ANNEX A (to Recommendation F.500) Abbreviations A Additional Optional User Facility ADDMD Administration Directory Management Domain AVA Attribute Value Assertion DIB Directory Information Base DIT Directory Information Tree DMD Directory Management Domain DN Distinguished Name DSA Directory Systems Agent DUA Directory User Agent E Essential Optional User Facility ITU International Telecommunication Union PRDMD Private Directory Management Domain RDN Relative Distinguished Name RPOA Recognized Private Operating Agency ANNEX B (to Recommendation F.500) Service error messages Error codes produced while performing operations in directory systems are transformed by the local DUA into service error messages. The values of the error codes and the meaning are summarized in this Annex. Standardized service error messages are for further study. The presentation to the user is a local manner. See also Recommendation X.511. B.1 Attribute error This error is displayed on a per-selection criteria basis (attribute type) and includes the attribute type, attribute value and problem reason value. The problem reason values are as follows (see Table B.1/F.500). TABLE B-1/F.500 Reason Meaning value 1 The requested information does not exist for the named entry. 2 The syntax of the value used for the distinguished name or the selection criteria is inappropriate. Contact support staff for assistance. 3 Attribute Type is not defined for this . 4 Inappropriate matching for the information type . 5 Attribute Type or Attribute Value is not within its constraints. 6 or already exists. B.2 Name error This will be displayed with one of the following reason values whenever a name provided by the user is detected to have a problem (see Table B.2/F.500). TABLE B-2/F.500 Reason Meaning value 1 The name supplied, , cannot be found. (Note - ALIAS names are resolved to the actual named entry.) 2 is an Alias that can not be properly resolved. 3 Part, , of the name used is underfined. 4 The syntax of the value used, , is inappropriate. 5 List operation is improperly specified. 6 An Alias was encountered in an operation where it is not allowed. B.3 Interconnect error This error will be displayed whenever the operation cannot be carried further at this time. The possible access points for continuing the request are provided in the form: “Name and Access Point”. B.4 Service error This will be displayed with one of the following reason values whenever the operation requested has detected a problem that affects the user service (see Table B.3/F.500). TABLE B-3/F.500 Reason Meaning value 1 The directory system is busy. 2 The directory system is presently unavailable. 3 System is unable to proceed with the request. Contact support staff for assistance. 4 Information not found in the local system. [Optionally, the directory service provider may advise the user that the restriction to use local service information only should be removed and the request may be re-submitted to allow remote directory services to be utlized.] 5 Administrative limit exceeded. Contact support staff for assistance. 6 Unavailable critical extension. B.5 Update error This will be displayed with one of the following reason values whenever the the modify (Add, Change, or Delete) operation(s) requested has detected a problem (see Table B.4/F.500). TABLE B-4/F.500 Reason Meaning value 1 The update violates directory naming rules. 2 The update violates the directory rules for that class of objects. 3 Update not allowed because of the object's position in the directory. 4 Update not allowed on an RDN when modifying an entry. 5 Entry already exists (relevant for add operation only). 6 Update denied, affects multiple directory systems. 7 Any update against this class of objects prohibited. B.6 Security error For further study. B.7 Abandon error For further study. B.8 Referral error For further study. ANNEX C (to Recommendation F.500) Selected object classes See Recommendation X.521. Object identifies are allocated to object classes. The concept makes use of the concept of subclasses (see Recommendation X.501). Selected object classes provided by the directory systems specifications depend on the scope of public directory service chosen by the service provider. It is assumed that the presently defined selected object classes will allow the provision of a useful directory service. - Top - Alias - Country - Locality - Organization - Organizational unit - Person - Organizational person - Organizational role - Group of names - Residential person - Application entity - Application process - DSA - Device - Strong authentication user - Certification authority Note 1 - A certain object class is used as a classificatory attribute type. Note 2 - The definition of additional selected object classes for public directory service is for further study. Note 3 - Messaging handling, in X.400-series of Recommendations, defined additional object classes for MHS specific use (see Annex E). ANNEX D (to Recommendation F.500) Selected attribute types It is assumed that the presently defined selected attribute types will provide a useful directory service. The implementation of the attribute types used in the public directory service are left for the decision of the service provider. Selected attribute types provided by the directory system specification, Recommendation X.520, are: a)System attribute types - Aliased object name - Knowledge information - Object class b)Labelling attribute types - Common name - Serial number - Surname c)Geographical attribute types - Country name - Locality name - State or province name - Street address d)Organizational attribute types - Organization name - Organizational unit name - Title e)Explanatory attribute types - Business category - Description - Search guide f)Postal attributes - Physical delivery office name - Post office box - Postal address - Postal code - Registered address g)Telecommunications addressing attribute types - Destination indicator - Facsimile telephone number - ISDN address - Registered address - Telephone number - Teletex terminal identifier - Telex number - X.121 address h)Preferences attribute types - Preferred delivery method i)OSI application attribute types - Presentation address - Supported application context j)Relational attribute types - Member - Owner - Role occupant - See also k)Security attribute types - User password - User certificate - Authority revocation list - Certificate revocation list - CA certificate Note 1 - Other attribute types may be defined for local scope or on bilateral agreement. Note 2 - The definition of additional selected attribute types for public directory services is for further study. Note 3 - Messaging handling, in X.402, defined additional attribute types for MHS specific use (see Annex F). ANNEX E (to Recommendation F.500) MHS selected object classes See Recommendation X.402 for further details. Selected object classes provided by the directory systems for MHS depend on the scope of the public directory service chosen by the service provider. It is assumed that the presently defined selected MHS object classes will allow the provision of a useful directory service that intercommunicates well with MHS as defined in X.400-series of Recommendations. MHS object classes - MHS (Generic MHS user information) - MHS organizational user - MHS distribution list - MHS message store - MHS message transfer agent - MHS user agent ANNEX F (to Recommendation F.500) MHS selected attribute types It is assumed that the presently defined attribute types defined in X.400-series of Recommendations will provide a useful directory service for message handling systems. The implementation of the attribute types used in the public directory service are left for the decision of the service provider. MHS selected attribute types provided by the X.400 system specification, Recommendation X.402, are: MHS attribute types - MHS deliverable content length - MHS deliverable content types - MHS deliverable encoded information types - MHS distribution list members - MHS distribution list submit permissions - MHS message store - MHS O/R addresses - MHS preferred delivery methods - MHS supported automatic actions - MHS supported content types - MHS supported optional attributes ANNEX G (to Recommendation F.500) User visibility of the search operation Some examples of filters are shown for the practical use. G.1 Possible examples ORG = Organization name OUN = Organizational unit name G.1.1Sales units of TTT or marketing units of TNT [(ORG = “TTT”), AND, (OUN = “SALES”)] OR [(ORG = “TNT”) AND, (OUN =“MARKETING”)] G.1.2Marketing or sales units of TTT (ORG = “TTT”), AND, [(OUN = “MARKETING, OR OUN = “SALES”)] G.1.3All departments of TTT except Marketing [(ORG = “TTT”), AND, (OBJECT CLASS = OUN)], AND NOT, [(OUN = “MARKETING”)] OR [(OUN = MARK*)] G.1.4All organizations in a country whose telex numbers are in the range of 5030 to 5067 (OBJECT CLASS = ORG)AND, [(TLX £ 5067), AND, (TLX > 5030)] G.2 Practical use and effect of filters G.2.1Task “Retrieve” in the USA, the location (state or province), the telefax number, and voice telephone number for the sales departments of TTT or the marketing departments of TNT. The total elapsed time for retrieving the information should not exceed 10 minutes (600 s) and the maximum number of objects found should not exceed 20. G.2.2Solution/action Action SEARCH Criteria: Base object: “CTN = USA”. subset: “whole subtree” Filter [(TYPE = 3), AND, (ORG = “TTT”, AND, OUN = “SALES”) , OR, (ORG = “TNT”, AND, OUN = “MARKETING”)] Service controls: { time limit = 600, size limit = 20, priority = medium } Selection: { FAX, TEL, STN } Result The directory will return the requested information within the limits designated by the requestor. If the limits are exceeded, an error indicating the limit that was exceeded and arbitrary collection of partial results are displayed in this example. ANNEX H (to Recommendation F.500) Glossary of terms Note - Some of the terms included are quoted from X.500-series of Recommendations and are only included to enhance understanding of system related descriptions. Some of the text provided are definitions and others are of explanatory nature. A separate Blue Book named “Definitions” may be used as a further source. H.1 abandon A directory operation to terminate a request. This operation is not guaranteed outside of the local scope. Note - This directory system operation is considered to be an optional user facility in the service context. H.2 access control Method of controlling access to information held in the directory either for retrieval, managing or updating purposes. H.3 ADD A directory operation to add an object entry or an alias entry to the directory information tree (DIT). Note - This directory system operation is considered to be an optional user facility in the service context. H.4 additional service controls Function of a directory system to control certain