RFC1943 日本語訳
1943 Building an X.500 Directory Service in the US. B. Jennings. May 1996. (Format: TXT=51266 bytes) (Status: INFORMATIONAL)
プログラムでの自動翻訳です。
RFC一覧
英語原文
Network Working Group B. Jennings Request for Comments: 1943 Sandia National Laboratory Category: Informational May 1996
Network Working Group B. Jennings Request for Comments: 1943 Sandia National Laboratory Category: Informational May 1996
Building an X.500 Directory Service in the US
Building an X.500 Directory Service in the US
Status of this Memo
Status of this Memo
This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Abstract
Abstract
This document provides definition and recommends considerations that must be undertaken to operate a X.500 Directory Service in the United States. This project is the work performed for the Integrated Directory Services Working Group within the Internet Engineering Task Force, for establishing an electronic White Pages Directory Service within an organization in the US and for connecting it to a wide-area Directory infrastructure.
This document provides definition and recommends considerations that must be undertaken to operate a X.500 Directory Service in the United States. This project is the work performed for the Integrated Directory Services Working Group within the Internet Engineering Task Force, for establishing an electronic White Pages Directory Service within an organization in the US and for connecting it to a wide-area Directory infrastructure.
Establishing a successful White Pages Directory Service within an organization requires a collaborative effort between the technical, legal and data management components of an organization. It also helps if there is a strong commitment from the higher management to participate in a wide-area Directory Service.
Establishing a successful White Pages Directory Service within an organization requires a collaborative effort between the technical, legal and data management components of an organization. It also helps if there is a strong commitment from the higher management to participate in a wide-area Directory Service.
The recommendations presented in the document are the result of experience from participating in the Internet White Pages project.
The recommendations presented in the document are the result of experience from participating in the Internet White Pages project.
Table of Contents
Table of Contents
1.0 Introduction 2 1.1 Purpose of this Document 2 1.2 Introduction to Directory Services 2 2.0 The X.500 Protocol 4 2.1 Introduction 4 2.2 Directory Model 4 2.3 Information Model 5 2.4 Benefits and Uses for X.500 Directory Service 6 2.5 Other Applications of X.500 7 3.0 Legal Issues 8 3.1 Introduction 8 3.2 Purpose of the Directory 8 3.3 User Rights 9 3.4 Data Integrity 9
1.0 Introduction 2 1.1 Purpose of this Document 2 1.2 Introduction to Directory Services 2 2.0 The X.500 Protocol 4 2.1 Introduction 4 2.2 Directory Model 4 2.3 Information Model 5 2.4 Benefits and Uses for X.500 Directory Service 6 2.5 Other Applications of X.500 7 3.0 Legal Issues 8 3.1 Introduction 8 3.2 Purpose of the Directory 8 3.3 User Rights 9 3.4 Data Integrity 9
Jennings Informational [Page 1] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 1] RFC 1943 Building an X.500 Directory Service in the US May 1996
3.5 Protection of the Data 10 3.6 Conclusions 10 4.0 Infrastructure 11 4.1 Introduction 11 4.2 A Well Maintained Infrastructure 11 4.3 DUA Interfaces for End Users 12 5.0 Datamanagement & Pilot Projects 13 5.1 Simple Internet White Pages Service 13 5.2 InterNIC 13 5.3 ESnet 14 6.0 Recommendations 14 6.1 General 14 6.2 Getting Started 14 6.3 Who are the Customers 14 6.4 What are the Contents of the Directory 15 6.5 What are the Rights of the Individuals 15 6.6 Data Integrity 16 6.7 Data Security 16 6.8 Data Administration 17 6.9 Conclusion 17 7.0 References 18 8.0 Glossary 19 9.0 Security Considerations 22 10.0 Author's Address 22
3.5 Protection of the Data 10 3.6 Conclusions 10 4.0 Infrastructure 11 4.1 Introduction 11 4.2 A Well Maintained Infrastructure 11 4.3 DUA Interfaces for End Users 12 5.0 Datamanagement & Pilot Projects 13 5.1 Simple Internet White Pages Service 13 5.2 InterNIC 13 5.3 ESnet 14 6.0 Recommendations 14 6.1 General 14 6.2 Getting Started 14 6.3 Who are the Customers 14 6.4 What are the Contents of the Directory 15 6.5 What are the Rights of the Individuals 15 6.6 Data Integrity 16 6.7 Data Security 16 6.8 Data Administration 17 6.9 Conclusion 17 7.0 References 18 8.0 Glossary 19 9.0 Security Considerations 22 10.0 Author's Address 22
1.0 Introduction
1.0 Introduction
1.1 Purpose of this Document
1.1 Purpose of this Document
This document provides an introduction for individuals planning to build a directory service for an organization in the US. It presents an introduction to the technical, legal, and organizational aspects of a directory service. It describes various options to organizations who want to operate an X.500 Directory service and illustrates these with examples of current X.500 service providers.
This document provides an introduction for individuals planning to build a directory service for an organization in the US. It presents an introduction to the technical, legal, and organizational aspects of a directory service. It describes various options to organizations who want to operate an X.500 Directory service and illustrates these with examples of current X.500 service providers.
