P A R A D I S E I N T E R N A T I O N A L R E P O R T # 4 CONTENTS Introduction Summary International Directory Directory Services at the University of Michigan North American Directory Forum A European Directory Forum PARADISE Directory Interfaces and Tools Public Access Directory Interfaces Contact Profile Glossary INTRODUCTION By the end of December 1992, the PARADISE pilot will have run for 26 months. In terms of some of its original goals it could be considered a failure: although an international infrastructure is in place, it is not by any means ready to be self-supporting, and, despite the number of X.500 products reviewed in the last report, the market-place for products is still very limited and the international pilot is still overwhemlmingly dominated by a single implementation. Funding has been agreed for the continuation of PARADISE for the 18 months up to the end of June 1994. This phase is intended to make the transition between the present experimental service through to production service. At this juncture, it seems appropriate for Europe to cast a glance over its shoulder at what is happening in America to give us an idea of where we might be going over the next couple of years. The theme of this, the last in the original series of four COSINE reports, contains less wide-eyed optimism about the future of the global Directory than did the first. But at the same time it should reflect the growing maturity of the Directory service and evidence of a serious commitment from both users and service providers alike who were sold the dream and are prepared to work at its realisation. SUMMARY The first PARADISE International report from May 1991 surveyed a Directory of over 320,000 entries worldwide, of which just under one third were in Europe. Eighteen months later, the global pilot has crept up to one million entries and the proportional distribution has remianed more or less the same, revealing that most of the growth has come from outside Europe, and particularly from the United States. A similar comparison of the numbers of DSAs and listed organisations tells a different story. Whereas the total number of DSAs has more than doubled, there is more or less an even split between "Greater" Europe and the rest of the world, with Europe pulling ahead. The number of organisations listed is greater in Europe because some national research service providers have adopted the policy of filling out their national sub-directory with details of their member organisations, even though there are very few entries about people below them. The effect this has is to create a fuller looking Directory but with greater inconsistency of data. This in itself would not be a problem if user expectations can be modified accordingly. It is hoped that this and other problems related to the performance and quality of the Directory service can be addressed in the PARADISE extension from 1 January 1993 - 30 June 1994. "PARADISE Transition Phase" is to be funded under the VALUE programme of the European Commission. It is hoped that the new project will provide a smooth continuation of the existing services. As announced in the last report, VALUE are also encouraging X.500 initiatives at the national level within the member states of the Community, and so far Belgium, Denmark, Ireland, Italy and Luxembourg have received funding. Since tMay 1992, only Poland has joined the pilot although enthusiastic noises have been heard from China, Hungary, Tunisia and Turkey. Meanwhile usage of the PARADISE public access interface "de" has increased dramatically, and has recently been accessed from as far afield as Chile and Hong Kong. The development and enhancement of all the PARADISE tools and interfaces are discussed later in this report. The participation of non-QUIPU implementations has been less demonstrative than was hoped or anticipated at the beginning of the year. Interworking testing has been planned or carried out with Digital, E3X, ICL, Marben, Siemens Nixdorf, System Wizards and Unisys with most of these companies having at least one site using their product in the pilot. The main implementation in the pilot is still, far and away, QUIPU. The focus of QUIPU development has now moved to the ISODE Consortium, a not-for-profit co-operative enterprise, whose mission is to promote and develop the ISODE package of OSI building blocks and applications, including X.400 (PP) and X.500 (QUIPU). It is hoped that the ISODE software will evolve more rapidly through the vehicle of the ISODE Consortium than it would in the hands of any single member. This will both benefit the Consortium membership, which is open to any organisation in any country, and help stimulate the market for OSI. Academic organisations and not-for- profit or government organisations with research as their primary purpose are given zero cost access to Consortium releases, thus continuing the important role of ISODE in the research community as well as allowing ISODE to evolve as a commercial product base through the Consortium's vendor members. The final public domain release of QUIPU was made in July, although an update to this version will be available in December from the ISODE Consortium. On looking back over the last two years of the current PARADISE project, it is evident that the high expectations for the rapid growth of the X.500 Directory were over- optimistic and unattainable. Although international participation in Europe has soared from involving nine countries to twenty two, the depth of the Directory except in one or two countries has not swelled accordingly. PARADISE has demonstrated that X.500 can work and has provided an infrastructure. It is also now clear that this infrastructure will have to evolve to facilitate the future growth of the Directory and to accommodate the very large scale pilots of the public service providers through the NADF in North America and Eurescom in Europe. Both these pilots are examined further later on in this report and the prospects for the future of the global Directory in 1993. INTERNATIONAL DIRECTORY EUROPE Europe 3 4 2000 Austria 3 18 1516 Belgium 2 7 64 Croatia 1 1 10 Czechoslovakia 1 3 45 Denmark 5 329 3801 Finland 17 20 76316 France 20 18 5000 Germany 33 135 7237 Greece 4 16 359 Iceland 1 35 868 Ireland 4 8 4004 Israel 1 1 11 Italy 3 110 3001 Netherlands 7 115 2128 Norway 14 1084 23346 Poland 2 29 117 Portugal 4 5 1423 Slovenia 41 1 10 Spain 17 103 4538 Sweden 11 43 20118 Switzerland 18 12 44775 United Kingdom 68 68 74794 TOTAL 230 2165 275481 THE WORLD Australia 25 184 44351 Brazil 1 1 10 Canada 17 11 47776 India 10 8 695 Japan 17 16 2300 New Zealand 1 2 1510 United States 136 118 458032 TOTAL 207 340 554674 GRAND TOTAL 437 2505 830155 Number of servers unavailable at time of count: 135 DIRECTORY SERVICES AT THE UNIVERSITY OF MICHIGAN The University of Michigan is a large and diverse organisation, employing approximately 25,000 faculty and staff, and enrolling almost 50,000 graduate and under- graduate students in 27 schools and colleges, spread across three main campuses. Michigan's diversity is reflected in its computing environment which includes mainframes, PCs, Macintoshes, Unix workstations as well as many others. Computing usage ranges from word processing to numerically intensive scientific computing, from program development to electronic mail, and everything in between. Providing a directory service to this eclectic collection of users and machines is a challenging and interesting problem, which the University of Michigan Information