[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

AU2007201149A1 - Directory Services System and Methods with Mapping - Google Patents

Directory Services System and Methods with Mapping Download PDF

Info

Publication number
AU2007201149A1
AU2007201149A1 AU2007201149A AU2007201149A AU2007201149A1 AU 2007201149 A1 AU2007201149 A1 AU 2007201149A1 AU 2007201149 A AU2007201149 A AU 2007201149A AU 2007201149 A AU2007201149 A AU 2007201149A AU 2007201149 A1 AU2007201149 A1 AU 2007201149A1
Authority
AU
Australia
Prior art keywords
entry
eid
service
australia
services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2007201149A
Inventor
Richard Hans Harvey
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CA Inc
Original Assignee
Computer Associates Think Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2003201337A external-priority patent/AU2003201337A1/en
Application filed by Computer Associates Think Inc filed Critical Computer Associates Think Inc
Publication of AU2007201149A1 publication Critical patent/AU2007201149A1/en
Abandoned legal-status Critical Current

Links

Landscapes

  • Facsimiles In General (AREA)
  • Telephone Function (AREA)

Description

16/03 2007 FRI 12:15 FAX Smoorenburg Attorneys AUSTRALIA Lj0/1 R003/113 P100101 128/5191 Regulation 3.2(2)
AUSTRALIA
Patents Act 1990 COMPLETE SPECIFICATION STANDARD PATENT Application Number Lodged: Invention Title: DIRECTORY SERVICES SYSTEM AND METHODS WITH MAPPING The following statement is a full description of this invention, including the best method of performing It known to :-us COMS IDWN:SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:15 FAX Smoorenburg Attorneys IP AUSTRALIA 1004/113 1 DIRECTORY SERVICES SYSTEM AND METHODS WITH MAPPING
FIELD
The present invention relates to the field of directory services. In particular, the present invention is directed to application of X.500, LDAP and similar services to a relational database, a database design and use of the database to perform X.500 services.
One aspect of the invention relates to implementing directory services, such as X.500 or LDAP services in an SQL environment. Furthermore, an aspect of invention relates to method(s) of interrogating logical design tables, as disclosed herein.
Other aspects of the present disclosure are directed to an implementation using a RDBMS (Relational Database Management System) and also a table structure and methods of operation of a database application.
PRIOR ART X.500 is the International Standard for Electronic Directories [CCITT89] or [1TU93]. These standards define the services, protocols and information model of a very flexible and general purpose directory. X.500 is applicable to information systems where the data is fairly static telephone directory) but may need to be distributed across organisations or countries), extensible store names, addresses, job titles, devices etc.), object oriented to enforce rules on the data) and/or accessed remotely.
Relational Database Management System (RDBMS) provide facilities for applications to store and manipulate data.
Amongst the many features that they offer are data integrity, consistency, concurrency, indexing mechanisms, query optimisation, recovery, roll-back, security. They also provide many tools for performance tuning, import/export, backup, auditing and application development.
RDBMS are the preferred choice of most large scale managers of data.
They are readily available and known to be reliable and contain many useful management tools. There is a large base of RDBMS installations and therefore a large amount of existing expertise and investment in people and procedures to run these systems, and so data managers are looking to use this when acquiring COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:16 FAX Smoorenburg Attorneys IP AUSTRALIA Q005/113 2 new systems. Most relational database products support the industry standard SQL (Structured Query Language).
There has also been a move towards Object Oriented systems which provide data extensibility and the ability to handle arbitrarily complex data items.
In addition, many corporations and government departments have large numbers of database applications which are not interconnected. Data managers are looking for solutions which enable them to integrate their data, and to simplify the management of that data. X.500 and it's associated standards provide a framework and a degree of functionality that enables this to be achieved. The fact that X.500 is an international standard means that data connectivity can be achieved across corporations and between different countries.
The problem, therefore, is to address the need of data managers and implement X.500 with all the flexibility of object-oriented systems but using an SQL product so that it can achieve the scalability and performance inherent in relational systems coupled with the stability, robustness, portability and costeffectiveness of current SQL products.
There have been a number of attempts of solving the above problem and over a considerable period of time. None of the attempts have resulted in a product which has proven to be commercially accepted by the market, and thus in the market place there is a long felt need yet to be addressed.
Figure 1 shows an abstract from the "GOSIPNews" issue No. 4, dated April 1994 (Source: "Interoperability Products" distributed in Australia by the Centre for Open Systems) and which lists X.500 products currently available.
None of these products use a SQL database as an underlying data store, and none of these products therefore address successfully the market need of implementing X.500 using an SQL RDBMS.
The Proceedings of IFIP WG6.6 International Symposium (ISBN: 0444 889 167) have published a paper presented by Francois Perruchond, Cuno Lanz, and Bernard Plattner and entitled "A Relational Data Base Design for an X.500 Directory System Agent". The Directory System disclosed, as with many prior art systems, is relatively slow in operation, particularly where the database is COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:16 FAX Smoorenburg Attorneys IP AUSTRALIA A006/113 3 relatively extensive and is incomplete in its implementation of X.500, such as aliases, subsearch and entry information.
Another attempt is disclosed in the proceedings of IREE, ISBN 0909 394 253, proceedings April 22-24, 1991 by C.M.R. Leung. In that disclosure, there is described a database scheme in which a single entry table holds detailed information about each directory object, and is also incomplete in its implementation of X.500.
This approach has been discredited by a number of text books and knowledge in the art, such as "Object-Oriented Modelling and Design" by J.
Rumbaugh, et al, 1991, ISBN 0-13-630054-5, in which at paragraph 17.3.8 it is clearly stated that "putting all entities in the one table is not a good approach to relational database design".
As noted above, there have been a number of attempts made to address prior art problems, but none of the attempts have resulted in a product which has proven to be commercially accepted by the market. Of interest in this disclosure, are the solutions to problems associated with the implementation of directory services, such as X.500 and LDAP in a SQL environment, and the solutions to problems associated with interrogating system design(s) that may attempt to implement directory services in the SQL environment.
SUMMARY OF INVENTION An object of the present invention is to address problems associated with the implementation of directory services, such as X.500 and LDAP in a SQL environment, and problems associated with interrogating system design(s) provided to implement directory services in the SQL environment. The present invention is directed, in one aspect, to a method and apparatus for interrogating logical design tables that are arranged as disclosed herein. The logical design is only one example (but not the only example) of implementation of a system design enabling the provision of directory services, such as X.500 and LDAP, using SQL based products.
Another aspect of the present invention, involves a method of creating one or more SQL commands corresponding to a directory service, the method including the steps of: COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:17 FAX Smoorenburg Attorneys IP AUSTRALIA Qo7/113 4 i. determining the directory service, ii. applying a process of name resolution to the service, iii. executing a procedure corresponding to the service, and iv. building an error or result in response to step iii.
Preferably, one or more service controls are applied to the above method.
Yet another aspect of the present invention involves a plurality of table designs, arrangements and related functions.
A further aspect of the present invention concerns a method and apparatus for implementing directory services using SQL based technology.
In another aspect, the present invention provides for caching the attribute table thereby limiting SQL statements issued to the database.
Another aspect of the present invention concerns a method and apparatus for performing a validation in memory.
Another aspect of the present invention concerns a method and apparatus for building a dynamic SQL equivalent of an arbitrary filter and for applying that arbitrary filter to a database.
Another aspect of the present invention concerns a method and apparatus for establishing and utilising set orientation queries of SQL.
Another aspect of the present invention concerns a method and apparatus for arranging a table with a plurality of columns and for defining one such column as a FLAG column in order to enhance extensibility. In another aspect, the present invention provides a FLAG column as a 'summary' function of contents of a table.
Another aspect of the present invention concerns a method and apparatus for arranging a table, having a plurality of columns, so that it supports inclusion of aliases and, in particular, for providing for caching of the aliases.
Another aspect of the present invention concerns a method and apparatus for arranging a table with a plurality of columns and for defining one such column as a LEV column in order to shorten indexes on each table.
In another aspect, the present invention provides a directory service system including any one of the methods noted above. Preferably, the directory service is X.500 or LDAP.
COMS ID No: SBMI-06645568 Received by IP Australia: lime 13:00 Date 2007-03-16 16/03 2007 FRI 12:17 FAX Smoorenburg Attorneys IP AUSTRALIA Q008/113 A detailed description of the present invention can be found at least in the section entitled summary of invention, and in section numbers 3 (Conceptual Methods) and 5 (Logical Methods) of the description of the preferred embodiments section.
With regard to the remainder of the. specification as a whole, in general, it discloses a number of other inventions related to the implementation of X.500 services in a RDBMS which supports SQL or any other relational language.
X.500 services can be invoked via a number of protocols, such as X.500 and
LDAP.
The scope of the present invention is outlined in this specification, including the claims.
In this document, at the time of filing, SQL is the most popular relational language and although it is only one form of relational language, the intent of the present invention is to have application to any other form of relational language, not just SQL.
These inventions can be related to the following headings: 1. Principle Design 2. Conceptual Design 3. Conceptual Method(s) 4. Logical Design Logical Method(s) 6. Physical Design 7. Example Implementation The X.500 standard in no way dictates how the directory is to be implemented, only its capabilities and behaviour. One key to solving the implementation problem is the realisation that X.500 defines a fixed set of services Add, Modify, Search etc.) that can operate on arbitrary data.
It has been discovered that problems associated with the prior art may be alleviated by a unique approach, by what may be described as inverting relational theory modelling from a data modelling approach to a service modelling approach. That is, from the problem of: COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:18 FAX Smoorenburg Attorneys IP AUSTRALIA Q009/113 6 processing arbitrary queries on a fixed set of data to the present approach of processing arbitrary data using a fixed set of queries/services.
Each service is modelled (instead of each data type) and the relationships between each service defined (instead of the relationships between each data type).
Implementation of service modelling using relational queries to satisfy X.500 services enables benefits of RDBMS to be exploited.
The benefits of this approach are many. A summary is illustrated in Figure 3. Some of the benefits include: relatively fast starting time.
the ability to reduce memory requirements relative to memory resident systems.
the ability to base X.500 on any SQL database and thereby protect the investment in products, expertise and procedures in managing existing systems.
the ability to achieve performance relatively independent of size and relatively independent of the complexity of the data type. Every data type is treated generically. Every data type has an index on it. The result of indexing gives the ability to efficiently search the directory without caching large portions of directory into memory. Unlike the prior art where either only one index can be used to satisfy one given query or large portions of information is system intensively cached and searched in memory.
the ability to support different languages Spanish, Hebrew and Kanji) which may have various collating sequences. Single, double or other byte character sets may also be supported.
using a disk based model to minimise I/O and efficiently retrieve I/O.
the ability to service complex X.500 searches.
the ability to create X.500 databases of far greater size than previously possible, without compromising performance or robustness. The databases can be small or large (250,000, 1 million or more entries).
an optimal table design minimises wastage of disk space.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:18 FAX Smoorenburg Attorneys IP AUSTRALIA o010/113 7 the ability to leverage off hundreds of man years of relational database developments and use "industrial strength" databases with proven reliability, integrity, security and tools for developing high performance applications.
Based on this unique approach, the following disclosure will detail a number of inventions in an order with reference to Figures 2A and 2B, which illustrates schematically an overview of the present X,500 system. The table and column, names, order of columns and numeric values disclosed are given on an arbitrary basis in the overview. The number of columns disclosed represent a preferred operable requirement. Additional columns do not alter the use of the table as herein contemplated.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is an illustration of a table which lists X.500 products currently available, none of which use a SQL data base as an underlying data store.
Figure 2A is an illustration schematically of an overview of the present invention, particularly the principal design and the corresponding conceptual design, as applied to the provision of a table structure for an X.500 system.
Figure 2B is an illustration schematically of an overview of the present invention, particularly the logical design and the corresponding physical design, as applied to the provision of a table structure for an X.500 system.
Figure 3 is an illustration of a pie chart that provides a summary representation of the benefits of implementing service modelling using relational queries to satisfy X.500 services.
Figure 4 is an illustration of a hierarchy within a hypothetical organisation, arranged as a tree, that is used to explain the services that may be provided according to the present invention.
Figure 5 is an illustration'of a hierarchy within a hypothetical organisation, arranged as a tree, that has an alias referencing a different branch of the tree, according to the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS 1. PRINCIPAL DESIGN COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:18 FAX Smoorenburg Attorneys IP AUSTRALIA Q011/113 8 The X.500 prior art attempts at implementation have been unable to overcome the relatively basic structural and operational differences between the X.500 requirements and functionality and SQL. The X.500 standard has a particular structure by nature, whereas SQL is designed to operate on relational structured tables.
For a typical relational database application, the nature of data is well known, i.e. tables will consist of a number of columns and each column contains data relating to a particular data type (see Table B1). The different data types that can be stored is limited to the columns of the table. The data types are also limited to the types supported by the database string, numeric, money, date). The database may also store data of a form not understood by the database per se, but understood by the application e.g. binary data.
Name Surname Title Phone Chris MASTERS Sales Manager 03 727-9456 Alana MORGAN Sales Support 03 727-9455 Table B1: Employee Table If a new data type needs to be added mobile) then a new column will have to be added to the table. This can cause problems if data table changes are not easy to implement. Also if the new data type is not well used less than 1% of the organisation) then significant redundant data storage may result.
See Table B2.
Name Surname Title Phone Mobile Chris MASTERS Sales Manager 03727-9456 018 042671 Alana MORGAN Sales Support 03 727-9455 Table B2: Employee Table In essence, one invention in the application of X.500 resides in overcoming the extensibility by representing the X.500 attributes of the prior art: empl name age salary as described above, as type syntax value, COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:19 FAX Smoorenburg Attorneys IP AUSTRALIA Q012/113 9 the latter representation being an extensible representation and is thus adapted to implementation with SQL. The latter representation is known as meta-data.
The meta-data "value" may be binary.
A further development based on the above principle design is the adaption of the 'principle design' to X.500. This adaption has been realised by the provision of a 'property table', in which object name and parent name is added to the 'principle design'.
Further benefits accrue from the implementation disclosed above; including: a. independence of complexity of filter the implementation disclosed may utilise a query optimiser provided in SQL, and therefore there is no need to replicate a query optimiser in each proprietary database to which the present invention is applied, b. independence of size the implementation disclosed has the ability to be scaled, c. independence of depth of tree the implementation disclosed has hierarchy comparability, d. performance if index is put on the type column, then each and every type is indexed.
202. CONCEPTUAL DESIGN The prior art has had difficulty in implementing X.500 as it has not been structured for extensibility, object oriented and hierarchy which are requirements of X.500.
This is addressed, in one form, by functionally decomposing the 'property table' and thus resulting in what is called the Conceptual Design.
The conceptual design resides in providing at least one of: 1. Attribute table, where extensibility is addressed by allowing the definition of a new attribute type in this table by adding a row to the table; 2. Object table, which defines the attributes within each object; and/or 3. Hierarchy table, which defines the relationship between the objects.
in another invention, this problem is addressed by providing table structures in accordance with those disclosed in Figures 2A and 28.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:19 FAX Smoorenburg Attorneys IP AUSTRALIA 013/113 Yet further inventions reside in addressing problems of data tolerance by providing in the present X.500 system for the replacement of the 'value' column of the object table with value 'norm' and value 'raw' columns and/or replacing the RDN column in the hierarchy table with 'name norm' and 'name raw' columns.
Further, the difficulty in prior art of accommodating aliases is addressed in the present X.500 system by providing an 'alias' column in the hierarchy table.
The 'alias' column is flagged to indicate that, that entry is an alias.
Further refinement may be provided by replacing the 'alias' column with alias and A-EID columns. The A-EID provides information about where the alias points.
Still further refinement may be provided by replacing the 'parent' column in the hierarchy table with 'parent' and 'path' columns.
The 'path' addresses the problem of implementing X.500 search, with aliases and subtrees. The 'path' has at least two unique properties: a) to determine the absolute position in the hierarchy; and b) it is used to determine if an entry is in a given subtree by its prefix.
3. CONCEPTUAL METHOD A number of unique methods of interrogating the conceptual design are disclosed in the detailed description following, including: a) mapping the X.500 services into a sequence of SQL statements; b) the search strategy is to apply the filter over the search area using the path or parent columns, and/or; c) in dealing with aliases during navigation where an alias points is cached In the A EID column; d) in dealing with alias during search find the unique set of base objects which define areas of the tree that need to be searched, and then apply b) above to each area of the tree.
A further invention is realised by using the attribute table for incoming data to find the AID from the X.500 object ID and outgoing data read from the database, vice versa.