1.2 Introduction to Directory Services
1.2 Introduction to Directory Services
An electronic directory server is an electronic process that provides a list of information provided via electronic access. This information is variable in content, however it should be explicitly defined by the directory purpose. Information about people, organizations, services, network hardware are just a few examples of data content that a directory service can provide. The aim of an X.500 Directory service is to make using the directory intuitive and as easy to use as calling for directory assistance. The X.500 Directory service is an international standard ratified by the International organization for Standardization (IS) and the ITU-T
An electronic directory server is an electronic process that provides a list of information provided via electronic access. This information is variable in content, however it should be explicitly defined by the directory purpose. Information about people, organizations, services, network hardware are just a few examples of data content that a directory service can provide. The aim of an X.500 Directory service is to make using the directory intuitive and as easy to use as calling for directory assistance. The X.500 Directory service is an international standard ratified by the International organization for Standardization (IS) and the ITU-T
Jennings Informational [Page 2] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 2] RFC 1943 Building an X.500 Directory Service in the US May 1996
International Telecommunication Union formerly (CCITT) in 1988 [1].
International Telecommunication Union formerly (CCITT) in 1988 [1].
The Directory is intended to be global service comprised of independently operated and distributed Directory Service Agents (DSAs), that provide information in the form of a White Pages Phone Directory.
The Directory is intended to be global service comprised of independently operated and distributed Directory Service Agents (DSAs), that provide information in the form of a White Pages Phone Directory.
Electronic mail communication benefits from the existence of a global electronic White Pages to allow network users to retrieve addressing information in an intuitive fashion. Manual searching for names and addresses, specifically electronic addresses, can take a great deal of time. A White Pages directory service can enable network users to retrieve the addresses of communication partners in a user friendly way, using known variables such as common name, surname, and organization to facilitate various levels of searches.
Electronic mail communication benefits from the existence of a global electronic White Pages to allow network users to retrieve addressing information in an intuitive fashion. Manual searching for names and addresses, specifically electronic addresses, can take a great deal of time. A White Pages directory service can enable network users to retrieve the addresses of communication partners in a user friendly way, using known variables such as common name, surname, and organization to facilitate various levels of searches.
In order to make global communication over computer networks work efficiently, a global electronic White Pages service is indispensable. Such a directory service could also contain telephone and fax numbers, postal addresses as well as platform type to facilitate in translation of documents between users on different systems. An electronic White Pages may prove to be useful for specific local purposes; replacing paper directories or improving quality of personnel administration for example. An electronic directory is much easier to produce and more timely than paper directories which are often out of date as soon as they are printed.
In order to make global communication over computer networks work efficiently, a global electronic White Pages service is indispensable. Such a directory service could also contain telephone and fax numbers, postal addresses as well as platform type to facilitate in translation of documents between users on different systems. An electronic White Pages may prove to be useful for specific local purposes; replacing paper directories or improving quality of personnel administration for example. An electronic directory is much easier to produce and more timely than paper directories which are often out of date as soon as they are printed.
The Internet White Pages Project provides many companies in the US with an opportunity to pilot X.500 in their organizations. Operating as a globally distributed directory service, this project allows organizations in a wide variety of industry type to make themselves known on the Internet and to provide access to their staff as desired.
The Internet White Pages Project provides many companies in the US with an opportunity to pilot X.500 in their organizations. Operating as a globally distributed directory service, this project allows organizations in a wide variety of industry type to make themselves known on the Internet and to provide access to their staff as desired.
Some organizations, such as ESnet agreed to manage directory information for other organizations. ESnet maintains data at their site for all the national laboratories. They provide assistance to organizations in defining their directory information tree (DIT) structure. They also provide free access to the X.500 Directory via Gopher, WWW, DUAs, whois and finger protocols.
Some organizations, such as ESnet agreed to manage directory information for other organizations. ESnet maintains data at their site for all the national laboratories. They provide assistance to organizations in defining their directory information tree (DIT) structure. They also provide free access to the X.500 Directory via Gopher, WWW, DUAs, whois and finger protocols.
The InterNIC is another directory services provider on the Internet. To date [June 1995] they hold X.500 directory data for 52 organizations and provide free access to this data via various protocols: X.500 DUA, E-Mail, whois, Gopher and WWW.
The InterNIC is another directory services provider on the Internet. To date [June 1995] they hold X.500 directory data for 52 organizations and provide free access to this data via various protocols: X.500 DUA, E-Mail, whois, Gopher and WWW.
To find the most current listing of X.500 providers see RFC 1632 - Catalog of Available X.500 Implementations [2].
To find the most current listing of X.500 providers see RFC 1632 - Catalog of Available X.500 Implementations [2].
Jennings Informational [Page 3] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 3] RFC 1943 Building an X.500 Directory Service in the US May 1996
2.0 The X.500 Protocol
2.0 The X.500 Protocol
2.1 Introduction
2.1 Introduction
This chapter provides the basic technical information necessary for an organization to begin deploying an X.500 Directory Service. It provides a brief introduction to the X.500 protocol and the possibilities that X.500 offers.