Technology Division (ITD) has been working at since 1990. They have been offering a production-level directory service for over a year, and their DSA is currently answering on average about 15,000 queries a day with usage growing steadily. They continue to work to better integrate X.500 into the existing campus e-mail, information services, and general computing environments, in addition to providing local users with access to new and more exciting technologies enabled by X.500. DATA MANAGEMENT The basis of the Michigan directory service is a single QUIPU DSA running on a SUN 4/470 with 192 Mb of memory and two 1 Gb IPI disks. The DSA holds over 81,000 entries corresponding to all Michigan's faculty, staff and students. Data is updated in bulk from the Michigan administrative, personnel and registrar databases approximately once a month. From these sources ITD extract for each user: o name o title o postal address o telephone number o school or college o leave information (for faculty and staff) o class standing (for students) The update process is performed off-line by a large program (written in C) called "munge", specially devised for this job. There have been privacy concerns, both from the data sources and from users themselves. Data management is complicated by the number of exceptions: people can change names and even university ID numbers; they can move around from department to department, students can disappear over the summer, students can also be staff ... and so on. ITD also takes smaller bulk updates from system administrators on campus, containing for example e-mail addresses for their users. This update is accomplished through DAP using another custom-written tool called "merge". ITD holds a campus-wide database of login names, called "uniqname", which is maintained separately from the X.500 database. However, the "uniqname" server has been modified to update the corresponding X.500 "userid" attribute every time it makes a change in its own database. This kind of automatic real-time shadowing of information mastered in other databases has worked well at Michigan and it is intended to apply this technique to other databases. In addition, users are able to update their own entries and to choose whether they want their entry to be updated from the administrative data source. The first time a user updates a field in their own entry that is affected by the bulk update process, the DUAs (provided by ITD) explain the bulk iupdate process to them, and ask whether or not the user wants their entry updated in bulk. The user's response is recorded as an attribute in their Directory entry. THE CAMPUS ENVIRONMENT The Michigan sub-directory is well-integrated into the existing computing environment. Not having the resources or authority to make changes to the many thousands of client machines on campus, whenever possible, ITD's approach has been to make only server-side modifications. This approach has worked well in the following areas: o e-mail: the Michigan campus e-mail environment is diverse, spanning LANs to mainframes, with interoperability based primarily on SMTP gateways. "sendmail" has been modified to make enquiries in the X.500 Directory so that mail sent to "name"@umich.edu will be routed to the address specified in the "rfc822Mailbox" attribute of the user; o finger: an X.500 finger daemon has been written that searches the Michigan portion of the X.500 tree. So "fingering" "name"@umich.edu actually accesses the University of Michigan database; o gopher: there are several growing "gopher"-based information services on the Michigan campus. Through the use of "gopher" to X.500 gateway software written by ITD, "gopher" users are able to access the X.500 database. Access is provided not only to the local portion of the DIT (which appears as a University of Michigan telephone directory), but also to remote portions of the DIT through a more general gateway that allows "gopher" users to browse the global DIT; o e-mail users without access to a real DUA, or any of queries: the gateways described above, can send mail to x500-query@umich.edu and have a query such as "whois Tim Howes" automatically responded to. The bulk of the daily usage of the Directory comes from the "gopher" services, followed by e-mail, "finger" and finally the use of the various DUAs. The number of people accessing X.500 through real DUAs is still fairly small - perhaps less than a thousand connections per week. HOME-GROWN DIRECTORY USER AGENTS The IT Division also offers a number of user agents to the campus, providing both "read" and "update" capabilities. These interfaces include: o "ud": a simple command-line interface modelled after a mainframe directory program widely- used on the Michigan campus. "ud" is used primarily as the lowest common denominator interface, and is available at the campus- wide network prompt. Despite its rather crude interface, it is widely-used. o maX.500: a user-friendly GUI (Graphical User Interface) DUA for the Apple Macintosh which is available at all of the public computing clusters around campus, and is the interface of choice for Mac users. Both these interfaces are in the public domain and are available from terminator.rs.itd.umich.edu via anonymous ftp. Unix users have a variety of interface choices, from the simple "ud" to the X-windows-based "xlu", developed at Brunel University. Security on the Michigan campus is of prime concern to both ITD and its users. They make extensive use of QUIPU's access control (both per entry and search and list ACLs) to prevent unauthorised bulk downloading of data and unauthorised access to or modification of certain attributes. For authentication, they have modified QUIPU to support Kerberos version 4, so that they can leverage the existing campus Kerberos databases, which contain over 20,000 Kerberos principals. They are in the process of changing their various DUAs to recognise Kerberos. NEW APPLICATIONS With the white pages portion of the their directory well in hand, ITD are investigating several non-white pages applications. These include using the Directory to store: o mailing lists; o special interest groups on campus; o information about documentation; o a directory of scientific images. The last of these applications is part of a joint project with the University of Michigan College of Engineering, in which JPEG "thumbnail" sketches" of the images are being stored in the Directory, along with general information about the image and pointers to where the full image may be retrieved. Given the large number of relatively small machines on the Michigan campus, and the general lack of X.500 expertise among their users, it has been important for ITD to provide X.500 access that performs well with limited computing resources and for which the cost of entry for a user is very low. Both of these requirements are met by the Lightweight Directory Access Protocol (LDAP), on which most of their services are based. The Michigan implementation of LDAP does not require ISODE to compile, run or develop clients and provides a simple API that greatly simplifies X.500 DUA program development. Running the production X.500 service requires less than one full-time person, but considerably more than this is required in managing the data, responding to enquiries, dealing with complaints/problems and developing new tools. Despite the impressive infrastructure at ITD and the considerable usage of the University of Michigan directory service, little has been done to promote the service beyond a few articles in