Furthermore, for any incoming distinguished name, it is navigated to its appropriate EID, then each search is performed as required by X.500.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:20 FAX Smoorenburg Attorneys IP AUSTRALIA 1014/113 11 Still furthermore, for a search, filter and subtree searches can be provided by a single pass resolution and using the path column. One invention is to utilise a 'path' field to simultaneously apply an arbitrary filter over an arbitrary subtree.
The complications of aliases is handled by applying the above method to a uniquely resolved subtree.
Yet another unique method is to store the "path" of each entry as a string.
Each path will then be prefixed by the path of its parent entry. This is useful for the filter in the search service.
4. LOGICAL DESIGN The logical design is based on a service decomposition of the conceptual design, though the realisation that X.500 service components are independent.
The advantages accruing from this include: 1. Reduces the number of indexes per table, as more tables are provided. It has been found that primary indexes are most efficient (speed, size) and secondary indexes may have large overheads (speed, size).
2. Enable data in tables to be clustered. Clustering occurs as a result of its primary key (storage structure) and thus data may be organised on disk around its key. E.g. for the 'search' table, surnames may be clustered together.
3. Management smaller tables are easier to manage, e.g. faster to update indexes, collect statistics, audit, backup, etc.
4. Reduced 1/0 speed improvements due to smaller rows, means more rows per page and thus operations perform less I/O's.
LOGICAL METHODS A number of unique methods of interrogating the logical design tables are disclosed in the detailed description following.
In addition, one method resides in caching the attribute table. Thus, (with the exception of initial loading) no SQL statements are issued to the database. In the present X.500 system, conversions are performed in memory. This provides a substantial speed advantage.
Further, validation is performed in memory which avoids database rollback. Roll-backs are time and system consuming.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:20 FAX Smoorenburg Attorneys IP AUSTRALIA 9015/113 12 Still further, for the arbitrary filter, a dynamic SQL equivalent is built. This enables arbitrary complexity in X.500 searches.
Also for search results, the present system utilises set orientation queries of SQL to avoid 'row at a time' processing. Thus search results may be assembled in parallel in memory.
6. PHYSICAL DESIGN New tables and new columns are introduced to overcome column width and key size restrictions and to achieve space optimisations.
The following text is a disclosure of embodiments of the inventions outlined: 1. PRINCIPLE DESIGN With reference to Figure 2A, the principle design addresses the basic problem of representing the extensible, object oriented and hierarchical nature of X.500 in relational tables. In this section it will be disclosed (with examples) that the principle table design can be represented by a single table as shown in Table 1 below.
obiect name I parent name type Isyntax Ivalue Table 1 X.500 Property Table Throughout this and the following sections all column names and their positions in each table are arbitrary. The intent is to define what they contain and how they are used.
1.1 Extensibility For a typical relational database application, the nature of data is well known, tables will consist of a number of columns and each column contains data relating to a particular data type (see Table 1.1a). The table is self descriptive, i.e. the relations between data items is implied by being on the same row (this is the basis of relational theory).
name surname title phone Chris MASTERS Sales Manager 03 727-9456 Alana MORGAN Sales Support 03 727-9455 Table 1.1 a -Typical relational table COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:21 FAX Smoorenburg Attorneys IP AUSTRALIA ?016/113 13 However, the above approach is not extensible because the number of different data types is limited to the number of columns of the table. If a new data type needs to be added mobile phone number) then a new column will have to be added to the table (see Table 1.1b). Any application accessing this table will need to be updated to explicitly query it.
name surname title phone mobile Chris MASTERS Sales Manager 03727-9456 018 042671 Alana MORGAN Sales Support 03727-9455 Table 1.1b Relational table with an extra column Other problems also exist in practice. If the new data type is not well used less than 1% of the organisation has a mobile phone) then the table will be sparse if a given person does not have a mobile then that row/column entry will be NULL). Also, the data types are limited to the types supported by the database string, numeric, money, date, etc.).
The solution is to treat the data types as generic. The present invention adopts the method of representing arbitrary attributes XOM [X/OPEN Object Management] API [Application Programming Interface]) as a type, syntax, value combination (see Table 1.lc) type syntax value Name String Chris Surname String
MASTERS
Title String Sales Manager Phone Numeric 03 727-9456 Mobile Numeric 018042671 Table 1.lc Representing arbitrary attributes 1.2 Object Oriented X.500 defines objects people, organisations, etc.) which may contain an arbitrary number of "attributes". Since many objects must appear in the table a mechanism is required to distinguish each object. An "object name" column is added to the table for this purpose (see Table 1.2a).
object name type syntax value Chris Masters Name String Chris Chris Masters Surname StringMASTERS Chris Masters Title String Sales Manager Chris Masters Phone Numeric 03 727-9456 COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:21 FAX Smoorenburg Attorneys IP AUSTRALIA l017/113 Chris Masters Mobile Numeric 018 042671 Alana Morgan Name String Alana Alana Morgan Surname String MORGAN Alana Morgan Title String Sales Support Alana Morgan Phone Numeric 03 727-9455 Table 1.2a Representing objects with arbitrary values The above method allows any number of attributes to be assigned (related) to an entry. These attributes could be of arbitrary complexity a multi-line postal address could be handled). As the number of columns is fixed new attributes can be added to any object without having to redefine the application. If a new attribute is added then an application that reads the entry will get back an extra row.
1.3 Hierarchical A method of representing hierarchical systems parts explosion) is to use a parent/child combination (see Table 1.3a) arent child car engine car fuel system engine carburettor engine pistons carburettor fuel valve carburettor air valve Table 1.3a Parts explosion hierarchy X.500 defines its objects to be hierarchical. The relationships between objects follow a tree structure where each object has a parent object and each parent can have zero or more children. This relationship can be represented in a general PROPERTY table by the addition of a "parent name" column, which is used to store the name of the parent object (see Table 1.3b).
object name parent name type syntax value Datacraft root Organisation String Datacraft Datacraft root Address Postal Address PO Box 353 Croydon VIC Chris Masters Datacraft Name String Chris Chris Masters Datacraft Surname String MASTERS Chris Masters Datacraft Title String Sales Manager COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:22 FAX Smoorenburg Attorneys IP AUSTRALIA 018/113 Chris Masters Datacraft Phone Numeric 03 727-9456 Chris Masters Datacraft Mobile Numeric 018 042671 Alana Morgan Datacraft Name String Alana Alana Morgan Datacraft Surname String MORGAN Alana Morgan Datacraft Title String Sales Support Alana Morgan Datacraft Phone Numeric 03 727-9455 Figure 1.3b X.500 Property Table Note that the root of the tree has no parent. Thus, if both Chris and Alana work for Datacraft and Datacraft is a child of the root then we can say that Chris and Alana are children of Datacraft and that Datacraft is the parent of Chris and Alana.
2. CONCEPTUAL DESIGN In Section 1 it was shown that a single Property Table could represent the extensible, object oriented and hierarchical nature of X.500 (see Table 2a).
object name parent name type syntax value Table 2a Property Table With reference to Figure 2A in this section it will be shown that full X.500 functionality can be represented by using three tables as shown below (see Table 2b and Figure 2A).
Hierarchy Table I EID I Parent Path I Alias I A_EID I NameNorm I NameRaw__ Object Table EID AID VID Disting ValueNorm ValueRaw Attribute Table AID Type Syntax Objectld Table 2b Full Conceptual Design The conceptual design addresses major problems with implementing full X.500 functionality in relational tables. As each major design issue is presented, examples are provided to illustrate the solution.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:22 FAX Smoorenburg Attorneys IP AUSTRALIA o019/113 16 2.1 Functional Decomposition The Property Table (Figure 2A) can be decomposed into separate tables that reflect the hierarchical, object oriented and extensible nature of X.500, preferably as follows; a Hierarchy Table which defines the structural relationship between objects.
an Object Table which defines the attribute values within each object.
an Attribute Table which defines the different attribute types.
These tables result from a process called functional decomposition.
To address the problem of correlating the relationships between tables, arbitrary numeric identifiers are introduced. The EID or "entry identifier" correlates each object with its hierarchy information. The AID or "attribute identifier" correlates each value in the object table with its attribute information.
The design is considered very efficient because the repeating groups in the Property table (type-syntax and object name-parent name) have been removed. Also, for SQL, the joining columns are simple integers.
Hierarchy Table EID Parent Name 0 Datacraft 10 Chris Masters 31 10 Alana Morgan Object Table EID AID Value 10 Datacraft 16 PO Box 123 CROYDON 3 Chris 4 MASTERS 12 Sales Manager 20 03 727-9456 31 3 Alana 31 4 MORGAN 31 12 Sales Support 31 20 03 727-9455 COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:22 FAX Smoorenburg Attorneys IP AUSTRALIA a020/113 Attribute Table AID Type Syntax 3 Name string 4 Surname string Organisation string 12 Title string 16 Postal Address address string Phone telephone string Table 2.1 Basic Conceptual Design 2.2 X.500 Attributes X.500 attributes have a protocol identifier which is transferred when any data is communicated between end systems. These identifiers are internationally defined and are called OBJECT IDENTIFIERS 2.5.4.4 means a surname string). Thus an "Objectld" column can be added to the Attribute table so that conversions between X.500 object identifiers and the internal attribute identifiers can be performed.
In addition, X.500 allows an attribute to have an arbitrary number of values the mobile phone could be treated just as a second telephone number).
Thus a "value identifier" or VID is introduced to identify values within an attribute in the Object Table.
Hierarchy Table EID Parent Name 0 Datacraft 10 Chris Masters 31 10 Alana Morgan Object Table EID AID VID Value 10 1 Datacraft 16 1 PO Box 123 CROYDON 3 1 Chris 4 1 MASTERS 12 1 Sales Manager 20 1 03 727-9456 20 2 018042671 31 3 1 Alana 31 4 1 MORGAN 31 12 1 Sales Support 31 20 1 03 727-9455 COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:23 FAX Smoorenburg Attorneys IP AUSTRALIA Q021/113 18 Attribute Table AID Type Syntax Objectid 3 Name string 2.5.4.3 4 Surname string 2.5.4.4 Organisation string 2.5.4.10 12 Title string 2.5.4.12 16 Postal Address address string 2.5.4.16 Phone telephone string 2.5.4.20 Table 2.2 Conceptual Design with X.500 attributes 2.3 X.500 Names In X.500, each entry uses one or more of its attribute values (Distinguished Values) for naming the entry. A "Disting" column is added to the Object Table to flag the distinguished values.
The Distinguished Values combine to form a Relative Distinguished Name (RDN) which names the entry. The "Name" column in the Hierarchy table stores the RDN. This is an optimisation that negates the need for the RDN to be constructed from the distinguished values in the Object table.
An entry is uniquely named by a Distinguished Name (DN) which consists of all the RDN's of the of its ancestors down from the root and the RDN of the object itself. An innovation is to add a "path" column to the Hierarchy table which defines the absolute position of the entry in the tree as a list of EID's. The path has three important properties; 1) enables fast construction of DN's, (the EID list defines all the RDN's) 2) enables fast subtree searches (see Conceptual Methods), 3) it is independent of its DN (any of the RDN's in the DN can be renamed without affecting the path).
Hierarchy Table EID Parent Path Name 0 10. Datacraft 10 10.30. Chris, MASTERS 31 10 10.31. Alana, MORGAN COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:23 FAX Smoorenburg Attorneys IP AUSTRALIA R022/113 Object Table EID AID VID Disting Value 10 1 1 Datacraft 16 1 0 PO Box 123 CROYDON 3 1 1 Chris 4 1 1 MASTERS 12 1 0 Sales Manager 20 1 0 03727-9456 20 2 0 018042671 31 3 1 1 Alana 31 4 1 1 MORGAN 31 12 1 0 Sales Support 31 20 1 0 03727-9455 Attribute Table AID Type Syntax Objectid 3 Name string 2.5.4.3 4 Surname string 2.5.4.4 Organisation string 2.5.4.10 12 Title string 2.5.4.12 16 Postal Address address string 2.5.4.16 Phone telephone string 2.5.4.20 Table 2.3 Conceptual Design with X.500 attributes and names 2.4 X.500 Aliases X.500 also has the concept of 'aliases'. An alias object effectively points to another entry and thus provides an alternate name for that entry. Thus an "alias" flag is added to the Hierarchy Table. When an alias is discovered during Navigation the supplied DN contains an alias), then the alias value must be read from the Object Table. This alias DN must be resolved to where the alias points before Navigation of the original entry can continue.
An innovation is to use an "aliased EID" column or A_EID to store "where" the alias "points to". This removes the need to repeatedly navigate through an alias.
Hierarchy Table EID Parent Path Alias A_EID Name 0 10. 0 0 Datacraft 10 10.30. 0 0 Chris, MASTERS 31 10 10.31. 0 0 Alana, MORGAN 35 10 10.35. 1 31 Support Engineer COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:24 FAX Smoorenburg Attorneys IP AUSTRALIA Q023/113 Object Table EID AID VID Disting Value 10 1 1 Datacraft 16 1 0 PO Box 123 CROYDON 3 1 1 Chris 4 1 1 MASTERS 12 1 0 Sales Manager 20 1 0 03 727-9456 20 2 0 018042671 31 3 1 1 Alana 31 4 1 1 MORGAN 31 12 1 0 Sales Support 31 20 1 0 03 727-9455 4 1 1 Support Engineer 7 1 0 Datacraft/Alana,Morgan Attribute Table AID Type Syntax Objectid 1 Alias Name Distinguished Name 2.5.4.1 3 Name string 2.5.4.3 4 Surname string 2.5.4.4 Organisation string 2.5.4.10 12 Title string 2.5.4.12 16 Postal Address address string 2.5.4.16 Phone telephone string 2.5.4.20 Table 2.4 -Conceptual Design with X.500 attributes, names and aliases X.500 Data Tolerance Every X.500 attribute has a (internationally defined) syntax. X.500 attribute syntaxes define how each attribute should be treated. In all string syntaxes Printable, Numeric etc.) superfluous spaces should be ignored. In some syntaxes the case is not important Case Ignore String and Case Ignore List) and so the names "Chris Masters", "Chris MASTERS" and ChRis MaSTeRS are considered identical.
In order to do comparisons search for a particular value), the syntax rules can be applied to create a normalised form "CHRIS MASTERS"). If this normalised form is stored in the database, then any variations in input form are effectively removed, and exact matching can be used (which is necessary when using SQL).
Both the normalised data and "raw" data are stored in the database. The "raw" data is necessary so that users can retrieve the data in exactly the same COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:24 FAX Smoorenburg Attorneys AUSTRALIA ij2/1 IM024/113 91 format as it was originally input. As per the X.500 and LDAP standard, data received from a user, raw data, accords with ASN.1 (Abstract Syntax Notation Thus the "Name" column in the Hierarchy Table becomes the "NameRaw" and a "NameNorm" column is added. Similarly, the "Value" column in the Object Table becomes the "ValueRaw" and a "ValueNorm" column is added.
Hierarchy Table EID Parent Path Alias A EID !1NameNorm Nameflaw 0 10. 0 0 DATACRAFT Datacraft 10 10.30. 0 0 CHRIS, MASTERS Chris, MASTERS -31 10 1 G.31. 0 0 ALANA, MORGAN Alana, MORGAN 10 10.35. 1 31 SUPPORT ENGINEER Supprt Engineer Object Table EID AID VI D Disting ValueNorm ValueRaw 10 1 1 DATAC RAFT Datacraft 16 1 0 PO BOX 123 CROYDON PO Box 123 CROYDON 3 1 1 CHRIS Chris 4 1 1 MASTERS MASTERS 12 1 0 SALES MANAGER Sales Manager 20 1 0 037279456 03 727-9456 20 2 0 018321435 018042671 31 3 1 1 ALANA Alana 31 4 11 1 MORGAN MORGAN 31 12 1 0 SALES SUPPORT Sales Support 31 20 1 0 037279455 03 727-9455 4 1 1 SUPPORT ENGINEER Support Engineer 7 1 0 DATACRAFT ALANA Datacraft/Alana,Morgan S~~~~MORGAN 3 Attribute Table AID Type Syntax Objectid 1 Alias Name Distinguished Name 2.5.4.1 3 Name Case Ignore String 2.5.4.3 4 Surname Case Ignore String 2.5.4.4 Organisation Case Ignore String 2.5.4.10 12 Title Case Ignore String 2.5.4.12 16 Postal Address Case Ignore List 2.5.4.16 Phone Telephone String 2.5.4.20 Table 2.5 Full Conceptual Design COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:25 FAX Smoorenburg Attorneys IP AUSTRALIA 1025/113 22 3. CONCEPTUAL METHODS This section iniroduces the basic X.500 services and shows how the conceptual table design, shown in Table 3a or Figure 2A, is sufficient to implement X.500 services and their complexities.
Hierarchy Table EID Parent Path Alias A_EID I NameNorm NameRaw Object Table EID AID VID Disting I ValueNorm I ValueRaw Attribute Table AID T Type Syntax I ObjectlD Table 3a Conceptual Table Design The example hierarchy shown in Table 3b, as seen in Figure 4, will be used to illustrate these services. Each name in the diagram represents an object entry in the database. The triangle represents an alias entry, and the dotted line represents the connection between the alias entry and the object that it points to.
The numbers next to each entry are the entry EID's.
In the example, entry has an RDN with a value of "Datacraft", entry "11" has an RDN with a value of "Sales", entry "20" has an RDN with a value of "Network Products" and entry "31" has an RDN with a value of "Alana Morgan".
The DN of entry "31" is made up of a sequence of RDN's, namely, ""Datacraft", "Sales", "Network Products", "Alana Morgan".
The alias entry "Datacraft/Networks" points to the entry "Datacraft", "Sales", "Network Products". When navigating to this entry the navigate process would find the alias entry, then find the DN of the object pointed to by the alias and then navigate from the root to the object entry returning an EID of "20" and a path of "1.11.20.".
Listed below are sample tables which show how data is stored. The Hierarchy table (Table 3c) shows how the entries for the example hierarchy are stored. The Attribute table (Table 3e) shows attributes which are contained in the entry "Datacraft/Sales/Network Products/Chris Masters". The Object table (Table 3d) shows how the values of these attributes are stored.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:25 FAX Smoorenburg Attorneys IP AUSTRALIA Q026/113 EID Parent Path Alias A EID NameNorm NameRaw 1 0 1. 0 0 DATACRAFT [Datacraft] 1 1.10. 1 20 NETWORKS [Networks] 11 1 1.11. 0 0 SALES [Sales] 12 1 1.12. 0 0 MARKETING [Marketing] 11 1.11.20. 0 0 NETWORK PRODUCTS [Network Products] 20 1.11.20.30. 0 0 CHRIS MASTERS [Chris Masters] 31 20 1.11.20.31. 0 0 ALANA MORGAN [Alana Morgan] 32 20 1.11.20.32. 0 0 PETER EVANS [Peter Evans] Table 3c: Sample Hierarchy Table EID AID VID Disting ValueNorm ValueRaw 3 0 1 CHRIS [Chris] 4 0 1 MASTERS [Masters] 12 0 0 SALES MANAGER [Sales Manager] 20 0 0 03 727 9456 727-9456] 20 1 0 018042671 [(018) 042 671] Table 3d: Sample Object Table AID Type Syntax ObjectlD 3 commonName caselgnoreString 2.5.4.3 4 surname casel noreString 2.5.4.4 12 title caselgnoreString 2.5.4.12 telephoneNumber telephoneNumber 2.5.4.20 Table 3e: Sample Attribute Table Distinguished Names For the entry shown in the sample Object Table (Table 3d) two of the attributes, commonName and surname, are distinguished values (or naming values) which combine to form the RDN for the entry. This RDN is stored in the Hierarchy Table.
Multi-valued Attributes In X.500, it is permissible for an attribute to be multi-valued. The VID column is used to distinguish between values for an attribute. In the sample Object Table, the telephoneNumber attribute is multi-valued.
3.1 Mapping Services to SQL 3.1.1 Attribute Types and Values Any data supplied by an X.500 service is supplied as a list of Objectld's and their associated values. These must be converted into AID's (using the Attribute table) and normalised values (using the Object table) for use by the COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:26 FAX Smoorenburg Attorneys IP AUSTRALIA Q027/113 24 X.500 application. The database returns data as AID's and Raw Values, which must then be converted into Objectld's and their associated values in the X.500 result.
3.1.2 Navigation Each X.500 service supplies a Distinguished Name which is converted into an EID for use by the X.500 application. When the application processes a service it returns one or more EID's. These EID's can then be translated back into Distinguished Names in the X.500 result.
All X.500 services rely on navigating the directory tree. To navigate to a particular entry, the following procedure is performed: Given the DN for the entry, locate the entry in the hierarchy table which has an RDN equal to the first RDN in the DN.
Store the EID.
Recursively, locate the entry which has an RDN equal to the next RDN in the DN and a parent equal to the stored EID.
Example Navigate to the entry "Datacraft/Sales/Network Products/Peter Evans".