This chapter provides the basic technical information necessary for an organization to begin deploying an X.500 Directory Service. It provides a brief introduction to the X.500 protocol and the possibilities that X.500 offers.
2.2 The Directory Model
2.2 The Directory Model
X.500 Directory Model is a distributed collection of independent systems which cooperate to provide a logical data base of information to provide a global Directory Service. Directory information about a particular organization is maintained locally in a Directory System Agent (DSA). This information is structured within specified standards. Adherence to these standards makes the distributed model possible. It is possible for one organization to keep information about other organizations, and it is possible for an organization to operate independently from the global model as a stand alone system. DSAs that operate within the global model have the ability to exchange information with other DSAs by means of the X.500 protocol.
X.500 Directory Model is a distributed collection of independent systems which cooperate to provide a logical data base of information to provide a global Directory Service. Directory information about a particular organization is maintained locally in a Directory System Agent (DSA). This information is structured within specified standards. Adherence to these standards makes the distributed model possible. It is possible for one organization to keep information about other organizations, and it is possible for an organization to operate independently from the global model as a stand alone system. DSAs that operate within the global model have the ability to exchange information with other DSAs by means of the X.500 protocol.
DSAs that are interconnected form the Directory Information Tree (DIT). The DIT is a virtual hierarchical data structure. An X.500 pilot using QUIPU software introduced the concept of a "root" DSA which represents the world; below which "countries" are defined. Defined under the countries are "organizations". The organizations further define "organizational units" and/ or "people". This DIT identifies the DIT for the White Pages X.500 services.
DSAs that are interconnected form the Directory Information Tree (DIT). The DIT is a virtual hierarchical data structure. An X.500 pilot using QUIPU software introduced the concept of a "root" DSA which represents the world; below which "countries" are defined. Defined under the countries are "organizations". The organizations further define "organizational units" and/ or "people". This DIT identifies the DIT for the White Pages X.500 services.
Each DSA provides information for the global directory. Directories are able to locate in the hierarchical structure discussed above, which DSA holds a certain portion of the directory. Each directory manages information through a defined set of attributes and in a structure defined as the Directory Information Base (DIB).
Each DSA provides information for the global directory. Directories are able to locate in the hierarchical structure discussed above, which DSA holds a certain portion of the directory. Each directory manages information through a defined set of attributes and in a structure defined as the Directory Information Base (DIB).
A DSA is accessed by means of a Directory User Agent (DUA). A DUA interacts with the Directory by communicating with one or more DSAs as necessary to respond to a specific query. DUAs can be an IP protocol such as whois or finger, or a more sophisticated application which may provide Graphical User Interface (GUI) access to the DSA. Access to a DSA can be accomplished by an individual or automated by computer application.
A DSA is accessed by means of a Directory User Agent (DUA). A DUA interacts with the Directory by communicating with one or more DSAs as necessary to respond to a specific query. DUAs can be an IP protocol such as whois or finger, or a more sophisticated application which may provide Graphical User Interface (GUI) access to the DSA. Access to a DSA can be accomplished by an individual or automated by computer application.
Jennings Informational [Page 4] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 4] RFC 1943 Building an X.500 Directory Service in the US May 1996
2.3 The Information Model
2.3 The Information Model
In addition to the Directory Model, the X.500 standard defines the information model used in the Directory Service. All information in the Directory is stored in "entries", each of which belong to at least one "object class". In the White Pages application of X.500 object classes are defined as country, organization, organizational unit and person.
In addition to the Directory Model, the X.500 standard defines the information model used in the Directory Service. All information in the Directory is stored in "entries", each of which belong to at least one "object class". In the White Pages application of X.500 object classes are defined as country, organization, organizational unit and person.
The object classes to which an entry belongs defines the attributes associated with a particular entry. Some attributes are mandatory others are optional. System administrators may define their own attributes and register these with regulating authorities, which will in turn make these attributes available on a large scale.
The object classes to which an entry belongs defines the attributes associated with a particular entry. Some attributes are mandatory others are optional. System administrators may define their own attributes and register these with regulating authorities, which will in turn make these attributes available on a large scale.
Every entry has a Relative Distinguished Name (RDN), which uniquely identifies the entry. A RDN is made up of the DIT information and the actual entry.
Every entry has a Relative Distinguished Name (RDN), which uniquely identifies the entry. A RDN is made up of the DIT information and the actual entry.
The Directory operates under a set of rules know as the Directory schema. This defines correct utilization of attributes, and ensures an element of sameness throughout the global Directory Service.
The Directory operates under a set of rules know as the Directory schema. This defines correct utilization of attributes, and ensures an element of sameness throughout the global Directory Service.
Under the White Pages object class "Person" there are three mandatory attributes:
Under the White Pages object class "Person" there are three mandatory attributes:
objectClass commonName surName
objectClass commonName surName
These attributes along with the DIT structure above, define the RDN.
These attributes along with the DIT structure above, define the RDN.