the local computing newsletter; with a big publicity effort, usage would dramatically increase even further. For more information concerning the services offered at the University of Michigan, contact: x500@umich.edu NORTH AMERICAN DIRECTORY FORUM At a recent meeting in San Ramon, California, the membership of the NADF made a decision to "lift the veil" of secrecy that has enshrouded the internal workings of this group of potential directory service providers since its inception over two years ago. It also discussed plans for its activity in 1993 which include expanding its operational pilot which started in November 1992, and presenting its achievements in a demonstration at the Electronic Mail Association (EMA) in Atlanta in June. The NADF was founded in 1990 with the goal of bringing together major messaging providers in the United States and Canada to establish a public directory service based on X.500. Representatives from Mexico were also invited, but have so far not participated. Most of the major providers of telecommunications services are represented, as well as the postal companies from both the US and Canada. However, piloting X.500 in the United States started long before the NADF. THE WHITE PAGES PILOT In July 1989, NYSERNet Inc, a not-for-profit company running a regional network in the Internet, started a pilot offering a White Pages service using OSI technology. SInce that time, Performance Systems International (PSI), a provider of commercial Internet and OSI inter-networking services, has been extending and evaluating the service in response to experience gained during the operation of the White Pages Pilot. The White Pages Pilot has maintained three portions of the DIT: o c=US o l=North America o o=Internet c=US: This is the primary focal point for the White Pages Pilot, which has the role of coordinating a large number of Private Directory Management Domains (PRDMDs) in a two-level naming scheme (ie organisations are placed directly under c=US). This activity compares with that in Europe and the rest of the world, although unlike many national pilots in Europe, the White Pages Pilot does not provide listing services; l=North America: This was an experimental node, now largely abandoned to facilitate finding organisations registered both in the United States and Canada. This is comparable in some aspects to the European supranational node, l=Europe managed by PARADISE; o=Internet: This is the node representing information (site contacts and two document series) concerning the Internet, which is currently the only organisation listed directly under the root. CIVIL NAMING The formation of the NADF was seen as a major turning point in the operational implementation of X.500, not least because, in the absence of guidelines from any national authority, it sought to address the crucial issues surrounding naming and registration in the public portion of the North American Directory that were necessary to enable the Directory to grow very large. The naming scheme adopted by the NADF focuses on a single naming universe based on "civil authority". That is, it uses the exisiting civil naming infrastructure and suggests a (near) straightforward mapping onto the DIT. An important characteristic is that entries can be listed wherever searches for them are likely to occur, implying that a single object may be listed as several separate entries. By following the "real world" in its scheme, the NADF claims to be able to avoid having to establish policy on the resolution of name collisions, as this would be a matter that the "real world" would need to sort out anyway. An organisation or an individual represented as a "residential person" will have a "Distinguished Name" assigned by virtue of their national, state, county or local standing, with which they may wish to be listed at any point in the Directory, but distinguished through their unique identifier. This would also enable a foreign organisation, such as for example a well-known fish restaurant in Stockholm popular with visiting US businessmen, to be listed in the North American Directory. In this respect, the role of the X.500 Directory becomes that of the publishing medium. As compared with the current flatness of the DIT, the deep structure proposed by the NADF will make name collisions less likely, but will make Directory searches ergonomically more cumbersome. MULTIPLE ADDMDs Another major achievement of the NADF is to have brought together all the major competitors in the lucrative messaging business under one umbrella. Apart from the need to have common agreements on matters of policy, the overwhelming technical requirement of this consortium effort was to establish how the public portions of the North American Directory namespace could be partitioned amongst different, competing and commercial Directory management domains, whilst ensuring that public Directory "knowledge" is shared sensibly. As no single entity can claim sole ownership of the public DIT, service providers have to co-operate to manage the public DIT while unilaterally managing their own private DIT. Effectively each service provider operates a "virtual" first-level DSA (ie c=US, c=CA), and using custom-written tools (KAN - Knowledge And Naming) establishes its own national namespace according to NADF guidelines. In order to share their Directory space with others, Administrative Directory Management Domains (ADDMDs) periodically exchange KAN information with a Central Administration for NADF (CAN) which merges updates and produces composite updates. An important factor in the sharing of the common namespace is in the use of "naming links" between service providers. This means that, for example, if one ADDMD has a listing of telephone numbers, another electronic mail addresses and a third postal codes, a user looking for the organisation, Saratoga Suitcases Inc, will be presented with a single body of knowledge, or at least pointers to where more information can be found. LIFTING THE VEIL A great deal of work has gone into preparing the way for the establishment of the actual operational pilot. The first CAN update took place in November 1992 involving two NADF members, and the particpation of at least three more is expected by the spring. The pilot will involve QUIPU DSAs as well as other non-QUIPU implementations. Further work is on-going to ensure adequate security mechanisms are practical, and there is also a need to establish workable accounting and charging mechanisms between ADDMDs. One of the reasons for the NADF's avowed shroud of secrecy has been to ensure that no one member is seen to be more prominent than any other as in the future they will all be competitors. Having made vows to its future user community (see the User Bill of Rights opposite), the NADF has decided to lift this veil and reveal itself. There has been a great deal of interest, especially from the messaging community, to know what is going on. Whilst the original motivation for keeping the NADF private was recognised it is now seen to be counter-productive as the world is waiting for results. The other reason is that significant user groups, such as Boeing and Chevron, who represent large PRDMDs feel that they have a right to voice their opinions in any discussion of a future pan-American Directory domain. Particpants in the North American Directory Forum as at November 1992: AT&T Bellcore (representing US West) Bell Canada BellSouth Advanced Networks BT North America Canada Post DirectoryNet Inc GE Information Services IBM Information Network Infonet MCI International Pacific Bell PSI Southwestern Bell Sprint International US Postal Service USER BILL OF RIGHTS for entries and listings in the Public Directory The mission of the North American Directory Forum is to provide interconnected electronic directories which empower Users with unprecedented access to public information. To address significant security and privacy issues, the North American Directory Forum introduces the following User "Bill of Rights" for entries and listings in the Public Directory. As a user, you have: 1. The right not to be listed. 