This will result in a number of select statements, with each returned EID being used as the value of the PARENT in the next statement.
select EID from HIERARCHY where PARENT 0 and RDN "DATACRAFT" select EID from HIERARCHY where PARENT 1 and RDN "SALES" select EID from HIERARCHY where PARENT 11 and RDN "NETWORK PRODUCTS" select EID from HIERARCHY where PARENT= 20 and RDN "PETER EVANS" 3.1.3 Read Selected attributes to be read can be supplied. Only the values of these attributes (if they are present in the entry) will be returned.
'Types only' can be selected as a read option, in which case no values will be returned. All types present in the entry, or those selected, will be returned.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:26 FAX Smoorenburg Attorneys IP AUSTRALIA Q028/113 Navigate to the entry to be read. Store the EID. In the Object Table, read the values of all rows which match the stored EID.
Example Read the entry "Datacraft/HQ/Network Products" and return all types and values.
Navigate to the entry (as in 3.1.2) and then; select AID, VALUERAW from OBJECT where EID 3.1.4 Compare Compare returns a 'matched' or 'not matched' result. A raw value is input but the compare is performed using the normalised value.
Navigate to the required entry. Store the EID. In the Object Table, test for a matching value in all rows which match the stored EID and the specified AID.
Example Compare the telephone Number "03 727 9256" with the entry "Datacraft/Sales/Network Products/Chris Masters".
Navigate to the entry and then; select VALUERAW from OBJECT where EID and AID and VALUENORM "03 727 9456" If a value is selected then return "matched" else return "not matched".
3.1.5 List Navigate to the required entry. Store the EID. In the Hierarchy Table, return the RDN's for all rows with a parent matching the stored EID.
Example List from the entry "Datacraft/Sales".
Navigate to the entry and then; select NAMERAW from HIERARCHY where PARENT 11 COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:26 FAX Smoorenburg Attorneys IP AUSTRALIA @029/113 26 3.1.6 Add Entry Navigate to the required parent entry. Store the EID of the parent. Add a new EID to the Hierarchy table and add rows to the Object table for each value in the new entry.
Example Add a new entry under the entry "Datacraft/Sales/Network Products".
Navigate to the entry and then; insert into OBJECT (EID, AID, VID, DISTING, VALUENORM, VALUERAW) values (33, 3, 1, 1, EDWIN MAHER, Edwin Maher) and insert into HIERARCHY (EID, PARENT, PATH, ALIAS, A-EID, NAMENORM, NAMERAW) values (33, 20, 1.11.20.33.,0,0, EDWIN MAHER, Edwin Maher) 3.1.7 Remove Entry Navigate to the required entry. Check that the entry is a leaf on the tree, check that it has no subordinate entries on the tree). Store the EID.
Remove the entry from the Hierarchy table. In the Object Table, remove all rows which match the stored EID.
Example Remove an entry (with EID 33) under the entry "Datacraft/Sales/Network Products".
Navigate to the entry and then; delete from OBJECT where EID 33 and delete from HIERARCHY where EID 33 3.1.8 Modify Entry Navigate to the required entry. Store the EID. In the Object Table, Add, Remove or Modify rows matching the stored EID.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:27 FAX Smoorenburg Attorneys IP AUSTRALIA 9030/113 27 Example S Modify the entry "Datacraft/Sales/Network Products/Alana Morgan".
Add value title "Branch Manager".
Navigate to the entry and then; select EID, AID, VID, VALUENORM from OBJECT where EID 31 Test the returned rows for an attribute of title. If none exist, the attribute can be added, otherwise the attribute must be checked to see if it can be multivalued and whether it already exists.
Insert into OBJECT (EID, AID, VID, DISTING, VALUENORM, VALUERAW) values (31,12,1,0, BRANCH MANAGER, Branch Manager).
3.1.9 Modify RDN Navigate to the required entry. Check that the new name (RDN) does not exist in the current level of the subtree that the new DN is distinct). Store the EID. Modify the entry in the Hierarchy and Object tables.
Example Modify the RDN of the entry "Datacraft/Sales/Network Products/Chris Masters" to "Christine Masters".
Navigate to the entry and then; select EID from HIERARCHY where PARENT and VALUENORM "CHRISTINE MASTERS" If no entries are returned then the new RDN may be inserted. First set the old RDN to be a non-distinguished value.
update OBJECT set DISTING 0 where EID 30 and VALUENORM "CHRIS" and update HIERARCHY set NAMENORM "CHRISTINE MASTERS" and set NAMERAW "Christine Masters" COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:27 FAX Smoorenburg Attorneys IP AUSTRALIA Q031/113 28 where EID and insert into OBJECT (EID, AID, VID, DISTING, VALUENORM, VALUERAW) values (30, 3, 1, 1, "CHRISTINE", "Christine") 3.2 Search Strategy The most powerful and useful X.500 service is the search service. The search service allows an arbitrary complex filter to be applied over a portion of the Directory Information Tree (the search area).
A filter is a combination of one or more filter items connected by the operators AND, OR and NOT. For example; surname "MASTERS" AND title "SALES MANAGER" S The Search area is the part of the tree that is covered by the scope of the search (base-object-only, one-level or whole-subtree).
One technique for resolving searches is to apply the filter and then to see if any matching entries are in the search area. In this case a filter is applied to the entire tree and EID's for all rows matching the filter are returned. Then, for each EID found, step search up through the hierarchy to see if the entry is a subordinate of the base object the entry has a parent/grandparent/... that is the base object). If the number of matches is large and the subtree small this is very, inefficient. This technique doesn't cope with aliases as an alias is not a parent of the object that it points to and many aliases may point to a single object.
A second strategy is to obtain a list of all EID's in the search area and then apply the filter to these EID's. If an alias is resolved that points outside of the original search area then the subtree pointed to by the alias is expanded and the EID's in that subtree are added to the list. The filter is then applied to the set of expanded EID's. This is very poor if the search area is large.
An innovation is to simultaneously apply the filter over the search area (instead of sequentially as in the two methods described above). This is called single pass resolution. This method is considered to provide considerable performance improvement over the above methods because the rows that are COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:28 FAX Smoorenburg Attorneys IP AUSTRALIA Q032/113 29 retrieved are those that satisfy both the filter and scope requirements of the search.
When performing a one level search the filter is applied to all entries that have a parent equal to the EID of the base object (for example; search where parent 20 will apply the filter to entries 30, 31 and 32).
When performing a subtree search the path is used to expand the search area. The "path" of each entry is a string of numbers "1.10.50.222." which indicates that entry 222 has a parent of 50, a grandparent of 10 and a great grandparent of The path has the unique property that the path of an entry is a prefix of the path of all entries that are subordinate to the entry. That is the path of an entry forms the prefix of the paths of all entries in the subtree below the entry. Therefore when performing a subtree search we obtain the base object of the subtree and then apply the filter to all entries that have a path which is prefixed by the path of the base object (for example; to search for all entries under "Sales" we perform a search where PATH LIKE Base Object Search: Navigate to the base object. Store the EID. In the Object Table, read nominated values from rows which match the stored EID where a filter criteria is satisfied, eg, telephone prefix "727".
Example S Search from the base object "Datacraft/Sales/Network Products" for an entry with surname "MORGAN", using a "base-object-only" search.
Navigate to the base object and then; select AID, VALUERAW from OBJECT where EID 20 and AID 4 and NAMENORM "MORGAN" One Level Search: Navigate to the base object. Store the EID. Return the list of EID's which have a parent EID matching the stored EID (in Hierarchy table) and have values which satisfy the filter criteria (OBJECT table). In the Object Table, read nominated values for the returned EID's.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:28 FAX Smoorenburg Attorneys IP AUSTRALIA Q033/113 Example S Search from the base object "Datacraft/Sales/Network Products" for an entry with surname "MORGAN", using a "one-level-only" search.
Navigate to the base object and then; select H.EID from HIERARCHY H, OBJECT O where PARENT 20 and AID 4 and NAMENORM "MORGAN" and H.EID O.EID then place the EID's returned into an EIDLIST and select AID, VALUERAW from OBJECT where EID in [EIDLIST] Subtree Search: Navigate to the base object. Store the EID. Return the list of all EID's with a path like that of the base object (Hierarchy table) and have values which satisfy the filter criteria (OBJECT table). In the Object Table, read nominated values for the returned EID's.
Example S Search from the base object "Datacraft/Sales/Network Products" for an entry with surname "MORGAN", using a "whole-subtree" search.
Navigate to the base object and then; select H.EID from HIERARCHY H, OBJECT O where PATH like and AID 4 and NAMENORM "MORGAN" and H.EID O.EID then place the EID's returned into an EIDLIST and select AID, VALUERAW from OBJECT where EID in [EIDLIST] 3.3 Aliases and Navigate Aliases are resolved during navigation if the "don't-dereference-alias" flag is not set and the service is not an update service (add, delete, modify, modifyRDN).
When an alias is discovered during navigation the alias must be resolved.
That is, the object that the alias points to must be obtained. First we check the COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:28 FAX Smoorenburg Attorneys IP AUSTRALIA [a034/113 31 A_EID column of the Hierarchy table. If the A_EID is 0 then the object that the alias points to must be obtained from the Object table and this object must then be navigated to and the resultant EID stored in the A_EID column. If this is done successfully then the remainder of the path can be navigated. By storing the EID of the aliased object in the A_EID column of the Hierarchy table it is possible to avoid navigating to aliased objects. This can save time, especially if the aliased object is at a low level of the hierarchy.
3.4 Aliases and Search Aliases are dereferenced during a search if the "search-aliases" flag in the search argument is set. The performance of the search service while dereferencing aliases becomes a two step process. Firstly, define the search area and then apply the filter to the entries within the search area. Aliases dereferenced as part of the search service can expand the search area to which the filter is applied. They also restrict the search area in that any dereferenced aliases are excluded from the search area.
Aliases and OneLevel Search If aliases are being dereferenced as part of a one level search and an alias entry is found then the alias must be resolved (using the Object table or the A_EID). The aliased object is then added to the search area to which the filter is applied. In a oneLevel search where aliases are found the search area will consist of non-alias entries directly subordinate to the base object and all dereferenced aliases.
Aliases and Subtree Search If aliases are being dereferenced as part of a whole subtree search and an alias entry is found then the alias must be resolved (using the Object table or the A_EID) and this EID must then be treated as another base object, unless it is part of an already processed sub tree.
When dereferencing aliases during a search the "Path" column can be used to find alias entries within a subtree join. If an alias entry is found that points outside of the current subtree then the subtree pointed to by the alias can also be searched for aliases. One property of the hierarchical tree structure is that each subtree is uniquely represented by a unique base object subtrees COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:29 FAX Smoorenburg Attorneys IP AUSTRALIA 1035/113 32 do not overlap). When performing a subtree search we build up a list of base objects which define unique subtrees. If no aliases are found then the list will contain only one base object. If an alias is found that points outside of the subtree being processed then we add the aliased object to the list of base objects (unless one or more of the base objects are subordinate to the aliased object in which case the subordinate base object(s) are replaced by the aliased object).
The search area will therefore consist of non-alias entries that have a path prefixed by the path of one of the base objects.
4. LOGICAL DESIGN Whilst the Conceptual Design (see Table 4a) is sufficient to implement the X.500 functionality, further performance improvements can be made.
Hierarchy Table EID Parent Path Alias A_EID NameNorm NameRaw Object Table EID AID VID Disting ValueNorm ValueRaw Attribute Table AID Type Syntax Objectid Table 4a Conceptual Design Performance improvements in conventional relational design can be achieved because assumptions can be made about the data the data is essentially fixed at the time an application is designed. In X.500, none of the data types are known. However performance improvements can still be made because assumptions can be made about the services these are known at the time the X.500 application is designed.
With reference to Figure 2B, one innovative approach is to recognise that each table can be organised around the major service relationships (instead of around the major data relationships in conventional relational design). It shall be shown that the above tables can be decomposed into a number of smaller and more efficient tables as shown below.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:29 FAX Smoorenburg Attorneys IP AUSTRALIA 1036/113 I EID IPARENT IALIAS RDN
NAME
EID RAW
TREE
EID PATH
ALIAS
EID A_EID
SEARCH
EID AID I VID DISTING NORM
ENTRY
EID AID VID RAW
ATTR
AID SYNTAX I DESC OBJECTID Table 4b Logical Design 4.1 Service Decomposition The practical reality for most RDBMS's is that big tables with many columns do not perform as well as smaller tables with fewer columns. The major reasons are to do with indexing options, I/O performance and table management (see Sections 4.5 and This is why prior art relational design techniques aim to focus primary information into separate tables and derive secondary information via table joins normalisation and fragmentation techniques).
One innovation in achieving X.500 performance is to decompose the tables around primary service relationships and derive secondary services via joins. This process is called service decomposition. The following considerations are made: Columns that have strong relationships are preferred to be kept together (to avoid unnecessary joins); COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:30 FAX Smoorenburg Attorneys IP AUSTRALIA Q037/113 34 if the number of significant rows in a given column is independent of the other related columns, then that given column is a candidate for a separate table.
If a column is only used for locating information (input) or only used for returning results (output) then it is a candidate for its own table.
If a column is used as a key for more than one service then it is preferred to be a primary key and therefore in its own table (each table can have only one primary key).
Keys are preferred to be unique or at least strong (non-repetitious).
A first level analysis of column usage is shown in Table 4.1.
X.500 Table EID AID VID Value Value Parent Alias Name Name Path Service Norm Raw Norm Raw Navigate H R S R S R Read O S R R R R
R
Compare O S S S List H S R R Search- O S/R S (S) filter Search S/R R R R R result Add H/O Remove H/O S Modify 0 S S S S__ Modify H/O S S S
S
Table 4.1 Basic column usage Key to symbols in the above table: H Hierarchy table O Object table S Supplied value (used in the SQL for Searching the table) R Returned value (value retrieved from the tables) item may or may not be present depending on the options of the service.
From the above information and further analysis, the Conceptual Design tables can be decomposed into a number of smaller tables as described in the following sections.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:30 FAX Smoorenburg Attorneys IP AUSTRALIA Q038/113 4.2 Hierarchy Table Decomposition The Hierarchy table contains the following columns: EID Parent Path Alias A_EID NameNorm NameRaw Table 4.2a Hierarchy Table The Hierarchy Table contains information about objects and their parents, their names, their absolute positions in the hierarchy and if they are aliases. This table can therefore be split into four tables: DIT, NAME, TREE and ALIAS.
The parent information is used for finding a given child or acting on entries that have a given parent. Finding a given child Parent 0, NameNorm "DATACRAFT") is the basis for Navigation and update checking (checking for the existence of an object before an Add or ModifyRdn). Acting on entries that have a given parent is used during List or OneLevel Search. Thus the DIT (Directory Information Tree) table has information required for Navigation, but allows its PARENT column to be used by other services.
SEID PARENT ALIAS RDN Table 4.2b DIT Table An object is differentiated from its siblings via its Relative Distinguished Name (RDN). RDN's are returned for a List (in conjunction with a given Parent) or as part of a full Distinguished Name (Read, Search). Thus the NAME table has information required for returning names (the raw RDN).
SEID RAW Table 4.2c NAME Table An object's absolute position in the hierarchy is necessary for building DN's (from which the raw RDN's are retrieved) and for expanding subtrees during Search. Thus the TREE table has information about an entry's Path (the sequence of EID's down from the root).
EID IPATH Table 4.2d TREE Table Alias information is cached so that every time an alias is encountered during Navigate it does not have to be repeatedly resolved. Thus the ALIAS COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:31 FAX Smoorenburg Attorneys IP AUSTRALIA 9039/113 36 table only contains entries that are aliases. It is also used during OneLevel Search (in conjunction with the DIT Parent column) and Subtree Search (in conjunction with the Path column) to determine if there are any aliases in the search area.
EID A EID Table 4.2e ALIAS Table 4.3 Object Table Decomposition The Object table contains the following columns: IAID.. I VID I Disting I EID ValueNorm ValueRaw Table 4.3a Object Table The Object Table essentially contains information for finding a particular value AID surname, ValueNorm "HARVEY") and for retrieving values AID surname, ValueRaw "Harvey"). This table can therefore be split into two tables: SEARCH and ENTRY.
The Search Table is used to resolve filters in the Search service. It is also used to find values during Compare, Modify and ModifyRDN. The Search table contains one row for each attribute value of each entry. Only the normalised values are stored in this table.
EID IAID I VID IDISTING NORM Table 4.3b- SEARCH Table The Entry table is used to return values in Reads and Searches. The table contains one row for each attribute value for each entry. The RAW is the value exactly as initially supplied when the entry was added or Entry value modifi I EID ed.
I AID I VID I RAW Table 4.3c- ENTRY Table 4.4 Attribute Table The Attribute table is essentially the same as the Conceptual Design. In practice the "type" field is only descriptive, since any incoming/outgoing X.500 COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:31 FAX Smoorenburg Attorneys IP AUSTRALIA 1040/113 37 Object Identifier gets converted to/from the internal attribute identifier, AID. Thus this column has been renamed DESC to signify that it is a description field.
AID SYX DESC Objectld Table 4.4 ATTR Table 4.5 Index Selection Performance when using SQL is achieved because the RDBMS is able to satisfy the query using a relevant index. This means that every query that has a condition (the "where" clause in SQL) is preferred to have an associated index (otherwise the RDBMS has to resort to a table level scan). However in practical RDMS's: The number of indexes is restricted; There may be a high overhead to maintain secondary indexes; Composite indexes may be required to satisfy any one query. Thus, if performing a query across columns type surname and value "SMITH") then separate indexes on type and value may not result in a fully indexed access. A composite index on both type and value may be required.
One innovation of the table decomposition in the previous sections is to maximise the use of primary indexes across tables. This reduces the number of secondary indexes they become primary indexes on their own table).
Following is a list of the indexes for each of the six tables used in the logical design.
Table Primary Key Secondary Index DIT PARENT, RDN EID NAME EID TREE PATH EID SEARCH AID, NORM EID, AID, VID ENTRY EID, AID, VID ATTR (cached) Table 4.5 Table indexes for the Logical Design The table design means that many queries can be handled without joins, giving substantial performance improvement.
The joins that are considered necessary are listed below: COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:31 FAX Smoorenburg Attorneys IP AUSTRALIA R041/113 38 List for returning the RAW-RDNs under a given object (DIT joined with
NAME).
Search Subtree for finding EIDs that match a filter over a whole subtree (where the base object is not the root) (TREE joined with SEARCH).
Search OneLevel for finding EIDs that match a filter one-level under the base object (DIT joined with SEARCH).
Search Aliases Subtree for finding all the aliases in a subtree (TREE joined with ALIAS).