An example of an entry under Sandia National Laboratory is shown here: @c=US@o=Sandia National Laboratory@ou=Employees@cn=Barbara Jennings
An example of an entry under Sandia National Laboratory is shown here: @c=US@o=Sandia National Laboratory@ou=Employees@cn=Barbara Jennings
root
/ \
/ \
c=US c=CA
/ \
/ \
o=Sandia National o=ESnet
Laboratory
/ \
/ \
ou=Employees ou=Guests
/ \
/ \
cn=Barbara Jennings cn=Paul Brooks
root / \ / \ c=US c=CA / \ / \ o=Sandia National o=ESnet Laboratory / \ / \ ou=Employees ou=Guests / \ / \ cn=Barbara Jennings cn=Paul Brooks
Jennings Informational [Page 5] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 5] RFC 1943 Building an X.500 Directory Service in the US May 1996
Organizations may define the best structure suited for their DIT. Typically an organizations DIT will look very much like the organizations structure itself. A DIT structure is determined by naming rules and as such, becomes the elements unique Relative Distinguished Name (RDN). The DIT structure may also be dependent on whether the DSA information is administered by a flat file or a database. Extra consideration to designing of the DIT structure should be taken when using flat files versus a database, as it takes longer to search through a flat file if the tree structure becomes too complex or intricate. To obtain information on recommended schema for DIT structuring see RFC1274 [3].
Organizations may define the best structure suited for their DIT. Typically an organizations DIT will look very much like the organizations structure itself. A DIT structure is determined by naming rules and as such, becomes the elements unique Relative Distinguished Name (RDN). The DIT structure may also be dependent on whether the DSA information is administered by a flat file or a database. Extra consideration to designing of the DIT structure should be taken when using flat files versus a database, as it takes longer to search through a flat file if the tree structure becomes too complex or intricate. To obtain information on recommended schema for DIT structuring see RFC1274 [3].
2.4 Benefits and Uses for X.500 Directory Service
2.4 Benefits and Uses for X.500 Directory Service
The nature of the X.500 Directory makes it suitable for independently operated segments that can be expanded to global distribution. The benefits for local directory use are:
The nature of the X.500 Directory makes it suitable for independently operated segments that can be expanded to global distribution. The benefits for local directory use are:
- with the distributed nature of the service, an organization may separate the responsibility for management of many DSAs and still retain the overall structure;
- with the distributed nature of the service, an organization may separate the responsibility for management of many DSAs and still retain the overall structure;
- the robustness of this service allows it to provide information to a wide range of applications. Whereas globally integrated projects must conform to a specific DIT, independent X.500 operations may define unique DITs, object classes and attributes as per their specific needs;
- the robustness of this service allows it to provide information to a wide range of applications. Whereas globally integrated projects must conform to a specific DIT, independent X.500 operations may define unique DITs, object classes and attributes as per their specific needs;
- X.500 is a good alternative for paper directories, offering the ability to update and modify in an interactive mode. This allows a company to provide the most current information with less cost and effort;
- X.500 is a good alternative for paper directories, offering the ability to update and modify in an interactive mode. This allows a company to provide the most current information with less cost and effort;
- because of the electronic base of X.500, other electronic applications may interact with the application without human intervention.
- because of the electronic base of X.500, other electronic applications may interact with the application without human intervention.
The benefits for global directory use are:
The benefits for global directory use are:
- the distributed nature of X.500 is well suited for large global applications such as the White Pages Directory. Maintenance can be performed in a distributed manner;
- the distributed nature of X.500 is well suited for large global applications such as the White Pages Directory. Maintenance can be performed in a distributed manner;
- X.500 offers good searching capabilities from any level in the DIT. Also with "User Friendly Naming" in place, searches are very intuitive;
- X.500 offers good searching capabilities from any level in the DIT. Also with "User Friendly Naming" in place, searches are very intuitive;
Jennings Informational [Page 6] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 6] RFC 1943 Building an X.500 Directory Service in the US May 1996
- there are DUA interfaces for the White Pages service available for all types of workstations. For an overview of X.500 software reference RFC1632.
- there are DUA interfaces for the White Pages service available for all types of workstations. For an overview of X.500 software reference RFC1632.
- X.500 is an international standard. Using such a standard ensures interoperability within the worldwide base.
- X.500 is an international standard. Using such a standard ensures interoperability within the worldwide base.
2.5 Other Applications of X.500
2.5 Other Applications of X.500
In addition to the White Pages, X.500 can be used as a source for any type of information that needs a distributed storage base.
In addition to the White Pages, X.500 can be used as a source for any type of information that needs a distributed storage base.
The University of Michigan is using X.500 for electronic mail routing. Any mail coming to the university domain, umich.edu; gets expanded out to a local address that is stored in the rfc822Mailbox attribute. The University also operates a standard X.500 name server which provides name lookup service of over 200,000 names. They use the Lightweight Directory Access Protocol (LDAP) [11].
The University of Michigan is using X.500 for electronic mail routing. Any mail coming to the university domain, umich.edu; gets expanded out to a local address that is stored in the rfc822Mailbox attribute. The University also operates a standard X.500 name server which provides name lookup service of over 200,000 names. They use the Lightweight Directory Access Protocol (LDAP) [11].