2. The right to have you or your agent informed when your entry is created. 3. The right to examine your entry. 4. The right to correct inaccurate information in your entry. 5. The right to remove specific information from your entry. 6. The right to be assured that your listing in the Public Directory will comply with US or Canadian law regulating privacy or access to information. 7. The right to expect timely fulfillment of these rights. SCOPE OF INTENT The North American Directory Forum is a collection of service providers that plan to offer a cooperative directory service in North America. This is achieved by interconecting electronic directories using a set of internationally developed standards known as the CCITT X.500 series. In this context, the "Directory" represents the collection of electronic directories administered by both service providers and private operaters. When an entry containing information about a user is listed in the Directory, that information can be accessed unless restricted by security and privacy controls. A portion of the Directory - The Public Directory - contains information for public dissemination. In contrast, other portions of the Directory may contain information not intended for public access. A user or user's agent may elect to list information in the Public Directory, a private directory, or some combination. For example, a user might publicly list a telephone number or an electronic mail address, and might designate other information for specific private use. The User Bill of Rights pertains to the Public Directory. A EUROPEAN DIRECTORY FORUM The emphasis for the continuation of the PARADISE project is to find ways of making the present European X.500 infrastructure sufficiently attractive to its users that they will pay for the service in the future. One of the roles of the new project is to harness the resources of the various different groups with an interest in X.500 - the public service providers, the manufacturers, the research community - and has proposed the setting up of an early European Directory Forum to which all the above groups are welcome. Despite the various, and often divergent interests of the players involved, the arguments in favour of X.500 are not yet sufficiently convincing nor the technology robust enough that it makes sense for these different groups not to cooperate closely on common ground whilst recognising where their difference in interests lie. EURESCOM Eurescom project "Pan European Directory Services" is the beginning of a move in a direction comparable with that of the North American Directory Forum. It will associate public service providers wishing to offer commercially competitive X.500 services. The new project is a six month study which will may be followed by a longer project leading to a pilot. The Heidelberg-based Eurescom organisation represents the research and strategy interests of 24 European public network organisations. The kick-off meeting of the project took place recently; the project will be executed by experts from eleven European PTOs (Denmark, Finland, France, Germany, Italy, Netherlands, Portugal, Spain, Sweden, Switzerland, United Kingdom). The goals of the project are to establish a pan- European Directory service based on X.500 which will be, as with the NADF, multi-service provider and multi-vendor. Great emphasis is put on the desirability of having as many manufacturers involved as possible in order in the longer term to attract users. Of paramount importance for the acceptance of the future service is a high level of privacy for users and their Directory entries. As a consequence, the initial study project is looking at problems arising out of differing national regulations as well as interpreting the forthcoming European Community guidelines on privacy and data protection. The project is also be looking at naming schemes, and the types of agreements that need to be made between management domains and in particular public management domains. It includes a study of the relation of X.500 to the existing operational telephony directory protocol TPH 28 and its more protocol-enhanced successor, TPH 500. Finally, to emphasise the user-oriented approach of the project, an assessment is being made of the different markets that exist for directories and what services need to be provided. HYBRID MAIL A surprising development over the last two-three years has been the rapid growth of hybrid mail and the very active involvement of some of the European postal services in offering a diverse range of submission and delivery mechanisms to its users. When the European Commission launched its ENS (European Nervous System) programme, CAPE, one of the 13, two year projects, involved the European Postal Administrations, and is working towards the creation of a European Telematic Postal Network and the development of fully international Postal Electronic Mail (PEM) services. The essence of hybrid mail is to offer an open and flexible means of global communication with the value- added attraction for the electronic mail world that users can specify their preferred means of delivery - postal, telex, fax or electronic mailbox. The service accepts mail created by any type of system - a dumb terminal, a mainframe, a personal computer or a private electronic mail system - either across public networks or physically on tapes or diskettes. Messages can be sent directly to another electronic mailbox or fax machine. However, if the sender has specified a postal address, the message can also be rapidly distributed to a remote print centre nearest to the recipient where the message can be reproduced in any kind of specified graphic representation: logos, signatures, drawings, orders, invoices etc. After printing, letters are automatically folded, enveloped and then routed to the traditional postal service for delivery. The advantages to a user are simple: greatly improved transmission times at lower cost because the expensive business of freighting is reduced to a very cost-effective minimum. The other attraction of this service is that it allows for the scaling of electronic messaging to take place within a global communication infrastructure. The X.500 Directory is seen to play a key role in underpinning the postal authority's electronic infra- structure as it may do one day in telephony for the PTOs. VALUE The VALUE programme is an EC Programme with the purpose of supporting the exploitation of R&D results arising from Community supported R&D activities within the Framework Programme. Subprogramme II under VALUE was included as part of a broader support scheme of the European Community to introduce efficient research and development communication infrastructures for the benefit of European research in general and for collaborative research of international teams in particular. The realisation of these improvements is being implemented through strengthening three important components of