Directories: Where do we go from here?
by Joanne Ghahremani, BTNA and WEMA Directory Challenge Coordinator
by Joanne Ghahremani, BTNA and WEMA Directory Challenge Coordinator
Before we look at the future of directory technology and the new directory-enabled applications being developed, we need to review where directories have come. The author's perspective is based on a recently completed World Electronic Messaging Association (WEMA) industry initiative, sponsored by member messaging associations in the US/Canada, Europe, Australia, and Japan/Asia.
The WEMA Directory Challenge'97 tested and demonstrated integrated directory services coupled with application drivers in the US at EMA'97 in April 1997, then in Europe at EEMA's Annual Conference in June 1997 and lastly in Australia at ECA in October 1997. As the demonstrations moved around the globe, the challenge environment was evolved and expanded. The premise of this industry Challenge is that a global, standards-based (X.500) directory service that interconnects enterprise directory systems is required to support electronic commerce applications. Fast, efficient and controllable information access is essential for businesses reaching out to new trading partners when operating in a global economy.
Results
The first Challenge demonstration showcased directory vendor interoperability using 1993 X.500 directory technology integrated with Lightweight Directory Access Protocol (LDAP)/web client access. Over 100 vendors, users, government agencies and consultants contributed to the creation of a global directory infrastructure that included 14 country level and 80 organizational systems. The Challenge demonstrated that X.500 technology is viable not only for enterprise solutions, but it is quite appropriate for a production-strength, global directory service.
All of the major standards-based directory vendors were involved in the real world testing that led to a considerable degree of interoperability among servers, clients and related application specific systems. The result of this testing is that directory services are moved into the background or "plumbing" category to become transparent to users as well as a service platform for applications that can make use of it. After all, users are only interested in the information they need, not where it's stored, or how it's accessed. These factors all contribute to the business case for managers to cost justify strategic directory services.
The Challenge emphasized directory-enabled applications as the basis for the business case for strategic directory services.
Directories become strategic when they are used as a service platform to provide automated efficient access, management and control of application information. This is as opposed to directories currently found on the Internet which require human interaction, such as with Yahoo, Who IS, etc.
The Future of Directories
Directories are now a service platform for applications, since they can store any type of EDI, text, image, or other information data. As such, they "drive" home the benefits of the directory infrastructure and contribute to the business case for a strategic directory service. Vendors need to concentrate on directory-enabling their applications so that the efficiency of the information access, retrieval and management is built into the applications. Directory-enabled demonstration applications created for the Challenge are all commercially viable; however, they now require action from the marketplace to continue.
As a side note, even the proprietary directory vendors are moving toward LDAP client access, which does require some X.500 capabilities, such as for naming. One important result of this trend is that information can be pulled down from any directory, whether proprietary or X.500 compliant providing increasing levels of interoperability. This is important for any application to find the correct entry, but is particularly important for sensitive transactions that require the capture of digital certificates from the directory.
Challenge Application Drivers
All of the Challenge applications were either created or expanded for the effort in order to demonstrate the use of a global directory infrastructure to support electronic commerce. Each of the Challenge applications was selected based on real user requirements for directories. The requirements identified the services and data required from the directory and were translated into directory format, known as schema. Then, functionality to satisfy the application was determined, as described below:
Colored Pages: Colored pages refers to the type of information normally found in the telephone directory: white pages for entity (name, address, telephone number, etc.); yellow pages for catalog type; blue pages for government services, etc. This application combined several of these types of information, but mainly concentrating on government services stored electronically in the directory to be accessible by the general public. In this regard, the US, Canadian and Australian governments demonstrated key word searches, expanded with thesaurus capabilities to facilitate public access to services such as trash removal, passports and dog licenses.
Voice Profile for Internet Mail (VPIM): This application used the directory to convert a telephone number into an SMTP mail address for routing voice messages over the Internet. This application ties the voice telephone system into the Internet and facilitates transmission of voice mail messages.
Open EDI: There is great commercial viability for the multi-vendor electronic forms front-end with messaging back-end product solution that utilizes the directory to store pertinent trading partner profile information. Using key word searches with a web browser, a vendor can select new trading partners based on catalog type information and then initiate a trade with the appropriate EDI transaction. The initial trading partner information was automatically loaded into the directory based on fields taken from the appropriate EDI transaction. This application opens the world of electronic commerce to the smaller trading partners by establishing their desire to do EDI trading via listing in the directory.
Secure Messaging: Secure messaging vendors used the directory to store digital certificates to support secure exchange of file attachments or contents with authentication, non-repudiation, integrity and confidentiality. The basis of this application was on storage of X.509 v.3 digital certificates, with LDAP directory access and using a PKCS7 encapsulated message content and sent using S/Mime formatting.
In addition, several vendors acted as certifying authorities (CAs) to sign the digital certificates and provide added trust to the exchange of sensitive information. These elements seem to be indicative of current directions in secure messaging, and products based on them should contribute to the development of the required public key infrastructure (PKI) to provide the electronic versions of trust and assurances.
Conclusion
All the Challenge applications are good examples of directory-enabled applications that take advantage of the access, retrieval and management/control capabilities of X.500 directories. However, the secure messaging application is anticipated to be one of the killer applications for standards-based directory services due to the authentication framework that X.500 provides. The Challenge demonstrated the use of the directory infrastructure as the repository for digital certificates, access control and distributed location capabilities which are critical to sensitive electronic commerce. In essence, it is the beginning of the global PKI.
Booz Allen Hamilton/EMA; Directory Challenge'97 Technical Report; May 1997.
Radicati/EEMA; Introduction to the EEMA Challenge Report; July 1997.
Waugh/TradegateECA; draft Report Australian Challenge97; November, 1997.