An implementation of the X.500 Standard directory service has been incorporated into the Open Software Foundation (OSF) Distributed Computing Environment (DCE). This component, known as the Global Directory Service (GDS), provides an area where distributed application clients can find their application servers. The GDS, in response to requests made by other clients, provides the unique network address for a particular DCE resource. Because it is based on a international standard, GDS can offer access to resources among users and organizations worldwide. This scalable service can be performed in DCE environments that range in size from the very small to the very large.
An implementation of the X.500 Standard directory service has been incorporated into the Open Software Foundation (OSF) Distributed Computing Environment (DCE). This component, known as the Global Directory Service (GDS), provides an area where distributed application clients can find their application servers. The GDS, in response to requests made by other clients, provides the unique network address for a particular DCE resource. Because it is based on a international standard, GDS can offer access to resources among users and organizations worldwide. This scalable service can be performed in DCE environments that range in size from the very small to the very large.
Lookup services can be implemented into a variety of applications. Cambridge University in Great Britain implemented the X.500 directory service into an employee locator application. Based on badge sensors at strategic locations, this application can determine the whereabouts of an employee on the campus. As the individual moves about, the sensors register their location in an X.500 Directory.
Lookup services can be implemented into a variety of applications. Cambridge University in Great Britain implemented the X.500 directory service into an employee locator application. Based on badge sensors at strategic locations, this application can determine the whereabouts of an employee on the campus. As the individual moves about, the sensors register their location in an X.500 Directory.
Digital Signature Service (DSS) and Privacy Enhanced Mail (PEM) work on the principal of a directory key server which generates and provide users with "public" codes that match previously registered "private" codes. Only the recipient can decipher messages sent in this fashion. The X.509 [4] standard for key certificates easily fits within the structure of the X.500 Directory Service.
Digital Signature Service (DSS) and Privacy Enhanced Mail (PEM) work on the principal of a directory key server which generates and provide users with "public" codes that match previously registered "private" codes. Only the recipient can decipher messages sent in this fashion. The X.509 [4] standard for key certificates easily fits within the structure of the X.500 Directory Service.
Jennings Informational [Page 7] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 7] RFC 1943 Building an X.500 Directory Service in the US May 1996
3.0 Legal Issues
3.0 Legal Issues
3.1 Introduction
3.1 Introduction
Currently in the United States, there are no specific legal rules for the information that is provided via an electronic directory service. Various organizations and groups associated with usage of the Internet, noting a need to address privacy and data integrity issues, have prepared directives to address this issue. Two such areas addressed are those of the rights of registrants included in the directory and the responsibility of administrators to guarantee the integrity of such data.
Currently in the United States, there are no specific legal rules for the information that is provided via an electronic directory service. Various organizations and groups associated with usage of the Internet, noting a need to address privacy and data integrity issues, have prepared directives to address this issue. Two such areas addressed are those of the rights of registrants included in the directory and the responsibility of administrators to guarantee the integrity of such data.
Registries containing information that is related to an individual is freely transferred and unregulated in the US, unless the provider of the data is an agency or an holder of sensitive information as defined by federal legislation and further may differ for each state. An agency is defined as: any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency. Sensitive data can be financial records, medical records, and certain legal documents. As previously noted, each state has their own legislation on sensitive or private data.The registered persons have little recourse to control list information short of filing a lawsuit against the information provider.
Registries containing information that is related to an individual is freely transferred and unregulated in the US, unless the provider of the data is an agency or an holder of sensitive information as defined by federal legislation and further may differ for each state. An agency is defined as: any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency. Sensitive data can be financial records, medical records, and certain legal documents. As previously noted, each state has their own legislation on sensitive or private data.The registered persons have little recourse to control list information short of filing a lawsuit against the information provider.
For individuals who transfer data across country boundaries, it is important to understand that other countries may have legislation to regulate data. Prior to requesting list information from these countries, an administrator should review applicable legislation and have some mechanism in place to ensure how data will be handled once it is crosses the border. Policy Statements for some countries have been prepared and are provided for via Code of Conduct papers.
For individuals who transfer data across country boundaries, it is important to understand that other countries may have legislation to regulate data. Prior to requesting list information from these countries, an administrator should review applicable legislation and have some mechanism in place to ensure how data will be handled once it is crosses the border. Policy Statements for some countries have been prepared and are provided for via Code of Conduct papers.
3.2 Purpose of the Directory
3.2 Purpose of the Directory
The operational intent including presentation data and list registrants and access rights must be clearly defined and stated. Initially this provides the skeleton of the DIT. Eventually a statement such as this may provide a basis legally justifying the directory.
The operational intent including presentation data and list registrants and access rights must be clearly defined and stated. Initially this provides the skeleton of the DIT. Eventually a statement such as this may provide a basis legally justifying the directory.
All data presented must be defined in the purpose. If for example, a directory is for the sole purpose of providing professional addressing information - an entry would include name, postal address, office telephone, facsimile number, electronic mail address and
All data presented must be defined in the purpose. If for example, a directory is for the sole purpose of providing professional addressing information - an entry would include name, postal address, office telephone, facsimile number, electronic mail address and
Jennings Informational [Page 8] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 8] RFC 1943 Building an X.500 Directory Service in the US May 1996
company name. Private address information listing the home address or phone would be prohibited as would any other information not directly related to addressing.
company name. Private address information listing the home address or phone would be prohibited as would any other information not directly related to addressing.