open European R&D networking: o the EUREKA project COSINE; o RARE; o national R&D networks as well as through existing initiatives such as Y-NET, which is supported under the ESPRIT programme. The VALUE subprogramme II is divided into two sections, one of which concerns network security and is now realised through the PASSWORD project, while the other is related to R&D network infrastructure. Funding has been provided to support RARE Working Groups and the COSINE Implementation Phase. In 1991 a number of national initiatives were launched with support from VALUE in order to provide IXI connectivity and/or X.400 support to Belgium, Denmark, France, Greece, Ireland, Luxembourg and Portugal. A second tranche of money was allocated to X.500 in 1992 and by the beginning of 1993 it is anticipated that consortia in Belgium, Denmark, Ireland, Italy and Luxembourg will start implementing their plans for Directory services. Each of these consortia will consist of a mixture of academic institutions, commercial organisations and public service providers. In several cases these consortia are already participants in VALUE-funded X.400 projects and will be building on an existing X.500 infrastructure often developed with raw enthusiasm rather than quantifiable resources. The organisations involved are: Belgium - University Libre de Bruxelles Denmark - UNI-C Jutland Telephone DIKU (University of Copenhagen) DKUUG (Danish Unix Users' Group) Ireland - IEunet Ltd Trinity College Dublin Telecom Eireann University College Dublin Italy - CPR (Pisa Research Consortium) Tecnopolis CSATA Teleo Spa Luxembourg - RESTENA/CRP-HT Each of these projects has as a guideline a basic template for a model pilot which includes: o installation of hardware and software for OSI; o management of the national DIT and DIB; o operation of master and back-up DSA; o operation of national DSA backbone; o providing public access and management tools; o integration of X.500 with other applications; o definition and monitoring of X.500 QoS; o service promotion and user support. Most of these new pilots are expected to start in January 1993 and last between 12-18 months. DIRECTORY SERVICE PROVIDERS In looking at the NADF plans for the creation of multi- service provider domains, in Europe the situation can be seen as being at the same time both more simple and considerably more complicated. Within the national domains, there is less likely to be conflict between Directory service providers in the short term than in the United States. However, at the European supranational level, the situation is more complex particularly in the absence of any clear pan-European authority or definable domain that maps on to the present X.500 DIT. For example, pan-European mailbox providers such as Eurokom and Y-Net are seeking to provide X.500 Directory services. However, with the lack of any mechanism for managing multi-ADDMDs in Europe, it is difficult to represent these sub-directories within the current PARADISE infrastructure in a user-acceptable way. NATIONAL R&D NETWORKS The main area of X.500 piloting activity in Europe over the last five years has been through the national network organisations, such as the Joint Network Team (JNT) in the UK, the Deutschen Forschungsnetz (DFN) in Germany etc, and have as their main customer base the academic community. There is a disparity in the status of each of the European pilots usually related to depth of experience and financial commitment. Despite these constraints the national pilots have made remarkable progress and will continue to take the lead in X.500 piloting in 1993. Some of these differences have been resolved throught VALUE support as well as funding through the CEC PHARE programme for Eastern Europe. In Austria, the master DSA is being moved from the Technical University of Graz to the University of Vienna. After experiments at the University of Zagreb, the pilot in Croatia will direct its future activities towards the Croatian PTT, rather than the academic community which is already involved in the project. The DFN VERDI pilot in Germany, based at GMD-FOKUS in Berlin, is developing an administration user agent to manage the DFN MHS service for the global availability of updated routing tables and searching for O/R addresses in the Directory. The Siemens Nixdorf implementation (DIR-X) is now incorporated into the pilot in Munich. THe PTO is involved in the pilot and have plans for provision of X.500 services, but with no concrete timetable. In the Netherlands, SURFnet has also started to pilot a DIR-X DSA at the University of Delft, and in France, marben are registered in the pilot using their own implementation. The Polish X.500 pilot started in May 1992. It is based at the Nicholas Copernicus University in Torun, where two QUIPU DSAs master entries for the whole of the University as well as thirty institutions across Poland. The pilot coordinated by the Council of Polish Research and Academic Computer Network (NASK) is planning to establish four more second-level DSAs in Warsaw, Krakow, Wroclaw and Poznan. The service is being run on SUN SPARCstations with IP connectivity. Two public access DUAs are available at Torun. The Spanish RedIRIS pilot expects to install a lot more X.500 servers at universities in addition to their backbone DSAs. The PARADISE "idm", translated into Spanish, will be used for small organisations on RedIRIS machines. The pilot is also planning to run the DSA availability probe in the near future. In Switzerland, SWITCH plan to integrate more universities and technical schools into the Directory. Recently the University of Geneva started operating its own DSA, updating their Directory from an IBM mainframe automatically every night using DM, the QUIPU bulk-loading tools. Organisations not able to run their own DSA, may either use a bulk loader (DM) or "idm" to install their data on the central DSA operated by SWITCH. The Centre National de l'Informatique in Tunis is planning an X.500 pilot with 400,000 subscribers for informational use by PTT operators. The services offered will be both white and yellow pages. The system will be bilingual (French and Arabic) using both Latin and Arabic characters. In India, there is also an effort to add support for Indian languages to X.500. This would be based on the GIST (Generalized Indian Script Terminal) chip, which handles most of the Indian languages. The ERNET project has taken the lead in setting up a X.500-based Directory service in the country. At present there are seven DSAs including the master DSA for India at the Indian Institute of Technology, Delhi. Since Internet access is limited to about eight-ten sites, efforts are being made to provide an e-mail-based search and update access so that data relating to other organisations participating in the ERNET project (about 60) can also be included in the Directory. This will enable the X.500 Directory to act as the ERNET Directory of e-mail users. The pilot X.500 service has evoked wide interest from industry and there are several proposals to implement different applications using X.500. MTNL, the PTT for Delhi and Bombay, is implementing a Directory Inquiry System based on X.500. There are other proposals for using X.500 for applications with large databases, such as a database of Industries and Technologies. In order to use QUIPU for these applications modifications are required for performance enhancement. At IIT Delhi, there is a plan to integrate the efforts of another project, on Library Automation, where significant work has