Search Aliases OneLevel for finding all the aliases under a given object (DIT joined with ALIAS).
Note that the above joins are first level joins between only two tables).
It is preferable not to use higher order joins.
4.6 Input/Output Performance An innovation of decomposing tables around services, which increases the number of tables, is that the new tables are much smaller than the unfragmented tables. This can significantly reduce the amount of /O for the following reasons: Row Size By reducing the number of columns in any row, the row width will be shortened. This means that more rows will fit onto a page (where it is assumed that one disk I/O returns one "page" of information). In combination with clustering below, whenever a set of rows need to be retrieved, only one (or a few) page(s) may actually have to be read off the disk when reading the attributes of an object, if the ENTRY table is keyed on EID, AID, VID then all the rows relating to that object will be together and will probably be on the same page).
Clusterinq Each of the fragmented tables is preferred to have their own (independent) primary key which enables them to cluster data according to how it is used. The primary key may dictate the "storage structure". Thus in the SEARCH table, if the primary key is on AID, NORM type, value) then all the data of the same type surname) and similar values Harvey, Harrison) will be clustered in the same area of the disk. This means that during a Search surnames COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:32 FAX Smoorenburg Attorneys IP AUSTRALIA 1042/113 39 beginning with "HAR") similar data will collected together on the one (or just a few) disk page(s). If the rows are small then the number of disk pages that have to be accessed is significantly reduced.
Caching Most commercial RDBMS's have the ability to cache pages frequently accessed. Since tables are effectively input Navigating using the DIT table), or output retrieving information from the ENTRY table) then similar requests Searches over the same portion of the Tree) will tend to result in frequently used pages being cached, meaning frequently invoked queries will gain significant benefits. Also the caching is more efficient since pages are "information intensive" as a result of small row size and clustering.
Management Smaller tables are generally easier to manage: e.g. viewing, creating indexes, collecting statistics, auditing, backups, etc.
5. LOGICAL METHODS This section describes methods of interrogating the Logical Design tables, with reference to Figure 2B.
Throughout this section, each X.500 method is defined and illustrated with an example. Referring again to Figure 4, which will be referred to in the following discussion as Table 5a, it can be seen that-Table 5a displays a small hierarchy tree which includes an alias reference. The corresponding Table contents are shown in Table
DIT
EID PARENT ALIAS RDN 1 0 0 DATACRAFT 1 1 NETWORKS 11 1 0 SALES 12 1 0 MARKETING 11 0 NETWORK PRODUCTS 20 0 CHRIS MASTERS 31 20 0 ALANA MORGAN 32 20 0 PETER EVANS COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:32 FAX Smoorenburg Attorneys IP AUSTRALIA IJ4/1 Q043/113
NAME
EID RAW 1 ['Datacraft] [Networks] 11 [Sales] 12 [Marketing] [Network Products) fChris Masters] 31 [Alana Morgani 32 [Peter Evans].- NOTE: indicates a binary encoding of the exact data entry value.
TREE
EID PATH 10110 11 12 1.12.
11.0 1.11.20.30.
31 1.11.20.31.
32 1.11.20.32.
ALIAS
I EID AID
ATTRIBUTE
AID SYX DESC
OBJECTID
0 obiectidentifierSyntax obiectClass 2.5.4.0 1 distinguishedNameSynlax aliasedOblectName 2.5.4.1 3 case lgnoreStriflgyna commontlame 2.5.4.3 4 case Ignore Strings yntax surname 2.5.4.4 7 caselIgnoreString Synitax localityName 2.5.4.7 8 case IgnoreString Syntax stateOrProvinceName 2.5.4.8 9 case lgrioreStringSyitax streetAddress 2.5.4.9 caselgnoreftringSyntax organization Name 2,5.4.10 11 caseignoreStringSyfltax organizationalUnitName 2.5.4.11 12 caselgnoreStrinqSyntax title 2.5.4.12 13 case lgnoreStrin g yntax description 2.5.4.13 16 PostalAddress postalAddress 2,5.4.16 17 case I noreStrin gSyntax postalCode 2.5.4.17 18 case lgnoreStrinqSyntax postOfficeBox 2.5.4.18 telephoneNumberSyntax tlephoneNumber 2.5.4.20 COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:33 FAX Smoorenburg Attorneys AUSTRALIA j4/3 Q044/113
SEARCH
EID AID VID DISTING NORM 1 0 0 0 2.5-6.4 1 10 0 1 DATACRAFT 1 16 0 0 266-268 MAROONDAH HIGHWAY 1 17 0 0 3138 0 0 0 2.5.6.1 1 0 1 DATACRAFT I SALES NETWvORK PRODUCTS 11 0 0 0 2.5.6.5 11 11 0 1 SALES 11 13 0 0 SALES DEPARTMENT 12 0 0 0 2.5.6,5 12 11 0 1 MARKETING 12 13 0 0 MARKETING DEPARTMENT 0 0 0 2.5.6.5 11 0 1 NETWORK PRODUCTS 13 0 0 NETWORK PRODUCTS SECTION 0 0 0 3 0 1 CHRIS 4 0 1 MASTERS 12 0 0 SALES MANAGER 20 0 0 037279456 20 1 0 018042671 31 0 0 0 2.5.6.7 31 3 0 1 ALANA 31 4 0 1 MORGAN 31 12 0 0 SALES SUPPORT 31 20 0 0 037279455 32 0 0 0 2.5.6.7 32 3 0 1 PETER 32 4 .0 1 EVANS 32 12 0 0 SALESPERSON 32 20 0 0 037279454 COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:33 FAX Smoorenburg Attorneys IF AUSTRALIA IJ4/1 Q045/113
ENTRY
EID AID VID RAW 0 12.5.6.41 110 0 [Datacraftl 116 0 [266-268 Maroondah Highway 1 17 0 [31381 0 -0 [2.5.6.11 1 0 [Datacraft Sales Network Productsl 11 0 0 [2.5.6.51 11 11 -0 [Sales] 11 13 0 [Sales Department] 12 0 0 [2.5.6.51 12 11 0 [Marketing] 12 13 0 [IMarkein DPartment] 0 0 [2.5.6.51 11 0 [Network Products] 13 0 [Network Products Section] 0 0 [2.5.6.71 3 0 [hrs 4 0 ['Mastersl 12 0 [Sales Manager] s0 20 0Q 727-94561 20 1 [(018) -042 6711 31 0 0 [2.5.6.71 31 3 0 [Alanal 31 4 0 [Morgan] 31 12 0 [Sales Support] 31 20 0 727-94551 32 0 0 [2.5.6.71 32 3 0 Peter] 32 4 0 _[Evansi i '42t [Salesp~erson] f(03) 727-9454] L Table 5b: Example Tables NOTE: [..]indicates a binary encoding of the exact data entry value.
5.1 Common Service Tree Navigation All X.500 services rely on navigating the directory tree, illustrated in Figure 3. The purpose of tree navigation is to retrieve the ELD of the entry corresponding to the supplied Distinguished Name. Navigation begins from the root of the tree and continues down the tree until all the RDN's in a DN have been resolved (verified). This process is known as a "Tree Walk".
The DIT Table is the primary table used for tree navigation. Referring to the example hierarchy tree, illustrated as table 5a in Figure 3, resolution of the COMS ID No: 5BMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:34 FAX Smoorenburg Attorneys IP AUSTRALIA @046/113 43 DN "Datacraft Sales Network Products Peter Evans" involves the following processes: S Scan the DIT table for a row containing PARENT 0 and RDN "DATACRAFT". The EID for this row is 1.
Scan the DIT table for a row containing PARENT 1 and RDN "SALES".
The EID for this row is 11.
Scan the DIT table for a row containing PARENT 11 and RDN "NETWORK PRODUCTS". The EID for this row is Scan the DIT table for a row containing PARENT 20 and RDN "PETER EVANS". The EID for this row is 32.
The DN has now been resolved and any values relating to the object can be obtained from the Entry Table using the key EID 32, Aliases Sometimes a DN can contain an alias, which is effectively another DN.
Aliases complicate the tree walk process because the tree walk cannot continue until the alias is resolved. This requires a separate tree walk for the alias.
As an example, consider the DN "Datacraft Networks Peter Evans".
The first two steps in resolving this DN would be: S Scan the DIT table for a row containing PARENT 0 and RDN "DATACRAFT". The EID for this row is 1.
S Scan the DIT table for a row containing PARENT 1 and RDN "Networks" The EID for this row is At this stage we discover that this entry is an alias. The Alias Table is checked to see if the EID of the alias has been cached. If this is the first time an attempt has been made to resolve this alias then the A_EID column in the Alias Table will be zero. For the purpose of discussion it will be assumed that this is the first time.
To resolve the alias, the DN of the aliased object must be determined.
This is stored in the "aliasedObjectName" attribute of the alias entry. The aliasedObjectName has an AID 1 (from the ATTR table) and so the DN is obtained from the Entry Table (RAW value) where EID 10 and AID 1, COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:34 FAX Smoorenburg Attorneys IP AUSTRALIA Q047/113 44 In this example, the DN of the alias is "Datacraft Sales Network Products". This DN is resolved completely using the normal tree walking technique. The value of EID is At this stage, navigation continues for the unresolved RDN's in the original DN, namely "PETER EVANS". The last step required is then: S Scan the DIT table for a row containing PARENT 20 and RDN "PETER
EVANS".
Once an alias has been resolved it can be added (cached) in the Alias Table. This table contains a reference, AEID, to the aliased object. In the above example, an entry in the Alias Table with an EID of 10 would have an A_EID of 20. Once an alias has been cached a tree walk is no longer necessary to resolve the alias.
Directory Paths When objects are added to the DIT table, a corresponding row is added to another table called the Tree Table. This table stores the list of the EID's which identify a "Path" to the object.
Distinguished Names Most services require the distinguished name to be returned in the Service Result. Using the directory path from the Tree Table, a DN can be constructed from the RAW RDN values stored in the Name Table.
Entry Information Selection Many of the X.500 Services are requested with an argument called "EntryinformationSelection" or EIS. The EIS argument is used to indicate what information in the Entry should be returned. Basically, EIS can be optionally; no information attributes and values for selected or all attributes values only for selected or all attributes Entry Information Entry Information is a return parameter for Read and Search. It always contains the Distinguished Names of selected entries and, optionally, attributes and/or values as specified in the EIS argument of the request.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 18/03 2007 FRI 12:35 FAX Smoorenburg Attorneys IP AUSTRALIA @048/113 Common Arguments All of the X.500 Services pass a set of common arguments in the Service Request. Common Arguments contain information such as service controls (time limit and size limit), the DN of the requestor of the service and security information.
Common Results Some X.500 Services pass a set of common results in the Service Response. Common Results contain information such as security parameters, the DN of the performer of the service and an alias dereferenced flag.
5.2 Read Service A Read operation is used to extract information from an explicitly identified entry.
X.500 definition Argument Description Name A Distinguished Name EntryinformationSelection The attributes and values to be returned EIS) Common Arguments Result Description Entry Information The DN plus any attributes and values returned Common Results_____-- Method Perform a tree walk using the DIT table, resolving aliases if necessary.
Obtain the base EID.
Using PATH from the Tree Table and the RAW RDN's from the Name Table, build a DN.
If EIS specifies no attributes or values, just return the DN.
If EIS specifies ALL types and values, return the RAW values from the Entry Table for the matching EID.
If EIS specifies selected types and values, obtain the AID's from the Attribute Table and then return selected types and/or values for the matching EID.
Example: Read the entry "Datacraft Sales Network Products Peter Evans".
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:35 FAX Smoorenburg Attorneys IP AUSTRALIA [049/113 46 EIS is set to: attribute Types allAttributes, InfoTypes attributeTypesAndValues.
Using the DIT table perform a Tree Walk traversing EID's 1, 11, 20 and 32 for the normalised RDN's DATACRAFT, SALES, NETWORK PRODUCTS, PETER EVANS. The EID of the selected object is 32.
Extract the PATH from the Tree Table for EID 32. The PATH is 1.11.20.32.
Build aDN from the RAW values in the Name Table for EID's 1, 11, 20, 32.
Using the Entry Table and the Attribute Table, for each matching EID; return the OBJECTID's from the Attribute Table and the ASN.1 encoded RAW values from the Entry Table 2.5.4.0 [2.5.6.7] 2.5.4.3 [PETER] 2.5.4.4 [EVANS] 2.5.4.9
[SALESPERSON]
2.5.4.20 727-9454] S return the DN 5.3 Compare Service A Compare operation is used to compare a value (which is supplied as an argument of the request) with the value(s) of a particular attribute type in a particular object entry.
X.500 definition Argument Description Name A Distinguished Name AttributeValueAssertion The attribute type and value to be compared Common Arguments Result Description DistinguishedName The DN of the selected object (returned if an alias is dereferenced) matched TRUE FALSE result of compare fromEntry .N/A Common Results__ Method Perform a tree walk using the DIT table, resolving aliases if necessary.
Obtain the EID of the base object.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:35 FAX Smoorenburg Attorneys IP AUSTRALIA Q050/113 47 From the Attribute Table, obtain the AID of the attribute to be compared.
From the Entry Table, select the row(s) matching the EID and AID.
Compare the value.
Return TRUE or FALSE as the Compare result.
If an alias is dereferenced, return the DN of the selected object, using the path from the Tree Table and the RAW RDN's from the Name Table.
Example Compare the DN "Datacraft Sales Network Products Peter Evans" with a purported AttributeValueAssertion of "title [Salesperson]".
Obtain the EID for the given DN using a TreeWalk. The EID of the selected object is 32.
Using the Attribute table, obtain the AID for "title", ie AID 12.
Using the Search Table locate rows with EID 32 and AID 12 and test for "NORM SALESPERSON".
Return TRUE or FALSE depending on the outcome of this test. In this instance the result would be TRUE.
Since no aliases were dereferenced, the DN of the entry is not returned.
5.4 List Service A list operation is used to obtain a list of immediate subordinates of an explicitly identified entry.
X.500 definition Argument Description Name A Distinguished Name Common Arguments Result Description DistinguishedName The DN of the selected object (returned if an alias is dereferenced) subordinates A list of RDN's for the subordinate entries (aliases, indicated by an alias flag, are not dereferenced) partialOutcomeQualifier An indication that an incomplete result was returned, eg, a time limit or size limit restriction.
Common Results Method Perform a tree walk using the DIT table, resolving aliases if necessary.
Obtain the EID of the base object.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:36 FAX Smoorenburg Attorneys IP AUSTRALIA |051/113 48 S Using the DIT and Name Tables return the ALIAS flag and the RAW RDN PARENT is equal to the EID of the base object.
Example Perform a list for the DN "Datacraft".
Obtain the EID for the DN using a TreeWalk. The EID of the selected object is For each EID with a PARENT 1 S return the RAW RDN from the Name Table, ie, [Networks], [Sales], [Marketing] return the alias flags, ie, TRUE, FALSE, FALSE.
As no alias was dereferenced in the tree walk, the DN of the selected object is not returned. Note also that the alias entry [Networks] is not dereferenced.
Search Service The Search Service is the most complex of all X.500 services. Search arguments indicate where to start the search (baseObject), the scope of the search (subset), the conditions to apply (filter) and what information should be returned (selection). In addition, a flag is passed to indicate whether aliases should be dereferenced (searchAliases).
The possible values for subset are baseObject, oneLevel and wholeSubtree. Base object indicates that the search filter will only be applied to attributes and values within the base object. OneLevel indicates the Search filter will be applied to the immediate subordinates of the base object. Whole subtree indicates the Search filter will be applied to the base object and all of its subordinates.
A simple example of a filter condition would be: surname "EVANS" or telephoneNumber
PRESENT.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:36 FAX Smoorenburg Attorneys IP AUSTRALIA 052/113 49 X.500 definition Argument Description baseObject The Distinguished Name of the baseObject subset baseObject, oneLevel or wholeSubtree filter search conditions searchAliases a flag to indicate whether aliases among subordinates of the base object should be dereferenced during the search.
selection EIS as for READ. The attributes and values to be returned.
Common Arguments Result Description DistinguishedName The DN of the selected object (returned if an alias is dereferenced)__ entries Attributes values (as defined in selection) for the entries which satisfy the filter.
partialOutcomeQualifier An indication that an incomplete result was returned, eq, a time limit or size limit restriction.
Common Results The search procedures for each search scope are outlined as follows Base Object Perform a tree walk using the DIT table, resolving aliases if necessary.
Obtain the EID of the base object.
Apply the filter to attributes and values in the Search Table with the EID of the selected object.
If the filter condition is matched, return the Entry Information from the Entry Table.
If an alias is dereferenced, return the DN using the Tree Table to extract the PATH and the Name Table to build the DN.
One Level Perform a tree walk using the DIT table, resolving aliases if necessary.
Obtain the EID of the base object, Check to see if any aliases exist with PARENT EID and if so resolve them to obtain an aliases dereferenced list.
Using the Search and DIT Tables, apply the filter (attribute/value conditions) and the scope (PARENT EID of selected object and any aliases dereferenced). A list of matching EID's will be returned.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:37 FAX Smoorenburg Attorneys IP AUSTRALIA Q053/113 S If an alias is dereferenced, return the DN using the Tree Table to extract the PATH and the Name Table to build the DN.
For each matching EID: Return the Entry Information obtained from the Search Table using the Entry Table (as per Read Service).
Whole Subtree Perform a tree walk using the DIT table, resolving aliases if necessary.
Obtain the EID of the base object.
Check to see if any aliases exist with PATH prefix matching the PATH of the selected object.
S For each alias discovered, check to see if the alias points outside the current subtree and if it does repeat the previous step. Once all aliases have been resolved, a set of unique base objects will have been found (with no overlapping areas).
Using the Search and Tree Tables, apply the filter (attribute/value conditions) and the scope (PATH LIKE PATH prefix of the selected object) to each unique base object. A list of matching EID's will be returned.
If an alias is dereferenced during Navigation (not during searching), return the DN using the Tree Table to extract the PATH and the Name Table to build the DN.
For each matching EID: Return the Entry Information obtained from the Search Table using the Entry Table (as per Read Service).
Example Perform a search on the baseObject "Datacraft Sales" with: Scope set to WholeSubtree a Filter of "surname, substring initial (Look for all surnames beginning with SearchAliases set to TRUE.
EIS set to attribute Types allAttributes, InfoTypes attributeTypesAndValues.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:37 FAX Smoorenburg Attorneys IP AUSTRALIA 9054/113 51 Method Obtain the EID for the base object DN using a TreeWalk. The EID of the base object is "11".
From the Tree Table, obtain the PATH for EID 11, ie, "1.11".
Check for any aliases among entries that have a path beginning with There are no aliases in this case.
Obtain the AID for the attribute "surname" in the Attribute Table, ie, 4.
Apply the filter and scope simultaneously. i.e. Using the Search Table, obtain a list of EID's from the target list where AID 4 and the value begins with joined with the Tree Table who's PATH is LIKE The matching EID's are 30 and 31.
Using the Entry Table and the Attribute Table, for each matching EID: return the OBJECTID's from the Attribute Table and the ASN.1 encoded RAW values from the Entry Table 2.5.4.0, 2.5.4.3, [Chris], 2.5.4.4 [Masters] 2.5.4.9 [Sales Manager] 2.5.4.20 727-9456] 2.5.4.20 042 671] 2.5.4.0 [2.5.6.7] 2.5.4.3 [Alana] 2.5.4.4 [Morgan] 2.5.4.9 [Sales Support] 2.5.4.20 727-9454] 5.6 Add Entry Service An AddEntry operation is used to add a leaf entry either an object entry or an alias entry) to the Directory Information Tree.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:37 FAX Smoorenburg Attorneys IP AUSTRALIA U055/113 52 X.500 definition Argument Description object The Distinguished Name of the entry to be added entry A set of attributes to add Common Arguments Result Description NULL
NULL
Method S Using the DIT table, tree walk to the parent of the entry to be added (Parent
EID).
S Using the DIT table, check if the entry exists (check for RDN new RDN and PARENT Parent EID).
If the entry does not exist, allocate a new EID and add the entry. Insert into the DIT Table, the Name Table, the Tree Table, the Search Table, the Entry Table and, if it is an alias entry, the Alias Table.
Examole Under the object with a DN of "Datacraft Marketing" add an object with the following attributes and values.
surname [Delahunty] commonName [Mary] title [Marketing Manager] telephoneNumber 727-9523] Obtain the EID for the base object DN using a TreeWalk. The EID of the base object is "12".
Using the DIT Table, look for a duplicate entry, ie, PARENT 12 and RDN "MARY DELAHUNTY". No duplicates exist.
Add the following rows to.the Tables shown.
DIT
EID PARENT ALIAS -RDN 33 11 0 MARY DELAHUNTY
NAME
EID RAW 33 Mary Delahunty] COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:38 FAX Smoorenburg Attorneys IP AUSTRALIA ij5/1 Q056/113
TREE
IEID
PATH
33 1.12.21.
SEARCH
EID 1 ID VID J DISTING NO5R6.
AI 0 NORM6.
3330 1 ULLMr1UPIT 33__ 4__0 1 MARY 33__ 0o MARKETING MANAGE 00 -1 g I L 172
R
