8. Use X.500

The IWPS based on the X.500 protocol has a relatively wide deployment. The current service contains about 1,5 million entries of individuals and 3,000 of organizations. It is coordinated by Dante, an Internet service provider in the UK, and known as "NameFLOW- Paradise".

Though X.500 is sometimes criticized by the fact that its functionality is restricted by the hierarchical naming structure it imposes, it provides a reasonably good functionality as has been shown in several pilots by organizations [5], [2], [6], [7] that are now running a production X.500 IWPS. User interfaces also determine the functionality the X.500 IWPS offers. Usually they offer lookups in the IWPS based on the following user input:

• The name of a person
• The name of an organization this person can be related to
• The name of a country

As a result they will provide the publicly available information about the person in question. Most user interfaces offer the possibility to list organizations in a country and users in an organization to help users to make their choice for the input. It may also be possible to use part of the names as input or approximate names.

Specific user interfaces can provide lookups based on other input, like e-mail addresses of people or postal addresses of organizations. Such possibilities may however violate privacy laws. Providers of directory services services may then be held responsible.

The X.500 naming scheme imposes the requirement on an interconnected IWPS that all entries stored in it must have unique names (the "naming scheme"). This is most easily fulfilled by registering all entries in a "naming tree" with a single root; this is the reason why the totality of information in an X.500 IWPS is sometimes referred to as the "Directory Information Tree" or DIT.

Organizations are strongly encouraged to use the X.500 protocol for joining the IWPS. The current service is based on the X.500 1988 standard [8] and some Internet-specific additions to the protocol that connects the local databases [10] and to the access protocol [9]. Organizations should use X.500 software based on these specifications and additionally supports [11] for the transportation of OSI protocols over the Internet.

Organisations may connect to the NameFLOW-Paradise infrastructure with 1988 DSAs that don't implement [10], but they will lack automatic replication of knowledge references. This will be inconvenient, but not a big problem. The 1993 standard of X.500 includes the functionality from [10], but uses a different potocol. Hence organisations that connect to the infrastructure with a 1993 DSA will also encounter this shortcoming. Section 12 "Future developments" explains why the infrastructure doesn't use the 1993 standard for the moment.

For recommendations on which attributes to use in X.500 and how to use them (either for public IWPS information or additional local information the reader is referred to [3] and [4]. For specific non- public local purposes also new attributes (and object classes) may be defined. Generally it should be recommended to use as much as possible the multi-valuedness of attributes in X.500 as this will improve the searching functionality of the service considerably. For example, the organizationalName attribute which holds the name of an organization or the commonName attribute which holds the name of a person should contain all known aliases for the organization or person. In particular it is important to add "readable" variants of all attributes that people are expected to search for, if they contain national characters.

Another recommendation that can be made is that replication of data [10] between local databases is used in order to improve the performance of the service. Since replicating all entries of a part of the IWPS from one local database in another may violate local privacy laws, it is recommended to restrict replication to country and organizational entries and knowledge references (which tell where to go for which part of the IWPS). Of course privacy laws are not violated when the replicating database is managed by the same organization as the one that masters the information. So local replication between two databases within the same organization is highly recommended.

In general replication within one country will usually be less a legal problem than across country borders.

Recommendations for the operation of a database in the X.500 infrastructure can be found in [12].

X.500 is not recommended to be used for:

• A Yellow Pages service with a large scope. See [5].
• Searching outside the limited patterns listed here, in particular searching for a person without knowing which organization he might be affiliated to.
• Publishing information in other character sets than ASCII, some of the Latin-based European scripts and Japanese (the T.61 character sets). While support for these character sets is available in revised versions of X.500, products that support the revision aren't commonly available yet.