been done in the area of large scale databases with high performance using QUIPU to achieve the desired goals. Other ERNET interests include integration of the Directory with e-mail including X.400. Two new DSAs, at IIT Kanpur and IIT Kharagpur, are likely to be connected in January 1993 with the coming up of a satellite-based WAN. PARADISE DIRECTORY INTERFACES & TOOLS The work this year on "de" has largely been driven by the results obtained from a survey which asked users and service providers to indicate what new features they would like to see in the interface. Users were offered a list of new facilities and asked to assign a score ranging from 0, indicating that they attached no importance to the feature, to 10, showing that they could hardly sleep without it! Those responding were sub-divided into non-X.500 people and the rest, to see if there were significant differences in perception in the requirements of the two groups. The features offered in the survey were as follows, listed in order of overall popularity: o user-friendly naming o power (multi-organisation) searching o full screen, vt100 version o facility to run under DOS o searching localities/states o pathological behaviour detection o view all attributes o modify capability o character sets o multi-lingual o allow user comments o other The results, based on 46 responses, showed reasonable consistency between the two groups in prioritising requirements. The significant difference was in the greater appeal of power searching (described below) to non- experts and the ability to let users make comments on the use of the interface. Having taken the trouble to find out what people wanted, many of the features which the survey indicated were most desirable have been implemented. The principal features which have been added recently will now be described. Support for user-friendly naming was added during the summer. If a user types a user-friendly name at the person prompt, the user-friendly naming search algorithms are invoked to try to find the required entry. One of the main criticisms of early versions of "de" was that it was not possible to find entries in organisations which were stored beneath locality entries, as "de"s view of the world was rather rigid. Solving this problem within "de" has proved to be rather difficult. One option, which was rejected, was to add an additional prompt to ask for locality information. This was not implemented because it was felt that inviting people to enter locality information would more often than not be counter- productive. The solution which has been adopted is to offer to search under localities if, first, a search for an organisation fails and, second, there are locality entries within the country being searched. The current solution is less than satisfactory as the user is still forced to select from a list of localities, when they may well have no idea in which state, province or locality the organisation is based. A full-screen version of "de" has now been implemented, but with rather different functionality to the original scrolling version of "de". The full-screen version is implemented as a browsing interface, which allows a user to navigate their way around the DIT. One of the motivations for doing this, and not simply producing a full-screen version of the original "de" was that this navigational approach to querying makes it easier to find entries in awkward corners of the Directory, which was a criticism of the original "de". In fact, this browser is not really a full-screen version of "de", in that it does not make use of cursor-addressing or simple vt100 graphics. At the moment, it simply redraws the whole screen rather than just portions of the screen. It is hoped to work on proper full-screen facilities next year. The major change in the functionality has been to implement "power searching". This mode of searching allows a user to search for an entry even when they do not know the name of the organisation in which the person works - at the moment you have to specify the country. The introduction of power searching has meant that "de" now, optionally, has a front screen offering a choice of usage mode. This is shown opposite. The ability to search entire country subtrees makes the Directory immensely more valuable. It is also surprisingly quick to deliver results, and demonstrates the power of a system where as many as 50 DSAs may be being searched simultaneously for an entry. The example shows how an individual can be located by merely specifying their surname and country. A further use for this type of searching will be to help solve the problem of looking for people within localities, as it will offer the user the ability to search within all localities rather than forcing them to select one locality from a list. "de" has in the past been translated into at least four languages other than English. It is hoped that this translation task should be simpler in the future as all prompts and messages displayed to the user have now been moved into a single file. Another change, of which the user sees nothing but which is nonetheless critically important, is that "de" now looks to see if the DSA mastering a country's entry is a QUIPU DSA (the implementation used by the PARADISE service). If it is, "de" continues to use its search-based algorithms for finding entries - it does so as the QUIPU model is one where organisational data is widely replicated. If the country master DSA is not a QUIPU DSA, the search algorithms make more use of "list" and "read" operations, and only attempt searches if the other strategies have failed. This modification has meant that "de" should work better in a multi-implementation environment. A piece of work under current development is to see if "de" can provide better information to a user when searches fail, usually because a DSA is not available at the time of the search. At the moment there is no way to inform the user of the difference between a transient failure, where the DSA is normally up and running, and a persistent failure where the DSA may have been unavailable for several weeks. In one case it is worth telling the user to try again within minutes, whereas the other it is not. Furthermore, there is no way of discriminating between parts of the Directory which are always slow to respond, and those where results generally come within a few seconds. In the first case, it would be useful to tell the user to be patient even if results have not arrived within a few seconds, as such a wait was entirely normal; whereas in the second case it may be better to tell the user that such a lengthy wait is atypical, and that they may wish to discontinue the search. A version of "de" including these features will be available early next year. Last, but very far from least, "de" has been ported to run over the Lightweight Directory Access Protocol (LDAP). It uses the LDAP routines written at the University of Michigan. This makes it possible to build client programs on machines without having to use the full ISODE source tree available. An LDAP "de" is also only 10% of the size of an ISODE "de"! Based on this LDAP work, a version of "de" to run on MS-DOS systems has also been produced and is under testing. This version suitable for PCs, as well as the LDAP port of "de", is the work of the University of Bath. INTERACTIVE DIRECTORY MANAGER A companion interface to "de" called "idm" (Interactive Directory Manager) was made available through PARADISE in summer 1992. Whereas "de" is purely a querying