Thursday morning I strolled from my seedy hotel room through soot-blackened streets to University College London to meet Steve Hardcastle-Kille. Steve is one of the two guiding lights behind the ISO Development Environment (ISODE), the other of course being the eminent Dr. Marshall T. Rose.
While Marshall concentrated on making a public-domain OSI implementation of the middle layers that can run over both TCP/IP and OSI stacks, Steve focused on the application layer. Through a prodigious string of Internet Drafts and RFCs, Steve helped to turn the X.400 and X.500 standards into workable services.
It is somewhat ironic that some of the best work on ISO standards (and the most popular implementation) should have come out of the TCP/IP world. By providing public-domain OSI code, Hardcastle-Kille and Rose had pushed these standards from paper and theory to things that people use in their day-to-day work.
If you want a standard that works in the real world, it needs to interact with the existing base of services. Some of the early work Steve did was to define the functionality for X.400/SMTP gateways. Later, Steve focused on X.500.
UCL, under Steve’s leadership, integrated X.500 into ISODE in an implementation known as Quipu, after the fringes of knotted cords used to keep numerical records by the Quechuan Indians of the Incan empire. It was traditional to name each country’s master Directory Service Agent after an animal, preferably one found in South America. Finland’s DSA is the jaguar, Germany the puma, and Marshall T. Rose contributed the alpaca for the U.S. In a historic decision, however, as a tribute to X.500's growing maturity, South American animal names were abandoned in favor of monikers marketing could pronounce.
X.500 directories are structured as a tree. Each part of the tree is managed by a DSA (although it is important to note that the directory and the DSA are carefully defined as separate concepts allowing a particular part of the tree to be provided by multiple vendors). The root for the world is the Giant Tortoise at UCL. In addition to being the world root, this DSA is also the root DSA for the United Kingdom.
The United Kingdom had been aggressively deploying X.500. The Joint Network Team (JNT) began funding X.500 by giving universities a Sun/4 to act as a DSA. By November 1991, 40 organizations in the U.K. had DSAs serving them with a total of 54,387 registered entries. By the end of 1991, all 55 universities in the U.K. were scheduled to have their Sun workstations.
UCL also functions as the coordinator for the PARADISE ESPRIT project. PARADISE stands for Piloting an International Directory Service. (A cute acronym is one of the prerequisites for European Commission funding.)
Under the coordination of PARADISE in Europe and similar projects in the U.S., the global directory had grown by November 1991 to reach 1,212 organizations, 144 DSAs, and 421,552 directory entries.
The DSA is the X.500 component responsible for some part of the directory tree. To access X.500, users have a Directory User Agent (DUA). A couple of dozen user interfaces have been defined to interact with Quipu, ranging from a simple white pages lookup utility (FRED) to a full-fledged management interface (DISH) to Macintosh and X-Windows based graphical interfaces.
To make X.500 work in the real world, several extensions were needed from the standards as originally defined. The X.500 specification assumes a homogenous OSI-based network where any DUA can set up an application layer association over a worldwide network to reach any DSA.
In many places, a homogenous network is not realistic. The U.K., for example, had long supported the Coloured Book protocols, although TCP/IP support had recently been added. Many ISODE implementations run on top of TCP/IP, adding another important environment. It is interesting to note that many places that use ISODE on top of TCP/IP still have as an official policy a “migration” to true OSI. They have yet to learn that birds migrate, not corporations.
One of the first requirements for the deployment of X.500 was a relaying mechanism. If a DUA in the TCP/IP world needs to reach a DSA in the OSI world, it can ask a DSA connected to both worlds to relay the request.
A second key area addressed was replication. X.500 assumes one DSA is responsible for one piece of data. If a DUA needs to reach a DSA in another country, it is possible that many intermediate DSAs must be contacted as the user climbs the name tree to the root and then back down towards the target (although an intelligent DSA implementation would presumably cache some of this information). Replicating some of that upper-level information makes it much easier to find target organizations and is a significant performance enhancement.
In addition to replication and relaying, Steve has been especially active in helping to forge a consensus on a common schema for the directory. After all, it doesn’t do much good to find an organization if the information it keeps is non-standard. A common schema contains the definition for standard objects, such as a person, and standard attributes common to those objects, such as a person’s favorite drink or e-mail address.
Just before I arrived in London, the Internet Activities board had issued a carefully drafted RFC endorsing X.500 as a strategic direction for the Internet community. If that strategy took hold, it would be a significant shift away from the Domain Name System (DNS).
The transition between older name systems, such as DNS and the venerable WHOIS service, would certainly be the key to the success or failure of X.500 on the Internet. DNS adherents cite two problems with X.500: the complexity of the namespace and the slowness of implementations.
X.500 structures names in a well-defined tree, with objects typically going from country to management domain to organization to organizational unit to name. Some feel that a rigid hierarchy is a key flaw. Steve argues strongly that the opposite is true.
One rigid hierarchy is indeed the basis for X.500; however, alternative hierarchies can be defined on a local or regional basis with pointers into the basic tree. An alternative tree, based on the Domain Name System, for example, can be used to point to X.500 objects.
A single rigid hierarchy does have some advantages, particularly in the area of management. With a well-defined schema, people know exactly where to put an object, making management of the namespace similar in different areas.
Before X.500 can operate as a truly global directory, it needs much better performance. One of the major problems for performance is that X.500 implementations must carry around the baggage of the fully general middle layers of OSI. Although a skinny stack has been defined, most X.500 implementations support all the features of the session, presentation, and ACSE services, including those developed for other networking paradigms such as transactions processing. For example, X.500 makes no use of the checkpointing and synchronization features of the session layer.
A light-weight Directory Access Protocol could go a long way towards providing faster DSAs. The lightweight protocol would map OSI down to a needed subset. If you need full generality, as in the case of communicating with a DUA or DSA that doesn’t support the lightweight protocol, a separate process can provide the translation.
After spending a morning with Steve, I started making the rounds at UCL. UCL is highly unusual among computer science departments in that it emphasizes networks as a valid area of research. In fact, networking takes prominence at UCL (the school was the first international member of the ARPANET).
UCL’s prominence is due in no small part to the influence of the department chairman, Peter T. Kirstein, known around the world by his login name of PTK. An old joke in the networking community is that when in Europe you have to deal with the PTTs, but in England, you have to deal with the PTK.
No visit to UCL would be complete without a courtesy call to Peter, so I left Steve’s office at one end of the building to pay my visit to Peter Kirstein. Peter’s current passion (and a source of substantial funding) was the Office Document Architecture (ODA), so we spent a half-hour talking about his testing of ODA packages, and his cooperative projects with groups like Bellcore and the American Chemical Abstracts to convert large databases into ODA to help spur the standard forward.
UCL is also active in many other areas of networking. Jon Crowcroft described his efforts to run video conferencing over the Internet. One researcher showed me his work on ISDN Primary Rate interfaces; another showed me new X.500 user interfaces running on soot-blackened terminals.
With my head swimming from networking vertigo, I left UCL to get a drink. I stepped into an old pub near the university, with some appropriately quaint name like The Queen’s Foot or the Tam and Mutton. Settling down with my pint of bitter, I looked up to see that a karaoke competition was scheduled to start soon. Feeling that I could miss this particular event, I finished my pint in record time and went off for some Indian food.