                 OSIAM-93
        FX*500
        GDS                              Documentation Language Support
        i500
        ISODE.r3                              AWTD
        MDSA                                  Cycle
        NSDS                                  DCX500
        OSIAM-88                              DIR.D
        OSIAM-93                              DIR.X-3.1
        PMDF                                  DIR.X-4.0
        X500-DS                               DIR.X-SYNC
        X500-DUA                              FORUM
                                              FX*500
   DEC ULTRIX                                 GDS
                                              LDAP


Page 19

        ISODE.r3                              maX.500
        LDAP                                  MDSA
        MDSA                                  ORG.D
        OSIAM-88                              OSIAM-93
        OSIAM-93                              PMDF
        waX.500                               X500-DS
                                              X500-DUA
   DOP
                                         DSP
        DIR.X-4.0
        DXDS                                  AWTD
                                              CAXE
   DSA Connectivity                           DCX500
                                              DIR.X-3.1
        CAXE                                  DIR.X-4.0
        DCX500                                DXDS
        DIR.X-3.1                             FORUM
        DIR.X-4.0                             FX*500
        DXDS                                  GDS
        FORUM                                 i500
        FX*500                                ISODE.r3
        GDS                                   MDSA
        i500                                  NSDS
        ISODE.r3                              OSIAM-88
        MDSA                                  OSIAM-93
        OSIAM-88                              PMDF
        OSIAM-93                              X500-DS
        PMDF
                                         DUA Connectivity
   DSA Only
                                              AWTD
        CAXE                                  CAXE
        DCX500                                DIR.D
        FX*500                                DIR.X-3.1
        MDSA                                  DIR.X-4.0
                                              DXDS
   DSA/DUA                                    FORUM
                                              GDS
        AWTD                                  i500
        Cycle                                 ISODE.r3
        DIR.X-3.1                             LDAP
        DIR.X-4.0                             maX.500
        DXDS                                  MDSA
        FORUM                                 ORG.D
        GDS                                   OSIAM-88
        i500                                  OSIAM-93
        ISODE.r3                              PMDF
        LDAP


Page 20

        MDSA                             DUA Interface
        NSDS
        OSIAM-88                              Cycle
        DCX500                                FORUM
        DIR.D                                 FX*500
        DIR.X-SYNC                            GDS
        DXDS                                  i500
        FORUM                                 ISODE.r3
        FX*500                                LDAP
        GDS                                   MDSA
        LDAP                                  OSIAM-88
        maX.500                               OSIAM-93
        NSDS
        ORG.D                            FDI11
        OSIAM-88
        OSIAM-93                              AWTD
        PMDF                                  DIR.X-3.1
                                              DIR.X-4.0
   DUA Only                                   DXDS
                                              GDS
        AWTD                                  i500
        cxdua                                 OSIAM-88
        maX.500                               X500-DS
        MDSA                                  X500-DUA
        waX.500
        X500-DUA                         FDI3

   DYN-OBJ                                    AWTD
                                              DIR.X-3.1
        AWTD                                  DIR.X-4.0
        CAXE                                  DXDS
        DCX500                                GDS
        DXDS                                  i500
        FORUM                                 OSIAM-88
        FX*500                                X500-DS
        GDS                                   X500-DUA
        i500
        ISODE.r3                         Free
        LDAP
        MDSA                                  CAXE
        NSDS                                  cxdua
        PMDF                                  ISODE.r3
        X500-DS                               LDAP
        X500-DUA                              maX.500
                                              waX.500
   Existing Database Support
                                         HP
        CAXE


Page 21

        Cycle                                 DCX500
        DCX500                                DIR.X-3.1
        DXDS                                  DIR.X-4.0

        DIR.X-SYNC                       Included in ISODE
        FORUM
        GDS                                   PMDF
        i500
        ISODE.r3                         Language Support
        LDAP
        MDSA                                  AWTD
        OSIAM-88                              Cycle
        OSIAM-93                              DCX500
                                              DIR.D
   IBM PC                                     DIR.X-3.1
                                              DIR.X-4.0
        CAXE                                  DIR.X-SYNC
        Cycle                                 DXDS
        DCX500                                FORUM
        DIR.D                                 FX*500
        DIR.X-3.1                             GDS
        DIR.X-4.0                             LDAP
        DXDS                                  MDSA
        FORUM                                 NSDS
        FX*500                                ORG.D
        i500                                  OSIAM-88
        ISODE.r3                              OSIAM-93
        LDAP                                  PMDF
        MDSA                                  X500-DS
        ORG.D                                 X500-DUA
        OSIAM-88
        OSIAM-93                         LDAP

   IBM RISC                                   CAXE
                                              cxdua
        DCX500                                DIR.D
        DIR.X-3.1                             DXDS
        DIR.X-4.0                             FX*500
        FORUM                                 GDS
        GDS                                   i500
        ISODE.r3                              ISODE.r3
        LDAP                                  LDAP
        MDSA                                  maX.500
        OSIAM-88                              NSDS
        OSIAM-93                              ORG.D
        X500-DS                               waX.500
        X500-DUA
                                         Limited Availability


Page 22

ICL
CAXE

        i500                                  ISODE.r3
        MDSA                                  MDSA
        NSDS                                  MDSA
        PMDF                                  ORG.D
                                              OSIAM-88
   Limited Functionality                      OSIAM-93
                                              waX.500
        Cycle
        DIR.D                            MS Windows95

   Motif                                      Cycle
                                              DIR.D
        DXDS                                  DXDS
        GDS                                   LDAP
        ISODE.r3                              MDSA
        MDSA                                  ORG.D
        PMDF                                  OSIAM-93
                                              waX.500
   Macintosh
                                         Multiple Vendor Platforms
        FORUM
        LDAP                                  CAXE
        maX.500                               Cycle
                                              DCX500
   MS Windows                                 DIR.D
                                              DIR.X-3.1
        cxdua                                 DIR.X-4.0
        Cycle                                 DIR.X-SYNC
        DIR.D                                 FORUM
        DXDS                                  FX*500
        FORUM                                 GDS
        LDAP                                  ISODE.r3
        MDSA                                  LDAP
        ORG.D                                 MDSA
        OSIAM-88                              ORG.D
        OSIAM-93                              OSIAM-88
        waX.500                               OSIAM-93
                                              PMDF
   MS Windows NT
                                         NADF
        CAXE
        Cycle                                 DIR.D
        DCX500                                DIR.X-3.1
        DIR.D                                 DIR.X-4.0
        DIR.X-3.1                             FORUM
        DIR.X-4.0                             GDS


Page 23

        DXDS                                  ISODE.r3
        GDS                                   LDAP
        i500                                  maX.500
        LDAP                                  MDSA
        NSDS                                  AWTD
        ORG.D                                 DCX500
        OSIAM-88                              DIR.X-3.1
        OSIAM-93                              DIR.X-4.0
        PMDF                                  DXDS
        X500-DS                               FORUM
        X500-DUA                              FX*500
                                              GDS
   Number of Implementations                  ISODE.r3
                                              MDSA
        Cycle                                 NSDS
        DIR.D                                 OSIAM-88
        DIR.X-3.1                             PMDF
        DIR.X-SYNC                            X500-DS
        FORUM                                 X500-DUA
        GDS
        LDAP                             OSI Transport
        waX.500
                                              AWTD
   OpenView                                   CAXE
                                              Cycle
        MDSA                                  DCX500
                                              DIR.X-3.1
   OSF-DCE                                    DIR.X-4.0
                                              DXDS
        AWTD                                  FORUM
                                              FX*500
   OSI CLNS                                   GDS
                                              i500
        AWTD                                  ISODE.r3
        Cycle                                 MDSA
        DIR.X-3.1                             NSDS
        DIR.X-4.0                             OSIAM-88
        DXDS                                  OSIAM-93
        FX*500                                PMDF
        GDS                                   X500-DS
        i500                                  X500-DUA
        ISODE.r3
        MDSA                             Other Popular Schemas
        NSDS
        OSIAM-88                              CAXE
        OSIAM-93                              i500
        PMDF                                  ISODE.r3
        X500-DS                               maX.500


Page 24

        X500-DUA                              PMDF

   OSI CONS                              Pentium-class

        CAXE                                  GDS
        Cycle                                 i500
        DCX500                                ISODE.r3
        DIR.D                                 LDAP
        DIR.X-3.1                             MDSA
        DIR.X-4.0                             NSDS
        DIR.X-SYNC                            OSIAM-88
        DXDS                                  OSIAM-93
        FORUM                                 PMDF
        FX*500                                X500-DS
        GDS                                   X500-DUA
        ISODE.r3
        LDAP                             RFC-1202
        MDSA
        ORG.D                                 GDS
        OSIAM-88                              MDSA
        OSIAM-93                              PMDF
        waX.500
                                         RFC-1249
   PICS-AVAIL
                                              GDS
        CAXE
        Cycle                            RFC-1274
        DCX500
        DIR.X-3.1                             CAXE
        DIR.X-4.0                             DCX500
        DXDS                                  DIR.X-3.1
        FX*500                                DIR.X-4.0
        i500                                  DXDS
        ISODE.r3                              FORUM
        MDSA                                  FX*500
        NSDS                                  GDS
        OSIAM-88                              i500
        OSIAM-93                              ISODE.r3
        X500-DS                               LDAP
        X500-DUA                              maX.500
                                              MDSA
   RFC-1006                                   NSDS
                                              OSIAM-88
        AWTD                                  OSIAM-93
        CAXE                                  PMDF
        Cycle                                 waX.500
        DCX500
        DIR.X-3.1                        RFC-1275


Page 25

DIR.X-4.0

        DXDS                                  GDS
        FORUM                                 ISODE.r3
        FX*500                                PMDF

   RFC-1276                              RFC-1558

        GDS                                   CAXE
        MDSA                                  DIR.D
        PMDF                                  DIR.X-3.1
                                              DIR.X-4.0
   RFC-1277                                   DXDS
                                              GDS
        AWTD                                  i500
        CAXE                                  ISODE.r3
        DIR.X-3.1                             LDAP
        DIR.X-4.0                             maX.500
        DXDS                                  MDSA
        FORUM                                 ORG.D
        GDS                                   PMDF
        ISODE.r3
        MDSA                             RFC-1562
        NSDS
        OSIAM-88                              GDS
        OSIAM-93                              ISODE.r3
        PMDF                                  MDSA
        X500-DS                               PMDF
        X500-DUA
                                         RFC-1567
   RFC-1278
                                              DCX500
        CAXE                                  DIR.X-3.1
        DIR.D                                 DIR.X-4.0
        DIR.X-4.0                             FX*500
        DXDS                                  GDS
        FORUM                                 i500
        GDS                                   ISODE.r3
        i500
        ISODE.r3                         RFC-1608
        LDAP
        MDSA                                  MDSA
        ORG.D                                 PMDF
        PMDF
                                         RFC-1609
   RFC-1279
                                              MDSA
        CAXE
        DIR.X-3.1                        RFC-1617


Page 26

GDS

        ISODE.r3                              CAXE
        MDSA                                  DXDS
        NSDS                                  FORUM
        PMDF                                  GDS

        ISODE.r3                         RFC-1779
        MDSA
        PMDF                                  CAXE
                                              DCX500
   RFC-1777                                   DIR.D
                                              DIR.X-3.1
        CAXE                                  DIR.X-4.0
        cxdua                                 DXDS
        DCX500                                FORUM
        DIR.D                                 FX*500
        DIR.X-3.1                             GDS
        DIR.X-4.0                             ISODE.r3
        DXDS                                  LDAP
        FX*500                                maX.500
        GDS                                   MDSA
        i500                                  NSDS
        ISODE.r3                              ORG.D
        LDAP                                  OSIAM-88
        maX.500                               OSIAM-93
        MDSA                                  PMDF
        NSDS                                  waX.500
        ORG.D
        OSIAM-88                         RFC-1781
        OSIAM-93
        PMDF                                  FORUM
        waX.500                               GDS
                                              ISODE.r3
   RFC-1778                                   LDAP
                                              maX.500
        CAXE                                  MDSA
        DCX500                                PMDF
        DIR.D
        DIR.X-3.1                        RFC-1798
        DIR.X-4.0
        DXDS                                  LDAP
        FORUM                                 PMDF
        FX*500
        GDS                              RFC-1801
        ISODE.r3
        LDAP                                  CAXE
        maX.500                               DIR.X-3.1
        MDSA                                  DIR.X-4.0


Page 27

        NSDS                                  DXDS
        ORG.D                                 GDS
        OSIAM-88                              ISODE.r3
        OSIAM-93                              MDSA
        PMDF                                  PMDF
        waX.500

   RFC-1803                                   ISODE.r3
                                              LDAP
        CAXE                                  MDSA
        DXDS                                  OSIAM-88
        GDS                                   OSIAM-93
        ISODE.r3
        MDSA                             Tandem
        PMDF
                                              NSDS
   RFC-1804
                                         UNIX
        MDSA
                                              AWTD
   SAC                                        DCX500
                                              DIR.X-3.1
        DCX500                                DIR.X-4.0
        DIR.X-4.0                             FORUM
        DXDS                                  FX*500
        FX*500                                ISODE.r3
        GDS                                   LDAP
        i500                                  MDSA
        ISODE.r3                              OSIAM-88
        MDSA                                  OSIAM-93
        NSDS                                  X500-DS
        PMDF                                  X500-DUA

   SNI                                   XDS

        DIR.D                                 AWTD
        DIR.X-3.1                             DCX500
        DIR.X-4.0                             DIR.X-3.1
        DIR.X-SYNC                            DIR.X-4.0
        ISODE.r3                              DXDS
        ORG.D                                 FORUM
                                              FX*500
   Solbourne                                  i500
                                              ISODE.r3
        LDAP                                  MDSA
                                              NSDS
   Sun                                        OSIAM-88
                                              OSIAM-93


Page 28

        CAXE                                  X500-DS
        DCX500                                X500-DUA
        DIR.X-3.1
        DIR.X-4.0
        FORUM
        GDS
        i500

   X Window System                       x486

        DXDS                                  CAXE
        GDS                                   Cycle
        ISODE.r3                              DCX500
        MDSA                                  DIR.D
        PMDF                                  DIR.X-3.1
                                              DIR.X-4.0
   X.25                                       DIR.X-SYNC
                                              DXDS
        AWTD                                  FORUM
        DCX500                                FX*500
        DIR.X-3.1                             GDS
        DIR.X-4.0                             ISODE.r3
        DXDS                                  LDAP
        FORUM                                 MDSA
        FX*500                                ORG.D
        GDS                                   OSIAM-88
        i500                                  OSIAM-93
        ISODE.r3                              waX.500
        MDSA
        NSDS
        OSIAM-88
        OSIAM-93
        PMDF
        X500-DS
        X500-DUA

x386

CAXE
Cycle
DCX500
DIR.D
DXDS
FORUM
FX*500
GDS
ISODE.r3
LDAP


Page 29

MDSA
ORG.D
OSIAM-88
OSIAM-93
waX.500

3. Implementation Descriptions

In the following pages you will find descriptions of X.500 implementations listed in alphabetical order. In the case of name collisions, the name of the responsible organization, in square brackets, has been used to distinguish the implementations. Note that throughout this section, the page header reflects the name of the implementation, not the date of the document. The descriptions follow a common format, as described below:

NAME

The name of the X.500 implementation and the name of the responsible organization. Implementations with a registered trademark indicate this by appending "(tm)", e.g., GeeWhiz(tm).

ABSTRACT

A brief description of the application. This section may optionally contain a list of the pilot projects in which the application is being used.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

A statement of compliance with respect to the 1988 CCITT
Recommendations X.500-X.521 [CCITT-88], specifically Section 9 of X.519, or the 1988 NIST OIW Stable Implementation Agreements [NIST- 88].

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

A statement of compliance with respect to the 1993 ITU-T
Recommendations X.500-X.521 [ITU-T-93], specifically Section 9 of X.519, or the 1994 NIST OIW Stable Implementation Agreements [NIST- 94].

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

A statement of compliance with respect to the several proposed Internet Standards.


Page 30

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

A statement of compliance with respect to the several informational and experimental Internet RFCs.

INTEROPERABILITY

A list of other DUAs and DSAs with which this implementation can interoperate.

PILOT CONNECTIVITY

Describes the level of connectivity it can offer to the pilot directory service operational on the Internet in North America, and to pilots co-ordinated by the PARADISE project in Europe. Levels of connectivity are: Not Tested, None, DUA Connectivity, and DSA Connectivity.

BUGS

A warning on known problems and/or instructions on how to report bugs.

CAVEATS AND GENERAL LIMITATIONS

A warning about possible side effects or shortcomings, e.g., a feature that works on one platform but not another.

INTERNETWORKING ENVIRONMENT

A list of environments in which this implementation can be used, e.g., [RFC 1006] with TCP/IP, TP0 or TP4 with X.25.

HARDWARE PLATFORMS

A list of hardware platforms on which this application runs, any additional boards or processors required, and any special suggested or required configuration options.

SOFTWARE PLATFORMS

A list of operating systems, window systems, databases, or unbundled software packages required to run this application.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

A statement regarding the number of implementations deployed in the field.


Page 31

AVAILABILITY

A statement regarding the availability of the software (free or commercially available), a description of how to obtain the software, and (optionally) a statement regarding distribution conditions and restrictions.

DATE LAST UPDATED or CHECKED

The month and year within which this implementation description was last modified.


Page 32

NAME

A-Window-To-Directory (AWTD)

ABSTRACT

A-Window-To-Directory is a simple-to-use DUA interface available on PC that provides access to the X.500 Directory Services. The available operations are: bind (authenticated or anonymous), read, list, compare, modify, modifyRDN, search, add, remove and unbind. It is designed to be used with the Bull X500-DUA product and for that reason is able to handle any of the defined schema. The new acronyms, objects and attributes are automatically loaded without any customisation. The interface of the application may be personalized in several ways, through Local Preferences stored on the PC and through User Settings stored on the UNIX machine that runs the Bull X500-DUA product.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

A-Window-To-Directory offers all the services described in the 88 CCITT X.500 standard.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

No

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

No

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

No

INTEROPERABILITY

Is designed to interoperate with Bull X500-DUA and X500-DS products

PILOT CONNECTIVITY

[No information provided. -- Ed.]

BUGS

Bull S.A. provides complete software maintenance with the products.


Page 33

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

Proprietary protocol to access the Bull X500-DUA through TCP/IP sockets. The product may be used on LAN (Ethernet) or WAN (X.25).

HARDWARE PLATFORMS

386SX/DX, 486SX/DX PC Ethernet board/connection 4 MBytes RAM 3 Mbytes on disk

SOFTWARE PLATFORMS

MS-DOS 5.0 Microsoft Windows 3.1 Microsoft TCP/IP stack installed, version 1.0

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

The product is commercially available since February 1995.

DATE LAST UPDATED or CHECKED

November 1995

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 34

NAME

Critical Angle X.500 Enabler

(CAIx500e)

ABSTRACT

The X.500 Enabler product allows an LDAP-only directory server to be integrated into X.500 environments, by transparently converting X.500 DAP and DSP requests into LDAP requests.

The initial release scheduled for 4Q96 will allow for connections from X.500-capable clients and servers to an LDAP-capable server, and will support the following features:

      * LDAP version 2, as defined in RFC 1777,

      * all attributes defined for LDAPv2, with the exception of
        certificates  and revocation lists,

      * X.500(1988) DAP and DSP protocols over TCP/IP (using  RFC
        1006),

      * the following operations: Bind (with  none or simple
        credentials), Read, Compare, List, Search, Abandon, AddEntry,
        ModifyEntry, RemoveEntry and ModifyRDN,

      * the X.500(1993) critical extensions field, to aid in
        deployments incorporating 1993 DSAs.