additional performance criteria. Note - These service controls are considered to belong to additional optional user facilities. H.5 administration Denotes a public telecommunications Administration or Recognized Private Operating Agency (RPOA). H.6 administration directory management domain (ADMD) A DMD which is managed by an Administration or RPOA. H.7 alias (entry) An entry of the class “alias” containing information used to provide an alternate name for an object. It points to the entry that actually contains the information. H.8 alias name A name for an object where at least one of whose relative distinguished names (RDNs) is that of an alias entry. H.9 attribute The information of a particular type concerning an object and appearing in an entry describing that object in the directory information base (DIB). Note - See X.500-series of Recommendations for further details. H.10 attribute type That component of an attribute which indicates the nature of information given by that attribute. H.11 attribute value A particular instance of information indicated by an attribute type. H.12 attribute value assertion A proposition, which may be true, false, or undefined, concerning the values (or perhaps only the distinguished values) of an entry. H.13 authentication Method to establish security services by means of simple or strong authentication. There are two kinds of authentication: data origin authentication and peer entity authentication. Note - See Recommendation X.509 for more information. H.14 authentication mechanisms Authentication mechanisms are used to provide for encryption, data integrity and digital integrity. H.15 business category Attribute type which specifies the commercial activity of some common objects, e.g. people. H.16 chaining A feature used by the directory system to communicate between directory system agents (DSAs) to satisfy the users request. To achieve this multiple DSAs must be able to intercommunicate as peers. This feature may be inhibited by the user or service provider through service control parameters that are supplied with the user's request. Note - A set of agreements is required between the domains (DSAs) wanting to interact based on this method. H.17 classified information In the context of the directory, directories presently known as “white pages”, “yellow pages”, etc. H.18 common name In the context of directory systems: An attribute type identifying an object that is named. It is the name by which the object is commonly named, and conforms to the naming conventions of the country or culture with which the object is associated. In the context of message handling systems: Standard attribute identifying a user or distribution list relative to the entity denoted by another attribute (e.g., an organization name). (See Recommendation X.402.) H.19 compare An operation of the directory system to compare a value (which is supplied as an argument of the request) with the value(s) of a particular attribute type in a particular object entry. Note - This directory system operation is considered to be an optional user facility in the service context. H.20 copy information Replicated information. H.21 country name An attribute type that identifies a country. A country name is a unique designation of a country. When used as a component of a directory name, it identifies the country in which the named object is physically located or with which it is associated in some other important way. In the context of directory systems a value from ISO 3166 (Alpha-2 country codes) is used. H.22 description An attribute type which describes the associated object, e.g. as an “Yellow pages” entries. H.23 destination indicator (public telegram) An attribute type specifying the country and city associated with the object (the addresses) needed to provide the public telegram service. Note - See CCITT Recommendations F.1 and F.31. H.24 directory A collection of open systems cooperating to provide directory services. H.25 directory entry A part of the DIB which contains information about an object. H.26 directory information base (DIB) The complete set of information to which the directory provides access, and which includes all of the pieces of information which can be read or manipulated using the operations of the directory. H.27 directory information tree (DIT) The directory information base considered as a tree, whose vertices (other than the root) are the directory entries. Note - The term DIT is used instead of DIB only in contexts where the tree structure of the information is relevant. H.28 directory interrogation Methods to get results from a request to a directory by read, compare, list, search or abandon operations. H.29 directory management domain (DMD) A domain responsible for managing the information contained in a directory and the operation on this information. H.30 directory modification Methods to change information in a directory by add entry, remove entry, modify entry or modify relative distinguished name functions. H.31 directory name A construct that singles out a particular object from all other objects. A directory name must be unambiguous (that is, denote just one object). However, it need not to be unique (that is, be the only name which unambiguously denotes the object). See also name. H.32 directory schema The set of definitions and constraints concerning DIT structure, object class definitions, attribute types and syntaxes which characterize the DIB. H.33 