interface, "idm" allows for the addition, modification and deletion of entries. "idm" shares the same philosophy as "de" in that it is intended primarily to be easy to use. In any conflict between simplicity and functionality, the preference has been on the side of simplicity. There are many things that can not be done with "idm" that can be done with QUIPU's DISH, but on the other hand it is now possible to achieve simple operations which previously would have defeated a user! "idm", as with "de", operates in scrolling screen mode and can thus be used from any terminal. The program may be configured to be used in a number of environments. It may be set up to be used by: o a national pilot manager; o an organisation's data manager; o a departmental data manager; o an ordinary user. The attributes which may be added or amended are controlled by a tailor file. There is support for the entry of some of the attributes which have special syntaxes; assistance is given with attributes with distinguished name, postal address and telex address syntax. As with "de", "idm" is also run as a PARADISE central service. This version has been configured to allow SMEs (small to medium-sized enterprises) to register themselves in the Directory if they do not as yet have a Directory entry. "idm" allows an organisational data manager to create a temporary entry for their organisation, and optionally a number of entries for people within that organisation. This information is then passed on the appropriate national manager with a request that the entry be properly instantiated in the DIT. BULK DATA MANAGEMENT While "idm" allows users or data managers to maintain individual entries, there are no general tools (other than the rather simplistic DM tools) to help data managers with the problem of bulk data loading and management. Many sites have fallen back on local routines which produce database format files, which are then moved into place. This expedient solution works so long as the DSA's database is in a tractable format, but also means that individual sites each try to reinvent a complex wheel. They do this with varying degrees of success, and as a consequence the quality of data in the Directory suffers. PARADISE is currently implementing a set of tools which are intended to solve some of the most common data management problems. Here is an outline of some of the main features of the new tools. The tools will discriminate between different data sources so that attributes are taken from the source believed to be the most accurate for each particular attribute. These source preferences may be specified on a per-subtree basis. The tools will allow two or more sources to update a single X.500 entry, even when the sources have different names for the particular entry - some one-off data administrator intervention may be required here, although it is hoped to automate the process as much as possible. Updating will be done in one of two ways. Usually the Directory will be updated by establishing the differences between an old and a new version of the source data, and applying Directory modifications based on these differences. There will also be a facility to re-align the Directory to data sources, to rectify any differences that may have crept in. A Directory data integrity checker tool has also been written which checks that attributes with distinguished name syntax all contain valid values. Furthermore, it can help a data manager build and maintain links between personal and role entries, and thus improve the quality of the data. P U B L I C A C C E S S D I R E C T O R Y I N T E R F A C E S PSS IXI IP Australia 129.127.40.3 130.194.2.68 130.102.128.43 129.78.64.15 (login: fred) Belgium: 222100611 204306500004 134.184.11.4 (login: dua) Denmark: 129.142.96.43 (login: ds) Finland: 128.214.6.100 (login: dua) France: 20800603053201 (login: dua, password: ucom.x) Germany: 26245050230303 Ireland 134.226.32.17 (login: de) Italy: 22225010083212 20432240001212 131.114.2.5 (login: de/fred) Poland 158.75.2.4 158.75.2.5 (login: de/dish) Spain: 21452160234013 2043145100103 130.206.1.3 21452540916282 2043145400002 150.214.4.4 2043145300011 147.83.41.13 (login: directorio) Sweden 240374810306 130.239.16.15 (login: de) Switzerland: 22847971014540 20432840100540 130.59.1.40 (login: dua) United 000050020000587 Kingdom: 000050020000588 (Janet access) 000050020000589 000050020000590 PARADISE Directory Enquiries: 23421920014853 20433450400253 128.86.8.56 (login: dua) PARADISE Directory Manager: 23421920014852 20433450400252 128.86.8.56 (login: idm) PARADISE Dial-up: +44 71 405 4222 PARADISE Directory Enquiries Number of Calls IXI IP PSS Janet Dial-up Total 1992 November 311 2728 70 1281 24 4414 October 508 2978 5 1091 11 4593 September 587 2067 49 197 25 2925 August 231 1598 37 241 28 2135 July 206 1870 19 260 20 2375 June 135 1618 47 120 15 1935 May 103 945 33 357 1438 April 39 719 163 86 26 1033 March 50 287 246 116 699 February 42 191 187 135 555 January 51 137 183 52 423 1991 December 50 112 186 41 389 November 263 103 129 28 523 October 86 198 198 14 496 ---- ----- ---- ---- --- ----- 2662 15551 1552 4019 149 23933 C O N T A C T P R O F I L E A U S T R I A Representative: ACONET Contact: Gerhard Winkler Vienna University Computer Centre Universitaetstrasse 7 A-1010 Vienna Telephone: +43 222 43 6111 x273 Email: gerhard.winkler@cc.univie.ac.at B E L G I U M Representative: University of Brussels Contact: Nils Meulemans ULB, IIHE - Groupe HELIOS-B CP 230 - Bd. du Triomphe B-1050 Brussels Telephone: +32 2 641 35 53 Email: nils@helios.iihe.rtt.be C R O A T I A Representative: University of Zagreb Contact: Enver Sehovic Elektrotehnicki Fakultet University of Zagreb 41000 Zagreb, Unska 3 Telephone: +3841 629 616 Email: enver.sehovic@etf.uni-zg.ac.mail.yu C Z E C H O S L O V A K I A Representative: Slovak Academy of Sciences Contact: Karol Fabian Institute of Automation & Communication Severna 5 974 00 Banska Bystrica Telephone: +42 88 532 07 Email: fabian@uakom.cs D E N M A R K Representative: ISI-DK Contact: Steen Linden UNI-C Danish Computer Centre for Research and Education DTH Building 305 DK-2800 Lyngby Telephone: +45 45 93 83 55 Email: unisli@uts.uni-c.dk E U R O P E Representative: PARADISE Contact: PARADISE Helpdesk ULCC 20 Guilford Street London WC1N 1DZ Telephone: +44 71 405 8400 x 432 Email: helpdesk@paradise.ulcc.ac.uk F I N L A N D Representative: FUNET Contact: Manu Mahonen FUNET c/o VTKK PO Box 40 SF-02101 Espoo Telephone: +358 31 343 2210 Email: directory-manager@funet.fi F R A N C E Representative: OPAX Contact: Paul-Andre Pays INRIA, Batiment 15 BP 105 Rocquencourt 78153 Le Chesnay Cedex Telephone: +33 39 63 54 58 Email: pays@faugeres.inria.fr G E R M A N Y Representative: DFN Contact: Panos-Gavriil Tsigaridas GMD Fokus Hardenbergplatz 2 West Berlin 12 Telephone: +49 30 25499 232 Email: dfnds-manager@fokus.berlin.gmd.dbp.de G R E E C E Representative: Network Ariadne Contact: Yannis Corovesis NRC Demokritos 15310 Attiki Telephone: +30 1 65 13 392 Email: yannis.corovesis@isosun.ariadne-t.gr H U N G A R Y Organisation: Technical University of Budapest Contact: Erzsebet Erdei Information Centre Technical University of Budapest Budapest Telephone: +36 1 181 2172/186 8058 Email h5082erd@ella.hu I C E L A N D Organisation: University of Iceland Contact: Marius Olafsson Reiknistofnun Haskolans Dunhaga 5 107 Reykjavik Telephone: +354 1 694747 Email marius@rhi.hi.is I R E L A N D Representative: IERunet Ltd Contact: Cormac Callanan IEunet Ltd O'Reilly Institute Trinity College Dublin