This release will be available for Solaris 2.5 (SPARC and Intel) and Windows NT 4.0 Server (Intel).

The product is expected to enter a public beta test period in September 1996. Beta test evaluation copies will be free (limited to two copies per site) but will be set to expire in December 1996.

Released versions of X.500 Enabler will be licensed per server, and will be distributed over the Internet.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

The X.500 enabler accepts DAP and DSP connections.

It supports Bind (with none or simple credentials), Read, Compare, List, Search, Abandon, AddEntry, ModifyEntry, RemoveEntry and ModifyRDN.


Page 35

It supports the attributes and object classes defined in X.520 and X.521.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

The X.500 Enabler will accept connections from X.500(1993) DUAs and DSAs.

It supports the X.511(1993) critical extension mechanism.

Non-critical protocol fields which do not map onto LDAPv2 are ignored.

Attribute and object classes from X.520(1993) and X.521(1993) are supported, including collective. Operational attributes from X.501 are supported, with the exception of subschema.

As LDAPv3-based servers become available, it is expected that the X.500 Enabler will be upgraded to map more of the X.500(1993) protocol onto LDAPv3.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[RFC 1006] is the supported transport service.

The product supports the object classes and attributes defined in RFC 1274.

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

The X.500 Enabler is being tested with public-domain X.500 and LDAP clients and servers, and with the various X.500 clients and servers connected to the PARADISE project, such as from the ISODE Consortium.

Critical Angle intends to do interoperability testing with commercial LDAP-only servers as they become available.

PILOT CONNECTIVITY

This product will be used to connect LDAP-only servers, such as University of Michigan's slapd, and many vendor's forthcoming commercial LDAP server products, into the PARADISE project directory, so that they can be accessed by LDAP and X.500 DUAs throughout the project.


Page 36

BUGS

Bugs reports may be sent to <bug-x500e@critical-angle.com>.

CAVEATS AND GENERAL LIMITATIONS

X.509 certificates and revocation lists are not supported due to
limitations in the LDAP version 2 protocol. This restriction will be removed once LDAP version 3 servers become generally available.

Under Windows NT there are limitations on the number of simultaneous incoming connections.

INTERNETWORKING ENVIRONMENT

This product supports RFC 1006 for DAP and DSP, and LDAP over TCP.

HARDWARE PLATFORMS

This product will initially be available for Sun Solaris 2.5 SPARC and Intel, and Windows NT Server 4.0 Intel.

Subsequent versions may be available on additional platforms.

SOFTWARE PLATFORMS

An LDAP-based server, such as the freely-available slapd, is required. It does not need to run on the same host as the X.500 Enabler.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

This product is licensed per-host server, and is distributed over the Internet.

In addition to discounts for large deployment orders, subscription programs permit customers to obtain subsequent update releases at a substantial discount.

Beta test evaluations are free (limited to two copies per site), and will expire 90 days after the start of the beta period.


Page 37

DATE LAST UPDATED or CHECKED

September 1996

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 38

NAME

cxdua

Chromatix, Inc. 10451 Twin Rivers Rd, Suite 265 Columbia, MD 21044

ABSTRACT

The CXDUA is a Windows 3.1 DUA that has been derrived from a highly portable and flexible Unix based Administrative Directory User Agent. The goal of the original design was to support features to assist a directory administrator in managing the directory. These features include a highly portable GUI, Entry Templates, Entry Lists, Batch Operations and Directory Control Functions.

Both the Windows and the Unix versions support strong authentication.

The Unix DUA has been used in various DMS and NSA pilot projects.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

[No information provided. -- Ed.]

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

[No information provided. -- Ed.]

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[No information provided. -- Ed.]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

[No information provided. -- Ed.]

PILOT CONNECTIVITY

[No information provided. -- Ed.]

BUGS

[No information provided. -- Ed.]


Page 39

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

[No information provided. -- Ed.]

HARDWARE PLATFORMS

Windows 3.1

SOFTWARE PLATFORMS

[No information provided. -- Ed.]

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

The software is freely available via anonymous ftp from
ftp.chromatix.com or can be obtained via the WEB at
http://www.chromatix.com. Commercial versions will be available in the near future.

DATE LAST UPDATED or CHECKED

0496

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 40

NAME

Cycle (tm) LiveData (tm) (Cycle)

Cycle Software,Inc.

ABSTRACT

A component of the Cycle Virtual Data Highway.

Network software product used to break down barriers between isolated systems. Available separatly as Cycle LiveNet (DUA) and Cycle LiveNet Directory (DUA & DSA)

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

Cycle LiveData is compliant with the 1988 NIST OIW Stable Agreements to the extent that implementations based on the more recent stable agreements are compliant.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

Cycle LiveData is compliant with the 1993 NIST OIW Stable Agreements.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Unknown

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

Unknown

INTEROPERABILITY

Not tested

PILOT CONNECTIVITY

Not tested

BUGS

No known bugs

CAVEATS AND GENERAL LIMITATIONS

Current release supports objects of the Application Entity Object Class only. This limitation is being relaxed in the next release.


Page 41

INTERNETWORKING ENVIRONMENT

[RFC 1006] with TCP/IP,TP4, [RFC-1070] with IP,IPX, and NetBEUI.

HARDWARE PLATFORMS

Runs on Microsoft Windows hardware platforms.

SOFTWARE PLATFORMS

Windows 95, Windows NT, Windows for Workgroups

NUMBER OF IMPLEMENTATIONS IN THE FIELD

> 1,000

AVAILABILITY

Commercially Available.

Contact:

Cycle Software,Inc.
1212 Hancock St.
Quincy, MA 02169

Voice- 617-770-9594
Fax- 617-770-9903
E-mail cycle@livedata.com.

DATE LAST UPDATED or CHECKED

1/96

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 42

NAME

DC X500

Data Connection Ltd
100 Church Street
Enfield
Middlesex
EN2 6BQ
UK

ABSTRACT

DC X500 provides a truly scalable X.500 based enterprise directory server with the necessary architectural flexibility to enable integration with existing database and directory technologies.

From a pure X.500 standpoint, DC X500 provides a full function state-of-the-art DSA implementation.

      * Architected from scratch according to the 1993 X.500
        standards (i.e. not a 1988 DSA with 1993 features grafted on)

      * Support for all the key X.500 OSI protocols:

         * Directory Access Protocol (DAP) for user access

         * Directory System Protocol (DSP) for distributed DSA
           comunications

         * Directory Information Shadowing Protocol (DISP) to support
           replication between servers to give improved performance
           in a distributed network

      * Support of the 1993 Basic Access Control and  Simplified
        Access Control models

      * Support for the key Internet  X.500 related standards:

         * integrated Lightweight DAP (LDAP)for DUA access

         * Madman MIBs for easy integration with SNMP

The DC X500 architecture is based on Data Connection's underlying product architecture which has evolved since 1987 and includes:

         * genuine multi-threaded implementation


Page 43

         * true  portability (the product is available on a range of
           operating systems e.g Windows NT, AIX, HP-UX. OS/2 etc and it
           is possible to port the core  technology to any
           hardware/software platform)

         * secure service recording for operation tracking and billing

         * support for system monitoring (both alarms and statistics)

Key product features include:

         * Name resolution and integrated use of Search Indices based on
           2-3 trees leads to high performance operation evaluation
           (subsecond response times on  million entry DSAs)

         * Generic schema support based on 1993 concepts that allows
           customers to tailor the schema to meet their precise data
           structuing requirements

         * System recycle time is minimised (e.g. DC X500 can be backed
           up while running and  search indices are dynamically updated),
           helping achieve the goal of continuous (24x7) availability
           and high reliability.

         * No artificial software constraints are imposed resulting in a
           truly scalable product - assuming the availability of the
           necessary hardware DC X500 can be configured  to support
           millions of entries in a single DSA.

DC X500 is certified for used within the Paradise Pilot project. The product has also undergone interoperability testing at the EuroSInet interoperability workshops in Europe.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

From 1988 X.519

9.2 Conformance by DSAs

9.2.1 Statement Requirements

a) directoryAccessAC and directorySystemAC are both supported

b) the DSA can act as a first level DSA

c) the chained mode of ooperation is supported.


Page 44

d) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication.

e) DC X500 supports the selected attribute types defined in X.520.

f) DC X500 supports the selected object classes defined in X.521.

9.2.2 Static Requirements

DC X500 supports the static requirements implied by the above statement.

9.2.3 Dynamic Requirements

DC X500 supports the dynamic requirements implied by the above statement.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

From 1993 X.519

9.2 Conformance by DSAs

9.2.1 Statement Requirements

a) directoryAccessAC and directorySystemAC are both supported

b) n/a

c) the DSA can act as a first level DSA

d) the chained mode of ooperation is supported.

e) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication.

f) DC X500 supports the selected attribute types defined in X.520. Attributes based on the syntax DirectoryString using the UNIVERSAL STRING choice can be stored however the UNIVERSAL STRING choice cannot be used for matching rules.

g) DC X500 supports the selected object classes defined in X.521.


Page 45

h) DC X500 supports the following extensions

         subentries                         Y
         copyShallDo                        Y
         attributeSizeLimit                 Y
         extraAttributes                    Y
         modifyRightsRequest                N
         pagedResultsRequest                N
         matchedValuesOnly                  N
         extendedFilter                     N
         targetSystem                       N
         useAliasOnUpdate                   Y
         newSuperior                        Y

i) DC X500 does not support collective attributes

j) DC X500 does not support hierarchical attributes

k) DC X500 supports the following operational attributes

Directory Operational Attributes:

structural object class
governing structural rule
create timestamp
modify timestamp
creators name
modifiers name

prescriptive ACI
entry ACI
subentry ACI

DSA Operational Attributes:

myAccessPoint
superiorKnowledge
supplierKnowledge (*)
consumerKnowledge(*)
secondaryShadows (*)

         * - supported using local proprietary extension

Distributed Operation Attributes (dsa-shared):

specificKnowledge
nonSpecificKnowledge


Page 46

l) DC X500 supports return of alias names

m) DC X500 supports indicating that returned entry information is complete

n) DC X500 supports modifying the object class attribute to add and/or remove values identifying auxiliary object classes

o) DC X500 supports Basic Access Control

p) DC X500 supports Simplified Access Control

q) DC X500 does not support subschema administration as defined in X.501.

r) DC X500 supports the name binding defined in X.521

s) DC X500 cannot administer collective attributes.

9.2.2 Static Requirements

DC X500 supports the static requirements implied by the above statement.

9.2.3 Dynamic Requirements

DC X500 supports the dynamic requirements implied by the above statement.

9.3 Conformance By Shadow Supplier

9.3.1 Statement Requirements

a) shadowSupplierInitiatedAC and shadowConsumerInitiatedAC are supported.

b) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication.

c) DC X500 supports the following UnitOfReplication:

         * Entry filtering on object class is supported

         * Selection/Exclusion of attributes via a  AttributeSelection
           is not supported


Page 47

         * Inclusion of subordinate knowledge in the replicated area is
           supported

         * Inclusion of extended knowledge in addition to subordinate
           knowledge is supported

9.3.2 Static Requirements

a) DC X500 supports the shadowSupplierInitiatedAC and
shadowConsumerInitiatedAC

b) DC X500 provides support for modifyTimestamp and createTimestamp operational attributes

9.3.3 Dynamic Requirements

a) DC X500 conforms to the mapping onto used services defined in clause 8

b) DC X500 conforms to the procedures of X.525 as they relate to DISP.

9.4 Conformance by a Shadow Consumer

9.4.1 Statement Requirements

a) shadowSupplierInitiatedAC and shadowConsumerInitiatedAC are supported.

b) security levels none and simple as supported with the delivered product. However, the product is architectured to interface to an external security module to support strong authentication.

c) DC X500 can act as a secondary supplier.

d) DC X500 does not support shadowing o overlapping units of replication. (Overlapping Administration Points
are supported though).

9.4.2 Static Requirements

a) DC X500 supports both shadowSupplierInitiatedAC and
shadowConsumerInitiatedAC.

b) DC X500 supports the modifyTimestamp and createTimestamp operational attributes.


Page 48

c) DC X500 supports the copyShallDo service element

9.4.3 Dynamic Requirements

a) DC X500 conforms to the mapping onto used services defined in clause 8

b) DC X500 conforms to the procedures of X.525 as they relate to DISP.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[No information provided. -- Ed.]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

DC X500 has interoperated with the following implementations:

DUAs:

ICL
SNI
Net-tel
Bull
AT&T
CDC
Digital
ICL
Nexor

DSAs:

SNI
ICL
AT&T
CDC
Digital
ICL
Net-tel
Nexor


Page 49

PILOT CONNECTIVITY

DC X500 has been tested and approved for connectivity to the PARADISE pilot project.

BUGS

[No information provided. -- Ed.]

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

DC X500 supports the following network connectivity:

         * [RFC 1006] with TCP/IP

         * TP0 with X.25

HARDWARE PLATFORMS

DC X500 is a portable product

SOFTWARE PLATFORMS

DC X500 is a portable product. It is available on the following plaforms:

         * UNIX, including

           * IBM AIX

           * HP UX

           * Sun Solaris

           * Windows NT

           * OS/2.

Porting to further UNIX platforms is very straightforward, in particular where existing transport services are available. Other proprietary systems (such as Novell's Netware, Digital's VMS or fault tolerant or mainframe environments) can also be supported if required.


Page 50

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

DC X500 is commercially available.

For further details, please contact:

Nigel Ratcliffe Data Connection Ltd 100 Church Street Enfield Middlesex EN2 6BQ UK

Tel: +44 181 366 1177

E-mail: nr@datcon.co.uk

DATE LAST UPDATED or CHECKED

February 1996

ADDITIONAL INFORMATION and/or COMMENTS

Data Connection provides a whole series of directory applications, including a corporate telephone directory, e-mail synchronisation, security services, groupware directory integration and a directory publishing application. These can be accessed by Windows applications or standard web browsers.

Further information can be found at http://www.datcon.co.uk.


Page 51

NAME

DE

ABSTRACT

DE (Directory Enquiries) is intended to be a simple-to-use DUA interface, suitable for the naive user, and suitable for running as a public access dua. it will work on any terminal. The user is presented with a series of (verbose) prompts asking for person's name department organization country. There is extensive on-line help. The matching algorithms are such that near matches are presented to the user before less good matches.

There have been a few minor enhancements since the description in [RFC 1632]. The power searching feature still sets DE apart from most other DUAs - this allows a user to search for an entry even when they do not know the name of the organisation in which the person works - you still have to specify the country. DE also allows UFN style searching. DE uses slightly different search algorithms depending on whether it is accessing part of the Directory mastered by a Quipu DSA - Quipu DSAs tend to use lots of replication and so encourage searching. DE incorporates a QOS feature where it maintains a database of past information availability and DSA responsiveness. Translations exist into at least 4 different languages.

DE runs over ISODE DAP and University of Michigan LDAP. There is a version of DE, called DOS-DE, which has been ported to DOS, and this uses LDAP.

DE was funded by the COSINE PARADISE project, and DE is used as the PARADISE public access dua. You can test the software by telnet to directory.ja.net and logging in as dua -- no password required.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

N/A

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

[No information provided -- Ed.]

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[RFC 1274] and [RFC 1487] Yes and yes


Page 52

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[RFC 1484]. yes

INTEROPERABILITY

N/A

PILOT CONNECTIVITY

The interface is widely used in the publicly accessible PARADISE directory.

BUGS

Doesn't handle aliases well when power searching.

Send bug reports to:

p.barker@cs.ucl.ac.uk

CAVEATS AND GENERAL LIMITATIONS

DE tries to cater well for the general case, at the expense of not dealing with the less typical. The main manifestation of this is that the current version does not handle searching under localities very well.

It can handle photographs and reproduce sound attributes if these are dealt with by ancillary programs.

INTERNETWORKING ENVIRONMENT

[RFC 1006] with TCP/IP, TP0 or TP4 with X.25, and LDAP.

HARDWARE PLATFORMS

UNIX + DOS platforms

SOFTWARE PLATFORMS

UNIX + DOS

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]


Page 53

AVAILABILITY

The software is freely available from

ftp://cs.ucl.ac.uk/dirpilot/de-7.0.tar.Z

The DOS version is freely available. Look in the following directory:

ftp://ftp.bath.ac.uk/pub/x500/dosde7/

DATE LAST UPDATED or CHECKED

March 96

ADDITIONAL INFORMATION and/or COMMENTS

[No Information Provided -- Ed.]


Page 54

NAME

Digital X.500 Directory Server Digital Equipment Corporation

This single entry covers a number of different products

ABSTRACT

The Digital X.500 Directory Services product set includes a directory server product and a variety directory user agents, as well as a directory synchronizer utility.

The Digital X.500 Directory Server product provides a high performance DSA implemented according to the 1993 edition of the standard. The InfoBroker Server product extends this to provide the server component for LDAP and WWW user agents. Features of these servers include:

         * Integrated multi-protocol support allowing concurrent DAP,
           DSP, DISP and DOP access over OSI and TCP/IP (using [RFC
           1006]) protocols.

         * Indexed database (DIB) to support high-performance searching
           and sophisticated matching including approximate match.

         * A DIB based on the 1993 edition Extended Information Models.

         * Support for chaining and referrals in support of a
           distributed DIB

         * Support for the 1993 edition Basic Access Control scheme.

         * Configurable schema based on the 1993 edition (including
           attributes, object classes, structure rules, name forms).

         * Support for 1993 edition Shadowing using the DISP and DOP
           protocol, including both incremental and on-change features
           for high performance.

         * Remote management to control DSAs and log significant events.

         * Support for the LDAP protocols using the InfoBroker Server
           product across either TCP/IP  or DECnet transport protocols.

         * A Look-up Daemon that accepts requests from Web Browsers,
           allowing access to the directory from any web browser.

         * Both X/OPEN XDS/XOM and LDAP APIs.


Page 55

         * An award winning documentation set.

The Digital X.500 Administration Facility, X.500 Information Manager and InfoBroker Client products provide MS-Windows, Motif and command line interfaces to access and manage the information stored in the X.500 directory, including:

         * Support for different ways of accessing the directory, either
           by browsing or searching based on an  extensible set of
           filters.

         * Support for bulk load, unload and reload of entries.

         * Driven off the same configurable schema information as the
           DSA allowing extensibility of window layouts and text to
           support customer-defined object classes and attributes.

The Synchronizer-500 is an X.500 DUA which:

   * Enables bi-directional synchronization between X.500 and
     virtually ANY other non-X.500 directory facilitating common
     management.

   * Maps incoming data into X.500 using flexible configuration
     files

   * Facilitates creation of a multivendor electronic mail
     database, creating addresses in the appropriate syntax for
     any mail system.

   * Provides uniqueness checking on mnemonic O/R addresses,
     preventing address duplication

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

The Digital X.500 Directory Services products are based on the 1993 edition standard. They are compatible with, and interwork with, 1988 edition DUAs and DSAs, and are implemented to conform to relevant NIST OIW and EWOS agreements and the X.500 Implementors Guide.

OSTC conformance testing (1988 DUA/DAP, DSA/DAP) has been completed and registered successfully.

The X.500 Directory Server is registered as conformant to US-GOSIP.


Page 56

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

Conformance with respect to clause 9.2 of ISO/IEC 9594-5:1993:

         * Supports the  directoryAccessAC (DAP) and directorySystemAC
           (DSP) application contexts.

         * The DSA is capable of acting as a first-level DSA.

         * Chaining is supported.