V I I
ENTRY
5.7 Remove.-Entry Service A RemoveEntry operation is used to remove a leaf entry (either an object entry or an alias entry) from the Directory Information Tree.
X.500 definition Method Perform a tree walk using the DIT table. Obtain the EID of the base object.
If the entry exists, and it is a leaf entry, then for the condition EID =EID of the selected object, delete from the DIT Table, the Name Table, the Tree Table, the Search Table, the Entry Table and, if it is an alias entry, the Alias Table.
Example Delete the object with a DN of "Datacraft Marketing Mary Delahunty" COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:38 FAX Smoorenburg Attorneys IP AUSTRALIA 0057/113 54 Method Obtain the EID for the base object DN using a TreeWalk. The EID of the base object is Check that no entries have PARENT 21.
Delete all rows added to the DIT Table, the Name Table, the Tree Table, the Search Table and the Entry Table (refer to Add Entry example) where EID 21.
5.8 Modify Entry Service The ModifyEntry operation is used to perform a series of one or more of the following modifications to a single entry: add a new attribute remove an attribute add attribute values remove attribute values replace attribute values modify an alias X.500 definition Argument Description object The Distinguished Name of the entry to be modified changes A list of modifications Common Arguments Result Description NULL
NULL
Method S Perform a tree walk using the DIT table. Obtain the EID of the selected object.
For the selected object, perform one or more of the following actions: Add Value, Delete Value, Add Attribute, Delete Attribute The operations required for each action are as follows: Add Value If the attribute exists, add the value to the Entry Table and the Search Table. Checks are: If the attribute is single valued test for an existing value; if the attribute is multi-valued check for a duplicate value.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:39 FAX Smoorenburg Attorneys IP AUSTRALIA [058/113 Delete Value S For the Entry Table and the Search Table, if the value exists, delete it. A Distinguished Value cannot be deleted.
Add Attribute 5 If the attribute does not exist, add the Attribute Values to the Entry Table and the Search Table.
Delete Attribute For the Entry Table and the Search Table, if the attribute exists, delete it.
Delete all values with AID attr and EID base object. Naming attributes cannot be deleted.
Example Modify the Entry "Datacraft Sales Network Products Chris Masters" with the following changes: Delete Attribute and Value telephoneNumber 018 042 671 Modify Attribute and Value title Sales Assistant The Search and Entry Tables reflect the changes.
SEARCH
EID AID VID DISTING NORM 0 0 0 2.5.6.7 3 0 1 CHRIS 4 0 1 MASTERS 12 0 0 SALES ASSISTANT 20 0 0 03 727 9456
ENTRY
EID AID VID RAW 0 0 [2.5.6.71 3 0 [Chris] 4 0 [Masters] 12 0 [Sales Assistant] 20 0 727-9456] 5.9 Modify RDN Service The ModifyRDN operation is used to change the Relative Distinguished Name of a leaf entry (either an object entry or an alias entry) from the Directory Information Tree.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:39 FAX Smoorenburg Attorneys IP AUSTRALIA 1059/113 56 Arguments Description obect The Distinguished Name of the entry to be modilied newRDN The new RDN of the entry deleteOldRDN flag delete all values in the old RDN not in new
RDN
Common Arguments Result Description NULL
NULL
Method Perform a tree walk using the DIT table. Obtain the EID and Parent EID of the base object.
Using the DIT table, check for equivalent entries and return error if one is found. An equivalent entry has RDN new RDN and PARENT Parent
EID.
Using the Name Table, replace the old RDN with the new RDN.
Using the DIT Table, replace the old RDN with the new RDN.
Using the Entry Table, insert the new value.
Using the Search Table, locate value old RDN and set DISTING to 0.
Insert the new value.
If deleteOldRDN is set to TRUE the procedures following the Tree Walk are as follows: Using the DIT table, check for a sibling with the same name and an EID not equal to the base EID Using the Name Table, replace the old RDN with the new RDN.
Using the DIT Table, replace the old RDN with the new RDN.
Using the Entry Table, delete the old value(s) and insert the new value(s).
Using the Search Table, delete the old value(s) and insert the new value(s).
Example Modify the RDN of "Datacraft Sales Network Products Chris Masters".
The new RDN is "Christine Masters".
deleteOldRDN is set to FALSE.
The changes to the Tables will be as follows: COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:39 FAX Smoorenburg Attorneys IP AUSTRALIA 57 S060/113
DIT
EID I PARENT I ALIAS RDN 21 11 0 CHRISTINE MASTERS
NAME
EID I RAW 21 Christine Masters
SEARCH
EID AID VID DISTING NORM 0 0 0 2.5.6.7 3 0 1 CHRISTINE 3 1 0 CHRIS 4 0 1 MASTERS 12 0 0 SALES ASSISTANT 20 0 0 03 727 9456
ENTRY
EID AID VID RAW 0 0 [2.5.6.7] 3 0 [Chrisine] 3 4 12 20 1 [Chrs] 0 WMastersl I 0 0 [Sales Assistant] i'03) 727-94561 I 2 0- 5.10 Complications If error, limit or abandon occurs during processing of any of the services, then the processing is discontinued and an appropriate error message returned.
Errors Each X.500 service consists of 3 parts; ARGUMENT, RESULT and ERRORS. In the above descriptions of the services, ARGUMENT and RESULT have been included in the X.500 definitions. Error conditions, however, are many and varied and no attempt is made to describe them in this document. The National Institute of Standards and Technology (NIST) document "Stable Implementation Agreements for Open Systems Interconnection Protocols: Version 3" provides a full coverage of errors for the X.500 standard.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:40 FAX Smoorenburg Attorneys IP AUSTRALIA Q061/113 58 Time Limit Size Limit Time Limit and Size Limit form part of Service Controls. They can be optionally set to some finite limit and included in the Common Arguments.
Time Limit indicates the maximum elapsed time, in seconds, within which the service shall be provided. Size Limit (only applicable to List and Search) indicates the maximum number of objects to be returned. If either limit is reached an error is reported. For a limit reached on a List or a Search, the result is an arbitrary selection of the accumulated results.
Abandon Operations that interrogate the Directory, ie Read, Compare, List and Search, may be abandoned using the Abandon operation if the user is no longer interested in the results.
Aliases Search if an alias is encountered in a search and that alias points to a separate branch of the directory tree, then dereferencing of the alias requires: Navigation from the root entry to the referenced entry Searching of all items subordinate to the referenced entry in the example shown in Figure 5, if a WholeSubtree Search was performed on a base object of "Telco Corporate Data Services" the entries "Mervyn Purvis" and the alias "Strategic" would be searched. Strategic, however, points to a different branch of the tree which requires searching of the entry "Strategic" and all of its subordinates, "Alan Bond", "Rex Hunt", "Wayne Carey" and "John Longmire".
5.11 Implementation Optimisations The Logical methods include a number of optimisations that enhance performance. These methods are outlined below.
Caching The Attribute table can be cached. This means that (apart from initial loading of the attributes) no SQL statements need to be issued to the database when decoding or encoding the attributes. In the present X.500 system attribute conversions are performed in memory. This provides a substantial speed advantage.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:40 FAX Smoorenburg Attorneys IP AUSTRALIA 9062/113 59 Validation Query validation is performed in memory where possible. This avoids database rollbacks which are time and system consuming. For example when adding an entry each attribute is validated before any attempt is made to add the entry. If an error is found then no SQL calls need to be issued.
Optimise Query Handling As the format of most services is known, many instances of these services can be resolved using static SQL statements. More complex services, such as searches with complex filters, can be resolved using dynamic SQL. This enables arbitrarily complex searches to be performed.
Parallel Queries Also when processing search results the present system utilises set orientation queries of SQL to avoid 'row at a time' processing. Thus search results may be assembled in parallel in memory.
Data Storage The tables that store raw data store the data in ASN.1 format. This provides an efficient means of transferring data into or out of the database.
Database Techniques Complex services can be further improved by using the query optimiser, which provides a mechanism for reducing the time spent in resolving the query.
The use of a relational database also provides an efficient use of memory and enables large databases to be constructed without the need for large amounts of memory being available. Many other X.500 applications cache the entire database in memory to achieve performance. This method consumes large amounts of memory and is not scalable.
6. PHYSICAL DESIGN The physical design results from a process called physical transformation of the logical design. The physical design represents a preferred realisation or embodiment of the logical design. Figure 2B and the tables below show one form of the physical design. New columns and tables are highlighted by double borders.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:41 FAX. Smoorenburg Attorneys IP AUSTRALIA II6/1 9063/113 EID PARENT JRDNKEY -RON IFLAGSj
NAME
EI AW
FLAGS
TREE
IEID ILEVi I LEV2 I L3I LWI PATH
INFO
~~FLGS
ALIAS
EID A -EID __FLAGS
SEARCH
EID AID -VID 1 NORMKE NORM jFLAGS
ENTRY
EID AID VID IRAW
FLAGS
BLOB
EI1D AI VID_ VFRAG IRAW
TFLAGS
ATTR
[AID SYNA DESC O-7BJECTID
FLAGS
SENTRY
FEID AID IVID IVALUE I FLAGS
OCLASS
OCID IDSC OBJECTID FMUSTLIST MALST SPERLISTA FLAGS] Table 6 Physical Design The reasons for the above changes are described below.
COMS ID No: SBMI-06645568 Received by P1 Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:41 FAX Smoorenburg Attorneys IP AUSTRALIA Q064/113 61 6.1 Efficiency INFO Table This table holds the highest EID value that has been used in the database.
The inclusion of the INFO table enables the next EID to be obtained without any calculation of the maximum EID being performed by the database. This provides improved efficiency in adding entries to the database. More importantly the inclusion of the INFO table removes contention problems which may occur when multiple DSA's are adding entries at the same time.
Shadow Keys Three tables have had shadow keys added. These are: a) The NORMKEY column in the SEARCH table.
b) The RDNKEY column in the DIT table.
c) The LEV1, LEV2, LEV3 and LEV4 columns in the TREE table.
Each of these shadow key columns is a shortened version of a larger column. They have been added to shorten the indexes on each table. This gives improved performance for any queries that use the indexes and it also improves disk space usage as small indexes take up less space than large indexes.
The shadow keys in the PATH table utilise the structured nature of the PATH. By being a composite key then exact matching can be used in the SQL instead of the "LIKE" operator.
e.g. WHERE LEV1 1 AND LEV2 10 AND instead of WHERE PATH LIKE If each of the LEV columns has their own index, then a sub-tree search needs to only use the base object. e.g. LEV2=10, since all objects under entry 10 will have LEV2=10.
SENTRY Table Some types of attribute values do not need to be normalised e.g. integer, boolean, date. Instead of storing them twice (SEARCH.NORM and ENTRY.RAW) they can be stored just once in a hybrid table called the SENTRY table. This reduces table sizes and increases storage efficiency at the cost of having to search two tables and retrieve from two tables.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:41 FAX Smoorenburg Attorneys IP AUSTRALIA Q065/113 62 OCLASS Table Most attributes have a wide variation in their values e.g. surnames could range from AALDERS to ZYLA with a great many different values in between.
However, Object Classes (whose values are Objectldentifiers or OIDs) have very few values e.g. in an organisation of 10,000 people, the only object classes in the directory may be for organisation, organisationalUnit and organisationalPerson (of which many may be the latter). The OCLASS table gives a numeric descriptor to an object class called an OCID. The OCID can then be stored in the SENTRY table and a mapping done whenever an Object Class is searched or retrieved.
The other LIST columns store standard object class configuration information namely the must and may contain attributes and the inherited superclasses.
6.2 Portability BLOB Table This table has been included to hold "Binary Large Objects". The maximum size of a one row entry in the ENTRY table is limited by the length of the RAW field. This means that entries must be fragmented. Fragmented entries will occupy more than one row and so a VFRAG field must be used to denote the fragment of the entry that is being stored in a particular row.
There are two options for storing very large values: a) Add a "fragment flag" to the ENTRY table and store the entry in fragments over a number of lines; or b) Add a BLOB table to store the entry and add a "BLOB flag" to the ENTRY table to indicate that this value is stored in the BLOB.
The second option has a number of advantages. Firstly, the inclusion of a BLOB table prevents the ENTRY table from becoming excessively large.
Generally most entries will be less than a few hundred characters in length, so the length of the RAW field in the ENTRY table can accordingly be reduced to cater for those entries and the RAW field in the BLOB table can be increased to a value approaching the maximum record size. This will make storage more efficient, i.e. reduce the amount of unused bytes in each column of each table and reduce the number of fragments needed for each entry in the BLOB table. It also means that each value will have only one entry in the ENTRY table and that COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:42 FAX Smoorenburg Attorneys IP AUSTRALIA 066/113 63 the ENTRY and SEARCH tables maintain their one-to-one correlation. Secondly the use of a BLOB table enables the application to make use of any database support for Binary Large Objects, 64K Binary Columns).
6.3 Functional Extensibility FLAGS Columns FLAGS column(s) are preferred to be added. These column(s) have been added to provide extensibility to the design. Specific values can be added to the flags as new functionality is required, without changing the table structure.
Note: a) In the SEARCH table, the DISTING field may be absorbed into the FLAGS field.
b) In the DIT table, the ALIAS field may be absorbed into the FLAGS field.
The FLAGS column(s) may also provide a "summary" function for each of the tables. This means that the nature of an entry can be determined to some extent by checking the value of the FLAGS field. For example, a flag can be set, in the DIT table, when an entry is a leaf. Checking this flag is much simpler than checking for children of the entry.
The FLAGS column can also be used to store security information, whether an alias points inside its parents sub-tree, whether a value is a BLOB, etc.
7. EXAMPLE IMPLEMENTATION The following provides an example of system performance and capabilities, It is to be understood that the present inventions should not be limited to the following disclosure.
7.1 Overall system benefits The present invention is considered to provide enhanced performance over prior art implementations. Performance can be appraised in many ways, including: aliases; size (use of relational theory); complexity (use of query optimiser and search method(s)); COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:42 FAX Smoorenburg Attorneys IP AUSTRALIA R067/113 64 extensibility (use of meta-data); and substantially without degrading efficiency (use of disk based model) and reliability (use of RDBMS).
The present invention is considered unique in its ability to claim performance improvement in all areas noted above.
7.2 Test results Performance testing of the present invention has been carried out, with the objectives of: S Proving that an SQL based X.500 application can perform at subsecond speeds, dispelling a widely held myth in the marketplace that it is impossible to implement an X.500 DSA application as an integrated RDBMS application and achieve efficiency and performance.
S Proving that the design of an SQL based X.500 application can outperform existing memory resident style X.500 designs, especially for databases in excess of 100K entries, a typical limit of current designs.
S Providing a structured suite of tests that can demonstrate the above performance on demand for a wide variety of services and database sizes.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:43 FAX Smoorenburg Attorneys IP AUSTRALIA R068/113 Test results reveal the following Table 7A Service Database Size (number of entries) Opation Qualifier Detail 1K 10K 20K 50K 100K 200K BIND anonymous 0.0 0 .00 0 0.00 0.00 0.00 0.00 LIST level 1 4 items 0.05 0.05 0.05 0.05 0.05 0.05 level 3 4 items 0.06 0.06 0.06 0.06 0.06 0.06 level 4 100 items 0.22 0.23 0.23 0.24 0.23 0.24 READ level 4 1 item, all info 0.07 0.07 0.07 0.07 0.07 0.08 level 4 (via alias) 1 item, all info 0.07 0.07 0.07 0.07 0.07 0.07 SEARCH 1 level, equality 100 entries, 1 item 0.12 0.12 0.12 0.12 0.13 0.13 1 level, initial 100 entries, 1 item 0.13 0.14 0.15 0.15 0.15 0.14 1 level, any 100 entries, 1 item 0.30 0.35 0.33 0.32 0.36 0.29 1 level final 100 entries, 1 item 0.24 0.35 0.31 0.30 0.35 0.28 subtree, equality 1 K, 1 item, level 1 0.11 0.11 0.11 0.11 0.11 0.11 1 item, level 1 xxx xxx 0.12 0.12 0.12 0.12 1 item, level 1 xxx xxx xxx 0.12 0.13 0.12 1 item, level 1 xxx xxx xxx xxx 0.13 0.13 100K,1 item, level 1 xxx xxx xxx xxx xxx 0.12 subtree, initial 1K, 1 item, level 1 0.13 0.12 0.12 0.12 0.12 0.11 1 item, level 1 xxx xxx 0.11 0.12 0.12 0.12 1 item, level 1 xxx xxx xxx 0.13 0.12 0.12 1 item, level 1 xxx xxx xxx xxx 0.13 0.12 100K,1 item, level 1 x xxx xxx xxx xxx xxx 0.11 full, complex OR all entries, 1 item 0.09 0.09 0.09 0.09 0.09 0.09 full, complex AND all entries, 1 item 0.11 0.11 0.11 0.11 0.11 0,11 full, complex OR/AND all entries, 1 item 0,26 0.28 0.29 0.28 0.29 0.26 full, complex AND/OR all entries, 1 item 0.12 0.12 0.13 0.14 0.13 0.12 full, complex AND/ANDall entries, 1 item 0.16 0.15 0.16 0.17 0.18 0.18 full, complex all entries, 1 item 0.18 0.18 0.18 0.19 0.20 0.26
AND/AND/AND
full, equality all entries, 1 item 0.08 0.08 0.08 0.08 0.08 0.08 full, no filter, all-info all entries, 10 items 0.30 0.74 0.43 0.59 0.49 0.67 full, no filter, all-info all entries, 100 1.36 1.84 1.50 1.79 1.82 1.86 items full, initial all entries, 1 item 0.08 0.08 0.08 0.08 0.08 0.08 ADD level 5 100 sisters 0.22 0.19 0.22 0.20 0.19 0.19 MODIFY level 5 100 sisters 0.09 0.11 0.11 0.11 0.11 0.11 RENAME level 5 100 sisters 0.15 0.16 0.15 0.16 0.16 0.15 DELETE level 5 100 sisters 0.17 0.16 0.17 0.17 0.17 0.19 UNBIND 0.00 o 000 0.00 0.00 0.00 0.00 *Table 7A Notes: 1. All searches and reads return all info 2. All tests were performed under the following environment; S Sun SparcStation 5 with 32Mb of memory (entry level UNIX machine) S Ingres 6.4/04 configured for 32 users (standard Ingres installation) S DSA prototype V2.1.2 Timings measured at DSA console (ie does not include network overheads) COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:43 FAX Smoorenburg Attorneys IP AUSTRALIA 9069/113 66 All numbers are in units of seconds and means 1,000's.
7.3 Test Conclusions A set of directories was constructed ranging from 1K to 200K entries with varying depth and width of the hierarchy, and a corresponding test plan was produced. The tests were performed a number of times to ensure consistency.
The following conclusions can be drawn from these results; 1. The effects of navigation, in test, were negligible.
2. Reading an object via an alias, in test, showed no appreciable decrease in performance and in some cases reading an object via an alias was in fact faster than reading the object directly. This is due to the reduced navigation required when an alias points "down" to an object that is deeper in the tree structure than the alias entry.
3. Search results were "flat" over different sized subtrees in different sized directories for both exact and initial string searches.
4. Initial and exact full tree searches, in test, were slightly quicker than their respective subtree searches, even though the number of entries searched was greater. This is due to the fact that the full tree searches are able to use more efficient SQL (no table joins are required).
All services were, in test, performed in under one second, except for searches returning large amounts of data. However the average time of retrieval per entry drops as the number of entries retrieved increases (e.g for 10 entries retrieval time is approximately 50 milliseconds per entry, for 100 entries this drops to approximately 20 milliseconds per entry).
6. All complex searches, in test, were performed in under one second.
However, there may be some obscure.searches (e.g containing combinations of NOT) which may not perform as well.
Because this is a disk based system (rather than a memory based system) performance is essentially only dependent on the number of entries actually returned. It is relatively independent of the search complexity, the depth of the hierarchy, the number of attributes per entry or the types of attributes used in the query. In a "live" application of the system it may be possible to improve on the COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:44 FAX Smoorenburg Attorneys AUSTRALIA Ij7/1 Q070/113 67 achieved test results by tuning the caching parameters, and by having a greater diversity of attributes.
COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16