3.3 User Rights
3.3 User Rights
The North American Directory Forum (NADF) has published a document that defines the User Bill of Rights [5]. This document defines an individuals rights regarding the public release of personal or private information. Among other issues stated, the user has the right to be notified regarding the inclusion of their information in a data registry as well as the right to examine and have incorrect information changed.
The North American Directory Forum (NADF) has published a document that defines the User Bill of Rights [5]. This document defines an individuals rights regarding the public release of personal or private information. Among other issues stated, the user has the right to be notified regarding the inclusion of their information in a data registry as well as the right to examine and have incorrect information changed.
This paper is specifically written for the North American Directory Forum and recommends compliance with US or Canadian laws regulating privacy and access information.
This paper is specifically written for the North American Directory Forum and recommends compliance with US or Canadian laws regulating privacy and access information.
Although current US legislation does not include all the suggestions in this document, it is the responsibility of the controller of the data to respect the rights of the individuals. These recommended rules can be seen as respect for the individual and the considerate controller will follow these guidelines within any boundaries that they may be mandated by.
Although current US legislation does not include all the suggestions in this document, it is the responsibility of the controller of the data to respect the rights of the individuals. These recommended rules can be seen as respect for the individual and the considerate controller will follow these guidelines within any boundaries that they may be mandated by.
3.4 Data Integrity
3.4 Data Integrity
An information provider has the responsibility to guarantee the data that they make available to users. The integrity of a data source is heavily weighted by the accuracy and timeliness of the contents. Interoperable data sources must have concurrence of these factors as well. The degree to which an information provider can guarantee the validity of the data that they present, reflects on the validity of the provider in general. RFC 1355 [6], suggests that a data source enable accuracy statements describing the process that the individual NIC will use to maintain accuracy in the database.
An information provider has the responsibility to guarantee the data that they make available to users. The integrity of a data source is heavily weighted by the accuracy and timeliness of the contents. Interoperable data sources must have concurrence of these factors as well. The degree to which an information provider can guarantee the validity of the data that they present, reflects on the validity of the provider in general. RFC 1355 [6], suggests that a data source enable accuracy statements describing the process that the individual NIC will use to maintain accuracy in the database.
In the European community, it is a legal requirement that the information provider guarantee accurate data.
In the European community, it is a legal requirement that the information provider guarantee accurate data.
The controller of the information needs to be certain of the primary source of data. When possible, the controller should develop routines of random checks to validate the registry data for correctness.
The controller of the information needs to be certain of the primary source of data. When possible, the controller should develop routines of random checks to validate the registry data for correctness.
Jennings Informational [Page 9] RFC 1943 Building an X.500 Directory Service in the US May 1996
Jennings Informational [Page 9] RFC 1943 Building an X.500 Directory Service in the US May 1996
3.5 Data Security
3.5 Data Security
A Directory Service with non-authenticated access from the Internet is difficult to protect from unauthorized use. Unauthorized use being defined by each organization within the directory purpose statement. Typical misuse being by individuals who attempt to duplicate the directory for unauthorized purposes. Other security measures include: Access Control Lists (ACLs), limitations on number of entries returned to a query, and time to search flags. The result of such controls will affect the legitimate user as well as the user they are intended to block.
A Directory Service with non-authenticated access from the Internet is difficult to protect from unauthorized use. Unauthorized use being defined by each organization within the directory purpose statement. Typical misuse being by individuals who attempt to duplicate the directory for unauthorized purposes. Other security measures include: Access Control Lists (ACLs), limitations on number of entries returned to a query, and time to search flags. The result of such controls will affect the legitimate user as well as the user they are intended to block.
An alternative that may provide protection from misuse is to create and display an attribute with each entry stating non-approved usage. This feature will also provide evidence of restricted use in the event that a legal case is necessary to stop unauthorized access.
An alternative that may provide protection from misuse is to create and display an attribute with each entry stating non-approved usage. This feature will also provide evidence of restricted use in the event that a legal case is necessary to stop unauthorized access.
The responsibility again falls on the data provider/implementor of the directory service. Astute programmers will create or make use of existing tools to protect against data destruction, falsification, and misuse.
The responsibility again falls on the data provider/implementor of the directory service. Astute programmers will create or make use of existing tools to protect against data destruction, falsification, and misuse.
3.6 Conclusions
3.6 Conclusions
User Rights, Data Integrity and Protection of data should not be considered merely in an effort to abide by legal rulings; they should be the intention of a good data source. A successful Directory Service must be aware of the requirements of those individuals inclusive in the list as well as those of the directory users.
User Rights, Data Integrity and Protection of data should not be considered merely in an effort to abide by legal rulings; they should be the intention of a good data source. A successful Directory Service must be aware of the requirements of those individuals inclusive in the list as well as those of the directory users.
In general, at the minimum the following conditions should be observed:
In general, at the minimum the following conditions should be observed:
1. Define the purpose of the Directory.
2. Initially inform all registrants of their inclusion in
a Directory.
