X.500 Standard status
(Implementors' Guide)

X.509 Related activities

How to be involved

More Information

Tutorial section 1
X.500 General

Tutorial section 2
X.509 specific

Other PKI organizations

edit SideBar


X.500 Directory Education

The consultant company Andersen's L-Service owned by Erik Andersen offers comprehensive courses that gives an in-depth understanding of the X.500 standard and its deployment. As LDAP is considered a member of the X.500 family, LDAP issues may also be covered.

A course may be supplemented by an ASN.1 tutorial relevant for the understanding of the X.500 specifications. It is possible to have an only-ASN.1 seminar. For details, see here.

Erik Andersen may be contacted by clicking here.

A seminar may tailored to the particular situation. It may be conducted over 1-3 days depending on the scope and level of details. It could concentrate on feature generally implemented, or it could be expanded to also cover more advanced feature pointing into the future. It is provided on very reasonable terms.

An X.500 course

An X.500 course may contain the following subjects or a relevant subset thereof:

Introductory material

  • General overview - covers general directory concepts, components, and standard documentation.
  • Relationship to LDAP - gives a short introduction to Lightweight Directory Access Protocol (LDAP) and its relationship with X.500.
  • Naming and information structure - gives an introduction to the Directory Information Tree (DIT), Distinguished Name, attribute structure and distribution of information.
  • Directory protocols - introduces the different underlying protocol stacks available to X.500 implementations, the network addressing, the establishment of communications among different X.500 components and the separation of different communications aspects.
  • Directory operations - discusses the different operations a user may perform against an X.500 or LDAP directory.
  • Directory navigation - As a directory may distributed, navigation within the directory is required. This item discusses the principle for such navigation.

More detail material

If an ASN.1 tutorial is included, it would normally be conduction before this section, as this section requires some ASN.1 knowledge.

  • Search operation - The search operation is the most complicated operation and is a very useful operation. Details on the search operation is provided here.
  • Matching and matching rules - Matching between information in the directory and information provided by a user is essential and a somewhat complicated issue. This subject is discussed here.
  • Directory schema - Directory schema is a set of rules for have data and names are structured. It cover the following sub-items.
    • Attribute types - Directory information is modelled as attributes within directory entries. The attribute type concept is discussed here.
    • Object classes - Object classes determines the characteristics of directory entries. Object class concept is discussed here.
    • Name forms - This item is about how name component of a directory name is determined.
    • Structure rules - This item discusses how directory entries may be placed with respect to each other.
    • Content rules - Considers the rules for the content in entries
  • Character string types - Many directory attributes have a character string syntax. Especially, the Universal Multiple-Octet Coded Character Set (UCS) and its UCS Transformation Format 8 (UTF) encoding is considered.
  • Shadowing (replication) - Principle and procedures for replicating data is discussed.
  • Security - This item considers asymmetric key pairs, signing of data, certificates, Certification Authorities (CAs), etc.
  • Directory administration - This item considers how to divide a directory into different administrative areas for different administrative purposes.
  • Collective attributes - How a single attribute may be shared by multiple entries is covered here.
  • Protecting data - How data in the directory is protected is an important issue.
    • Authentication - The different ways a user may be authenticated is discussed here.
    • Access control - This is a rather complicated issue requiring a high level of skill.

Advanced material

  • Service administration - This feature allows administrators to constrain the service provided and include comprehensive data protection tools.
  • Families of entries - This feature allows a a logical grouping of attributes within an entry and it provides tools for more tailored searches.
  • Mapping-based matching - This items covers how the search criteria supplied by a user may be adjusted to make searches more successful.

Practical issues

  • Selecting schema element
  • Defining own schema element
  • Procurement
  • Planning

An ASN.1 tutorial

  • Types and values
  • Transfer syntaxes
  • Components of ASN.1
  • Simple universal types
  • Character string types
  • Object identifiers
  • Structure types
  • Information object specification - “Holes” and “plugging holes” in a specification
  • Subtypes
  • Constrains
  • Parametrization
  • ASN.1 modules

Page Actions

Recent Changes

Group & Page

Back Links