Claims (146)

1. A method of implementing directory services for a relational data base management system using a relational language including: establishing a database using a plurality of tables, each table having a plurality of rows and columns, said database including one each of a HIERARCHY table, an OBJECT table and an ATTRIBUTE table; defining a plurality of relational language commands, each corresponding to a respective one of a plurality of directory services, each service having a corresponding service executing procedure; selecting one of said plurality of directory services; applying a process of name resolution to the selected directory service, executing the procedure corresponding to the selected service, and building a result including an error or search result in response to said executing step.
2. A method of implementing directory services as claimed in claim 1, wherein said relational language is SQL.
3. A method of implementing directory services as claimed in claim 2, wherein said building step includes utilizing set orientation queries of SQL.
4. A method of implementing directory services as claimed in claim 1, 2 or 3, wherein said selecting step includes identifying a specific service and the information that is to be returned. A method of implementing directory services as claimed in any one of claims 1 to 4, wherein said database includes a DIRECTORY tree, having a plurality of distinguished names (DN) each including one or more relative COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:44 FAX Smoorenburg Attorneys IP AUSTRALIA Q072/113 69 distinguished names (RDN), and said step of applying a process of name resolution includes navigating said directory tree.
6. A method of implementing directory services as claimed in claim wherein the search result returns to the response any distinguished name(s) located.
7. A method of implementing directory services as claimed in any one of claims 1 to 6, wherein Entry Information Selection (EIS) is associated with the selected service.
8. A method of implementing directory services as claimed in claim 7, wherein the EIS can be selected to be one of: no information, attributes and value for selected or all attributes, or values only for selected or all attributes.
9. A method of implementing directory services as claimed in claim 7, wherein the selected service is a read service. A method of implementing directory services as claimed in claim 7, wherein the selected service is a search service.
11. A method of implementing directory services as claimed in any one of claims 1 to 10, wherein the selected service executed has an associated set of common arguments defining service controls. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:45 FAX Smoorenburg Attorneys IP AUSTRALIA [073/113
12. A method of implementing directory services as claimed in claim 11, wherein the service controls includes at least one of a size limits, a time limit or security information.
13. A method of implementing directory services as claimed in any one of claims 1 to 12, further including, building the response, which includes a set of common results.
14. A method of implementing directory services as claimed in claim 13, wherein the set of common results includes at least one of security parameters, the DN of the performer of the service or an alias dereferenced flag. A method of implementing directory services as claimed in any one of claims 5 to 14, wherein said process of navigating includes a tree walk, which begins from the root of the directory tree and continues down the directory tree until all the RDNs in a DN have been resolved.
16. A method of implementing directory services as claimed in any one of claims 5 to 15, further including: converting a DN into an entry ID (EID) and storing said EID; and wherein said process of navigating for a particular entry includes, given a DN for the entry, locate the entry in the HIERARCHY table which has an RDN equal to the first RDN in the DN; and store the EID and recursively locate the entry which has an RDN equal to the next RDN in the DN and a parent equal to the stored EID. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:45 FAX Smoorenburg Attorneys IP AUSTRALIA @074/113 71
17. A method of implementing directory services as claimed in any one of claims 3 to 16, wherein said database returns data as attribute ID and raw data values.
18. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a read service, further including: converting a DN into an entry ID (EID) and storing said EID; and in the OBJECT table, reading the values of all rows which match the stored EID.
19. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a read service, in which 'type only' is selected, further including: converting a DN into an entry ID (EID) and storing said EID; and in the OBJECT table, reading the types of all rows which match the stored EID. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a compare service, further including: converting a DN into an entry ID (EID) and storing said EID; and in the OBJECT table, testing for a matching value in all rows which match the stored EID and a specified attribute ID (AID).
21. A method as claimed in claim 20, wherein the step of testing also includes matching a proported value. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:45 FAX Smoorenburg Attorneys IP AUSTRALIA Q075/113 72
22. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a list service, further including: converting a DN into an entry ID (EID) and storing said EID; and in the HIERARCHY table, return the RDNs for all rows with a parent matching the stored EID.
23. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly an add entry service, further including: converting all but the last RDN of a DN into an entry ID (EID) and storing said EID; and to the HIERARCHY table, add a new EID, and to the OBJECT table, add rows for each value in the new entry.
24. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a remove entry service, further including: converting a DN into an entry ID (EID) and storing said EID; and from the HIERARCHY table, remove the entry and from the OBJECT table, remove all rows, which match the stored EID. A method of implementing directory services as claimed in claim 24, further including: prior to the converting step, checking that the entry has no subordinate entries on the tree.
26. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a modify entry service, further including: converting a DN into an entry ID (EID) and storing said EID; and in the OBJECT table, apply at least one of an add, remove or modify service to rows matching the stored EID. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:46 FAX Smoorenburg Attorneys IP AUSTRALIA 0076/113 73
27. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a modify RDN service, further including: converting a DN into an entry ID (EID) and storing said EID; check that the new name (RDN) does not exist in the current level of the subtree, and modify the entry in the HIERARCHY and OBJECT tables.
28. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a base level search service, further including: converting a DN into an entry ID (EID) and storing said EID; in the OBJECT table, read nominated values from rows, which match the stored EID where a filter criteria is satisfied.
29. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a one level search service, further including: converting a DN into an entry ID (EID) and storing said EID; returning a list of EIDs which have a parent EID matching the stored EID in the HIERARCHY table and have values which satisfy the filter criteria in the OBJECT table; and in the OBJECT table, read nominated values for returned EIDs. A method of implementing directory services as claimed in any one of claims 5 to 17, particularly a subtree search service, further including: converting a DN into an entry ID (EID) and storing said EID; returning a list of EIDs which have a path matching that of the base object in the HIERARCHY table and have values which satisfy the filter criteria in the OBJECT table; and in the OBJECT table, read nominated values for returned EIDs. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:46 FAX Smoorenburg Attorneys IP AUSTRALIA B077/113 74
31. A method of implementing directory services as claimed in any one of claims 5 to 30, further including: resolving aliases during navigation in response to an alias control flag and the characteristic of the service implemented.
32. A method of implementing directory services for a relational data base management system using a relational language including: establishing a database using a plurality of tables, each table having a plurality of rows and columns, said database including at least one each of a HIERARCHY table including a DIT, NAME, ALIAS and TREE table, an OBJECT table including a SEARCH and an ENTRY table, and an ATTRIBUTE table; defining a plurality of relational language commands, each corresponding to a respective one of a plurality of directory services, each service having a corresponding service executing procedure; selecting one of said plurality of directory services; applying a process of name resolution to the selected directory service, executing the procedure corresponding to the selected service, and building a response including an error or search result in response to said executing step.
33. A method of implementing directory services as claimed in claim 32, further including: in order to effect the adding of object(s) to the DIT table, adding a corresponding row to the TREE table which is used to store a path to the object(s) by way of a list of corresponding EID(s). COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:46 FAX Smoorenburg Attorneys IP AUSTRALIA R078/113 tc S34. A method of implementing directory services as claimed in claim 32 or 33, Swherein said database includes a directory tree, having a plurality of o distinguished names (DN) each including one or more relative distinguished names (RDN), and said step of applying a process of name resolution includes Snavigating said directory tree. A method of implementing directory services as claimed in claim 34, Swherein said process of navigating includes a tree walk, which begins from the 0 root of the directory tree and continues down the directory tree until all the RDNs in a DN have been resolved.
36. A method of implementing directory services as claimed in claim 34 or further including: converting a DN into an entry ID (EID) and storing said EID; and wherein said process of navigating for a particular entry includes, given a DN for the entry, locate the entry in the HIERARCHY table which has an RDN equal to the first RDN in the DN; and store the EID and recursively locate the entry which has an RDN equal to the next RDN in the DN and a parent equal to the stored EID.
37. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a read service to extract information from an explicitly identified entry, further including: perform a tree walk using the DIT table, resolving aliases if necessary and obtain the base EID; using a path from the TREE table and raw RDN's from the NAME table, build a DN; if no attributes or values are specified, just return the DN; if attributes or values are specified as ALL types and values, return the RAW values from the ENTRY table for the matching EID; and COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:47 FAX Smoorenburg Attorneys IP AUSTRALIA [079/113 76 if attributes or values of selected types and values are specified, obtain attribute IDs (AID's) from the ATTRIBUTE able and then return selected types and/or values for the matching EID.
38. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a compare service for comparing a value with values of a particular attribute type in a particular object entry, further including: perform a tree walk using the DIT table, resolving aliases if necessary, and obtain the EID of the base object; from the ATTRIBUTE table, obtain the AID of the attribute to be compared; from the ENTRY table, select the one or more rows matching the EID and AID; compare the value and return TRUE or FALSE as the compare result; and if an alias is dereferenced, return the DN of the selected object, using the path from the TREE Table and the RAW RDN's from the NAME table.
39. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a list service to obtain a list of immediate subordinates of an explicitly identified entry, further including: performing a tree walk using the DIT table, resolving aliases if necessary; obtaining the EID of the base object; and using the DIT and NAME tables, return an ALIAS flag and RAW RDN rows where PARENT equal to the EID of the base object. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a base object search service, further including: perform a tree walk using the DIT table, resolving aliases if necessary, and obtain the EID of the base object; apply the filter to attributes and values in the SEARCH table with the EID of the selected object; COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:47 FAX Smoorenburg Attorneys IP AUSTRALIA Q080/113 77 if the filter condition is matched, return the entry Information from the ENTRY table; and if an alias is dereferenced, return the DN using the TREE table to extract the data defining a PATH and the NAME table to build the DN.
41. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a one level search service, further including: perform a tree walk using the DIT table, resolving aliases if necessary, and obtain the EID of the base object; check to see if any aliases exist with PARENT EID and if so resolve them to obtain an aliases dereferenced list; using the SEARCH and DIT tables, apply the filter (attribute/value conditions) and the scope (PARENT EID of selected object and any aliases dereferenced) so that a list of matching EID's will be returned; if an alias is dereferenced, return the DN using the TREE table to extract. the information related to the PATH and the NAME table to build the DN; and for each matching EID, and return the entry information obtained from the SEARCH table using the ENTRY table.
42. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a whole subtree search service, further including: perform a tree walk using the DIT table, resolving aliases if necessary, and obtain the EID of the base object; check to see if any aliases exist with a PATH prefix matching the PATH of the selected object; for each alias discovered, check to see if the alias points outside the current subtree and, if it does repeat the previous step until all aliases have been resolved, whereby a set of unique base objects will have been found; COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:48 FAX Smoorenburg Attorneys IP AUSTRALIA Q081/113 78 using the SEARCH and TREE tables, apply a filter and a scope to each unique base object so that a list of matching EID's will be returned; if an alias is dereferenced during navigation and not during searching, return the DN using the TREE table to extract the PATH and the NAME table to build the DN; and for each matching EID, return the Entry Information obtained from the SEARCH Table using the ENTRY table.
43. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly an add service to add a leaf entry, either an object entry or an alias entry, to the Directory Information Tree (DIT), further including: using the DIT table, tree walk to the parent of the entry to be added; using the DIT table, check if the entry exists; and if the entry does not exist, allocate a new EID and add the entry, insert into the DIT Table, the NAME Table, the TREE Table, the SEARCH Table, the ENTRY Table and, if it is an alias entry, the ALIAS Table.
44. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a remove service to remove a leaf entry, either an object entry or an alias entry, to the Directory Information Tree (DIT), further including: perform a tree walk using the DIT table, and obtain the EID of the base object; if the entry exists, and it is a leaf entry, then for the condition EID EID of the selected object, delete from the DIT Table, the NAME Table, the TREE Table, the SEARCH Table, the ENTRY Table and, if it is an alias entry, the ALIAS Table. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:48 FAX Smoorenburg Attorneys IP AUSTRALIA Q082/113 79 A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a modify entry service, further including: perform a tree walk using the DIT table, and obtain the EID of the selected object; for the selected object, perform one or more of the following actions: Add Value, Delete Value, Add Attribute, Delete Attribute, whose operations required for each action are as follows: Add Value: if the attribute exists, add the value to the ENTRY Table and the SEARCH Table; Delete Value: for the ENTRY Table and the SEARCH Table, if the attribute value exists, delete it; Add Attribute: if the attribute does not exist, add the Attribute Values to the ENTRY Table and the SEARCH Table; and Delete Attribute: for the ENTRY Table and the SEARCH Table, if the attribute exists, delete it.
46. A method of implementing directory services as claimed in claim 34, 35 or 36, particularly a modify RDN service, further including: perform a tree walk using the DIT table, and obtain the EID and Parent EID of the base object; using the DIT table, check for equivalent entries and return error if one is found; using the NAME table, replace the old RDN with the new RDN; using the DIT Table, replace the old RDN with a normalised form of the new RDN; using the ENTRY table, insert the new value; using the SEARCH table, locate value old RDN and set DISTING to 0 and insert the new value; if deleteOldRDN is set to TRUE the procedures following the Tree Walk are as follows: using the DIT table, check for a sibling with the same name and an EID not equal to the base EID; COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:48 FAX Smoorenburg Attorneys IP AUSTRALIA Q083/113 using the NAME Table, replace the old RDN with the new RDN; using the DIT Table, replace the old RDN with a normalised form of the new RDN; using the ENTRY Table, delete the old value(s) and insert the new value(s); and using the Perform SEARCH Table, delete the old value(s) and insert the new
47. A method as set forth in any one of claims 1-46, wherein said directory service is one of an X.500 or LDAP service.
48. A system for implementing directory services for a relational data base management system using a relational language including: means for establishing a database using a plurality of tables, each table having a plurality of rows and columns, said database including at least one each of a HIERARCHY Table, an OBJECT Table and an ATTRIBUTE Table; means for defining a plurality of relational language commands, each corresponding to a respective one of a plurality of directory services, each service having a corresponding service executing procedure; means for selecting one of said plurality of directory services; means for applying a process of name resolution to the selected directory service, means for executing the procedure corresponding to the selected service, and means for building a response comprising an error or search result in response to said executing means.
49. A system for implementing directory services as claimed in claim 48 wherein said relational language is SQL. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:49 FAX Smoorenburg Attorneys IP AUSTRALIA Q084/113 81 A system for implementing directory services as claimed in claim 49, wherein said building means includes means for utilizing set orientation queries of SQL.
51. A system for implementing directory services as claimed in claim 48, 49 or wherein said selecting means includes means for identifying a specific service and the information that is to be returned.
52. A system for implementing directory services as claimed in any one of claims 48 to 51, wherein said database includes a directory tree, having a plurality of distinguished names (DN) each including one or more relative distinguished names (RDN), and said means for applying a process of name resolution comprises navigating said directory tree.
53. A system for implementing directory services as claimed in claim 52, wherein the search result returns as the response any distinguished name(s) located.
54. A system for implementing directory services as claimed in any one of claims 48 to 53, wherein Entry Information Selection (EIS) is associated with the selected service. A system for implementing directory services as claimed in claim 54, wherein the EIS can be selected to be one of: no information, attributes and value for selected or all attributes, or values only for selected or all attributes. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:49 FAX Smoorenburg Attorneys IP AUSTRALIA Q085/113 82
56. A system for implementing directory services as claimed in claim 54, wherein the selected service is a read service.
57. A system for implementing directory services as claimed in claim 54, wherein the selected service is a search service.
58. A system for implementing directory services as claimed in any one of claims 48 to 57, wherein the selected service executed has an associated set of common arguments defining service controls.
59. A system for implementing directory services as claimed in any one of claims 48 to 58, wherein the service controls includes at least one of a size limits, a time limit or security information. A system for implementing directory services as claimed in any one of claims 48 to 59, further including, building the response which includes a set of common results.
61. A system for implementing directory services as claimed in claim wherein the set of common results includes at least one of security parameters, the DN of the performer of the service or an alias dereferenced flag.
62. A system for implementing directory services as claimed in claim 61, wherein said process of navigating includes a tree walk, which begins from the root of the directory tree and continues down the directory tree until all the RDNs in a DN have been resolved. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:50 FAX Smoorenburg Attorneys IP AUSTRALIA Q086/113 83
63. A system for implementing directory services as claimed in any one of claims 52 to 62, further including: means for converting a DN into an entry ID (EID) and storing said EID; and wherein said process of navigating for a particular entry includes, given a DN for the entry, locate the entry in the HIERARCHY Table which has an RDN equal to the first RDN in the DN; and means to store the EID and recursively locate the entry which has an RDN equal to the next RDN in the DN and a parent equal to the stored EID.
64. A system for implementing directory services as claimed in any one of claims 51 to 63, wherein said database returns data as attribute ID and raw data values. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a read service, further including: means for converting a DN into an entry ID (EID) and storing said EID; and means for reading, in the OBJECT Table, the values of all rows which match the stored EID.
66. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a compare service, further including: means for converting a DN into an entry ID (EID) and storing said EID; and means for testing, in the OBJECT Table, for a matching value in all rows which match the stored EID and a specified attribute ID (AID).
67. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a list service, further including: means for converting a DN into an entry ID (EID) and storing said EID; and COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:50 FAX Smoorenburg Attorneys IP AUSTRALIA Q087/113 84 means for returning the RDNs, in the HIERARCHY Table, for all rows with a parent matching the stored EID.
68. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly an add entry service, further including: means for converting all but the last RDN of a DN into an entry ID (EID) and storing said EID; and means for adding a new EID to the HIERARCHY Table, and for adding to the OBJECT Table rows for each value in the new entry.
69. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a remove entry service, further including: means for converting a DN into an entry ID (EID) and storing said EID; and means for removing the entry from the HIERARCHY Table, and means for removing from the OBJECT Table all rows which match the stored EID. A system for implementing directory services as claimed in claim 69, further including: means for checking, prior to the converting step, that the entry has no subordinate entries on the tree.
71. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a modify entry service, further including: means for converting a D.N into an entry ID (EID) and storing said EID; and means for, in the OBJECT Table, applying at least one of an add, remove or modify service to rows matching the stored EID. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:50 FAX Smoorenburg Attorneys IP AUSTRALIA R088/113
72. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a modify RDN service, further including: means for converting a DN into an entry ID (EID) and storing said EID; means to check that the new name (RDN) does not exist in the current level of the subtree, and means to modify the entry in the HIERARCHY and OBJECT Tables.
73. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a base level search service, further including: means for converting a DN into an entry ID (EID) and storing said EID; means for reading, in the OBJECT Table, nominated values from rows which match the stored EID where a filter criteria is satisfied.
74. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a one level search service, further including: means for converting a DN into an entry ID (EID) and storing said EID; means for returning a list of EIDs which have a parent EID matching the stored EID in the HIERARCHY Table and have values which satisfy the filter criteria in the OBJECT Table; and means for reading, in the OBJECT Table, nominated values for returned EIDs. A system for implementing directory services as claimed in any one of claims 52 to 64, particularly a subtree search service, further including: means for converting a DN into an entry ID (EID) and storing said EID; means for returning a list of EIDs which have a path matching that of the base object in the HIERARCHY Table and have values which satisfy the filter criteria in the OBJECT Table; and means for reading, in the OBJECT Table, nominated values for returned EIDs. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:51 FAX Smoorenburg Attorneys IP AUSTRALIA [089/113 86
76. A system for implementing directory services as claimed in any one of claims 52 to 64, further including: means for resolving aliases during navigation in response to an alias control flag and the characteristic of the service implemented.
77. A system for implementing directory services for a relational data base management system using a relational language including: means for establishing a database using a plurality of tables, each table having a plurality of rows and columns, said database including at least one each of a HIERARCHY Table including a DIT Table, NAME Table, ALIAS Table and TREE Table, an OBJECT Table including a SEARCH Table and an ENTRY Table, and an ATTRIBUTE Table; means for defining a plurality of relational language commands, each corresponding to a respective one of a plurality of directory services, each service having a corresponding service executing procedure; means for selecting one of said plurality of directory services; means for applying a process of name resolution to the selected directory service, means for executing the procedure corresponding to the selected service, and means for building a response including an error or search result in response to said executing step.
78. A system for implementing directory services as claimed in claim 77, wherein said database includes a directory tree, having a plurality of distinguished names (DN) each including one or more relative distinguished names (RDN), and said step of applying a process of name resolution includes navigating said directory tree. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:51 FAX Smoorenburg Attorneys IP AUSTRALIA 090/113 87
79. A system for implementing directory services as claimed in claim 78, wherein said process of navigating includes a tree walk, which begins from the root of the directory tree and continues down the directory tree until all the RDNs in a DN have been resolved. A system for implementing directory services as claimed in claim 78 or 79, further including: means for converting a DN into an entry ID (EID) and storing said EID; and wherein said process of navigating for a particular entry includes, given a DN for the entry, locating the entry in the HIERARCHY Table which has an RDN equal to the first RDN in the DN; and means for storing the EID and recursively locate the entry which has an RDN equal to the next RDN in the DN and a parent equal to the stored EID.
81. A system for implementing directory services as claimed in claim 78, 79 or particularly a read service to extract information from an explicitly identified entry, further including: means for performing a tree walk using the DIT Table, resolving aliases if necessary and obtain the base EID; means for using a path from the TREE Table and raw RDN's from the NAME Table, to build a DN and, if no attributes or values are specified, just return the DN, and if attributes or values are specified as all types and values, return the RAW values from the ENTRY Table for the matching EID, and if attributes or values of selected types and values are specified, obtain attribute IDs (AID's) from the ATTRIBUTE Table and then return selected types and/or values for the matching EID. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:51 FAX Smoorenburg Attorneys IP AUSTRALIA R091/113 88
82. A system for implementing directory services as claimed in claim 78, 79 or particularly a compare service for comparing a value with values of a particular attribute lype in a particular object entry, further including: means for performing a tree walk using the DIT Table, resolving aliases if necessary, and obtaining the EID of the base object; means for obtaining, from the ATTRIBUTE Table, the AID of the attribute to be compared; means for selecting, from the ENTRY Table, the one or more rows matching the EID and AID; means for comparing the value and return TRUE or FALSE as the compare result; and means for, if an alias is dereferenced, returning the DN of the selected object, using the path from the TREE Table and the RAW RDN's from the NAME Table.
83. A system for implementing directory services as claimed in claim 78, 79 or particularly a list service to obtain a list of immediate subordinates of an explicitly identified entry, further including: means for performing a tree walk using the DIT Table, resolving aliases if necessary; means to obtain the EID of the base object; and means, using the DIT and NAME Tables, to return an ALIAS flag and RAW RDN rows where PARENT equal to the EID of the base object.
84. A system for implementing directory services as claimed in claim 78, 79 or particularly a base object search service, further including: means for performing a tree walk using the DIT Table, resolving aliases if necessary, and obtaining the EID of the base object; means to apply the filter to attributes and values in the SEARCH Table with the EID of the selected object; COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:52 FAX Smoorenburg Attorneys IP AUSTRALIA 1092/113 89 means, if the filter condition is matched, to return the entry Information from the ENTRY Table; and means, if an alias is dereferenced, to return the DN using the TREE Table to extract the data defining a PATH and the NAME Table to build the DN. A system for implementing directory services as claimed in claim 78, 79 or particularly a one level search service, further including: means for performing a tree walk using the DIT Table, resolving aliases if necessary, and obtaining the EID of the base object; means to check to see if any aliases exist with PARENT EID and if so resolve them to obtain an aliases dereferenced list; means, using the search and DIT Tables, to apply the filter (attribute/value conditions) and the scope (PARENT EID of selected object and any aliases dereferenced) so that a list of matching EID's will be returned; means, if an alias is dereferenced, to return the DN using the TREE Table to extract the information related to the PATH and the NAME Table to build the DN; and for each matching EID, means to return the entry information obtained from the SEARCH Table using the ENTRY Table.
86. A system for implementing directory services as claimed in claim 78, 79 or particularly a whole subtree search service, further including: means for performing a tree walk using the DIT Table, resolving aliases if necessary, and obtaining the EID of the base object; means to check to see if any aliases exist with a PATH prefix matching the PATH of the selected object; means, for each alias discovered, to check to see if the alias points outside the current subtree and, if it does repeat the previous step until all aliases have been resolved, whereby a set of unique base objects will have been found; COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:52 FAX Smoorenburg Attorneys IP AUSTRALIA 9093/113 means, using the SEARCH and TREE Tables, to apply a filter and a scope to each unique base object so that a list of matching EID's will be retumed; means, if an alias is dereferenced during navigation and not during searching, to return the DN using the TREE Table to extract the PATH and the NAME Table to build the DN; and for each matching EID, means to return the entry information obtained from the SEARCH Table using the ENTRY Table.
87. A system for implementing directory services as claimed in any one of claims 77 to 80, particularly an add service to add a leaf entry, either an object entry or an alias entry, to the Directory Information Tree (DIT), further including: means for using the DIT Table, tree walk to the parent of the entry to be added;. means for using the DIT Table, check if the entry exists; and means, if the entry does not exist, to allocate a new EID and add the entry, insert into the DIT Table, the NAME Table, the TREE Table, the SEARCH Table, the ENTRY Table and, if it is an alias entry, the ALIAS Table.
88. A system for implementing directory services as claimed in any one of claims 77 to 80, particularly a remove service to remove a leaf entry, either an object entry or an alias entry, to the Directory Information Tree (DIT), further including: means for performing a tree walk using the DIT Table, and obtaining the EID of the base object; means, if the entry exists, and it is a leaf entry, then for the condition EID EID of the selected object, to delete from the DIT Table, the NAME Table, the TREE Table, the SEARCH Table, the ENTRY Table and, if it is an alias entry, the ALIAS Table. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:53 FAX Smoorenburg Attorneys IP AUSTRALIA Q094/113 91
89. A system for implementing directory services as claimed in any one of claims 77 to 80, particularly a modify entry service, further including: means for performing a tree walk using the DIT Table, and obtaining the EID of the selected object; means, for the selected object, to perform one or more of the following actions: Add Value, Delete Value, Add Attribute, Delete Attribute, whose operations required for each action are as follows: Add Value: if the attribute exists, add the value to the ENTRY Table and the SEARCH Table; Delete Value: for the ENTRY Table and the SEARCH Table, if the attribute value exists, delete it; Add Attribute: if the attribute does not exist, add the Attribute Values to the ENTRY Table and the SEARCH Table; and Delete Attribute: for the ENTRY Table and the SEARCH Table, if the attribute exists, delete it. A system of implementing directory services as claimed in any one of claims 77 to 80, particularly a modify RDN service, further including: means for performing a tree walk using the DIT Table, and obtaining the EID and Parent EID of the base object; means, using the DIT Table, to check for equivalent entries and return error if one is found; means, using the NAME Table, to replace the old RDN with the new RDN; means, using the DIT Table, to replace the old RDN with a normalised form of the new RDN; means, using the ENTRY Table, to insert the new value; means, using the SEARCH Table, to locate value old RDN and set DISTING to 0 and insert the new value; and if deleteOldRDN is set to TRUE the operations following the Tree Walk are as follows: means, using the DIT Table, to check for a sibling with the same name and an EID not equal to the base EID; COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:53 FAX Smoorenburg Attorneys IP AUSTRALIA R095/113 92 means, using the NAME Table, to replace the old RDN with the new RDN; means, using the DIT Table, to replace the old RDN with a normalised form of the new RDN; means, using the ENTRY Table, to delete the old value(s) and insert the new value(s); and means, using the Perform SEARCH Table, to delete the old value(s) and insert the new.
91. A system as set forth in any one of claims 48-90, wherein said directory service is one of an X.500 and a LDAP service.
92. A method of creating one or more SQL commands corresponding to a directory service, the method including the steps of: i. determining the directory service, ii. applying a process of name resolution to the service, iii. executing a procedure corresponding to the service, and iv. building an error or result in response to step iii.
93. A method as claimed in claim 92, including, applying at least one service control to the method.
94. A method as claimed in claim 93, wherein the service control includes at least a time limit. A method as claimed in claim 94, wherein the service control includes at least a size limit.
96. A method of executing a service in a directory service system, the method including using a DIT Table for a navigate function. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:53 FAX Smoorenburg Attorneys IP AUSTRALIA Q096/113 93
97. A method of executing a service in a directory service system, the method including using a DIT Table for a one level search function.
98. A method of executing a service in a directory service system, the method including using a SEARCH Table for a find function.
99. A method of executing a service in a directory service system, the method including using a NAME Table for a returning DN function.
100. A method of executing a service in a directory service system, the method including using an ENTRY Table for a returning object function.
101. A method of executing a service in a directory service system, the method including using a TREE Table for a returning DN function.
102. A method of executing a service in a directory service system, the method including using a TREE Table for a subtree search function.
103. A method of executing a service in a directory service system, the method including using an ALIAS Table for an alias function.
104. A method as claimed in any one of claims 92 to 95, in combination with a step of executing which includes the services as claimed in any one of claims 96 to 103. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:54 FAX Smoorenburg Attorneys IP AUSTRALIA Q097/113 94
105. A method of providing directory services in a directory service system, the method including the step of: caching the ATTRIBUTE Table thereby limiting SQL statements issued to the database.
106. A method of providing directory services in a directory service system, the method including the step of: performing validation in memory.
107. A method of providing arbitrary complexity in directory services in a directory service system, the method including the step of: in applying an arbitrary filter, building a dynamic SQL equivalent.
108. A method of providing directory services in a directory service system, the method including the step of: utilising set orientation queries of SQL.
109. A method of providing directory services in a directory service system, the method including the step of: providing a FLAG column in order to enhance extensibility.
110. A method of providing directory services in a directory service system, the method including the step of: providing a FLAG column as a 'summary' function of contents of a table.
111. A method of providing directory services in a directory service system, the method including the step of: providing cached aliases. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:54 FAX Smoorenburg Attorneys IP AUSTRALIA 1098/113 C t 112. A method of providing directory services in a directory service system, the Smethod including the step of: providing a LEV column to shorten indexes on each table.
113. A tree navigation method as disclosed in section 5.1 of the description. S114. A tree navigation method as disclosed in section 3.1.2 of the description. N 115. A method of executing a tree navigation service including an alias as disclosed in section 5.1 of the description.
116. A method of executing a tree navigation service including alias as disclosed in section 3.3 or 3.4 of the description.
117. A method of adding objects to the DIT table as disclosed in section 5.1 of the description.
118. A method of returning a distinguished name in a service result as disclosed in section 5.1 of the description.
119. A method of performing EIS as disclosed in section 5.1 of the description.
120. A method of providing common arguments as disclosed in section 5.1 of the description.
121. A method of providing common results as disclosed in section 5.1 of the description.
122. A method of executing a read service as disclosed in section 5.2 of the description. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:54 FAX Smoorenburg Attorneys IP AUSTRALIA 1099/113 96
123. A method of executing a read service as disclosed in section 3.1.3 of the description.
124. A method of executing a compare service as disclosed in section 5.3 of the description.
125. A method of executing a compare service as disclosed in section 3.1.4 of the description.
126. A method of executing a list service as disclosed in section 5.4 of the description.
127. A method of executing a list service as disclosed in section 3.1.5 of the description.
128. A method of executing a search service as disclosed in section 5.5 of the description.
129. A method of executing a search service as disclosed in section 3.2, 3.3 or 3.4 of the description.
130. A method of executing an add entry service as disclosed in section 5.6 of the description.
131. A method of executing an add entry service as disclosed in section 3.1.6 of the description.
132. A method of executing a remove entry service as disclosed in section 5.7 of the description.
133. A method of executing a remove entry service as disclosed in section 3.1.7 of the description. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:55 FAX Smoorenburg Attorneys IP AUSTRALIA Q100/113 97
134. A method of executing a modify entry service as disclosed in section 5.8 of the description.
135. A method of executing a modify entry service as disclosed in section 3.1.8 of the description.
136. A method of executing a modify RDN service as disclosed in section 5.9 of the description.
137. A method of executing a modify RDN service as disclosed in section 3.1.9 of the description.
138. A method of providing directory services in a directory service system, the method including the step of: caching the attribute table thereby limiting SQL statements issued to the database.
139. A method as claimed in any one of claims 92-138, wherein said directory service is one of an X.500 or LDAP service.
140. In use, a directory service system implementing a method as claimed in any one of claims 1-47 or 92-139.
141. In use, a system as claimed in claim 140, wherein the directory service is X.500 or LDAP.
142. A directory services system including any one of the methods of claims 1 to 47 or 92 to 139. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:55 FAX Smoorenburg Attorneys IP AUSTRALIA [a101/113 98
143. A program product including a computer storage medium containing therein a computer program operable in accordance with the method recited in any one of claims 1-47 or 92-139.
144. A program product as set forth in claim 143 wherein said directory service is one of an X.500 or LDAP service.
145. A system as claimed in any one of claims 48-90, wherein the directory services implemented are X.500 or LDAP.
146. A method of implementing X.500 services in a RDBMS which supports a relational language, using service modeling, including: modeling each of a plurality of X.500 services; defining the relationships among each of said plurality of X.500 services; defining a fixed set of queries/services using said modelled X.500 services and relationships; and processing arbitrary data using said fixed set of queries/services; wherein said service modeling uses relational queries to satisfy X.500 services compatibly with RDBMS.
147. The method of claim 146, wherein said relational language includes SQL.
148. The method of claim 146 or 147, wherein X.500 services are invoked via a LDAP protocol.
149. The method of claim 146 or 147, wherein X.500 services are invoked via X.500 protocol. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:55 FAX Smoorenburg Attorneys 4- IP AUSTRALIA [1102/113 99
150. The method as claimed in any one of claims 146 to 149, wherein every data type is treated generically and is assigned an index.
151. The method as claimed in any one of claims 146 to 149, wherein services are resolved using static SQL statements or dynamic SQL statements.
152. An implementation of X.500 services in a RDBMS which supports a relational language, using service modeling, the implementation including: an ATTRIBUTE Table, where extensibility is addressed by allowing the definition of a new attribute type by adding a row to the table; an OBJECT Table, which defines the attributes within each object; and/or a HIERARCHY Table which defines the relationship between the objects.
153. The implementation of claim 152, wherein said OBJECT Table includes normalised value columns and raw value columns.
154. The implementation of claim 152 or 153, wherein said HIERARCHY Table includes a normalised name column and a raw name column.
155. The implementation of claim 152, 153 or 154, wherein the HIERARCHY Table further includes an alias column for indicating that an entry is an alias. 156 The implementation of claim 155, wherein the alias column includes an alias and an A-EID column providing information about the destination to which the alias points. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:56 FAX Smoorenburg Attorneys IP AUSTRALIA Q103/113 100
157. The implementation of claim 155 or 156, wherein the HIERARCHY Table includes a parent column with parent ID information defining the parent entry, and a path column, the path column containing information enabling a determination of the absolute position in a HIERARCHY and a determination if an entry is in a given subtree by its prefix.
158. A method as claimed in claim 18, wherein said method is for implementing X.500 READ services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
159. A method as claimed in claim 20, wherein said method is for implementing X.500 COMPARE services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
160. A method as claimed in claim 22, wherein said method is for implementing. X.500 LIST services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
161. A method as claimed in claim 28, wherein said method is for implementing X.500 SEARCH services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
162. A method as claimed in claim 29, wherein said method is for implementing X.500 SEARCH services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
163. A method as claimed in claim 30, wherein said method is for implementing X.500 SEARCH services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:56 FAX Smoorenburg Attorneys IP AUSTRALIA [104/113 101
164. A method as claimed in claim 23, wherein said method is for implementing X.500 ADD ENTRY services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
165. A method as claimed in claim 24, wherein said method is for implementing X.500 REMOVE entry services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
166. A method as claimed in claim 26, wherein said method is for implementing X.500 MODIFY services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
167. A method as claimed in claim 27, wherein said method is for implementing X.500 MODIFY RDN services in a RDBMS which supports a relational language, having a fixed set of queries/services defined by service modeling.
168. A method as claimed in any one of claims 1 to 47, 92 to 139, 146 to 151, or 158 to 167 substantially as herein described with reference to the accompanying drawings.
169. A system as claimed in any one of claims 48 to 91, 140, 141, 142 or 145 substantially as herein described with reference to the accompanying drawings. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16 16/03 2007 FRI 12:56 FAX Smoorenburg Attorneys AUSTRALIA Ij0/1 Q105/113 102
170. An implementation as claimed in any one of claims 152 to 157 substantially as herein described with reference to the accompanying drawings. COMS ID No: SBMI-06645568 Received by IP Australia: Time 13:00 Date 2007-03-16
AU2007201149A 1994-09-01 2007-03-16 Directory Services System and Methods with Mapping Abandoned AU2007201149A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AUPM7842 1994-09-01
AUPM9586 1994-11-21
AU2003201337A AU2003201337A1 (en) 1994-09-01 2003-03-18 Directory services system and methods with mapping