3. Prevent the use of data beyond the stated purpose.
4. Limit the attributes associated to an entry within
boundaries of the purpose.
5. Work towards a suitable level of security.
6. Develop a mechanism to correct/remove faulty data
or information that should not be in the Directory.
1. ディレクトリの目的を定義してください。 2. 初めは、ディレクトリでの彼らの包含のすべての記入者を知らせてください。 3. 述べられた目的を超えてデータの使用を防いでください。 4. 目的の限界の中のエントリーに関連づけられた属性を制限してください。 5. 適当なレベルのセキュリティをめざして努力してください。 6. ディレクトリにはそうあるべきでない不完全なデータか情報を、メカニズムを開発して、修正するか、または取り除いてください。
Jennings Informational [Page 10] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[10ページ]のRFC1943
4.0 Infrastructure
4.0 インフラストラクチャ
4.1 Introduction
4.1 序論
The White Pages Project, currently operated by Performance Systems International (PSI) provides a reliable QUIPU infrastructure for sites wishing to provide their own X.500 directory. Started in 1989 as the NYSERNet White Pages Pilot Project it was the first production-quality field test of the Open Systems Interconnection (OSI) technology running on top of TCP/IP suite of protocols [7]. This pilot X.500 Directory, provided a real-time testbed for a variety of administrative and usage issues that arise. Today, more than 30 countries participate in the globally distributed project with over 1 million entries. The White Pages pilot is one of 37 other pilots cooperating to provide information in the Nameflow-PARADISE directory; an European project.
ホワイトページProject、現在パフォーマンスSystemsによって操作されて、国際(PSI)はそれら自身のX.500ディレクトリを提供したがっているサイトに信頼できるQUIPUインフラストラクチャを提供します。 1989年にNYSERNetホワイトページPilot Projectとして始められて、それはプロトコル[7]のTCP/IPスイートの上で稼働するオープン・システム・インターコネクション(OSI)技術の最初の生産品質実地試験でした。 このパイロットX.500ディレクトリ起こるさまざまな管理と用法問題のためのリアルタイムのテストベッドであるなら。 今日、30以上の国が100万以上のエントリーでグローバルに分配されたプロジェクトに参加します。 協力して、Nameflow-PARADISEディレクトリの情報を提供しながら、ホワイトページのパイロットは他の37人のパイロットのひとりです。 ヨーロッパのプロジェクト。
Initially the software was public domain, QUIPU X.500 [8]. This "shareware" application in conjunction with administrative services provided free of charge by PSI, allowed for a truly distributed X.500 Directory Service to operate.
QUIPU X.500[8]、初めは、ソフトウェアは公共の場でした。 行政サービスに関連したアプリケーションがPSIで無料で提供したこの「シェアウェア」は、本当に、分配されたX.500ディレクトリサービスが作動するのを許容しました。
In keeping with the Internet rules of operation, the lack of the US regulations, the suggestions of North American Directory Forum and the Internet Engineering Task Force (IETF), the complications that arise from multi-distributed data as a service can be overwhelming. PSI took on the challenge to provide such a service, and continues to ensure operations today.
操作のインターネット規則、米国規則の不足、北米のディレクトリForumの提案、およびインターネット・エンジニアリング・タスク・フォース(IETF)と共に保つのにおいて、サービスとしてマルチ分散データから起こる複雑さは圧倒的である場合があります。 PSIは、そのようなサービスを提供する挑戦を帯びて、今日操作を確実にし続けています。
4.2 A Well Maintained Infrastructure
4.2 よく維持されたインフラストラクチャ
This distributed information service involves the cohesive effort of all of the participating organizations. The ISO Development Environment (ISODE) implementation of the OSI Directory, provided the attributes and uniformity to facilitate this effort.
この分配された情報サービスは参加組織のすべての粘着性がある取り組みにかかわります。 OSIディレクトリのISO Development Environment(ISODE)実装この取り組みを容易にする属性と一様性であるなら。
The primary DSA for the PSI Project is named Alpaca. Operating on a Sun Sparc 10 with 120 megabytes of memory, this host serves as the Master for the DSAs of 117 organizations under c=US. Redundancy for Alpaca is provided by two sources, Fruit Bat operated by PSI and Pied Tamarin operated by the InterNIC. Slave updates to this host are provided on a nightly basis from the individual DSAs.