         * Bind security levels of simple (unprotected password) and
           none are supported.

         * Supports the shadowSupplierInitiatedAC and
           shadowConsumerInitiatedAC in both synchronous and
           asynchronous variants (DISP protocol) and the
           directoryOperationalBindingManagementAC (DOP protocol) for
           shadowing

         * All attribute types defined in ISO/IEC 9594-6:1993 are
           supported except for 1993 edition supertypes and collective
           attributes and EnhancedSearchGuide. Customers can define new
           attribute types.  UNIVERSAL STRING is not supported for
           attributes based on DirectoryString.

         * All object classes defined in ISO/IEC 9594-7:1993 are
           supported.  Customers can define new object classes.

         * The following operational attributes  are supported:

            governingStructureRule      myAccessPoint
            modifyTimestamp             supplierKnowledge
            superiorKnowledge           specificKnowledge
            consumerKnowledge           prescriptiveACI
            dseType                     entryACI
            createTimestamp

         * Dynamic modification of object class is permitted

         * Basic Access Control is supported with some restrictions.

         * All name forms defined in ISO/IEC 9594-7:1993 are supported.
           Customers can defined new name forms and structure rules.


Page 57

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

The InfoBroker products support the V1 and V2 LDAP protocols for easy integration into LDAP-compliant client and server environments.

Standards supported include [RFC 1006], [RFC 1274], [RFC 1277], [RFC 1777], [RFC 1779].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

RFCs supported include [RFC 1278], [RFC 1558]

INTEROPERABILITY

Digital has performed X.500 interoperability testing at various Eurosinet and OSInet events, during the COS Pilot activity and in- house. In addition, Digital's products were part of the EEMA Interoperability Demonstration in Amsterdam 1995.

Digital has achieved successful DAP and DSP interworking with a number of vendors. In the a recent Eurosinet Interoperability event, tests were performed against:

            AT&T                           ISOCOR
            Control Data Systems           NET-TEL Computer Systems Ltd
            DCL (Data Connection Ltd)      NEXOR
            ICL                            SNI (Siemens Nixdorf)

In addition, previous interoperability tests have been performed against:

            Hewlett Packard        Telstra
            ISODE Consortium       UNISYS
            QUIPU

Digital has performed limited successful 1993 DISP (Replication) interworking with two vendors at a Eurosinet Interoperability event. These were:

      ICL                         NEXOR

All interoperability test results will be available on request from Digital.

PILOT CONNECTIVITY

Digital is actively involved in both public and private pilots of X.500.


Page 58

BUGS

Digital provides complete software maintenance services with products on a worldwide basis.

CAVEATS AND GENERAL LIMITATIONS

None

INTERNETWORKING ENVIRONMENT

The Digital X.500 Services products operate over:

         * [RFC 1006] over TCP/IP

         * OSI TP0, TP2 and TP4 over CLNS and CONS as appropriate

         * TCP/IP or DECnet transport protocols to communicate with an
           LDAP server.

HARDWARE PLATFORMS

The Digital X.500 Directory Service products run on:

         * Alpha processors supported by Digital UNIX

         * Alpha and VAX processors supported by OpenVMS

SOFTWARE PLATFORMS

The Digital X.500 Directory Service products currently run on:

         * Digital UNIX running DECnet/OSI

         * OpenVMS/AXP running DECnet/OSI

         * OpenVMS/VAX running DECnet/OSI

For the latest availability on these and other other hardware and software platforms please contact Digital.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]


Page 59

AVAILABILITY

The Digital X.500 Directory Service products are commercially available from Digital Equipment Corporation. For further information please contact your local Digital office and quote SPD numbers 40.77.XX, 53.32.XX, 53.33.XX and 60.43.XX, or contact one of:

      Ian Gunn, Product Manager:           Nick Tatham, Engineering
      Manager:
      Tel: +1 603 881 0762                 Tel: +44 1734 203635
      Email: ian.gunn@zko.mts.dec.com
      nick.tatham@reo.mts.dec.com
      Digital Equipment Corporation        Digital Equipment Co. Ltd
      Corporate Software Engineering       Corporate Software
      Engineering
      110 Spit Brook Road                  PO Box 121
      Nashua, NH. 03062-2698               Reading, RG2 0TU
      USA                                  UK

DATE LAST UPDATED or CHECKED

13th November 1995

ADDITIONAL INFORMATION and/or COMMENTS

None


Page 60

NAME

DIR.D(tm) V2.6
Siemens Nixdorf Informationssysteme AG

ABSTRACT

DIR.D V2.6 is Siemens Nixdorf's directory browser product. Through its file manager like user interface only retrieval operations are supported. The DDE interface also allows for modification operations. DIR.D is an MS-Windows application acting as an LDAP client.

Among others, DIR.D has the following features:

            * Graphical representation of the DIT

            * Tree browsing

            * Simple and complex searches, including approximate search

            * Adaptable to any directory schema

            * Configurable user interface

            * Automatic unbind after idle time

            * Anonymous and simple unprotected bind

            * Tight integration with SNI's X.400 user agent MAIL.D and
            CIT
              product ComfoPhone

            * Data transfer to Windows applications via clipboard, file,
              Drag&Drop, and DDE

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

DIR.D V2.6 is an LDAP client.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

DIR.D V2.6 is an LDAP client.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

DIR.D V2.6 is compliant with the following RFCs: [RFC 1777], [RFC 1778], [RFC 1779].


Page 61

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

DIR.D V2.6 is compliant with the following RFCs: [RFC 1278], [RFC 1558].

INTEROPERABILITY

DIR.D V2.6 is based on University of Michigan's LDAP implementation V3.0. It can interoperate with any LDAP server.

PILOT CONNECTIVITY

DIR.D V2.6 is used to browse in the European NameFLOW-PARADISE pilot network.

BUGS

To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline-
com@s41.mch1.x400scn.sni.de.

CAVEATS AND GENERAL LIMITATIONS

DIR.D V2.6 was designed for information retrieval.

INTERNETWORKING ENVIRONMENT

LDAP with TCP/IP

HARDWARE PLATFORMS

PC (Intel)

SOFTWARE PLATFORMS

Windows 3.1 + Winsockets Windows for Workgroups 3.11 +
Winsockets
Windows 95
Windows NT 3.5
OS/2 3.0 + Windows for OS/2 +
Winsockets

NUMBER OF IMPLEMENTATIONS IN THE FIELD

> 10,000


Page 62

AVAILABILITY

DIR.D V2.6 can be delivered as a binary product. It is commercially available from:

Siemens Nixdorf Informationssysteme AG
ASW BA COM 1
D-81730 Munich
Germany

Please contact

Giovanni Rabaioli

            Voice:    +49/89-636-41095
            Fax: +49/89-636-42552
            Mail:     Giovanni.Rabaioli@mch.sni.de

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

The following X.500 products are also part of SNI's X.500 product family:

            DIR.X V4.0    1993 X.500 Directory Service
            DIR.X V3.1    1988 X.500 Directory Service
            ORG.D V2.1    Full administrative LDAP  browser
            DIR.X-SYNC    V2.0 Directory synchronization


Page 63

NAME

DIR.X (tm) V3.1 Siemens Nixdorf Informationssysteme AG

ABSTRACT

DIR.X V3.1 is Siemens Nixdorf's Directory Service product compliant with the 1988 ITU-T X.500 recommendations. Siemens Nixdorf has supplied its Directory Service product as the GDS (Global Directory Service) component to OSF DCE. However, DIR.X V3.1 has a number of features and enhancements which are not available in the GDS component of OSF DCE.

DIR.X V3.1 is a distributed, replicated Directory Service. It consists of DSA, DUA and a tools package including comfortable administration and management utilities. DIR.X implements the protocol stack ranging from LDAP, DAP, DSP over ACSE, ROSE, Presentation, Session down to [RFC 1006]. On transport layer it supports TCP/IP and OSI LAN/WAN protocols.

Data stored by DIR.X can be accessed via

      * the MS-Windows user interfaces DIR.D/ORG.D which are
        available as separate products from Siemens Nixdorf

      * any third-party LDAP or DAP browser

      * directory applications using the standardized X/Open XDS/XOM
        APIs (Directory Service / OSI Abstract Data Manipulation).
        The Siemens Nixdorf implementation was the first to gain
        XPG4-certification.

      * a command-line administration program

      * a menu-driven administration  program

      * WWW

      * a shell interface

      * the Query-by-mail interface of SNI's directory
        synchronization product DIR.X-SYNC

DIR.X enables

      * The storage of globally-unique, tree-like name structures
        which can be mapped onto organizations.


Page 64

      * The use of several alternative names (aliases) for one and
        the same directory entry.

      * Search queries that allow the user to select objects on the
        basis of specific attributes and their values, as with a
        "Yellow Pages" telephone directory

      * Treemanagement functions which can cover entire subtrees.

      * The creation and automatic updating of copies ("shadows")
        from remote computers.

      * Access protection at attribute level, which regulates access
        on an object-specific basis.

      * The storage of unstructured attributes (graphics, pixels).

The tools package of DIR.X V3.1 includes:

      * gdssetup: A simple-to-use tool for the generation and
        initialization of a directory configuration.

      * gdshdsch: Enables the directory administrator to modify the
        directory schema off-line.

      * X.500 MIB access via SNMP

      * gdscp: A TCL based administration tool for UNIX clients with
        full XDS functionality

      * gdshd: A powerful import/export tool

Additional features include:

      * support for ISO 8859-1 characters

      * dynamic schema modifications

      * caching.


Page 65

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

DIR.X V3.1 fully complies with the following ITU-T recommendations and ISO/IEC standards:

            ITU-T   ISO/IEC   Title
            X.500    9594-1 Overview of Concepts, Models, and Services
            X.501    9594-2 Models
            X.511    9594-3 Abstract Service Definition
            X.518    9594-4 Procedures for Distributed Operations
            X.519    9594-5 Protocol Specifications
            X.520    9594-6 Selected Attribute Types
            X.521    9594-7 Selected Object Classes
            X.509    9594-8 Authentication  Framework

DIR.X V3.1 was successfully conformance tested by the OSI Test Laboratory of Siemens Nixdorf. The OSI Test Laboratory is accredited by BAPT/DEKITZ (registration number TTI-P-G055/92-40). Test reports, PICS per X.581/X.582 and PIXITs are available for all tested protocols: DSA/DAP, DUA/DAP, Presentation, ACSE, and Session embedded in X.500.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

DIR.X V3.1 is not compliant with the 1993 ITU-T recommendations. Please refer to the DIR.X V4.0 implementation description.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

DIR.X V3.1 is compliant with the following RFCs: [RFC 1274], [RFC 1277], [RFC 1565], [RFC 1567], [RFC 1777], [RFC 1778], [RFC 1779].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

DIR.X V3.1 is compliant with the following RFCs: [RFC 1278], [RFC 1558], [RFC 1801].

INTEROPERABILITY

DIR.X V3.1 can interoperate with:

         * OSF DCE Global Directory Service (GDS)

         * ISODE Consortium Quipu V8.0

         * ISODE Consortium 93 DSA R3.0

         * AT&T  OpenDirectory 2.0.1


Page 66

         * Bull X.500-DS and X.500-DUA

         * Control Data MailHub 2.4

         * Data Connection DC X500 V1

         * Digital DEC X.500 Directory Services V2.0

         * ICL I500 DSA V5.2

         * ISOCOR ISOPLEX DS V1.00

         * NET-TEL RouteFinder 500 DSA 1.0

         * NEXOR Messageware Directory Server V0.9

         * Olivetti UX_X500 V1.1

         * Unisys TransIT X.500 V7.1

PILOT CONNECTIVITY

Several DIR.X V3.1 DSAs and DUAs are connected to the European NameFLOW- PARADISE pilot network.

BUGS

To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline-
com@s41.mch1.x400scn.sni.de.

CAVEATS AND GENERAL LIMITATIONS

DIR.X V3.1 is highly portable and without any general limitation. SNMP support is available for SNI platforms only.

INTERNETWORKING ENVIRONMENT

[RFC 1006] with TCP/IP
OSI TP0, TP2 with X.25
OSI TP4 with CLNP
OSI TP4 with CONS (LAN)

HARDWARE PLATFORMS

SNI platforms (RM200/300/400/600, Pyramid Nile
100/150, MX300i/500i) for X.25: X.25 board needed


Page 67

IBM RS/6000
for X.25: X.25 board needed

HP 9000
for X.25: X.25 board needed

Sun Sparc
no X.25 board needed (X.25 can use the serial line)

PC (Intel)
for X.25: X.25 board needed

SOFTWARE PLATFORMS

SINIX 5.42 + CMX + XTI
for X.25: WAN-CCP needed

Pyramid Nile 100/150 DC/OSx1.1

Unixware

AIX 3.2
for X.25: OSI/6000 needed

HP-UX 9.01
for X.25: OTS 9000 needed

Solaris 2.3
for X.25: SunLink X.25 and SunLink OSI needed

NUMBER OF IMPLEMENTATIONS IN THE FIELD

100 and growing

AVAILABILITY

DIR.X V3.1 can be delivered as a binary product or as source to OEM customers. It is commercially available from:

Siemens Nixdorf Informationssysteme AG ASW BA COM 1 D- 81730 Munich Germany

Please contact

Giovanni Rabaioli

         Voice:    +49/89-636-41095
         Fax:      +49/89-636-42552
         Mail:     Giovanni.Rabaioli@mch.sni.de


Page 68

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

The following X.500 products are also part of SNI's X.500 product family:

      DIR.X V4.0    1993X.500 Directory Service
      DIR.D V2.6    LDAP browser for information retrieval
      ORG.D V2.1    Full administrative LDAP browser
      DIR.X-SYNC V2.0 Directory synchronization


Page 69

NAME

DIR.X (tm) V4.0 Siemens Nixdorf Informationssysteme AG

ABSTRACT

DIR.X V4.0 is Siemens Nixdorf's Directory Service product compliant with the 1993 ITU-T X.500 recommendations. The implementation incorporates SNI's experience of 10 years development, support and maintenance of the DIR.X products conformant to the 1988 Directory Standards, and has the following main features:

      * It conforms to the 1993 Directory standards, with particular
        emphasis on the requirements for interoperability with other
        X.500 implementations

      * The implementation is scaleable: it handles small-scale
        workgroup directories as well as very large directories for
        backbone solutions in large organisations

      * The implementation is extensible: new functionality can
        easily be incorporated

      * Existing databases and proprietary directory services can be
        accessed or integrated with the implementation.

      * Particular emphasis is placed on ease of administration of
        the Directory Service a service based on DIR.X V4.0 can be
        administered effectively from a central site, including the
        management of configuration and monitoring options

      * The implementation has a high throughput performing well not
        only on small systems, but also on high-performance backend
        servers, handling hundreds of requests in parallel on a
        multiprocessor machine.

DIR.X V4.0 is a distributed, replicated Directory Service. It consists of:

      * DSA

      * DUA

      * Command-line DUA using a TCL (Tool Control Language) shell
        interface (dirxcp)

      * Management centre (dirxadm)


Page 70

      * Toolkit for application development

Data stored by DIR.X can be accessed via

      * the MS-Windows user interfaces DIR.D/ORG.D which are
        available as separate products from Siemens Nixdorf

      * any third-party LDAP or DAP browser

      * directory applications using the standardized X/Open XDS/XOM
        APIs (Directory Service / OSI Abstract Data Manipulation).
        The Siemens Nixdorf implementation was the first to gain
        XPG4-certification.

      * a command-line administration program

      * a menu-driven administration  program

      * WWW

      * a shell interface

      * the Query-by-mail interface of SNI's directory
        synchronization product DIR.X-SYNC

DIR.X V4.0 is fully backwards compatible with 1988 DSAs and DUAs.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

DIR.X V4.0 is fully backwards compatible with the following ITU-T recommendations and ISO/IEC standards:

      ITU-T   ISO/IEC   Title
      X.500   9594-1 Overview of Concepts, Models, and Services
      X.501   9594-2 Models
      X.511   9594-3 Abstract Service Definition
      X.518   9594-4 Procedures for Distributed Operations
      X.519   9594-5 Protocol Specifications
      X.520   9594-6 Selected Attribute Types
      X.521   9594-7 Selected Object Classes
      X.509   9594-8 Authentication Framework


Page 71

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

DIR.X V4.0 fully complies with the following ITU-T recommendations and ISO/IEC standards:

      ITU-T   ISO/IEC Title
      X.500   9594-1 Overview of Concepts, Models, and Services
      X.501   9594-2 Models
      X.511   9594-3 Abstract Service Definition
      X.518   9594-4 Procedures for Distributed Operations
      X.519   9594-5 Protocol Specifications
      X.520   9594-6 Selected Attribute Types
      X.521   9594-7 Selected Object Classes
      X.509   9594-8 Authentication Framework
      X.525   9594-9 Replication

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

DIR.X V4.0 is compliant with the following RFCs: [RFC 1274], [RFC 1277], [RFC 1565], [RFC 1567], [RFC 1777], [RFC 1778], [RFC 1779].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

DIR.X V4.0 is compliant with the following RFCs: [RFC 1278], [RFC 1558], [RFC 1801].

INTEROPERABILITY

Interoperability tests have not been completed yet.

PILOT CONNECTIVITY

[No information provided. -- Ed.]

BUGS

To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline-
com@s41.mch1.x400scn.sni.de.

CAVEATS AND GENERAL LIMITATIONS

DIR.X V4.0 is highly portable and without any general limitation.


Page 72

INTERNETWORKING ENVIRONMENT

[RFC-1006] with TCP/IP
OSI TP0, TP2 with X.25
OSI TP4 with CLNP
OSI TP4 with CONS (LAN)

HARDWARE PLATFORMS

SNI platforms (RM200/300/400/600, Pyramid Nile 100/150) for X.25: X.25 board needed

IBM RS/6000
for X.25: X.25 board needed

HP 9000
for X.25: X.25 board needed

Sun Sparc
no X.25 board needed (X.25 can use the serial line)

PC (Intel)
for X.25: X.25 board needed

SOFTWARE PLATFORMS

SINIX 5.42 + CMX + XTI
for X.25: WAN-CCP needed

Pyramid Nile 100/150 DC/OSx1.1

Windows NT 3.51

AIX 4.1
for X.25: OSI/6000 needed

HP-UX 10.0
for X.25: OTS 9000 needed

Solaris 2.5
for X.25: SunLink X.25 and SunLink OSI needed

NUMBER OF IMPLEMENTATIONS IN THE FIELD

Field testing to be started in Summer 1996.


Page 73

AVAILABILITY

DIR.X V4.0 can be delivered as a binary product or as source to OEM customers. It is commercially available from:

Siemens Nixdorf Informationssysteme AG
ASW BA COM 1
D-81730 Munich
Germany

Please contact

Giovanni Rabaioli

         Voice:    +49/89-636-41095
         Fax:      +49/89-636-42552
         Mail:     Giovanni.Rabaioli@mch.sni.de

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

The following X.500 products are also part of SNI's X.500 product family:

      DIR.X V3.1   1988 X.500 Directory Service
      DIR.D V2.6   LDAP browser for information retrieval
      ORG.D V2.1   Full administrative LDAP browser
      DIR.X-SYNC   V2.0 Directory synchronization


Page 74

NAME

DIR.X-SYNC (tm) V2.0 Siemens Nixdorf Informationssysteme AG

ABSTRACT

DIR.X-SYNC V2.0 enables the synchronization of existing e-mail address directories in the X.500-based DIR.X directory service. The standard DIR.X, DIR.X-SYNC and DIR.D (all available from Siemens Nixdorf) products are the foundations on which the corporate directory solutions can be tailored to meet the customer's needs. The corporate directory then becomes the universal information system within the company.

