X.500 Standard status
(Implementors' Guide)

X.509 Related activities

How to be involved

More Information

Tutorial section 1
X.500 General

Tutorial section 2
X.509 specific

Other PKI organizations

edit SideBar


Directory Schema

For directory information to be usable and accessible, it has to be organised in a pre-defined way. The rule for how directory information is organised is called the directory schema. The directory schema is made up of several elements:

  • Object class is specifications of the characteristics of an object of a particular type, e.g. a residential person, and therefore determines the contents and other features of the entry representing such an object.
  • The entry information is stored as a number of attributes each representing a particular piece of information. The characteristics of an attribute are determined by an attribute type definition, which is a specification of its structure and syntax. The syntax can be quite simple or be rather complex.
  • When interrogating entry information it in many cases necessary to the compare the value of an attribute with some data element presented in the user request. This is the case for searches, where entries are selected based whether they fulfil certain criteria. The rules for how such a comparison shall be made are called matching rules. Matching rules can be quite simple like an exact match between two integers, or they can be rather complex, like word rotation matching rule, phonetic matching rule and other approximate matching rules. While commonly recognised matching rules are implemented in all X.500 products, more special matching rules require special implementation.
  • An entry's placement within the Directory Information Tree (DIT) and is name structure is determined by a structure rule.
  • If the attributes of entries are not solely controlled by structural object classes, DIT content rules might have to be used to control the entry content.

All the above types of schema elements, and few more, determine the characteristics of an entry and its relation to other entries.

For a Directory System Agent (DSA), that is, a directory server, to contain a particular entry it is necessary for the DSA to have implemented all the schema elements that govern the characteristics of that entry.

For a Directory User Agent (DUA), that is, a directory client, to access this entry and utilise the stored information it must also have a pretty good understanding of all the schema elements. If a user through his DUA accesses different Directory domains, he would expect the same type of information, like an e-mail address, to be controlled by the same schema element independent of location, otherwise the DUA may not be able to utilise the information.

If all organizations, like Internet, private organizations, national groups, etc. each independently makes own directory schema definitions, which is somewhat the case today, it will not be possible to make a truly integrated European Directory. Even though it may be possible to physically interconnect different domains, they will not be able to utilise each other's information.

Page Actions

Recent Changes

Group & Page

Back Links