Tim Howes
Netscape Communications Corporation, USA
The Internet directory is all around us. From Finger to local area network (LAN) directories, Gopher, Whois and Whois++ to X.500, the Lightweight Directory Access Protocol (LDAP) and the Web, there is no shortage of directory information available on the Internet. What's missing is a way to tell in which of these services the information you want lives, and a common information framework allowing the information to be interpreted consistently and reliably.
X.500 has received a lot of lip service from industry, but few usable implementations exist and deployment on the Internet has been slow and disappointing. The X.500 model is widely accepted, but the heavy, Open Systems Interconnection-based implementation it requires is not. This problem, among others, is holding it back.
Alternate services, such as Whois++ and SOLO, designed to deliver us from the problems of X.500, have been even more disappointing. Despite much hype and some good ideas and potential, they have suffered from even slower deployment and implementation development than X.500 and remain minor players in the Internet directory service game. They are too different in some ways, and in others they trade one set of problems for another.
LDAP has helped X.500 but, until recently, only on the client side. Despite universal acceptance among the X.500 community and being responsible for an explosion of lightweight directory client development, it does little to lower the barriers to server implementation and deployment.
The solution lies in retaining the X.500-based model presented by LDAP, but divorcing it from the X.500 service itself. This approach gives the best of all possible worlds: a mature and well-understood information framework, lightweight access, and the ability to communicate with existing and future X.500 directories. LDAP has been embraced by almost every major vendor at some level: either as a front-end to their X.500 offering, as the Internet access protocol to their LAN directory, or as their stand-alone directory service. LDAP has reached a critical mass of implementation, deployment, and industry and user acceptance that makes it the service of choice for the Internet directory.
There is still plenty of work to be done, of course. Future directions for the Internet directory come in four areas. First, there is much interesting work being done in the area of distributed indexing. The goal of this work is to solve the wide-area search problem (or "how to search more stuff than you really should"). Seen as one of the failings of the X.500/LDAP model, the ability to efficiently search areas that cover many servers is an important feature of the Internet directory.
Second, the support within LDAP of additional, more Internet-like names of the form local@doamin will provide two advantages. Aside from being more compact and mnemonic, and having a certain aesthetic appeal over traditional X.500 names (e.g., "tim@umich.edu" vs. "cn=Timothy A Howes, o=University of Michigan, c=US"). Use of these names will allow us to make use of the existing Domain Name System (DNS) registration and name resolution mechanisms, easing deployment and acceptance. Piggybacking on the DNS provides these features and more, all for free.
Third, advantages similar to those enjoyed by the Web can be gained by incorporating other services within LDAP using familiar uniform resource locators (URLs) and a new DNS mechanism called DX records (for directory exchange-similar to MX, or mail exchange, records but more flexible). This scheme allows sites and clients greater flexibility while incorporating the installed base of non-LDAP directory services.
Finally, with the explosion of the Web and the seeming omnipresence of Hypertext Transfer Protocol (HTTP), there is much to be gained by running LDAP directly over HTTP. Work is already underway to define an application/directory Multipurpose Internet Mail Extension content-type for holding directory information, paving the way for this approach.
In summary, LDAP has achieved a critical mass of user and vendor acceptance as the Internet directory service model. It provides the advantages of and compatibility with the X.500 model, without the barriers to implementation and deployment that X.500 incurs. With transparent extensions to support the wide-area search concept introduced by Whois++ and SOLO, LDAP defines just what the Internet needs. With future extensions to support the Internet namespace, piggyback on the DNS, incorporate the installed base using DX records and URLs, and ultimately run over HTTP, it provides the potential for an ideal directory service. This service provides the functionality the Internet needs and does it in a way that is well integrated with the Internet itself, making the scheme easy to both implement and deploy, properties that have been missing from previous efforts.
In the next year, you will see LDAP made directly accessible from virtually every desktop on the Internet. LDAP directory servers, both stand-alone servers and front-ends to other systems, will become more pervasive on the Internet and in corporate intranet settings. More and more directory data will become available and accessible, making the Internet a more manageable and easily searchable place for us all.