The user can access corporate directory information in different ways:

      * Using DIR.D, SNI's Windows client for the X.500 service, PC
        users can gain easy access to the DIR.X server containing the
        corporate directory data. The data found can  be transferred
        to other applications by means of DDE, drag and drop or cut
        and paste. (See DIR.D V2.6 for further information).

      * Query by mail: Authorized users can access data stored in the
        central or distributed directory system over their own mail
        system. DIR.X-SYNC retrieves the inquiry transmitted by mail
        and directs it on to the X.500 service. The search results
        are then delivered back to the user by mail. Using a WWW
        interface based on TCL scripts

Query by mail does not require additional software on the end system. Each mail system connected to the X.400 backbone (e.g. MS-Mail, cc:Mail etc.) can use this function. DIR.X-SYNC currently supports the address formats of the following e-mail systems:

      * MAIL.X-OD V2.3

      * MAIL.2000 V1.2, AKOM

      * MS-Mail

      * cc:Mail

      * Intelligent Messaging Mail (Banyan)


Page 75

The standardized ISO-10021 interface for X.400 addresses is supported, enabling need for extension. This means that any type of system capable of generating this format (e.g. WordPerfect, Lotus Notes) can be connected. Address acknowledgment is carried out in ISO format.

Functions for the administrator:

      * Export: Addresses can be exported from local directories.
        They are delivered as mail messages in ASCII format to the
        DIR.X-SYNC server.

      * Upload: The upload server stores the exported local addresses
        in DIR.X as globally valid X.400 addresses.

      * Query by Mail: DIR.X-SYNC enables mail members to send a
        search to the DIR.X-SYNC server by e-mail. Using this
        function, authorized administrators of the synchronized
        directories can acquire copies of the corporate directory
        data.

      * Administration of the DIR.X-SYNC server with an
        administration tool which can be used via command line or a
        command file.

Other features include:

      * Replication and distribution: In addition to the central
        solution with a single corporate directory server, DIR.X-SYNC
        also supports replicated or distributed data storage in
        DIR.X-SYNC server.

      * Authentication/Authorization: To prevent unauthorized use of
        the corporate directory system, the O/R addresses of the
        authorized administrators and users are configured by the
        DIR.X-SYNC administrator. When a query by mail or an update
        arrives, the sender address is compared with this address.

      * Logging: In the case of error, e.g. incorrect file format,
        the sender (and the administrator  configurable) are informed
        of the fault by mail. At the same time, the error message is
        saved in a log file for the DIR.X-SYNC administrator. In
        addition, a "history  file" enables the monitoring of the
        uploads that have run or are currently running

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

DIR.X-SYNC is a directory application.


Page 76

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

DIR.X-SYNC is a directory application.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[No information provided. -- Ed.]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

[No information provided. -- Ed.]

PILOT CONNECTIVITY

[No information provided. -- Ed.]

BUGS

To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline-
com@s41.mch1.x400scn.sni.de.

CAVEATS AND GENERAL LIMITATIONS

The DIR.X-SYNC server runs with SNI's mail service products MAIL.X V2.3 or MAIL.X V3.0.

INTERNETWORKING ENVIRONMENT

[No information provided. -- Ed.]

HARDWARE PLATFORMS

SNI platforms (RM200/300/400/600, MX300i/500i)

HP 9000

SOFTWARE PLATFORMS

SINIX 5.42

HP-UX 10.0


Page 77

NUMBER OF IMPLEMENTATIONS IN THE FIELD

100

AVAILABILITY

DIR.X-SYNC V2.0 can be delivered as a binary product. It is commercially available from:

Siemens Nixdorf Informationssysteme AG ASW BA COM 1 D- 81730 Munich Germany

Please contact

Giovanni Rabaioli

         Voice:    +49/89-636-41095
         Fax:      +49/89-636-42552
         Mail:     Giovanni.Rabaioli@mch.sni.de

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

The following X.500 products are also part of SNI's X.500 product family:

      DIR.X V4.0   1993 X.500 Directory Service
      DIR.X V3.1   1988 X.500 Directory Service
      DIR.D V2.6   LDAP browser for information retrieval
      ORG.D V2.1   Full administrative LDAP browser


Page 78

NAME

DX500 OpenDirectory(tm)

Datacraft Australia Pty Ltd

ABSTRACT

DX500 OpenDirectory is a family of carrier grade, version 1993 X.500 conformant products

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

[No information provided. -- Ed.]

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

See WEB page: http://www.datacraft.com.au/dx500ovr.html for up to date details.

PICS are available upon request.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[No information provided. -- Ed.]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

OpenDirectory DSA supports:

      * DX-plorer, 93 full DAP stack, [RFC 1006] client over Winsock

      * ISOPRO 1.5+ messaging clients
      * ISOPRO for MAPI messaging clients
      * ISOPLEX Navigator
      * ISOPLEX Management Centre
      * ISOPLEX DS
      * ISOPLEX Web Gateway

      * Uni of Mich. - WAX500

      * Quipu emulation mode


Page 79

PILOT CONNECTIVITY

[No information provided. -- Ed.]

BUGS

[No information provided. -- Ed.]

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

[No information provided. -- Ed.]

HARDWARE PLATFORMS

[No information provided. -- Ed.]

SOFTWARE PLATFORMS

[No information provided. -- Ed.]

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

The software is commercially available from Datacraft, or its distributors.

DATE LAST UPDATED or CHECKED

March, 96

ADDITIONAL INFORMATION and/or COMMENTS

Capable of supporting a million entries, with subsecond response time, on small Unix, with 32 mgbytes of ram, due to a unique patented meta-data design.


Page 80

NAME

Forum LOOK'UP (tm)

Telis Systemes & Communications

ABSTRACT

Forum LOOK'UP (tm) is a Corporate directory solution based on the X.500 recommendations. It includes:

      * a Directory System Agent (DSA),

      * Directory User Agents (DUAs).

      * local network connections

      * remote workstation access

      * a WEB and videotex access

      * data  updating tools

      * a directory editing tool

Forum LOOK'UP is a product based on PIZARRO, the research prototype developed at INRIA by Christian Huitema's team, and commercialized by Telis, a member of the France Telecom group.

Characteristics of the DSA are:

      * The DAP and DSP protocols are provided conformant with X.500
        (88).

      * The DIB is maintained in ASN.1 encoded format in the Unix
        file system.

      * Utilities are provided to load and dump the DIB from and to
        ASCII text files.

      * As an option, an ORACLE V7 database can also be used.

      * The DIT structure is held in main memory. Frequently used
        attributes may be held in inverted tables in memory to speed
        up searches.

      * Knowledge management: knowledge on managed domains is stored
        in Forum LOOK'UP specific attributes of the DSA entries.


Page 81

      * Schema: The X.500 (88), X.400 (88) and most of the Cosine and
        Internet Schema are supported. Object class and attribute
        definitions are enforced. Users may define their own.

      * Simple authentication is provided strong authentication and
        signed operations have been tested operationally through
        Telis's participation in PASSWORD, a VALUE project with aim
        to pilot a European security infrastructure for network
        applications.

      * Access control : the DSA offers a mechanism defined by Telis
        that is functionally equivalent to a profile of the X500 '93
        access control mechanism. The mechanism is based on the
        notion of administrative domains (autonomous and semi-
        autonomous). A domain defines the user groups (categories)
        and their access rights (consult, modify) to specified
        attribute types. The access rights are defined in
        prescriptive and entry ACI attributes.

      * Phonetic searches : administrators may specify a language
        (English, French, ...) for a subtree of the DIT. Approximate
        (phonetic) searches will then be carried out in the given
        language. The software loads a rule database to which new
        languages and new rules may be added easily.

      * Management: a Forum LOOK'UP DSA object has been defined to
        allow operational parameters of the DSA to be managed via
        DAP. Forum LOOK'UP conforms to X.500 (88) as specified in
        poaragraph 9 of X.519 Administration tools are provided :

      * to generate usage statistics automatically and distribute
        these by mail to administrators

      * to replicate subtrees of the DIT to other FORUM LOOK'UP
        DSAs and automatically update shadow copies,

      * to extract hardcopy listings from the database in an Excel
        compatible format for "paper" directories, all the
        management tasks are performed through a GUI (X/Motif).

      * The GUI includes a "dashboard" for monitoring of servers and
        the hardware they are installed on.

      * The DUAs include a graphical directory browser with powerful
        search functionality for PCs and Macintosh.


Page 82

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

Forum LOOK'UP conforms to X.500 (88) as specified in paragraph 9 of X.519

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

[No information provided. -- Ed.]

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[RFC 1274], [RFC 1277], [RFC 1778], [RFC 1779] are supported

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[RFC 1278], [RFC 1279] are supported

INTEROPERABILITY

Through the use of Forum LOOK'UP in the French Paradise pilot, interoperability has been informally but extensively tested with Quipu, Marben, SNI DIR/X.

PILOT CONNECTIVITY

DSA connectivity to the PARADISE pilot.

BUGS

Forum LOOK'UP is a commercial product. As such, it is supported and bugs are fixed when detected.

Bug reports can be sent to our support team via electronic mail.

CAVEATS AND GENERAL LIMITATIONS

      * The DIT structure and inverted attribute tables are stored in
        main memory.

      * The recommended main memory size for a DSA is 1kb per node,
        i.e., 10 Mb for a database of 10,000 objects.

      * The current recommended maximum for the proprietary database
        (based on the Unix file system) is a database size of the order
        of 100,000 objects.

      * For a larger database one unique server (up to 300,000 objects),
        the use of the Oracle database is recommended


Page 83

      * Of the selected attribute types defined in X.500 (88), the
        searchGuide attribute is not supported

      * neither are the following attributes from the Cosine and
        Internet Schema [RFC 1274]: OtherMailbox, MailPreferenceOption
        and the various quality attributes.

INTERNETWORKING ENVIRONMENT

Forum LOOK'UP includes a transport stack for TP0 with TCP/IP [RFC 1006] and X.25. The stack has been ported to SunNet OSI for TP4 with CLNP.

DUAs on a LAN (Novell Netware, Microsoft Lan Manager, IBM Lan Server) can access the DSA without the need for IP on every Workstation. A module (called SOLO server) available on Novell, OS/2 and UNIX allows to have an IP or X.25 stack only on the file server. It is in charge of forwarding the request to a DSA.

A direct access (DUA / DSA) through IP, X.25, PSTN or ISDN is also available.

HARDWARE PLATFORMS

Forum LOOK'UP can easily be ported to any UNIX machine.

It currently runs on: Sun Solaris and Hewlett Packard.

A port on IBM AIX is to be completed.

SOFTWARE PLATFORMS

The Forum LOOK'UP server is portable to any UNIX-like operating system. X/Motif is the interface used for management.

The DUAs are available on Windows and Macintosh.

ORACLE V7 can be used as a database (option).

NUMBER OF IMPLEMENTATIONS IN THE FIELD

30 servers


Page 84

AVAILABILITY

Forum LOOK'UP is commercially available. For further information contact:

Laurence Puvilland, Product manager
Email: C=fr A=atlas P=telis-sc O=telis-sc OU1=paris S=puvilland laurence.puvilland@paris.telis-sc.fr

or:

Ascan Woermann, X.500 development manager
Email: C=fr A=atlas P=telis-sc O=telis-sc OU1=sophia S=Woermann ascan.woermann@sophia.telis-sc.fr

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 85

NAME

FX*500

Firefox International Limited

ABSTRACT

FX*500 is a core component of Firefoxs product suite for mail, messaging and directories.

FX*500 provides a Directory System Agent (DSA) which adheres to the latest 1993 X.500 standards.

FX*500 may be used in conjunction with the Firefox FX*400 messaging products or may be combined with a range of Directory User Agent and Gateway products in order to satisfy a broad range of directory requirements.

FX*500 affords unique integration opportunities with Novell's NetWare Directory Service (NDS) by offering the option of true dynamic directory integration between NDS and X.500.

FX*500 provides support for key features of the X.500 1993 standard while continuing to support interworking with 1988 based directory user agents and system agents. The main 1993 features of X.500 supported by FX*500 are:

      * Basic Access Control

      * The 1993 DSA Information Model

      * Replication and Shadowing

In summary, FX*500 supports:

      * 1988 and 1993 X.500 Directory Access Protocol (DAP)

      * 1988 and 1993 X.500 Directory System Protocol (DSP)

      * 1993 X.500 Directory Information Shadowing Protocol (DISP)

      * 1993 Basic (or Simplified) Access Control

      * the Lightweight Directory Access Protocol (LDAP), as defined
        by [RFC 1777]


Page 86

      * configuration of knowledge information for distributed
        operation using 1993 operational attributes

      * local management services, including a knowledge
        configuration application and extensive diagnostic facilities

      * an extended set of management applications

      * operation in a wide variety of network environments including
        connectivity over X.25, TCP/IP [RFC 1006] and OSI LANs.

      * an application developer's toolkit

The optional application developer's toolkit includes:

      * the X/Open Directory Services (XDS) API to support directory
        user agent applications

      * a Gateway (G-XDS) API which is based on a simplified version
        of the XDS API syntax and allows developers to implement
        gateways to existing/ proprietary directory databases

      * a Network Management Interface (NMI) to support management
        applications and integration with management services.

FX*500 is delivered with a schema defined to support the Common Use and MHS (X.402) Schemas defined by UK GOSIP V4. The subschema for FX*500 can be modified by the customer and updated dynamically.

FX*500 provides for search optimisation by supporting keyed search whereby specific attributes can be identified as 'keyed' through local configuration data. This optimisation avoids the need to do a "brute force" search which requires a traversal of all the nodes of a subtree. Approximate match search filters are also supported by using a phonetic search based on the "Soundex" algorithm.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

FX*500 meets both the static and dynamic requirements implied by section 9.2 of X.519 1988.

From section 9.2 of X.519 1988 regarding DSA conformance:

      * FX*500 supports both the directoryAccessAC and
        directorySystemAC application contexts.

      * The FX*500 DSA can act as a first level DSA


Page 87

      * The chained mode of operation is supported.

      * The security levels "none" and "simple" are supported, the
        "strong" security level can be supported with the addition of
        an appropriate security module.

      * The attribute types defined in X.520 and the object classes
        defined in X.521 are supported.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

FX*500 meets both the static and dynamic requirements implied by sections 9.2, 9.3 and 9.4 of X.519 1993 regarding the conformance of DSA, Shadow Supplier and Shadow Consumer.

From section 9.2 of X.519 1993 regarding DSA conformance:

      * FX*500 supports both the directoryAccessAC and
        directorySystemAC application contexts

      * the FX*500 DSA can act as a first level DSA

      * the chained mode of operation is supported.

      * the security levels "none" and "simple" are supported, the
        "strong" security level can be supported with the addition of
        an appropriate security module.

      * the selected attribute types defined in X.520 are supported.
        The UNIVERSAL STRING choice for DirectoryString is supported
        but cannot be used for matching rules.

      * the selected object classes defined in X.521 are supported.

      * FX*500 supports the following 1993 extensions to the DAP and
        DSP protocols:

         * subentries

         * copyShallDo

         * attributeSizeLimit

         * extraAttributes

         * useAliasOnUpdate

         * newSuperior


Page 88

      * FX*500 supports the following operational attributes:

         * structural object class

         * governing structural rule

         * create timestamp

         * modify timestamp

         * creators name

         * modifiers name

         * prescriptive ACI

         * entry ACI

         * subentry ACI

         * myAccessPoint

         * superiorKnowledge

         * supplierKnowledge (supported by local mechanism)

         * consumerKnowledge (supported by local mechanism)

         * secondaryShadows (supported by local mechanism)

         * specificKnowledge

         * nonSpecificKnowledge

      * FX*500 supports return of alias names and indication that
        returned entry information is complete

      * support is given to modifying the object class attribute to
        add and/or remove values identifying auxiliary object classes

      * FX*500 supports both Basic Access Control and Simplified
        Access Control

      * FX*500 supports the name bindings defined in X.521


Page 89

From section 9.3 and 9.4 of X.519 1993 regarding conformance of a Shadow Supplier and Shadow Consumer respectively:

      * FX*500 supports the shadowSupplierInitiatedAC and
        shadowConsumerInitiatedAC application contexts

      * the security levels "none" and "simple" are supported, the
        "strong" security level can be supported with the addition of
        an appropriate security module.

      * FX*500 supports the following UnitOfReplication:

         * Entry filtering on object class

         * Inclusion of subordinate knowledge in the replicated area

         * Inclusion of extended knowledge in addition to subordinate
           knowledge

      * FX*500 can act as a secondary shadow supplier.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Supports [RFC 1274], [RFC 1567],[RFC 1777],[RFC 1778],[RFC 1779]

FX*500 maintains statistics that are a superset of those defined by [RFC 1567] "X.500 Directory Monitoring MIB".

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

Firefox are members of EurOSInet and test FX*500 by direct links with other members and at interoperability workshops.

PILOT CONNECTIVITY

Firefox are participating in the NameFLOW-Paradise project, which is the successor to the Paradise European X.500 directory pilot.

BUGS

[No information provided. -- Ed.]


Page 90

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

FX*500 utilises the Firefox FX*STACK product to provide an OSI stack for use over local or wide-area networks. This enables the X.500 DAP, DSP and DISP protocols operate over a range of different network types. The current network options are:

      * OSI LANs are supported by Transport Class 4 over CLNP (ISO
        8473), including the ES-IS routing protocol.

      * X.25 networks are supported in either a Connection-Oriented
        Network Service (CONS) or a Connection-Less Network Service
        (CLNS) environment.

         * For CONS, Transport Classes 0, 2 and 4 are supported over
           X.25(1984).

         * For CLNS, Transport Class 4 is supported over CLNP (ISO
           8473) utilising X.25 as a subnetwork.

      * TCP/IP networks are supported by an implementation of [RFC
        1006], which supports Transport Class 0 over TCP/IP.

HARDWARE PLATFORMS

Intel 386, 486, Pentium

SOFTWARE PLATFORMS

FX*500 is available on NetWare 3.12 and 4.1, UnixWare 1.1.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

FX*500 is commercially available.


Page 91

For further details please contact:

Keith Vallance
Product Manager
Firefox International Limited
668 Hitchin Road
Stopsley
Bedfordshire LU2 7UH
UK

         Tel:    +44 (0)1582 29007
         Fax:    +44 (0)1582 29107
         email: keithv@firefox.co.uk

Ken Sanofsky
Firefox (U.S.) Inc.
Seventh Floor
2099 Gateway Place
San Jose
CA 95110-1017

         Tel:    +1 408 321 8344
         Fax:    +1 408 321 8311
         email: kens@firefox.com

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 92

NAME

Global Directory Server

Control Data Systems, Inc.