Dublin 2 Telephone: +353 1 671 9361 Email: cc@ieunet.ie I S R A E L Representative: The Hebrew University of Jerusalem Contact: Juliana Solomon Computation Center Taylor Building, Givat Ram The Hebrew University of Jerusalem Jerusalem Telephone: +972 2 58 5686 Email: il-x500@hunch.cc.huji.ac.il I T A L Y Contact: GARR Representative: Antonio Blasco Bonito CNUCE - Istituto del CNR Reparto Infrastrutture di Rete per la Ricerca Via S. Maria, 36 56126 Pisa Telephone: +39 50 593246 Email: bonito@nis.garr.it L U X E M B O U R G Representative: RESTENA Contact: Theo Duhautpas RESTENA 6, rue Coudenhove-Kalergi L-1359 Luxembourg-Kirchbourg Telephone: +352 42 44 09 Email: duhautpas@restena.pt.lu T H E N E T H E R L A N D S Representative: SURFnet BV Contact: Erik Huizer Netwerkontwikkeling Postbus 19035 3501 DA Utrecht Telephone: +31 30 310290 Email: huizer@surfnet.nl N O R W A Y Representative: UNINETT Contact: UNINETT Directory Project c/o University of Oslo/USIT POB 1059 - Blindern 0316 Oslo 3 Telephone: +47 2 453470 Email: directory-adm@uninett.no P O L A N D Representative: NASK Contact: Tomasz Wolniewicz Torun University Institute of Mathematics 87-100 Torun Telephone: +48 56 260 17 Email: twoln@mat.torun.edu.pl P O R T U G A L Representative: Universidade do Minho Contact: Joaquim Macedo Departamento de Informatica Grupo de Comunicacoes Universidade do Minho Rua do Pedro V, 88-3 4700 Braga Telephone: +351 53 612234 ext 432 Email: macedo@uminho.pt S L O V E N I A Representative: University of Ljubljana Contact: Marko Bonac University of Ljubljana Jozef Stefan Institute Jamova 39 61000 Ljubljana Telephone: +38 61 159199 Email: bonac@ijs.yu S P A I N Representative: IRIS Programme/FUNDESCO Contact: Celestino Tomas RedIRIS/Fundesco Alcala 61 E-28014 Madrid Telephone: +34 1 4351214 x284 Email: celestino.tomas@iris-dcp.es S W E D E N Representative: SUNET Contact: Heiner Schorn SUNET Umdac, S-90187 Telephone: +46 90 165 204 Email: heiner.schorn@umu.se S W I T Z E R L A N D Representative: SWITCH Contact: Thomas Lenggenhager SWITCH ETH-Zentrum Limmatquai 138 CH-8001 Zurich Telephone: +41 1 261 8178 Email: lenggenhager@switch.ch T U N I S I A Representative: Centre National de l'Informatique Contact: Mohamed ben Sassi Rue Belhassen Ben Chaabane 1005 El Omrane, Tunis Telephone: +216 1783 055 Email: bsassi@tuniscni.imag.fr T U R K E Y Representative: University of Izmir Contact: Esra Delen Ege Universitesi Bilgisayar Arastirma ve Uygulama Merkezi 35100 Bornova Izmir Telephone: +90 51 187228 Email: esra@ege.edu.tr U N I T E D K I N G D O M Representative: Joint Network Team Contact: Directory Project Manager X-Tel Services Ltd University Park Nottingham NG7 2RD Telephone: +44 602 514600 Email: x500@xtel.co.uk A M E R I C A S B R A Z I L Representative: Federal University of Rio Grande do Sul Contact: Cleber Garcia Weissheimer Federal University of Rio Grande do Sul Institute of Informatics Computer Networks Research Group Porto Alegre - RS Telephone: +55 51 3324241 Email: cleber@vortex.ufrgs.br C A N A D A Organisation: University of Western Ontario Contact: Lori Corrin CCS, Natural Sciences Building University of Western Ontario, London, Canada N6A 5B7 Telephone: +1 519 661-2151 6048 Email quipu@julian.uwo.ca U N I T E D S T A T E S Representative: White Pages Project Contact: Wengyik Yeong PSI Inc. 5201 Great American Parkway Suite 3106 Santa Clara, CA 95054 Telephone: +1 408 562 6222 Email: wpp-manager@psi.com P A C I F I C R I M A U S T R A L I A Organisation: AARNet Directory Project Contact: Graham Rees The Prentice Centre The University of Queensland St Lucia, Queensland 4072 Telephone: +61 7 365 4143 Email: aarn-ds@cc.uq.oz.au C H I N A Representative: North China Inst. of Computing Technology Contact: Weiguo Li Communication and Network Lab. North China Inst. of Computing Technology PO Box 619-16, 10083 Beijing Email: weiguo.li@cnlab.nci.crn.cn I N D I A Representative: Indian Institute of Technology Contact: Surinder Singh Anand Department of Computer Science & Engineering, Indian Institute of Technology Hauz Khas New Delhi 110 016 Telephone: +91 11 686 7431 x6009 Email: anand@netearth.ernet.in J A P A N Representative: WIDE Project/ISODE Working Group Contact: Hideki Sunahara Dept. of Computer Science University of Electro-Communications 1-5-1 Chofugaoka Chofu-shi, Tokyo 182 Telephone: +81 424 83 2161 ext.4122 or 4172 Email: suna@cs.uec.ac.jp K O R E A Representative: SAIT Contact: Kim Inhwan Samsung Advanced Institute of Technology San #14 Nong Seo-Ri Kihung-Euo, Yongin-Gun Kyung Ki-Do Telephone: +82 2 744 0011 x3724 Email: inhwan@silla.sait.co.kr N E W Z E A L A N D Representative: Victoria University Wellington Contact: Andy Linton Department of Computer science Victoria University of Wellington PO Box 600 Wellington Telephone: +64 4 495 5054 Email: andy.linton@comp.vuw.ac.nz G L O S S A R Y API Applications Programmer's Interface, a set of calling conventions defining how a service is invoked through a software package COSINE Cooperation for Open Systems Interconnection Networking in Europe, a EUREKA project funded by the CEC and 18 European governments and managed by RARE DAP Directory Access Protocol: the protocol used between a DUA and a DSA DE Directory Enquiries, the PARADISE public access interface DIT the Directory Information Tree DSA Directory System Agent: the distributed directory database DSP Directory System Protocol: the protocol used between two DSAs DUA Directory User Agent: the user interface EDI Electronic Data Interchange: the protocol based on the CCITT X.435 standard Finger various X.500 versions of a Unix command to display information about users giving information about each logged-in user, including his or her: login name, full name, terminal name if known Gopher the Internet Gopher is a distributed document delivery service which accepts simple queries, and responds by sending a document IDM Directory Manager: the PARADISE public access account management tool IXI the COSINE X.25 backbone, which carries non-commercial traffic for the research communities; this is to become the new European Multi-Protocol backbone, Europanet; ISODE ISO Development Environment: a research tool developed to study the upper layers of OSI. (NB ISO has nothing to do with the International Standards Organisation) JPEG Joint Photographic Experimental Group Kerberos a third-party authentication service which keeps a database of its clients and their private keys, using symmetric keys MHS Message Handling System: the name of the "electronic mail" set of services as defined by CCITT (X.400) and ISO (MOTIS) OSI Open System Interconnection: the ISO standard architecture for Open Systems; an international effort to facilitate communications among computers of different manufacturer and technology PARADISE the COSINE pilot international X.500 Directory Service PTO a post and telephone operator QUIPU a public domain implementation of the OSI Directory, packaged with the ISODE software and developed at UCL under the ESPRIT project INCA and through the JNT. SMTP the Internet Simple Mail Transfer Protocol TCP/IP Transmission Control Protocol/Internet Protocol: network protocol offering a connectionless mode network service VALUE a European Commission funded programme X.25 OSI protocol offering a connection-oriented network service X.400 the CCITT standard defining electronic mail exchange in Open Systems X.500 the series of international standards and recommendations for a distributed directory based on OSI and adopted in 1988; to be revised in 1992