X.500 Useful in High-Security Environments

As we mentioned yesterday, those who started the X.500 work in the 1980s envisaged a global directory that would have broad use, including provision of a global white pages and support of the sister X.400 messaging specification. Measured against this ambitious goal, the technology "failed."

Although many major directories (Microsoft AD, Novell eDirectory, etc.) don't directly support X.500, there are many large and small directory vendors that support the X.500 protocols for use in those markets that need them. As with LDAP, the X.500 protocols are broadly "complete," and there is no reason to expect much change in them.

X.500 directory deployments are also driven by security requirements, and many directories are in support of applications with significant security requirements. The relationship with X.509 PKI is beneficial to X.500, and we expect to see increased use of X.509-based authentication in conjunction with X.500/LDAP directories.

Directories will typically use LDAP without authentication for reading and searching -- data in the directory are generally made fully available to those who have network access to the servers. But there are often stringent security and audit requirements on updates. X.500 Access Control becomes important in a distributed deployment, and signed operations (a neat X.500 feature, not available with LDAP) are beneficial and sometimes required for updates in high-security deployments.

X.500 has an important ongoing role for directories with distribution and/or security requirements.

... Steve Kille

Post a comment

You must be logged in to post a comment. To comment, first join our community.