ABSTRACT

Control Data's X.500 implementation, called the Global Directory Server, is compliant with the 1993 ITU-T Recommendations X.500-X.521, except for DOP, schema publication, and non-specific subordinate references. Features include:

      * 1993 administrative framework

         * 1993 operational attributes

         * 1993 reference structure

         * 1993 distributed operations

         * 1993 incremental and full replication including:

           * Supplier or consumer initiated

           * Periodic (by update interval) or onchange replication

           * Complete subtree specification to select replicated
             area

           * Reference replication

         * 1993 basic access control including:

           * Prescriptive, entry and subentry ACI supported

           * Item first and user first specification

           * All user classes supported including users by subtree
             specification

           * Access control by entry, attribute, and attribute value

           * All priority levels supported

         * 1993 collective attributes

         * 1993 hierarchical attributes


Page 93

         * 1993 operational extensions

         * 1993 modifyDN operation

         * Full interoperability with "quipu" implementations including:

           * quipu replication for designated portions of DIT

           * quipu reference model for designated portions of DIT

           * enhanced quipu access controls (ACLs)

           * quipu operational attributes for designated portions of
             DIT

           * Can "automatically" migrate quipu DIT to 1993 DIT:

           * Migration process is dynamic, can occur while DSA is
             operating

           * Process preserves quipu attributes if desired

Also:

         * Directory API based on the X.400 API

         * Support for X.400 objects including those to support MHS use
           of directory to support MHS routing

         * Integration with Control Data's Mail*Hub standards-based E-
           mail and directory integration products

         * DUA interfaces that support the full set of directory
           operations

         * A DUA daemon that provides directory access for applications

         * Directory synchronization tools for synchronizing
           PC/Mac/DEC/IBM mail directories and other sources of
           information, such as human resources databases, with X.500

         * Hash indexing for fast string search

         * dixie, dad, finger, whois, and ph.x500 support

         * SNMP based monitoring and management of DSAs

         * Support for DAP, LDAP, DSP, and DISP


Page 94

         * Can be browsed via standard World Wide Web browsers

Control Data Systems offers complete integration services to design, plan, install, configure, tailor and maintain X.500 services. These services may include the preparation of customer unique DUAs and tools for X.500 integration, synchronization, operational control and management.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

The Global Directory Server complies with the 1988 CCITT
Recommendations X.500-X.521 [CCITT-88] and the 1988 NIST OIW Stable Implementation Agreements [NIST-88]. It also complies with all static and dynamic requirements of X.519.

The Global Directory Server also provides:

      * Full interoperability with "quipu" implementations including:

         * quipu replication for designated portions of DIT

         * quipu reference model for designated portions of DIT

         * enhanced quipu access controls (ACLs)

         * quipu operational attributes for designated portions of
           DIT

      * Can "automatically" migrate quipu DIT to 1993 DIT:

         * Migration process is dynamic, can occur while DSA is
           operating

         * Process preserves quipu attributes if desired

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

The Global Directory Server complies with the 1993 ITU-T
Recommendations X.500-X.521, except for DOP, schema publication, and non-specific subordinate references. It also complies with the 1994 NIST OIW Stable Implementation Agreements. And it complies with all static and dynamic requirements of X.519. Compliance features:

      * 1993 administrative framework

      * 1993 operational attributes

      * 1993 reference structure


Page 95

      * 1993 distributed operations

      * 1993 incremental and full replication including:

         * Supplier or consumer initiated

         * Periodic (by update interval) or onchange replication

         * Complete subtree specification to select replicated area

         * Reference replication

      * 1993 basic access control including:

         * Prescriptive, entry and subentry ACI supported

         * Item first and user first specification

         * All user classes supported including users by subtree
           specification

         * Access control by entry, attribute and attribute value

         * All priority levels supported

      * 1993 collective attributes

      * 1993 hierarchical attributes

      * 1993 operational extensions

      * 1993 modifyDN operation

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Global Directory Server is compliant with the following RFCs: [RFC 1274], [RFC 1276], [RFC 1277], [RFC 1567], [RFC 1778], [RFC 1777], [RFC 1779]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

Global Directory Server is compliant with the following RFCs: [RFC 1202], [RFC 1249], [RFC 1275], [RFC 1278], [RFC 1279], [RFC 1558], [RFC 1562], [RFC 1617], [RFC 1781], [RFC 1801], [RFC 1802], [RFC 1803], [RFC 1836], [RFC 1837], [RFC 1838]


Page 96

INTEROPERABILITY

Control Data X.500 has successfully interoperated with other X.500 implementations including those from HP, DEC, ESL, ISODE Consortium, Telstra, ICL, Marben (HP), Nexor, Unisys, and Siemens.

PILOT CONNECTIVITY

Control Data's X,500 implementation interoperates with other implementations in the Internet X.500 pilots. It also provides the base routing tree for the MHS Use of the Directory pilot (Longbud) on the Internet.

BUGS

Control Data provides complete software maintenance services with products.

CAVEATS AND GENERAL LIMITATIONS

None.

INTERNETWORKING ENVIRONMENT

[RFC 1006] with TCP/IP, TP4 with CLNS, TP0 with X.25.

HARDWARE PLATFORMS

Global Directory Server is supported on UNIX for SUN SPARC, HP 9000, and IBM RS/6000 platforms, and on Windows NT for Intel platforms. Other platforms are pending.

SOFTWARE PLATFORMS

Distributed and supported for SUN Solaris 2.x, HP-UX 10.x, IBM AIX 4.x, and Windows NT.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

Product was introduced in December 1995. 5 implementations in the field to date.


Page 97

AVAILABILITY
Commercially available from:

Control Data Systems Inc.
Electronic Commerce Solutions, ARH290

         4201 Lexington Avenue   North
         Arden Hills, MN 55126-6198 U.S.A.

1-800-257-OPEN (U.S. and Canada)
1-612-482-6736 (worldwide)
FAX: 1-612-482-2000 (worldwide)
EMAIL: info@cdc.com
or
s=info p=cdc a=attmail c=us

DATE LAST UPDATED or CHECKED

July 1996

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 98

NAME

i500 Enterprise Directory Server

ICL

ABSTRACT

ICL's i500 Enterprise Directory Server (simply termed "i500") is a high performance X.500 distributed Directory system providing features such as:

      * multi-protocol support covering 1993-edition DAP, DSP and
        DISP plus LDAP and WWW client access

      * dynamically configurable schema (object classes, attributes,
        structure rules etc.) including support for user-defined
        schema items and auxiliary object classes

      * a scalable, disk-based database incorporating configurable
        indexing facilities to enable rapid, large-scale searching,
        including approximate matching

      * storage of a variety of information types including text,
        image and sound

      * the capabaility to operate as a "first-level" DSA

      * 1993-edition replication of information (both primary and
        secondary shadowing using DISP and supporting total refresh,
        incremental or on-change updates)

      * information security, using X.509 authentication techniques
        together with either 1993-edition Basic or Simplified Access
        Controls

      * gateway facilities to enable X.500, LDAP and WWW client
        access to non-X.500 based information

      * a variety of APIs and associated development toolkits
        including LDAP and X/Open XDS/XOM Directory access APIs

      * support of the [RFC 1567] "MADMAN" systems management MIB

      * a Windows (3.11, 95 or NT) based management station


Page 99

COMPLIANCE withX.500-1988 (applicable only forDSAs and DUAs)

i500 is compliant with the 1993-edition of X.500 and interoperates with 1988-edition DUAs and DSAs.

COMPLIANCE withX.500-1993 (applicable only forDSAs and DUAs)

i500 is compliant with the 1993-edition of X.500 and is implemented in-line with the ISO/ITU-T Directory Implementor's Guide and the emerging 1993 International Standardized Profiles (ISPs) being produced by the NIST OIW, EWOS and AOW workshops.

Full Protocol Implementation Conformance Statements (PICS) are available on request to either:

i500@reston.icl.com or k.richardson@man0523.wins.icl.co.uk

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

i500 supports a variety of proposed Internet standards and in particular, [RFC 1274] (schema), [RFC 1567] (MIB) and [RFC 1777] (LDAP).

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

i500 is developed in-line with any necessary informational and experimental RFCs, e.g.[RFC 1278] and [RFC 1558] are supported.

INTEROPERABILITY

ICL are members of EuroSInet and EEMA. As such, i500 is regularly tested for interoperability at EuroSInet workshops and has also been included in public demonstrations of X.500 interoperability at EEMA annual exhibitions. Other X.500 products with which i500 has been proven to interoperate include those from the following vendors:

   * Boldon-James

   * Control Data

   * DCL

   * Digital

   * ISOCOR

   * ISODE


Page 100

   * Net-Tel

   * NeXor

   * SNI

   * Unisys

   * WorldTalk

PILOT CONNECTIVITY

i500 operates within the Internet PARADISE network controlled by DANTE.

BUGS

No known bugs. World-wide software maintenance services are provided with primary support desks based in North America and Europe.

CAVEATSAND GENERAL LIMITATIONS

None.

INTERNETWORKING ENVIRONMENT

TCP/IP for LDAP and WWW client (HTTP) access
TCP/IP with [RFC 1006]
OSI TP0, TP2, TP3, (X.25, CONS) and TP4 (CLNP)

HARDWARE PLATFORMS

HP, Intel PC, ICL, SUN, Pyramid and platforms which support UNIXWARE 2.0

SOFTWARE PLATFORMS

HP UX-9.04 and 10.0, Windows NT 3.51, ICL DRS/NX 7, SUN Solaris 2.4 and 2.5, Pyramid OSx, UNIXWARE 2.0

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]


Page 101

AVAILABILITY

i500 is commercially available from ICL High Performance Systems. For further information please contact either:

   i500 Marketing Manager,  or   David Longley (i500 Business Manager),
   ICL Inc.,                     ICL,
   11490 Commerce Park Drive,    Wenlock Way,
   Suite 500,                    West Gorton,
   Reston,                       Manchester,
   VA 22091-1532 USA             M12 5DR, UK

   Tel.   +1 703 648 3300        Tel.   +44 (0)161 223 1301 ext.2832
   Fax.   +1 703 648 3350        Fax.   +44 (0)161 223 0482
   I/net. i500@reston.icl.com    I/net.
                                 d.c.longley@man0505.wins.icl.co.uk

Information on i500 is also provided at
http://www.icl.com/hps/i500.html.

DATE LAST UPDATED or CHECKED

July 29, 1996

ADDITIONAL INFORMATION and/or COMMENTS

None.


Page 102

NAME

ISODE Consortium Release 3.0 X.500(1993) Directory ISODE Consortium Ltd.

ABSTRACT

This implementation is a source release of an X.500(1993) Directory System Agent (DSA). It has been designed an implemented as an X.500 1993 DSA not as a 1988 DSA with '93 extensions. Emphasis has been placed on providing support for a flexible information model, access control, X.509 security features, and standard replication.

The 1993 DSA offers a strong technical foundation on which to build an information and messaging infrastructure that relies on robust and scalable directory services. The implementation of this DSA incorporates the experience gained through the development, support, and maintenance of the earlier QUIPU, as well as operational experience and standards support.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

The DSA is aligned to the 1988 ISO IS and the NIST OIW Directory Implementors Guide Version 1. X.500(1993) features such as replication, access control, as well as X.509 certification are also available. Interoperability testing with other DSAs has been performed.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

Please contact the ISODE Consortium if you wish to obtain our protocol information conformance statements. PICS may also be available from member organizations for their binary products.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[RFC 1781],[RFC 1779],[RFC 1778],[RFC 1777], [RFC 1274], [RFC 1277].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[RFC 1838], [RFC 1837], [RFC 1836],[RFC 1801], [RFC 1275], [RFC 1278], [RFC 1279].


Page 103

INTEROPERABILITY

Interoperability with several other DSAs has been demonstrated in pilot operation and at Eurosinet in October 1995.

At Eurosinet, X.500 interoperability testing used the X.500 DAP (Directory Access) and DSP (Directory System) protocols. Successful testing was done between the ISODE Consortium X.500(1993) DSA and DSAs from four other vendors including Siemens-Nixdorf and Bull. The ISODE Consortium was the only vendor to bring an X.500(93) compliant DSA to the workshop for the scheduled X.500(93) testing.

PILOT CONNECTIVITY

Connectivity to the global research pilots (PARADISE etc.) has been demonstrated. It is expected that this system will be used extensively in a wide range of pilot activities. DUA Connectivity, and DSA Connectivity.

BUGS

Bugs should be reported to the ISODE Consortium via email.

CAVEATS AND GENERAL LIMITATIONS

None

INTERNETWORKING ENVIRONMENT

The IC R3.0 release is application level code, and assumes vendor provided lower layers. It provides the following modules with support for a range of APIs to handle associated lower layers:

      * [RFC 1006] (vendor supplied TCP/IP using sockets or TLI)

      * Transport service (vendor supplied transport, which may be
        any class and use any network service. TLI, XTI and various
        vendor-specific APIs).

      * TP0 (Vendor supplied X.25 or CONS using NTI and various
        vendor specific APIs).

HARDWARE PLATFORMS

Reference platform is SUN SPARC Solaris 2. The software has been ported to various other platforms by the IC and by member organizations. Contact the ISODE Consortium for a complete member product list.


Page 104

SOFTWARE PLATFORMS

Reference OS is Solaris 2.3/2.4. It is also known to run on various other UNIX platforms. Contact the ISODE Consortium for a complete member product list.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

Available to members of the ISODE Consortium. Membership is open to any organisation. An earlier version of the source release is available under licence (zero cost) to universities and equivalent educational institutions.

Contact:

ISODE Consortium
The Dome, The Square
Richmond
TW9 1DT
UK

Phone: +44-181-332-9091

      Fax:   +44-181-332-9019

Email:

DATE LAST UPDATED or CHECKED

January 1996

ADDITIONAL INFORMATION and/or COMMENTS

More information may be obtained by contacting the ISODE Consortium, or by visiting our WWW site, http://www.isode.com/

Our X.400 address is s=ic-info; o=ISODE Consortium; p=ISODE; a=MAILNET; c=FI


Page 105

NAME

ISOPLEX DS (tm) DSA

ISOCOR

ABSTRACT

ISOCOR's ISOPLEX DS Directory Services Product Family also includes:

ISOPLEX DS Import/Export Utility for Windows
ISOPLEX DS Navigator
ISOPLEX DS Directory Access XDS/XOM APIs
ISOGATE DS (tm) Oracle

The ISOPLEX DS provides a 1988 X.500 conformant Directory System Agent (DSA), a Lightweight Directory Access Protocol (LDAP) daemon to service Directory requests via LDAP, a UNIX Directory shell user agent (DISH), a Motif Directory Administrator interface to configure the first level and subordinate DSAs, and supporting utilities to handle bulk loading of the Directory, maintain statistics, and provide logging information.

In addition to supporting memory-based Directory Information Bases (DIBs), the ISOPLEX DS includes the optional configuration of delegate DSA processes for storing selected subtrees of the Directory Information Tree (DIT) in disk-based index and data files.

The ISOPLEX DS includes a set of utilities integrating it with key technology. The most important of these tools is the World Wide Web to X.500 gateway, which supports Hyper-Text Markup Language (HTML)- based DUA bindings to the ISOPLEX DS DSA via the ISOPLEX DS LDAP daemon process.

The ISOPLEX DS additionally provides Simple Network Management Protocol (SNMP) functionality that works in conjunction with an existing SNMP environment. The ISOPLEX DS functionality is specifically designed to monitor a DSA's DSP and DAP connections from a network managment system and uses the X.500 Directory monitoring Management Information Base (MIB), which is based on [RFC 1567].

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

The ISOPLEX DS conforms to the 1988 CCITT Recommendations X.500-X.521 as detailed in the Protocol Implementation Conformance Statements X.581 (1988) and X.582 (1988). It conforms in part to Version 7 of the NIST OIW Stable Implementation Agreements.


Page 106

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

The ISOPLEX DS does not conform to the 1993 ITU-T Recommendations X.500-X.521.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

The ISOPLEX DS conforms with the following proposed Internet Standard RFCs: [RFC 1274], [RFC 1276], [RFC 1277], [RFC 1567], [RFC 1777], [RFC 1778], [RFC 1779], and [RFC 1798].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

The ISOPLEX DS is consistent with the following informational and experimental RFCs: [RFC 1275], [RFC 1278], [RFC 1279], [RFC 1558], [RFC-1617], [RFC 1781], [RFC-1801], [RFC-1803], and [RFC-1804].

INTEROPERABILITY

The ISOPLEX DS interoperates with the following systems: Control Data, Digital Equipment, Hewlett Packard, Marben, Nexor, The Wollongong Group, and Unisys.

PILOT CONNECTIVITY

The ISOPLEX DS provides DUA Connectivity and DSA Connectivity via the PARADISE project in Europe and via the Internet in North America.

BUGS

If problems arise with the ISOPLEX DS, the customer can report these to the relevant ISOCOR reseller or contact ISOCOR Technical Support directly. ISOCOR Technical Support staffs are available in two locations: one in the US at +1 (310) 581-8100 (phone), +1 (310) 581- 8111 (fax), and helpdesk@isocor.com; the other in Ireland at +353 (1) 284-3802 (phone), +353 (1) 280-0365, and helpdesk.isocor.ie.

CAVEATS AND GENERAL LIMITATIONS

Not applicable.

INTERNETWORKING ENVIRONMENT

Though the internetworking capability of the product depends on the specific hardware/software platform, the ISOPLEX DS in general supports the following environments:

[RFC 1006] with TCP/IP


Page 107

TP2 over X.25, CONS (ISO 8878), APS on Async

TP4 over CLNS, PAD (X.29) Server

HARDWARE PLATFORMS

Hewlett Packard

Intel 486/Pentium

Sun

Stratus

SOFTWARE PLATFORMS

Hewlett Packard HP-UX v9.x/v10.x, HP OSI Transport Services 9000

SCO v3.2.4, v3.2.5, SCO OpenDesktop, TCP/IP, IEEE 802.3, Eicon R3.1 for X.25 networking software and hardware

Solaris v2.4, Sunlink OSI 8.0.2, Sunlink X.25 8.0.2

Stratus ftx v2.2, OSI Open Networking Platform (ONP), Stratus Window Manager 1.2 End User System, MIT X11R5 Graphics End User System, MIT X11R5 Graphics Fonts package, MIT X11R5 Graphics Openlook Software package

Motif/X11R5 runtime support

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

The ISOPLEX DS is commercially available either directly from ISOCOR or from a licensed ISOCOR reseller.

DATE LAST UPDATED or CHECKED

December 31, 1995.

ADDITIONAL INFORMATION and/or COMMENTS

Not applicable.


Page 108

NAME

LDAP

University of Michigan

ABSTRACT

UM-LDAP is an implementation of the Lightweight Directory Access Protocol. LDAP is a draft Internet standard directory service protocol that runs over TCP/IP. It can be used to provide a stand- alone directory service, or to provide lightweight access to the X.500 directory. LDAP is defined by [RFC 1777] and [RFC 1778].

The UM-LDAP package includes the following components:

      * slapd - a stand-alone LDAP directory server

      * slurpd - a stand-alone LDAP replication server

      * ldapd - an LDAP-to-X.500 gateway server

      * centipede - an LDAP centroid generation and maintenance
        program

      * libldap - an LDAP client library

      * liblber - a lightweight BER/DER encoding/decoding library

      * ldif tools - data conversion tools for use with slapd

      * in.xfingerd - a finger-to-LDAP gateway server

      * go500 - a gopher-to-LDAP gateway server for searching

      * go500gw - a gopher-to-LDAP gateway server for searching and
        browsing

      * rcpt500 - an email-to-LDAP query responder

      * mail500 - an LDAP-capable mailer

      * fax500 - an LDAP-capable mailer that supports remote printing

      * LDAP tools - A collection of shell-based LDAP utility
        programs


Page 109

In addition, there are some contributed components:

      * web500 - an HTTP-to-LDAP gateway

      * whois++d - a WHOIS++-to-LDAP gateway

      * saucer - a simple command-line oriented client program

The latest information about LDAP can always be found on the LDAP Home Page at this URL:

http://www.umich.edu/~rsug/ldap/

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

The U-M LDAP distribution is a complete implementation of the LDAP protocol. The LDAP protocol does not support access to all X.500 features and operations. The operations supported are bind, search, compare, add, delete, modify, modify RDN, and abandon. Note that read and list operations can be emulated using the search operation. Size and time limits may be specified, as may alias dereferencing and searching, but all X.500 service controls are not supported.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

Since the LDAP protocol itself has not yet been updated to support any 1993-specific X.500 features, this implementation does support any 1993 features yet either.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Believed to be compliant with:

[RFC 1274], [RFC 1777], [RFC 1778], [RFC 1779], [RFC 1781]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

Includes an implementation of the LDAP API, as defined in [RFC 1823]. Search filters used within UM-LDAP comply with [RFC 1558].