directory system agent (DSA) An OSI application process which is part of the directory, and whose role is to provide access to the DIB for DUAs and/or other DSAs. H.34 directory user agent (DUA) An OSI application process which represents a user in accessing the directory. Each DUA serves a single user so that the directory may control access to directory information on the basis of user's identity. DUAs may also provide a range of local facilities to assist users to compose requests (queries) and interpret the responses. H.35 directory management domain (DMD) A collection of one or more DSAs and zero or more DUAs which is managed by a single organization. Management of a DUA by a DMD implies an ongoing responsibility for service to that DUA, e.g. maintenance, or in some cases ownership, by the DMD. H.36 distinguished name The sequence of relative distinguished names of the entry which represents the object and those of all its subordinate entries (in descending order). Because of the one to one correspondence between objects and object entries, the distinguished name of an object can be considered to also identify the object entry. H.37 distinguished value An attribute value in an entry which has been designated to appear in the relative distinguished name of the entry. H.38 distribution list List of O/R addresses for message handling services stored in the directory. Note - This feature is considered to be an optional user facility in the service context. H.39 DIT structure The definition for an entry of an object class of the permissible object class or classes to which the immediate superior (or subordinate) may belong and its permissible RDN attribute types. H.40 do not dereference alias A service control which allows to prohibit that any alias used to identify the entry effected by an operation is to be dereferenced. See also alias. H.41 do not use copy A service control allowing for prohibition of copied information. H.42 entry (directory entry) A part of the DIB which describes a particular object, and which consists of information that the directory holds about that object. H.43 error code Information provided from the directory system for the purpose of indicating to the requestor why a request could not be performed sufficiently. Note - A local directory domain may transfer the information to the requestor in a way appropriate to local requirements. Error codes may refer to service error, attribute error, update error, security error, referral error, abandon error or name error. They are transferred to service messages for the user. H.44 facsimile telephone number An attribute type which specifies a telephone number for a facsimile terminal (and optionally its parameters) associated with an object. H.45 filter A filter parameter applies a test to a particular entry and either is satisfied or not by the entry. The filter is expressed in terms of assertions about the presence or value of certain attributes of the entry, and is satisfied if and only if it evaluates to TRUE. H.46 intercommunication In the context of directory services a relationship between services, where one of the services is a directory service, enabling the user of a service to communicate with the directory. Note - The term also applies for the relation between public and private directories, for the relation between directory services of different service providers and for the relation between directory management domains. H.47 ISDN address An attribute type which specifies an ISDN address associated with an object. H.48 knowledge information An attribute type which specifies a human-readable accumulated description of knowledge mastered by a specific DSA. H.49 locality name An attribute type which specifies a locality. When used as a component of a directory name, it identifies a geographical area or locality in which the named object is physically located or with which it is associated in some other important way. H.50 list An operation in the directory system to obtain a list of immediate subordinates of an explicitly identified entry. Under some circumstances, the list returned may be incomplete. Note - This directory system operation is considered to be an optional user facility in the service context. H.51 local scope A service control which restricts the scope of directory operations. Note - The definition of local scope is itself a local matter, and may, for example, mean a limit within a single DSA or a single DMD. H.52 member An attribute type which specifies a group of names associated with the object. H.53 modify An operation in the directory system to perform a series of one or more of the following modifications to a single entry: - add a new attribute; - remote an attribute; - add attribute values; - remove attribute values; - replace attribute values; - modify the RDN of a leaf entry; - modify alias; - modify entry. Note - This directory system operation is considered to be an optional user facility in the service context. H.54 modify operations These are operations to alter the contents of the directory: add entry, remove entry, modify entry and modify relative distinguished name. H.55 multicasting This is a special case of distributing simultaneously a request to more than one DSA. See Recommendation X.518. Note - A set of agreements is required between the domains wanting to interact based on this method. H.56 name In the context of a directory, the designation of entries and parts thereof. A