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU2003201337A Division AU2003201337A1 (en) 1994-09-01 2003-03-18 Directory services system and methods with mapping

Publications (1)

Publication Number Publication Date
AU2007201149A1 true AU2007201149A1 (en) 2007-04-05

Family

ID=37944488

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2007201149A Abandoned AU2007201149A1 (en) 1994-09-01 2007-03-16 Directory Services System and Methods with Mapping

Country Status (1)

Country Link
AU (1) AU2007201149A1 (en)

Similar Documents

Publication Publication Date Title
EP0777883B1 (en) X.500 system and methods
US20080040365A1 (en) Table arrangement for a directory service and for related method and facilitating queries for the directory
Mealling Dynamic delegation discovery system (DDDS) part two: The algorithm
US6609121B1 (en) Lightweight directory access protocol interface to directory assistance systems
JP5102841B2 (en) Method for distributed directory with proxy, proxy server, and proxy directory system
US7349913B2 (en) Storage platform for organizing, searching, and sharing data
US7720794B2 (en) Identifying resource and data instances in management systems
WO2000065486A2 (en) A method of mapping semantic context to enable interoperability among disparate sources
Jagadish et al. Revisiting the hierarchical data model
Yeo et al. A taxonomy of issues in name systems design and implementation
AU712451B2 (en) X.500 system and methods
Hardcastle-Kille X. 500 and domains
AU2007201149A1 (en) Directory Services System and Methods with Mapping
AU6175399A (en) Directory services system and methods with mapping
AU2007201142A1 (en) Table arrangement for a X.500 System and Methods
AU6175499A (en) Directory services searching system and methods
AU6175099A (en) Data tolerance in a X.500 system and methods
AU2007201141A1 (en) Data Tolerance in a X.500 System and Methods
AU2007201143A1 (en) Metadata in X.500 System and Methods
AU6175199A (en) Metadata in X.500 systems and methods
AU6175299A (en) Table arrangement for a X.500 system and methods
AU2007201145A1 (en) Directory Services Searching System and Methods
KR100424557B1 (en) a Memory Resident LDAP System and a Management Method thereof
Davis Combining a flexible data model and phase schema translation in data model reverse engineering
Benford Components of OSI: The OSI Directory Service

Legal Events

Date Code Title Description
MK4 Application lapsed section 142(2)(d) - no continuation fee paid for the application