INTEROPERABILITY

The current implementation of the X.500-backended LDAP server (ldapd) is known to work with ISODE-based DAP libraries and the QUIPU DSA.

PILOT CONNECTIVITY

DUA connectivity should be possible to all pilots.


Page 110

BUGS

Bug reports should be sent to bug-ldap@umich.edu.

CAVEATS AND GENERAL LIMITATIONS

None, aside from those mentioned above under completeness.

INTERNETWORKING ENVIRONMENT

LDAP clients use TCP to communicate with the LDAP server. The LDAP server normally uses [RFC 1006] with TCP/IP to communicate with the DSA, though any other transport mechanism for DSA communication supported by ISODE should be possible.

HARDWARE PLATFORMS

The complete UM-LDAP package has been ported to a wide variety of UNIX systems, including: Sun3 and SPARCs running SunOS 4.1.x or Solaris 2.x, DECStations running Ultrix 4.3, HP 9000 series running HP-UX 9.05, IBM RS6000 running AIX 3.2.5, PCs running SCO, FreeBSD, NetBSD, or LINUX, DEC Alphas running OSF/1, and NeXTStatios running NeXTSTEP 3.2. The complete package has also been ported to VMS. In addition, the LDAP client libraries and some client programs have been ported to Apple Macintosh and PCs running MSDOS or Windows.

SOFTWARE PLATFORMS

The complete UM-LDAP package has been ported to a wide variety of UNIX systems, including: SunOS 4.1.x, Solaris 2.x, Ultrix 4.3, HP-UX 9.05, AIX 3.2.5, SCO, FreeBSD, NetBSD, LINUX, OSF/1, and NeXTSTEP 3.2. It has also been ported to VMS. In addition, the LDAP client libraries and some clients have been ported to Macintosh (System 7), MSDOS (some TCP/IP stacks), and Microsoft Windows 3.1, 95, and NT.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

Unknown; used by almost all Internet X.500 sites.

AVAILABILITY

This software is openly available for all to use. It may be obtained by anonymous FTP from terminator.rs.itd.umich.edu in the /ldap/ directory (URL: ftp://terminator.rs.itd.umich.edu/ldap/). The latest information about LDAP can always be found on the LDAP Home Page at this URL:

http://www.umich.edu/~rsug/ldap/


Page 111

Send e-mail to ldap-support@umich.edu for additional assistance.

This software was developed at the University of Michigan by Tim Howes with help from Mark Smith, Bryan Beecher, Gordon Good, Steve Rothwell, Lance Sloan as well as many others around the Internet. It is subject to the following copyright:

Copyright (c) 1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty.

DATE LAST UPDATED or CHECKED

December 1995

ADDITIONAL INFORMATION and/or COMMENTS

[No Information Provided -- Ed.]


Page 112

NAME

maX.500 :: Macintosh DUA Interface

University of Michigan

ABSTRACT

maX.500 is a Directory User Agent (client) for Apple Macintosh. It is widely used within Paradise and other Internet X.500 pilots. maX.500 supports searching, browsing, and modifying directory entries. Display of textual information, playing of audio, and viewing of both black-and-white (fax) and color (JPEG) images are supported. Communication with directory servers is via the Lightweight Directory Access Protocol (LDAP) over TCP/IP. maX.500 works both with standalone LDAP directory servers (such as slapd) and with X.500-backended LDAP servers (such as ldapd).

maX.500 is a native Macintosh application, and has a friendly interface. It requires System Software version 6.0.5 or later and Apple's MacTCP or Open Transport TCP/IP networking. The current version of maX.500 is 2.0.2, although version 2.1 is in beta test.

The latest information about maX.500 can always be found on the maX.500 Home Page at this URL:
http://www.umich.edu/~rsug/ldap/max500/

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

maX.500 works over LDAP, and is subject to LDAP's limitations. The bind, search, compare, add, delete, abandon, modify, and modifyrdn operations are all used by maX.500. Size and time limits may be specified, as may alias dereferencing control.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

maX.500 currently uses LDAP as defined in [RFC 1777], which does not support any 1993-specific X.500 features.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Believed to be compliant with:

[RFC 1274], [RFC 1777], [RFC 1778], [RFC 1779], [RFC 1781]


Page 113

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

Search filters comply with [RFC 1558].

Uses the LDAP API, as defined in [RFC 1823].

INTEROPERABILITY

maX.500 is known to work with the U-M LDAP servers (ldapd and slapd). It has also been tested with other commerical LDAP servers, such as Control Data's server. maX.500 has been used with a wide variety of DSAs (always through an LDAP server).

PILOT CONNECTIVITY

DUA connectivity should be possible to all pilots.

BUGS

Bug reports should be sent to max500-bugs@umich.edu.

CAVEATS AND GENERAL LIMITATIONS

maX.500 does not support modification of "photo" (fax), "jpegPhoto", or "audio" attributes. Versions of maX.500 before 2.1 did not support a fully functional browse facility.

INTERNETWORKING ENVIRONMENT

maX.500 is an LDAP client, and as such is uses TCP to communicate with the LDAP server. Apple's MacTCP control panel or Open Transport TCP/IP networking is required.

HARDWARE PLATFORMS

maX.500 runs on Apple Macintosh Plus or later Macintosh computers, including PowerMacs. It requires 600K of free RAM.

SOFTWARE PLATFORMS

maX.500 requires Apple System Software 6.0.5 or later (System 7 preferred) and MacTCP 1.1 or later (2.0.6 preferred). maX.500 2.1, which is currently in beta test, will run natively on the PowerMac and use the native Open Transport networking interface if it is installed.


Page 114

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

This software is openly available for all to use. It may be obtained by anonymous FTP from terminator.rs.itd.umich.edu in the /ldap/max500 directory (URL: ftp://terminator.rs.itd.umich.edu/ldap/max500). The latest information about maX.500 can always be found on the maX.500 Home Page at this URL:

http://www.umich.edu/~rsug/ldap/max500/

Send e-mail to max500@umich.edu for additional assistance.

This software was developed at the University of Michigan by Mark Smith with help from Tim Howes and many others around the Internet. It is subject to the following copyright:

Copyright (c) 1995 Regents of the University of Michigan. All rights reserved. Redistribution and use in binary forms is permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this] software without specific prior written permission. This software is provided ``as is'' without express or implied warranty.

DATE LAST UPDATED or CHECKED

December 1995

ADDITIONAL INFORMATION and/or COMMENTS

[No Information Provided -- Ed.]


Page 115

NAME

Messageware DSA

NEXOR

ABSTRACT

Messageware DSA is a high performance X.500(93) DSA. Characteristics of the DSA are:

      * DAP access

      * DISP for replication and shadowing information

      * DSP access

      * LDAP

      * Full 1993 Basic and Simple Access Control

      * Support for X.400, X.500, and [RFC 1274] attributes and
        object classes

      * Approximate match based on Soundex.

      * Flexible schema management

      * Anti-trawling access  control

      * Knowledge management mapped onto DIT

      * Attribute inheritance

      * Remote management

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

Messageware DSA is an X.500 1993 compliant DSA

XT-QUIPU is a X.500 1988 compliant DSA conforming to NIST SIA version 2.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

Messageware DSA isn X.500 1993 compliant DSA implementing standard access control, replication and shadowing, X.509, for a full conformance statement see the NEXOR web site(http://www.nexor.com).


Page 116

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

The following are supported: String DN format [RFC 1485], [RFC 1274], [RFC 1276], and [RFC 1277].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

The following are supported: UFN [RFC 1781], [RFC 1278], and [RFC 1279].

INTEROPERABILITY

Messagware DSA has been extensively interoperability tested at Eurosinet workshops and at the EEMA X.500 demonstration. Other vendors DSAs/DUAs interoperated with include:

ICL, Control Data, Unisys, Digital, Isocor, DCL, SNI, Boldon James

It is also in operation with DSAs used in the PARADISE and other pilot projects.

PILOT CONNECTIVITY

Messageware DSA is fully connected to the PARADISE and PSI White Pages X.500 Pilots.

BUGS

No known bugs. Support is given via phone or email to
"support@nexor.co.uk"

CAVEATS AND GENERAL LIMITATIONS

None.

INTERNETWORKING ENVIRONMENT

OSI TP4 wtih CLNP
OSI TP0 with X.25 or CONS
[RFC 1006] with TCP/IP

HARDWARE PLATFORMS

Sun: SunOS
Solaris
X86
IBM RS/6000: AIX
HP 9000


Page 117

It is available on a number of other UNIX platforms

SOFTWARE PLATFORMS

   SunOs 4.1.3 Solaris 2.4     AIX 3.2 DRS/NX 6000 HP-UX 9.01

   Other software platforms are    available.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

Messageware DSA is available from NEXOR and NEXOR partners. For more details contact:

NEXOR
PO Box 132
Nottingham
NG7 2UU
UK

      DN:        c=GB@o=NEXOR Ltd
      Telephone: +44 115 952 0510
      Fax:       +44 115 952 0519
      E-Mail:    info@nexor.co.uk

DATE LAST UPDATED or CHECKED

Dec 95

ADDITIONAL INFORMATION and/or COMMENTS

[No Information Provided--Ed.]


Page 118

NAME

MESSAGEWARE PC-DUA

NEXOR

ABSTRACT

PC-DUA provides a MS Windows based user interface to the X.500 Directory.

Features include:

  • Modify - allows users and administrators alike to add, change or delete directory entries

  • Searching - powerful searching tool so specific information can be quickly located. Also lists close matches

  • Highly flexible - can be customised to suit an organisations particular requirements

  • Directory Browser - to enable user to identify directory entries

  • History - allowing quick access to previously referenced parts of the DIT.

  • User Friendly Name (UFN) based searching

  • Hypertext-like navigation.

  • Friendly names for attribute labels.

  • Intelligent choice of entries to display when moving to a new location in the DIT.

  • On-line hypertext help.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

Compliant with LDAP 3.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

Compliant with 1993 versions of ITU X.500/ISO 9594 services and protocols


Page 119

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

      The following are supported:    [RFC 1006]
                                      [RFC 1202]
                                      [RFC 1274]
                                      [RFC 1277]
                                      [RFC 1777]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided--Ed.]

INTEROPERABILITY

PC-DUA has interoperated with LDAP 2.0 and 3.0 distributions.

Eurosinet Workshop:

SNI, CDS, AT&T, ICL, Digital, ISOCOR, UNISYS and QUIPU.

PILOT CONNECTIVITY

Full DUA connectivity to the NADF, PARADISE and PSI White Pages X.500 Pilots.

BUGS

No known bugs. Support is given via phone or email to
"support@nexor.co.uk"

CAVEATS AND GENERAL LIMITATIONS

None.

INTERNETWORKING ENVIRONMENT

WinSock based TCP/IP stacks

HARDWARE PLATFORMS

386 PC or greater WITH 4MGBYTES RAM

SOFTWARE PLATFORMS

MS WINDOWS 3.1
Windows NT
Windows95


Page 120

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

PC-DUA is commercial software. For more details contact:

NEXOR
PO Box 132
Nottingham
NG7 2UU
UK

DN: c=GB@o=NEXOR Ltd
Telephone: +44 (0) 115 952 0510
Fax: +44 (0) 115 952 0519
E-Mail: info@nexor.co.uk

DATE LAST UPDATED or CHECKED

Dec 95

ADDITIONAL INFORMATION and/or COMMENTS

[No Information Provided--Ed.]


Page 121

NAME

NonStop Directory Services (NSDS)
Tandem Computers, Inc.

ABSTRACT

The Tandem NonStop Directory Services (NSDS) product provides a distributed open directory service on Tandem platforms. It is an industrial strength implementation incorporating the Tandem product fundementals of resilience, linear extensibility, fault-tolerance, and continuous availability. NSDS runs on the NonStop Kernel Guardian Personality which includes support for Tandem system characteristics such as data integrity, process persistence, and server classes. NSDS supports access over X.25 WAN, LAN and TCP/IP networks.

NSDS is a port of OSF's DCE GDS Reference Implementation, with Tandem enhancements including 1993 X.500 Simplified Access Control. Tandem server class management provides fault events, tracing, accounting and configuration services for NSDS. TM/MP (Transaction Management) is used to protect all file operations that affect the integrity of the directory entries in the DIB.

Major Features Include:

      * X/Open Directory Services (XDS) API and X/Open Object
        Management (XOM) interface in conformance with X/Open CAE
        Specifications, and an additional Tandem extension package

      * 1988 Edition X.500 Conformant DAP and DSP, capable of inter-
        operating with 1993 Edition DUA or DSA implementations

      * Simplified Access Control as specified in the 1993 edition of
        the X.500 standard.

      * Unprotected Simple Authentication (name and password in
        clear)

      * Character set support for T61 Printables, IA5 and Teletex
        Strings

      * The DSA-SC server class performs the functions of a DSA.
        Multiple processes are used for fault tolerance and load
        balancing.

      * The DUA-ACCESS server class handles communications between
        local applications and remote DSA's using DAP across an OSI
        stack.


Page 122

      * The DSA-ACCESS server class handles communications from
        remote DUAs or DSAs to the DSA-SC server class using the
        Tandem OSI stack implementation which includes [RFC 1006]
        support for TCP/IP networks.

      * The DSA-CHAIN server class handles chaining communications
        between the DSA-SC server class and remote DSAs.

      * NSDS GUI Viewer supports administration/management of an NSDS
        DIB on a PC Windows workstation.  The NSDS GUI Viewer is
        supported by a persistent server process on the Tandem
        NonStop Kernel.  The  GUI Viewer allows a directory entry and
        a complete set of attributes and values to be inserted
        anywhere in the directory tree (DIT), to be deleted or
        changed, read or searched based on distinguished name
        components, with or without wild-card.

      * NSDS SCRIPTOR allows customers to explore features of the XDS
        programmatic interface in advance of writing their XOM/XDS
        application. NSDS SCRIPTOR is a menu-driven batch interface
        to XDS functions.

      * A BulkUnload/BulkLoad utility allows a branch of the DIB to
        be dumped to an editable flat file and restored from that
        file.  The flat file can be modified before being bulk-loaded
        into a DIB which may conform to a different schema
        definition.

      * Support for the LDAP protocol.

      * Messaging-Based Directory Query (MDQ) provides a text-based
        query interface to the directory from an X.400 messaging
        system, such as Tandem OSI/MHS, via the XAPIA compliant GPI
        interface.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

NSDS complies with the '88 CCITT X.500 and ISO 9594 standard, and part of '93 X.500 standard.

NSDS DSA and DUA are compliant with OIW Agreements, with the following features yet to be implemented:

      * Strong Authentication               (Sections 6.6.2 and 8.4e)

      * Priority Service Control            (Section 7.4)


Page 123

      * Digital Signature, Replication and Shadowing  (Sections 8.8-
        8.12)

      * Authentication                      (Sections 9.1.7 and 14.1-
        14.2)

      * Directory Trace Information         (Section 9.2.2)

      * Abandon and ROSE operation class 2  (Section 10.1)

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

      * NSDS supports the directoryAccessAC (DAP) and directorySystemAC
        (DSP) application contexts.

      * The DSA is capable of acting as a first-level DSA.

      * Chaining is supported.

      * security levels of simple unprotected password and none are
        supported.

      * All attribute types defined in ISO/IEC 9594-6:1993 are supported
        except for collective attributes and enhancedSearchGuide.
        Customer defined attributes can also be added. UNIVERSAL STRING
        is not supported.

      * All object classes defined in ISO/IEC 9594-7:1993 are supported.
        Customer defined object classes can be also be added.

      * Name forms defined in ISO/IEC 9594-7:1993 are all supported.
        Customer defined name forms can also be added.

      * Simplified Access Control is supported.

      * Support for collective attributes is not provided.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[RFC 1277], [RFC 1777], [RFC 1779], [RFC 1778]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[RFC 1279]


Page 124

INTEROPERABILITY

NSDS DSAs interoperate with various 1988 X.500 and 1993 X.500 conformant DUAs with unrecognized features of the incoming 1993-based request ignored.

PILOT CONNECTIVITY None at the present time.

BUGS

Information is provided with the production installation guide.

CAVEATS AND GENERAL LIMITATIONS

The OSF/DCE "GDS Extension Package" is not supported by NSDS. A Tandem "NDS Extension Package" is provided to support 1993 Simplified Access Control.

INTERNETWORKING ENVIRONMENT

The underlying protocols carrying DAP and DSP protocols are provided by OSI higher layer stack over X.25, LAN and/or TCP/IP via [RFC- 1006].

HARDWARE PLATFORMS

Tandem NonStop Himalaya Systems

SOFTWARE PLATFORMS

D30.02 NonStop Kernel. The operator's GUI runs under Microsoft Windows 3.1 or later.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

The NSDS Rev 1.0 production version has been available since October 1995.


Page 125

For more details, please contact:

Don S. Jones
NSDS Product Manager
Phone: (408) 285-6480

      Fax:   (408) 285-6004
      e-mail: JONES_S_DON@TANDEM.COM

DATE LAST UPDATE or CHECKED

July 1996.

ADDITIONAL INFORMATION and/or COMMENTS

None.


Page 126

NAME

ORG.D (tm) V2.0 / V2.1

Siemens Nixdorf Informationssysteme AG

ABSTRACT

ORG.D V2.0 is Siemens Nixdorf's administrative directory client product. Through its file manager like user interface retrieval and DIT administration operations are supported. ORG.D offers a DDE interface and with ORG.D V2.1 additionally OLE / OCX / MAPI interfaces are supported. ORG.D V2.1 is an MS-Windows application acting as an LDAP client.

Among others, ORG.D has the following features:

      * Comprehensive, simple-to-use search and positioning options

      * complex searches, including approximate search

      * Several databases visible at the same time in an interface

      * Private address books: available on every desktop

      * Optional use of distribution lists and private address book

      * Support for MS-Word mail merge by means of special export
        format

      * adaptable print listings and comfortable list&label
        functionality

      * customizing tool in order to adapt to any directory schema

      * Configurable user interface

      * Automatic unbind after idle time

      * Anonymous and simple unprotected bind

      * Data transfer to Windows applications via file, Drag&Drop,
        and DDE

      * Central administration of distribution lists/groups

      * "Domain administrators" with limited rights defined only for
        home site/department


Page 127

      * Direct modification / creation of DIT entries from the user
        interface

      * Choice of a proposal list when new employee data is added

Tight integration in SNI4s X.400/SMTP-MIME mail service and CIT products

      * DDE connection and drag&drop data transfer to SNI's X.400
        user agent MAIL.D and SNI4s CIT product ComfoPhone

      * Setting up and administering mailboxes on remote mailbox
        servers

      * Central administration of server addresses and logon data

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

ORG.D V2.1 is an LDAP client.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

ORG.D V2.1 is an LDAP client.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

ORG.D V2.1 is compliant with the following RFCs: [RFC 1777], [RFC 1778], [RFC 1779].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

ORG.D V2.1 is compliant with the following RFCs: [RFC 1278], [RFC 1558].

INTEROPERABILITY

ORG.D V2.1 is based on University of Michigan's LDAP implementation V3.0. It can interoperate with any LDAP server.

