Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » SEEMail » S.E.E. Directory - Final Report » Appendix 5 - Glossary

Appendix 5 - Glossary

Attribute

Information is stored in a Directory service in the form of attribute-value pairs. The attribute part of an attribute-value pair is the "handle" that is used to locate information in Directory searches. The value part is an actual item of Directory data. For example, a common attribute is organisation (or "o" in the shorthand that is used with the standard set of attribute names), so a valid attribute-value pair using organisation would be "o=State Services Commission".

Authentication

The process of determining to a given degree of confidence that an entity is who or what it says it is. Being able to do this at a distance across a network is a vital prerequisite to conducting business between known parties across a network.

Without authentication, interaction over a network can and does occur, but it is anonymous. This is appropriate for public access to generally-available information ('brochure-ware'), but not where there is a need to be able to identify the user before proceeding with a transaction.

Availability

In the context of computer systems and networks, availability is a measure of the time that a system or network is able to be used as a proportion of the time that it is required by the business to be able to be used. No distinction is made between downtime due to failures (software bugs, hardware faults, diggers cutting network cables, etc.) and scheduled downtime (backups, software upgrades etc.).

Traditionally, the majority of systems were required through the eight hour five day working week, with the exceptions being systems like the telephone network and airline bookings. Driven by the advent of worldwide networks that allow systems to be accessed from all time zone, there is an increasing requirement for systems to be available 24x7. That is, 24 hours a day, 7 days a week.

Directory

In the context of a computer network, Directory is used in two senses: · In the first, it is synonymous with Directory service, i.e. Directory=Directory service · In the second sense, it is a broader version of Directory service that may include one or more actual Directory services but is not concerned with such detail. This then becomes a sort of abstract pan-network data store.

Directory Service

A Directory service essentially provides storage for information that is used to link systems together. However, the term now covers a wide range of usage which can be split into the following three categories:

E-commerce or Portal

These are Directory services that are designed to support one or more e-commerce applications. They are required to support large numbers of transactions per hour (millions is common), to be able to accommodate large number of entries, and to be available continuously - that is 24 hours a day, 7 days a week, 52 weeks a year. They are physically close to the applications they are supporting, so do not support distribution of Directory information across the network. They are distinguished from legacy or special purpose directories as defined above because they support an extensible schema, and have standard application interfaces (typically LDAP).

Enterprise

An enterprise Directory service is a read optimised network wide database. It is used to make linking information (groups, roles, services, people) available in a consistent and controlled fashion throughout an organisation or group of organisations. Enterprise directories support a published and extensible schema, and one or more standards based interfaces that allow Directory information to be queried and modified. Enterprise directories are designed to be resilient to network and hardware failures. They achieve this by maintaining replicas of the Directory information at multiple points in the network. They are also designed to provide controlled access to Directory data, clearly distinguishing between anonymous or public access and authenticated access.

Legacy or Special Purpose

These are the directories that exist in a specialised context. Many applications maintain an internal database of users, groups, and access rights. This is Directory-type information, but it is not available outside the scope of the particular application, nor is it typically distributed across the network. Many network operating systems (Novell, Windows NT and Unix) and their related applications (file and print services) have also maintained a similar database across the network, but it has been intended for the private use of the operating system and its applications. Whether the information is located in a central application database or available throughout the network, these directories have two things in common; they do not have a published and extensible schema, and they do not support standard interfaces through which the information may be queried and modified.

Directory Tree

Information in a Directory service is organised hierarchically, though to varying degrees. The variability is introduced by the design of the schema and the way in which particular Directory products handle this area. The tree might better be called a root because it is universally represented as an upside down tree with the branching increasing downwards. The tree starts with a top level entry which defines the organisational scope of the tree. Lower levels are concerned with organisational units, roles, etc. The Directory tree can be used to constrain searches, but has become less important as Directory schema design has moved towards much flatter structures. These better support the more dynamic nature of organisations and the increasing interaction between organisations.

Identity

A cluster of attributes that may be used to uniquely identify an individual to the degree required. Commonly used attributes include name, gender, hair colour, eye colour, and height.

LDAP

An acronym for Lightweight Directory Access Protocol. 'Lightweight' is used here to distinguish LDAP from DAP (X.500 Directory Access Protocol). The LDAP protocol defines some schema elements and an access method that allows the contents of an LDAP compliant Directory service to be queried and modified.

The emphasis in the design of LDAP was on usability rather than the comprehensiveness of the full X.500 standard. As a result, it has become the most widely used way for applications to access Directory services and has contributed to the greatly increased use of Directory services because of its ease of use.

Meta data

Literally data which describes data. Metadata is used to allow data to be efficiently categorised and searched.

Meta Directory

A meta Directory is a Directory that is populated by, and populates, one or more subsidiary directories. Typically the subsidiary directories are specialised or legacy. The interface between a given subsidiary Directory and the meta Directory is controlled by a set of business rules. These govern the transformation of the data, and the conditions under which events and data are pushed into the meta Directory or pulled from it.

Meta directories and meta Directory services are a powerful way to integrate access to services across multiple systems within an organisation and between organisations.

Object

A Directory object is a named cluster of attributes. The attributes collectively describe a generic instance of an entity in the Directory's schema. For example, directories often have object definitions for location, organisation, role, and person.

Schema

Every instance of a Directory service has a single schema. The schema defines the structure of the data that the Directory will store. This is expressed in the form of an attribute name and its associated (presentation) data type. Some Directory products make little use of the data type, whereas others use data type to enforce a degree of data consistency.

SSL

An acronym for Secure Sockets Layer. This is a protocol that allows a secure (i.e. encrypted) link to be established between systems. Most commonly seen in action when a browser is used to access a secure web site, in which case the padlock symbol in the status bar closes and the communication between the browser and the web site is encrypted.

XML

An acronym for eXtensible Mark-up Language. XML provide a standard for constructing self describing messages. These are messages that have descriptive tags associated with each section of data. They greatly facilitate the ability of computer applications to exchange information with each other across network, operating systems, and computer language barriers.

A key property of XML apparent in its name is extensibility. This means that the set of descriptive tags can be added to, thus allowing communities of interest to define tag sets that are relevant to their needs.


[ Previous ]