name must be unambiguous, that is, denote just one object. However, a name need not to be unique, that is be the only name that unambiguously denotes the object. Note - See X.500-series of Recommendations for further study. H.57 naming authority An authority responsible for the allocation of names. Each object whose object entry is located at a node in the DIT is, or is closely associated with, a naming authority. In the context of public directory services, the administration directory management domain administers the part of the DIT covered by entries of that domain. It may act as naming authority for the distinguished names used in the scope of the domain. H.58 object (of interest) Anything in some “world”, generally the world of telecommunications and information processing or some part thereof, which is identifiable (can be named), and which is of interest to hold information on the DIB. H.59 object entry An entry which is the primary collection of information in the DIB about an object, and which can therefore be said to represent that object in the DIB. H.60 object class An identified family of objects (or conceivable objects) which share certain characteristics. Note - See X.500-series of Recommendations for further study. H.61 O/R address Address of an originator/recipient of messages in the context of message handling. H.62 organization name An attribute type which specifies an organization. When used as a component of a directory name it identifies an organization with which the named object is affiliated. H.63 organization unit name An attribute type which specifies an organizational unit. When used as a component of a directory name it identifies an organizational unit with which the named object is affiliated. H.64 owner In the context of a directory, that attribute type specifying the name of some object which has some responsibility for the associated object. H.65 physical delivery office name An attribute type which specifies the name of the city, village, etc. where a physical delivery office is situated. H.66 post office box An attribute type which specifies the post office box by which the object will receive physical delivery. If present, the attribute value is part of the object's postal address. H.67 postal address An attribute type which specifies the address information required for the physical delivery of postal messages by the postal authority to the named object. Formatted and unformatted postal addresses exist. Note - See also Recommendations F.401 and X.520. H.68 postal code An attribute type which specifies the postal code of the named object. If this attribute value is present it will be part of the object's postal address. H.69 preferred delivery method An attribute type which specifies the object's priority regarding the method to be used for communicating with it. H.70 presentation address An attribute type which specifies a presentation address associated with an object representing an DSI application entry. H.71 priority A service control which specifies the priority of a request (low, medium, high) for the service. This is not a guaranteed service in that the directory as a whole does not implement queuing. There is no relationship implied with the use of priorities in underlying layers. H.72 private directory management domain (PRDMD) A DMD managed by another organization than an Administration. H.73 public directory service A service provided by Administrations to subscribers and users for the purpose of obtaining information on addresses for telecommunication services and other related information from an electronic directory. H.74 read operation An operation of the directory system to extract an explicitly identified entry. It may also be used to verify a distinguished name. Note - This directory system operation is considered to be a basic service feature in the service context. H.75 referral Request handling by the DSA in the case of failing to find the requested information in the first DSA. In this case the directory may return a referral, which suggests an alternative access point at which the DUA can make its request. Note 1 - This is an alternative method to chaining or multicasting. The implementation is a local matter. Note 2 - A set of agreements is requuired between the domains (DSAs) wanting to interact on the basis of this method. Whether referrals are presented to the user or not is a local matter. It has to take into account whether the domain (DSA) being referred to will accept requests from these users. Note 3 - Referrals to domains (DSAs) without prior agreement (including accounting procedures) with them are undesired. H.76 registered address An attribute type which specifies a mnemonic for an address associated with an object at a particular city location. The mnemonic is registered in the country in which the city is located and is used in the provision of the public telegram service. H.77 relative distinguished name (RDN) The unique name of an entry. It consists of a particular sequence of attribute value assertions, each of which is true, concerning the distinguished values of an entry. H.78 requestor The subscriber, user or system entity making a particular request to the directory. H.79 role occupant An attribute type which specifies the name of an object that fulfills an organizational role. An attribute value for role occupant is a distinguished name. H.80 search guide An attribute type which specifies information