PILOT CONNECTIVITY

In future ORG.D will be used to browse in the European NameFLOW- PARADISE pilot network. Currently SNI's directory client product DIR.D V2.6 is used to browse in the European NameFLOW-PARADISE pilot network.


Page 128

BUGS

To report bugs and/or to retrieve additional information on SNI's directory products please send mail to infoline-
com@s41.mch1.x400scn.sni.de.

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

LDAP with TCP/IP

HARDWARE PLATFORMS

PC (Intel)

SOFTWARE PLATFORMS

Windows 3.1 + Winsockets
Windows for Workgroups 3.11 + Winsockets
Windows 95
Windows NT 3.5
OS/2 3.0 + Windows for OS/2 + Winsockets

NUMBER OF IMPLEMENTATIONS IN THE FIELD

Field testing is to be started in Spring 1996.

AVAILABILITY

ORG.D V2.0 / V2.1 can be delivered as a binary product. It is commercially available from:

Siemens Nixdorf Informationssysteme AG
ASW BA COM 1
D-81730 Munich
Germany

Please contact

Giovanni Rabaioli

      Voice:    +49/89-636-41095
      Fax:      +49/89-636-42552
      Mail:     Giovanni.Rabaioli@mch.sni.de


Page 129

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

   DIR.X V4.0          1993 X.500 Directory Service
   DIR.X V3.1          1988 X.500 Directory Service
   DIR.D V2.6          LDAP browser for information retrieval
   DIR.X-SYNC V2.0     Directory synchronization


Page 130

NAME

OSIAM X.500-88

MARBEN

ABSTRACT

OSIAM X.500-88 is Marben's 1988 compliant directory product. It provides:

      * DUA, offering X/Open XOM and XDS APIs

      * Pocket DUA, providing Microsoft MAPI(tm)

      * DSA and C-ISAM based DIB

      * LDAP Server

OSIAM DUA is a portable Directory User Agent implement, which implements DAP engine. It provides X/Open XOM and XDS APIs. It works on multiple lower layer stacks (OSI Transport or TCP/IP). An LDAP Server may be provided with the DUA.

Pocket DUA is a light DUA implement which offers full DAP access, but light in terms of code size and memory occupation, and is mainly designed for PC environments. It provides MAPI(tm) interface, as an address book provider. It provides multiple network connectivities: X.25, [RFC 1006] over TCP/IP, and APS.

OSIAM X.500 DSA provides full X.500 1988 functionality. Main features include: chaining/multicasting, extensible schema, proprietary access control list, comprehensive administration facilities.

MARBEN is currently developing a new generation of directory product, providing X.500 1993 functionality. Main targets are:

      * high performance

      * robustness and administration facility with DIB on commercial
        RDBMS

      * replication

      * access control

      * extended information models


Page 131

Please contact MARBEN for more information on '93 product.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

OSIAM X.500-88 DUA and DSA implement CCITT X.500 (1988) an ISO 9594 standards.

Compliant with EWOS and NIST OIW Stable Implementor's Agreement.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

1993 product is under development.

Please contact MARBEN for more information on '93 product.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Compliant with the following Internet Standards:

      * [RFC 1274]: the COSINE and Internet X.500 Schema (partially
        supported)

      * [RFC 1277]: encoding of network addresses

      * [RFC 1778], [RFC 1777], [RFC 1779]: LDAP and related
        standards

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

None is supported at the present time.

INTEROPERABILITY

Have successfully interoperated, both on DAP and DSP, with QUIPU, E3X and other implementations involved in Paradise pilot project.

PILOT CONNECTIVITY

Connected to Paradise pilot project.

BUGS

[No Information Provided--Ed.]

CAVEATS AND GENERAL LIMITATIONS

[No Information Provided--Ed.]


Page 132

INTERNETWORKING ENVIRONMENT

[RFC 1006] with TCP/IP, TP0 with X.25, TP4 with CLNS

HARDWARE PLATFORMS

OSIAM X.500-88 is highly portable, and has been ported to a wide range of platforms, including:

      * HP9000 series

      * SUN SPARC Stations

      * SCO UNIX

      * Tandem

      * MARK III, etc.

MARBEN Pocket DUA runs on PC/Windows and NT.

SOFTWARE PLATFORMS

See HARDWARE PLATFORMS.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

Commercially available from:

MARBEN
11 Rue Curie
92150 Suresnes, France

Contact Person: Karim Jammal or Shaofeng Li
Phone: (33 - 1) 41 38 10 00

      Fax:   (33 - 1) 41 38 10 01
      X.400: C=FR;A=Atlas;P=Marben;O=Suresnes;OU1=MxMs;S=KJammal
      E-Mail:sli@wtk.suresnes.marben.fr


Page 133

Also available from:

MARBEN Products Inc.
2105 Hamilton Avenue, Suite 320
San Jose, CA95125, USA

Contact Person: Jean-Francois Chapuis
Phone: (408) 879 4000

      Fax:   (408) 879 4001
      E-Mail: jfchapuis@marben.com

DATE LAST UPDATED or CHECKED

October 1995

ADDITIONAL INFORMATION and/or COMMENTS

[No Information Provided--Ed.]


Page 134

NAME

OSIAM X.500-93

MARBEN

ABSTRACT

OSIAM X.500-93 is Marben's 1993 compliant directory product.

Open Directory

      * OSIAM X.500-93 provides both DAP and LDAP access

      * Support for distribution using the DSP protocol

      * Support for replication using the DISP protocol

      * Pocket DUA, providing Microsoft MAPI0(tm) and MAPI1(tm)
        interface to MS-Mail(tm) or Exchange(tm)

      * WEB gateway to access Directory information from WEB browsers

      * X/Open XOM/XDS API

      * High performance direct API

High Capacity

      * Mapped on a RDBMS

      * Over 1.000.000 entries

      * Use of transaction, to ensure robustness

      * Can run on high-available hardware systems

      * Isolated interface, to be customized for various RDBMS

High Performance

      * Use of cache at DUA level

      * Use of cache at DSA level


Page 135

      * Use of replication. Can act as shadow supplier, shadow
        consumer or secondary shadow supplier. Support for total or
        incremental refresh. Support for both scheduled update and
        "on change" update.

      * Based on an indexed database, to ensure high-performance
        elaborated search.

Security

      * Anonymous bind, simple and simple protected authentication

      * X.509 certificates storage

      * Access control

Ease of administration

      * Extensible schema

      * Backup-recovery

      * Event logging

      * Statistics information about Directory use

      * Billing dockets generation

Ease of integration

      * Provided as binary product or as portable source code

      * MARBEN services: training, consulting, system integration,
        hot-line support, maintenance.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

OSIAM X.500-93 DUA and DSA implement CCITT X.500 (1988) and ISO 9594 standards.

Compliant with EWOS and NIST OIW Stable Implementor's Agreement.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

OSIAM X.500-93 DUA and DSA implement CCITT X.500 (1993) and ISO 9594 standards.


Page 136

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Compliant with the following Internet Standards:

      * [RFC 1274]: the COSINE and Internet X.500 Schema (partially
        supported)

      * [RFC 1277]: encoding of network addresses

      * [RFC 1778], [RFC 1777], [RFC 1779]: LDAP and related
        standards

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

None is supported at the present time.

INTEROPERABILITY

Have successfully interoperated, both on DAP and DSP, with QUIPU, E3X and other implementations involved in Paradise pilot project.

PILOT CONNECTIVITY

Connected to Paradise pilot project.

BUGS

[No Information Provided--Ed.]

CAVEATS AND GENERAL LIMITATIONS

[No Information Provided--Ed.]

INTERNETWORKING ENVIRONMENT

[RFC 1006] with TCP/IP, TP0 with X.25, TP4 with CLNS

HARDWARE PLATFORMS

OSIAM X.500-93 is highly portable, and has been ported to a wide range of platforms, including:

      * Windows NT

      * HP-UX

      * IBM AIX


Page 137

      * SUN Solaris

      * SCO UNIX

      * IBM MVS

MARBEN Pocket DUA runs on PC/Windows and NT.

SOFTWARE PLATFORMS

See HARDWARE PLATFORMS.

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

Commercially available from:

MARBEN
11 Rue Curie
92150 Suresnes, France

Contact Person: Marc Chauvin or Olivier Gatine

      Phone: (33 - 1) 41   38 10 00
      Fax:   (33 - 1) 41   38 10 01
      E-Mail:sales@suresnes.marben.fr

Also available from:

MARBEN Products Inc.
2105 Hamilton Avenue, Suite 320
San Jose, CA95125, USA

Contact Person: Jean-Francois Chapuis
Phone: (408) 879 4000

      Fax:   (408) 879 4001
      E-Mail: jfchapuis@marben.com

DATE LAST UPDATED or CHECKED

July 1996

ADDITIONAL INFORMATION and/or COMMENTS

[No Information Provided--Ed.]


Page 138

NAME

PMDF-X500

from:

Innosoft International, Inc. 1050 East Garvey Ave. South West Covina, California 91790

Phone: +1 818-919-3600 email: sales@innosoft.com

ABSTRACT

PMDF-X500 is Innosoft's implementation of the X.500 standards for Directory Services. PMDF-X500 is based upon the ISODE Consortium code-base. The core of PMDF-X500 is the Directory System Agent (DSA) server. This server provides directory information to Directory User Agents (DUA) using either OSI or TCP/IP networking protocols. Since PMDF-X500 is based on a widely used implementation, it interoperates particularly well with a whole host of X.500-based products from other sources.

In order to facilitate initial loading of directory data as well as ongoing coordination with other directory services, PMDF-X500 includes tools to import from and export directory information to Entry Description File (EDF) files. EDF files are flat text files. PMDF-X500 provides directory coordination functions using EDF files for the following directories:

      * X.500 DSAs supporting LDAP access

      * cc:Mail

      * Digital's DDS

      * GroupWise

      * Microsoft Mail

      * PMDF  generic databases

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

OSI directory services as specified in CCITT X.500 Recommendations and ISO 9594 use the Directory Access Protocol (DAP) and the Directory System Protocol (DSP).


Page 139

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

PMDF-X500 does not yet support the 1993 changes to the X.500 standard. Support for the 1993 X.500 recommendations is planned for a future release of PMDF-X500.

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

PMDF-X500 supports DAP and DSP accesses using Internet protocols as specified in [RFC 1006]. In addition, the Internet community has proposed two lightweight alternatives to DAP called Lightweight Directory Access Protocol (LDAP), which is specified in [RFC 1777], and Connectionless Lightweight Directory Access Protocol (CLDAP), which is specified in [RFC 1798]. LDAP and CLDAP, which are currently specified to run over TCP/IP, are much simpler protocols than DAP and were designed to reduce the cost of entry associated with using X.500 protocols in client applications. PMDF-X500 includes both LDAP and CLDAP servers.

The LDAP server accesses X.500 directory information using DAP to communicate with X.500 DSAs. PMDF-X500 provides an LDAP server which translates LDAP requests into DAP requests to communicate with X.500 DSAs. CLDAP defines a very low overhead method for accessing X.500 directory information. CLDAP is suitable for providing access to information that does not require access controls.

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

PMDF-X500 interoperates with a large number of DUAs and DSAs. This is demonstated by the fact that PMDF-X500 is DSA used by several Internet White Pages Project participants. PMDF-X500 DSA interoperability includes at least all of the DSA that are used in the White Pages Project.

PMDF-X500 is delivered with several DUAs and in addition is know to support the DUAs from Unisys and Digital Equipment Corporation as well as the publically available DUAs MaX500, Cello, Swix, and the NASA DUA.

PILOT CONNECTIVITY

PMDF-X500 is used by several sites that are participants of the Internet White Pages Project include the Innosoft DSA.


Page 140

BUGS

[No information provided. -- Ed.]

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

DAP and DSP are layered on top of the OSI protocol suite. PMDF-X500 supports this protocol suite over multiple network transports. For a pure OSI protocol stack, DECnet/OSI can be used to provide the lower layers of the stack. In addition, PMDF-X500 supports running OSI upper layer protocols over a TCP/IP transport in accordance with [RFC 1006]. It is important to note that while [RFC 1006] specifies TCP/IP as a transport, all of the OSI upper layer protocols are always used with DAP and DSP.

HARDWARE PLATFORMS

Digital VAX systems
Digital Alpha/AXP systems

SOFTWARE PLATFORMS

OpenVMS/VAX
OpenVMS/AXP
Digital UNIX

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]


Page 141

AVAILABILITY

PMDF-X500 is a commerical product that is part of the PMDF family of eMail Interconnect products. PMDF-X500 requires the presence of PMDF-MTA, Innosoft's SMTP/MIME mailer. PMDF-X500 and PMDF-MTA can be obtained from:

Innosoft International, Inc.
1050 East Garvey Ave. South
West Covina, California 91790

Phone: +1 818-919-3600
FAX: +1 818-919-3614
email: sales@innosoft.com

DATE LAST UPDATED or CHECKED

December 1995

ADDITIONAL INFORMATION and/or COMMENTS

No information provided. -- Ed.]


Page 142

NAME

TransIT 500 Unisys Corporation

ABSTRACT

TransIT 500 is a commercial-grade implementation of the 1993 X.500 directory standards (ITU X.500 Directory Services and ISO 9594) including replication, extensible schemas and access control. TransIT 500 is designed for performance, scalability, conformance and interoperability for enterprise-wide usage and is available for Microsoft Windows NT, Hewlett Packard HP/UX, Unisys U6000 and as portable source code. TransIT 500 is comprised of the following:

TransIT 500 Directory Services

TransIT 500 Directory Services is a high-performance, 1993 standards based Directory System Agent (DSA). TransIT 500 includes many features required by today's enterprise for global access and mission-critical applications:

      * Adheres to the 1993 ITU & ISO 9594 X.500 Directory Services
        standards

      * Full support for Replication (X.525/DISP)

      * Access controls and extensible schemas

      * Support of all X.520 attribute types & syntaxes, all X.521
        object classes & attribute sets

      * Automated loading of directory entries

      * Support for Basic Access Control and Simplified Access
        Control

      * High performance, commercial-grade operations

      * Integration with popular databases such as Microsoft SQL
        Server, Informix, and Oracle

      * Multi-platform availability

      * Authentication services

      * Support of industry standard APIs, including LDAP, DAP, DSP,
        DISP, XDS/DOM and XAP


Page 143

      * High-capacity network integration with both TCP/IP (RFC 1006)
        and OSI networks.

TransIT 500 Administrator

TransIT 500 Administrator is an extremely powerful tool designed to assist administrators in all directory administration, maintenance and security functions. Available for Microsoft Windows NT, Windows 95 and Windows 3.1.1 based systems, TransIT 500 Graphical Administration is the first tool of its kind to provide fully graphical X.500 directory management. All functions are provided and multiple DSAs can be managed simultaneously from a single administrative console:

      * Directory Service Operations

      * Directory Controls Management

      * Access Control Management

      * Schema Management & Maintenance

      * Directory Information Tree Management

      * Knowledge References & Information

      * Replication Agreements & Information

      * Logging, Tracing and System Logs

      * Directory System Configuration

      * Data Import & Export

      * Directory Backup & Restore Operations

TransIT 500 Browser

TransIT Browser is a powerful, graphical information retrieval tool designed to make navigating directories as simple as possible. The Browser interface makes detailed directory searches and retrievals easy while the unique Directory Lookup interface provides extra ease-of-use for simple lookups. TransIT Browser is available for Microsoft Windows 3.1, Windows 95 and Windows NT systems.

      * Browse multiple directories from a single console

      * Two interfaces to directories:


Page 144

         * Tree-oriented Browser

         * Tabular Directory Lookup

      * Object classes mapped to icons to enhance object recognition

      * Extensive attribute search capabilities

      * Save/Load scratchpad for search criteria & prefix criteria

      * LDAP support

      * Configurable cache to speed data delivery

TransIT 500 Developer

TransIT 500 Developer is a development toolkit which provides programming interfaces, utilities and documentation for the development of directory enabled applications. The Directory Information Tree (DIT) can be extended and re-compiled for the addition of application-specific information to the directory. The Administration application provides for the verification and installation of new schemas and the maintenance of directory tree items. Utilities are provided for the bulk importation or exportation or directory information from and to external sources.

TransIT 500 also supports user-written programs using the X/Open Directory Services Application Program Interface (XDS API).

COMPLIANCE with X.500- 1988

The TransIT 500 implementation conforms to the specifications outlined in the ISO/IEC 9594-1 to ISO 9594-9, CCITT X.500 standards.

COMPLIANCE with X.500- 1993

TransIT 500 makes the following claims of conformance as outlined in ISO/IEC 9594-5:

Conformance by DUAs:

Statement Requirements

Conformance is claimed for the following operations:

            * DirectoryBind

            * DirectoryUnbind


Page 145

            * Read

            * Compare

            * Abandon

            * List

            * Search

            * AddEntry

            * RemoveEntry

            * ModifyEntry

            * ModifyDN

Conformance is claimed for the following security-levels:

            * None

            * Simple

Conformance is claimed for the following extensions:

            * subentries

            * copyShallDo

            * extra attributes

            * useAliasOnUpdate

            * newSuperior

Static Requirements

The DUA supports the application contexts directoryAccessAC and directorySystemAC.

The DUA conforms to the following extensions for which the DUA is capable of initiating:

            * subentries

            * copyShallDo


Page 146

            * extra attributes

            * useAliasOnUpdate

            * newSuperior

Dynamic Requirements

The DUA conforms to the mapping of the DAP services (i.e., DirectoryBind, DirectoryUnBind) onto the used services of the ACSE.

The DUA conforms to the versions and rules of extensibility as outlined in clause 7.5.1 of X.519.

Conformance by DSAs:

Statement Requirements

The DSA supports the application contexts directoryAccessAC and directorySystemAC.

The DSA does not make any claims for operational binding types.

The DSA is capable of acting as a first-level DSA as defined in ITU-T Rec. X.518 ISO/IEC 9594-4.

The DSA supports the application context directorySystemAC and the chained mode of operation.

Conformance is claimed for the following security-levels:

            * None

            * Simple

Conformance is claimed for all attribute types defined in ITU-T Rec. X.520 ISO/IEC 9594-6.

Conformance is claimed for all object classes defined in ITU-T Rec. X.521 ISO/IEC 9594-7.

Conformance is claimed for the following extensions:

            * subentries

            * copyShallDo


Page 147

            * extra attributes

            * useAliasOnUpdate

            * newSuperior

Conformance is not claimed for collective attributes as defined in X.501 and X.511.

Conformance is not claimed for hierarchical attributes as defined in X.511.

Conformance is claimed for the following operational attribute types defined in X.501:

            * createTimestamp

            * modifyTimestamp

            * creatorsName

            * modifiersName

            * administrativeRole

            * subtreeSpecification

            * collectiveExclusions

            * accessControlScheme

            * prescriptiveACI

            * entryACI

            * subentryACI

            * dseType

            * myAccessPoint

            * superiorKnowledge

            * specificKnowledge

            * nonSpecificKnowledge

            * supplierKnowledge


Page 148

            * consumerKnowledge

            * secondaryShadows

            * dITStructureRules

            * nameForms

            * dITContentRules

            * objectClasses

            * attributeTypes

            * matchingRules

            * matchingRuleUse

Conformance is claimed for return of alias names as defined in 7.7.1 of X.511 IS0/IEC 9594-3.

Conformance is claimed for indicating that returned entry information is complete, as described in 7.7.6 of X.511 ISO/IEC 9594-3.

Conformance is claimed for modifying the object class attribute to add and/or remove values identifiying auxiliary object classes, as described in 11.3.2 of X.511 ISO/IEC 9594-3.