of suggested search criteria which may be included in some entries expected to be a convenient base-object for the search operation, e.g. country or organization. H.81 search operation An operation in the directory system to search a portion of the DIT for entries of interest, and to return selected information from those entries. Note - This directory system operation is considered to be a basic service feature in the service context. H.82 security capabilities Capabilities of a directory system to provide protection against security threats. Note 1 - These directory system capabilities are considered to be additional optional user facilities in the service context. Note 2 - See Recommendation X.509 for explanation of security capabilities. H.83 see also An attribute type which specifies names of other objects which may be other aspects (in some sense) of the same real-world object. H.84 serial number An attribute type which specifies an identifier, the serial number of a device. H.85 service control A function of a directory system to control certain performance criteria. A service control parameter contains the controls, if any, that are to direct the provision of the service. Note - One service control in the directory system (time limit) is an essential optional user facility. Other specific ones are additional optional user facilities in the service context, if the service provider offers them. See also § 4 of Recommendation F.500. H.86 size limit A service control which indicates the maximum number of objects to be returned in the results of a search or list operation (the control is only applicable to those operations). If the list size is exceeded, any results equal in number to the size limit should be returned, with the indication that the results are incomplete due to the size limit constraint. If this component is omitted, no maximum is implied. H.87 state or province name Identifies the geographical subdivision in which the named object is physically located or with which it is associated in some other important way. H.88 street address An attribute type which specifies a site for the local distribution and physical delivery in a postal address, i.e. the street name, place, avenue and the house number. When used as a component of a directory name, it identifies the street address at which the named object is located or with which it is associated in some other important way. H.89 subclass Relative subordinate to a superclass, an object class derived from a superclass. The members of the subclass share all the characteristics of another object class (the superclass) and additional characteristics possessed by none of the members of that class (the superclass). H.90 subscriber A user of a telecommunication service, normally based on a contract with the provider of a public service. H.91 superclass Relative superior to a subclass, an object class from which a subclass is derived. H.92 supported application context An attribute type which specifies the object identifier of an application context that the object (an OSI application entity) supports. H.93 surname An attribute type which specifies the linguistic construct which normally is inherited by an individual from the individual's parent or assumed by marriage, and by which the individual is commonly known. H.94 telephone number An attribute type which specifies a telephone number associated with an object. Note - The format of internationally agreed telephone numbers follows Recommendation E.164. H.95 teletex terminal identifier An attributed type which specifies the teletex terminal identifier for a teletex terminal associated with an object. Note - The format follows Recommendation F.200. H.96 telex answer-back An attribute type which specifies the telex terminal identifier for a telex terminal associated with an object. Note - The format follows Recommendation F.60. H.97 telex number An attribute type which specifies the telex number, country code, and answer-back code of an telex terminal. Note - The format follows Recommendation F.69. H.98 time limit A service control that indicates the maximum elapsed time, in seconds, within which the service should be provided. If the constraint connot be met, an error is reported, unless it was a search or a list operation, in which case partial results should be returned to the DUA with the indication that a time limit problem has been encountered. If this component is omitted, no time limit is implied. Note - This service control is an essential optional user facility. H.99 title An attribute type which specifies the designated position or function of the object within an organization. H.100user In telecommunication service context: A human being using a service. In a technical context: A human being, an entity or a process. Note - A user will not necessarily be a subscriber of a telecommunication service. H.101user certificate See Recommendations X.520 and X.509. H.102wildcard In the context of directory services, a way to replace unknown parts of attributes for a request to the directory. H.103user password A sequence of characters to identify a user. H.104videotex user number An attribute type which specifies a videotex user number associated with an object. H.105white pages See under “classified information”. H.106X.121 address An attribute type which specifies a number from the X.121 numbering plan associated with an object. H.107yellow pages See under “classified information”.