Conformance is claimed for Basic Access Control.

Conformance is claimed for Simplified Access Control.

Conformance is claimed for the DSA s ability to administer the subschema for its portion of the DIT, as defined in X.501 ISO/IEC 9594-2.

Conformance is claimed for all name bindings defined in X.521 ISO/IEC 9594-7.

Conformance is claimed for the DSA s ability to administer collective attributes, as defined in X.501 ISO/IEC 9594-2.

Static requirements

The DSA supports the application contexts directoryAccessAC and directorySystemAC.


Page 149

The DSA conforms to the information framework defined by X.501 ISO/IEC 9594-2.

The DSA conforms to the minimal knowledge requirements defined in ISO/IEC 959-4.

The DSA operates as a first-level DSA and conforms to the requirements support of the root context as defined in X.518 ISO/IEC 9594-4.

The DSA supports the attributes for which conformance is claimed above.

The DSA supports the object classes for which conformance is claimed above.

The DSA conforms to the following extensions for which conformance is claimed:

            * subentries

            * copyShallDo

            * extra attributes

            * useAliasOnUpdate

            * newSuperior

Conformance is claimed for the DSA s ability to administer the subschema for its portion of the DIT, as defined in X.501 ISO/IEC 9594-2.

Conformance is not claimed for collective attributes, as defined in X.501 ISO/IEC 9594-3.

Conformance is not claimed for hierarchical attributes, as defined in X.501 ISO/IEC 9594-3.

The DSA supports the operational attribute types for which conformance is claimed above.

The DSA supports Basic Access Control and is capable of holding ACI items that conform to the definitions of Basic Access Control.


Page 150

The DSA supports Simplified Access Control and is capable of holding ACI items that conform to the definitions of Simplified Access Control.

Dynamic Requirements

The DSA conforms to the mapping onto used services as defined in clause 8.

The DSA conforms to the procedures for distributed operations of the Directory related to referrals, as defined in X.518 ISO/IEC 9594-4.

The DSA supports application-context directoryAccessAC and conforms to the procedures of X.518 ISO/IEC 9594-4 as they relate to the referral mode of the DAP.

The DSA supports application-context directorySystemAC and conforms to the referral mode of operation, as defined in X.518 ISO/IEC 9594-4.

The DSA conforms to the chained mode of interaction as defined in X.518 ISO/IEC 9594-4.

The DSA conforms to rules of extensibility procedures as defined in clause 7.5.2 of X.518 ISO/IEC 9594-4.

The DSA supports Basic Access Control and has the capability to protect information within the DSA in accordance with the procedures of Basic Access Control.

The DSA supports Simplified Access Control and has the capability to protect information within the DSA in accordance with the procedures of Simplified Access Control.

Conformance is not claimed for shadowOperationalBindingID -- as such, conformance is not claimed for the procedures of X.525 ISO/IEC 9594-9 and X.501 ISO/IEC 9594-2 as they relate to DOP.

Conformance is not claimed for specificHierarchicalBindingID -- as such, conformance is not claimed for the procedures of X.518 ISO/IEC 9594-9 and X.501 ISO/IEC 9594-2 as they relate to operational bindings.

Conformance is not claimed for non-
specificHierarchicalBindingID -- as such, conformance is not claimed for the procedures of X.518 ISO/IEC 9594-9 and X.501 ISO/IEC 9594-2 as they relate to operational bindings.


Page 151

Conformance by a shadow supplier:

Statement Requirements

The DSA supports the application contexts
shadowSupplierInitiatedAC.

Conformance is claimed for the following security-levels:

                           * None

                           * Simple

Conformance is claimed for UnitofReplication.

Static Requirements

The DSA supports the application contexts
shadowSupplierInitiatedAC for which conformance is claimed.

Conformance is claimed for the operational attributes modifyTimestamp and createTimestamp.

Dynamic Requirements

The DSA conforms to the mapping onto used services as defined in clause 8.

The DSA conforms to the procedures of X.525 ISO/IEC 9594-9 as they relate to the DISP.

Conformance by a shadow consumer:

Statement Requirements

The DSA supports the application contexts
shadowConsumerInitiatedAC.

Conformance is claimed for the following security-levels:

            * None

            * Simple

Static Requirements

The DSA supports the application contexts
shadowConsumerInitiatedAC for which conformance is claimed.


Page 152

The DSA supports operational attributes modifyTimestamp and createTimestamp.

The DSA supports the copyShallDo service control.

Dynamic Requirements

The DSA conforms to the mapping onto used services as defined in clause 8.

The DSA conforms to the procedures of X.525 ISO/IEC 9594-9 as they relate to the DISP.

CONFORMANCE with PROPOSED INTERNET STANDARDS

TransIT 500 supports the following standards: RFC-1777, RFC-1778, RFC-1779.

CONSISTANCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

RFCs supported include: RFC-1558.

INTEROPERABILITY

Interoperability has been achieved with numerous directory systems. TransIT 500 has participated in Eurosinet internetworking demonstrations involving DSAs from:

      * AT&T GIS

      * Bolden James

      * Control Data

      * DEC

      * ICL

      * Nex-tel

      * Nexor

      * Siemens Nixdorf


Page 153

PILOT CONNECTIVITY

TransIT 500 is actively involved in pilot projects, including the COS X.500 Internetworking Project based at The Southern Company in Atlanta, Georgia, where interoperation was performed with directories from Digital, Control Data, Hewlett-Packard and Telstra.

BUGS

TransIT 500 products are fully supported category 1 software, which means:

      * These products are periodically updated, revised, and
        enhanced.

      * Unisys provides software corrections for these products as
        necessary.

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

[No information provided. -- Ed.]

HARDWARE PLATFORMS

The TransIT 500 software operates on the following hardware platforms:

      * Unisys U6000 Series and Clearpath SMP

      * HP 9000 Series

      * 386 and above Intel platforms

SOFTWARE PLATFORMS

The DSA is supported on any of the following platforms:

      * System V Release 4 (SVR4)

      * HP-UX

      * Windows NT


Page 154

The DUA is supported on any of the following platforms:

      * Windows 95

      * Windows for Workgroups

      * Windows NT

Additional software required to run TransIT 500 includes Database software:

      * SQL Server

      * Informix

      * Oracle

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

TransIT 500 is commercially available through Unisys Corporation.

   For further information, contact the    following:

Unisys Corporation
Malvern Building, M.S. B221
2476 Swedesford Road
Paoli, PA 19301, USA
Phone: (800) 874-8647, ext. 584
Fax: (610) 695-5378
e-mail: transit@unisys.com


Page 155

NAME

waX.500

University of Michigan

ABSTRACT

waX.500 :: Windows Access to X.500

waX.500 is a (currently 16-bit) DUA that run on Microsoft Windows (3.1, Win95, & WinNT). It uses libldap.dll which uses the winsock (v1.1) interface. It works on any vendors tcp/ip stack that I've seen so far (some configuration may be required).

waX.500 was developed by the University of Michigan for use by its faculty, staff and students. UM's online directory is an X.500 directory containing 50,000+ entries.

I keep the following Web page up to date with respect to latest release, etc.:
http://www-personal.umich.edu/~rsug/ldap/wax500/

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

[No information provided. -- Ed.]

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

[No information provided. -- Ed.]

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

[No information provided. -- Ed.]

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided. -- Ed.]

INTEROPERABILITY

[No information provided. -- Ed.]

PILOT CONNECTIVITY

Can see and browse anything in the world as far as I know.


Page 156

BUGS

report bugs to wax500.bugs@umich.edu

CAVEATS AND GENERAL LIMITATIONS

[No information provided. -- Ed.]

INTERNETWORKING ENVIRONMENT

Microsoft Windows (3.1, 95, & NT) Winsock (v1.1) tcp/ip (any vendor)

HARDWARE PLATFORMS

Any Windows machine with internet connectivity. Both ethernet and dialup PPP.

SOFTWARE PLATFORMS

Microsoft Windows (3.1, 95, & NT) Winsock (v1.1) tcp/ip (any vendor).

NUMBER OF IMPLEMENTATIONS IN THE FIELD

This implementation is distributed at no cost to the user; accurate numbers are not available.

AVAILABILITY

http://www-personal.umich.edu/~rsug/ldap/wax500
ftp://terminator.rs.itd.umich.edu/ldap/wax500/wax...

DATE LAST UPDATED or CHECKED

13 Dec 1995

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 157

NAME

X500-DS

X500-DUA

Bull S.A.

ABSTRACT

X500-DS and X500-DUA are integral part of the large Bull OSI offer. Although based on the DCE/GDS (Distributed Computing
Environment/Global Directory Service) of OSF, those two products may be installed and used without the DCE environment. Some enhancements have been added for the user and the management facilities. X500-DS is designed to implement both the DUA and the DSA functions, whilst X500-DUA only provides the DUA functions.

The X500-DUA package contains:

      * The standards APIs XOM (X/Open OSI-Abstract-Data Manipulation
        API) and XDS (X/Open Directory Service API) for the
        development of portable applications,

      * A core DUA to translate all user's requests (bind, read,
        list, compare, modify, modifyRDN, search, add, remove, unbind
        ...) into the DAP protocol used for communication with
        distant DSAs,

      * The OSI standard high layers (ASN.1, ROSE, ACSE, Presentation
        and Session) for communication with the distant DSAs. The
        interface with the low layers is XTI. [RFC 1006] is supported
        under XTI or the OSI Session,

      * A DUA Cache to improve performances when accessing remote
        DSAs,

      * A powerful management application facilitating the
        configuration of the product and controlling the operations,
        logs and traces,

      * A user application for the manipulations of the database
        entries,

      * A generic tool to load and unload ASCII and binary files
        in/from distributed DSAs,


Page 158

      * The support of the LDAP [RFC 1777] thanks to an LDAP Server,

      * A DUA Server that allows to use A-Window-To-Directory (refer
        to this DUA product description) on a PC.

The X500-DS package contains:

      * All components of the X500-DUA,

      * A core DSA to process all requests received from distant DUAs
        through DAP protocol or from distant DSAs through DSP
        protocol,

      * The support of the referral, chained and multi-casting modes
        of operation, access control lists and management of
        knowledge information (for distribution, shadows and  copies
        of sub-trees),

      * The support of the simple authentication and of the DCE
        authentication,

      * A management application for managing the schema information
        (creation, deletion and modification of object classes and of
        attribute types, management of the rules of the DIT).

      * A C-ISAM database that is specially designed for high
        performances: e.g. less than 10 ms to read an entry on an
        Escala at the XOM/XDS interface.

These two products are easely installed, configured and administered thanks to the System Management Interface Tool (SMIT) screens of AIX.

COMPLIANCE with X.500-1988 (applicable only for DSAs and DUAs)

Compliant with EWOS and OIW Agreements

Consists of both DUA and DSA implementation according to the '88 CCITT X.500 and ISO 9594 standard. The X/Open standard XDS and XOM interface libraries are also provided. When the product is installed with the DCE environment, XDS and XOM interfaces are also used to access DCE/CDS (Local Cell Directory Service) transparently. A GDA (Global Directory Agent) serves then as the gateway between the DCE CDS and GDS.

COMPLIANCE with X.500-1993 (applicable only for DSAs and DUAs)

[New description field -- Ed.]


Page 159

CONFORMANCE WITH PROPOSED INTERNET STANDARDS

Supports [RFC 1277], [RFC 1777].

CONSISTENCE WITH INFORMATIONAL AND EXPERIMENTAL RFCs

[No information provided--Ed.]

INTEROPERABILITY

This implementation of DAP and DSP can interoperate with other X.500 implementations from other Cebit and EUROSINET demo participants including IBM, HP, ICL, Siemens-Nixdorf, SUN, Marben, NEXOR, etc. It also interoperates with ISODE QUIPU.

PILOT CONNECTIVITY

[No information provided--Ed.]

BUGS

Bull S.A. provides complete software maintenance with the products.

CAVEATS AND GENERAL LIMITATIONS

[No information provided--Ed.]

INTERNETWORKING ENVIRONMENT

OSI TP4 with CLNP (WAN - LAN)

OSI TP0, 2 & 4 with X.25 (WAN)

[RFC 1006] with TCP/IP

Either BSD sockets or XTI can be used to access the transports.

Through XTI, both OSI and TCP/IP protocols are possible on the same machine, thus permitting to build a Directory Service distributed on OSI and TCP/IP networks.

HARDWARE PLATFORMS

DPX/20, Escala SMP

SOFTWARE PLATFORMS

AIX 4.1.4


Page 160

NUMBER OF IMPLEMENTATIONS IN THE FIELD

[No information provided. -- Ed.]

AVAILABILITY

The release 3.1 described here is commercially available since 2 Q 96

Please contact:

Daniel Monges
Tel: + (33) 76 39 79 83
Fax: + (33) 76 39 77 70
e-mail: D.Monges@frec.bull.fr

Note that after October 18th 1996 (23:00), the telephon and fax numbers will be:

Tel: + (33) 04 76 29 79 83
Fax: + (33) 04 76 29 77 70

DATE LAST UPDATED or CHECKED

April 1996

ADDITIONAL INFORMATION and/or COMMENTS

[No information provided. -- Ed.]


Page 161

4. References

[CCITT-88] CCITT, "Data Communications Networks Directory", Recommendations X.500-X.521, Volume VIII Fascicle VIII.8, IXth Plenary Assembly, Melbourne, November 1988.

[ITU-T-93] ITU-T,"Information Technology - Open Systems
Interconnection - The Directory", Recommendations X.500-X.525, May 1993.

[NIST-88] National Institute of Standards and Technology, "Stable Implementation Agreements for Open Systems Interconnection Protocols", Version 2 Edition 1, NIST Special Publication 500-162, December 1988.

[NIST-94] National Institute of Standards and Technology, "Stable Implementation Agreements for Open Systems Interconnection Protocols", Version ? Edition ?, NIST Special Publication ???-???, December 1994.

[RFC 1006] Rose, M., and Cass, D., "ISO Transport Service on top of the TCP", STD 35, RFC 1006, Northrop Research and Technology Center, May 1987.

[RFC 1070] Hagens, R., Hall, N., and Rose, M., "Use of the Internet as a Subnetwork for Experimentation with the OSI Network Layer", RFC

   1070, U of Wisconsin    - Madison, The Wollongong Group, February
   1993.

[RFC 1202] Rose, M., "Directory Assistance Service", RFC 1202, Performance Systems International, Inc., February 1991.

[RFC 1249] Howes, T., Smith, M., and B. Beecher, "DIXIE Protocol Specification", RFC 1249, University of Michigan, August 1991.

[RFC 1274] Barker, P., and S. Kille, "The COSINE and Internet X.500 Schema", RFC 1274, University College, London, England, November 1991.

[RFC 1275] Kille, S., "Replication Requirements to provide an Internet Directory using X.500," RFC 1275, University College, London, England, November 1991.

[RFC 1276] Kille, S., "Replication and Distributed Operations extensions to provide an Internet Directory using X.500", RFC 1276, University College, London, England, November 1991.


Page 162

[RFC 1277] Kille, S., "Encoding Network Addresses to support operation over non-OSI lower layers", RFC 1277, University College, London, England, November 1991.

[RFC 1278] Kille, S., "A string encoding of Presentation Address", RFC 1278, University College, London, England, November 1991.

[RFC 1279] Kille, S., "X.500 and Domains", RFC 1279, University College, London, England, November 1991.

[RFC 1484] Kille, S., "Using the OSI Directory to achieve User Friendly Naming", RFC 1484, ISODE Consortium, July 1993.

[RFC 1485] S. Kille, "A String Representation of Distinguished Names", RFC 1485, ISODE Consortium, July 1993.

[RFC1487] Yeong, W., Howes, T., and S. Kille, "X.500 Lightweight Directory Access Protocol", RFC 1487, Performance Systems International, University of Michigan, ISODE Consortium, July 1993.

[RFC 1488] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The X.500 String Representation of Standard Attribute Syntaxes", RFC 1488, University of Michigan, ISODE Consortium, Performance Systems International, NeXor Ltd., July 1993. RFC-1558

[RFC 1558] Howes, T., "A String Representation of LDAP Search Filters", RFC 1558, University of Michigan, December 1993.

[RFC 1562] Michaelson, G. and Prior, M., "Naming Guidelines for the AARNet X.500 Directory Service", RFC 1562, The University of Queensland, The University of Adelaide, December 1993.

[RFC 1567] Mansfield, G., and Kille, S., "X.500 Directory Monitoring MIB", RFC 1567, AIC Systems Laboratory, ISODE Consortium, January 1994.

[RFC 1608] Johannsen, T., Mansfield, G., Kosters, M., and Sataluri, S., "Representing IP Information in the X.500 Directory", RFC 1608, Dresden University, AIC Systems Laboratory, Network Solutions, Inc., AT&T Bell Laboratories, March 1994.

[RFC 1609] Mansfield, G., Johannsen, T., and Knopper, M., "Charting Networks in the X.500 Directory", RFC 1609, AIC Systems Laboratory, Dresden University, Merit Networks, Inc., March 1994.

[RFC 1617] Barker, P., Kille, S., and Lenggenhager, T., "Naming and Structuring Guidelines for X.500 Directory Pilots", RFC 1617, University College London, ISODE Consortium, SWITCH, May 1994.


Page 163

[RFC 1777] Yeong, W., Howes, T., and Kille, S., "Lightweight Directory Access Protocol", RFC 1777, Performance Systems International, University of Michigan, ISODE Consortium, March 1995.

[RFC 1778] Howes, T., Kille, S., Yeong, W., and Robbins, "The String Representation of Standard Attribute Syntaxes", RFC 1778, University of Michigan, ISODE Consortium, Performance Systems International, NeXor Ltd., March 1995.

[RFC 1779] Kille, S., "A String Representation of Distinguished Names", RFC 1779, ISODE Consortium, March 1995.

[RFC 1781] Kille, S., "Using OSI Directory to Achieve User Friendly Naming", RFC 1781, ISODE Consortium, March 1995.

[RFC 1798] Young, A., "Connection-less Lightweight Directory Access Protocol", RFC 1798, ISODE Consortium, June 1995.

[RFC 1801] Kille, S., "MHS Use of the X.500 Directory to support MHS Routing", RFC 1801, ISODE Consortium, June 1995.

[RFC 1803] Wright, R., Getchell, Howes, T., Sataluri, S., Yee, P., and Yeong, W., "Recommendations for an X.500 Production Directory Service", RFC 1803, Lawrence Berkeley Laboratory, Lawrence Livermore National Laboratory, University of Michigan, AT&T Bell Laboratories, NASA Ames Research Center, Performance Systems International, Inc., June 1995.

[RFC 1804] Mansfield, G., Rajeev, P., Raghavan, S., and Howes, T., "Schema Publishing in X.500 Directory", RFC 1804, AIC Laboratories, Hughes Software Systems, Indian Institute of Technology, Madras, University of Michigan, June 1995.

   [RFC 1823] Howes, T. and Smith, M.,     "The LDAP Application
   Programming Interface", RFC 1823, University of Michigan, August
   1995.


Page 164

5. Security Considerations

Security issues are not discussed in this memo.

6. Editors' Addresses

Chris Apple
Room 2D-104
AT&T Laboratories
600 Mountain Ave.
Murray Hill, NJ 07974
U.S.A.
e-mail: capple@master.control.att.com
Voice: (908) 582-2409

   FAX:   (908) 582-6113

Ken Rossen
MCI Systemhouse, Inc.
10 Williamsville Road
Hubbardston Center, MA 01452-1311
U.S.A.
e-mail: kenr@shl.com
Voice: (508) 928-5368

   FAX:   (508) 928-5399