PSI ProjectのためのプライマリDSAはAlpacaと命名されます。 120メガバイトのメモリでSun Sparc10を作動させて、cの下の117の組織のDSAsのためのMasterが米国と等しいときに、このホストは勤めます。 Alpacaのための冗長は2つのソースによって提供されます、そして、Fruit BatはPSIで作動しました、そして、Pied TamarinはInterNICで作動しました。 個々のDSAsから連夜ベースでこのホストへの奴隷アップデートを提供します。
The data presentation is hierarchical in nature and emulates the common white pages telephone book. The information provided contains at minimum: a common name, voice phone listing, and electronic mail addressing. Each entry has a uniqueness associates with it; the relative distinguished name which is comprised of the entire
データの表現は、現実に階層的であり、一般的なホワイトページ電話帳を見習います。 提供された情報は最小限で以下を含んでいます。 一般名、声の電話リスト、および電子メールアドレシング。 各エントリーには、それのユニークさの関連があります。 全体から成る相対的な分類名
Jennings Informational [Page 11] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[11ページ]のRFC1943
directory information tree. The DITs may vary slightly, but each must contain an organization, and a person. The nature of the directory and the structure of the actual organization for whom the directory is being provided contribute to the overall DIT structure. The following is a list of commonly used attributes:
ディレクトリ情報木。 それぞれ組織、および人を含まなければならないのを除いて、DITsはわずかに変わるかもしれません。 ディレクトリが提供されているディレクトリの本質と実際の組織の構造は総合的なDIT構造に貢献します。 ↓これは一般的に使用された属性のリストです:
commonName physicalDeliveryOfficeName stateOrProvinceName description photo streetAddress userid postOfficeBox surname favouriteDrink postalAddress telephoneNumber title rfc822Mailbox facsimileTelephoneNumber
commonName physicalDeliveryOfficeName stateOrProvinceName記述フォトstreetAddressユーザID postOfficeBox姓のfavouriteDrink postalAddress telephoneNumberタイトルrfc822Mailbox facsimileTelephoneNumber
4.3 DUA Interfaces for End Users
4.3 エンドユーザのためのDUAインタフェース
There are a variety of user interfaces on the market today that will provide Directory User Agent access to the X.500 Directory. Standard protocols such as fred, whois, whois++, finger, are used widely. Interfaces are also available via World-wide Web browsers and electronic mail.
さまざまなユーザインタフェースが今日のX.500ディレクトリへのエージェントアクセスをディレクトリUserに供給する市場にあります。 fred、whois、whois++などの標準プロトコル(指)は広く使用されます。 また、インタフェースもWorld全体のウェブブラウザと電子メールを通して利用可能です。
Vendors providing DUAs include ISODE Consortium, NeXor, and Control Data Corporation. These applications operate in conjunction with the vendor provided DSAs.
DUAsを提供するベンダーがISODE Consortium、NeXor、およびコントロール・データ社を含めます。 これらのアプリケーションはベンダーに関連して提供されたDSAsを操作します。
Historically DUA interfaces were difficult to implement and required the entire OSI stack. Implementing such a product on a PC or Apple platform required skillful programming. The executable for these platforms were usually very large. The IETF has since defined and standardized the Lightweight Directory Access Protocol (LDAP) [11]; a protocol for accessing on-line Directory services which offers comparable functionality to the Directory Access Protocol (DAP). It runs directly over TCP and is used by nearly all X.500 clients. LDAP does not have the overhead of the various OSI layers and runs on top of TCP/IP.
DUAインタフェースは、歴史的に、実装するのが難しく、全体のOSIスタックを必要としました。 PCかアップルプラットホームでそのような製品を実装するのは巧みなプログラミングを必要としました。 通常、これらのプラットホームへの実行可能は非常に大きいです。 IETFは以来、ライトウェイト・ディレクトリ・アクセス・プロトコル(LDAP)[11]を定義して、標準化しています。 オンラインディレクトリサービスにアクセスするためのディレクトリAccessプロトコル(DAP)に匹敵する機能性を提供するプロトコル。 それは、直接TCPをひいて、ほとんどすべてのX.500クライアントによって使用されます。 LDAPは様々なOSI層のオーバーヘッドを持っていなくて、TCP/IPの上で稼働しています。
The functionality varies by specific DUA. Each offers access to the X.500 Directory. Most offer the ability to make modifications to entries. There are a few that offer Kerberos authentication.
機能性は特定のDUAで異なります。 それぞれがX.500ディレクトリへのアクセスを提供します。 大部分はエントリーへの変更をする能力を提供します。 ケルベロス認証を提供するいくつかがあります。
Further information on LDAP clients for specific platforms can be found on the University of Michigan WWW server: http://www.umich.edu/~rsug/ldap.
ミシガン大学WWWサーバで特定のプラットホームへのLDAPクライアントの詳細を見つけることができます: http://www.umich.edu/~rsug/ldap 。
Another interface that has been tested and recommended for users by our Dutch (Surfnet) colleagues is Directory Enquiry (DE). Originally developed by University College London for the Paradise project in Europe, the engineers at Surfnet have selected DE as the best interface for "dumb" terminals. They have also translated the
ユーザのために私たちのオランダ人の(Surfnet)同僚によってテストされて、推薦された別のインタフェースはディレクトリEnquiry(DE)です。 元々、ヨーロッパのParadiseプロジェクトのためにユニバーシティ・カレッジロンドンによって開発されています、Surfnetの技術者は「馬鹿な」端末への最も良いインタフェースとしてDEを選定しました。 また、彼らは翻訳しました。
Jennings Informational [Page 12] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[12ページ]のRFC1943
interface into Dutch for their local users [12].
地元のユーザ[12]のためにオランダ語に連結してください。
Ideally, users should be able to access X.500 directly from their electronic mail applications. Vendors (other than the ones mentioned above) have been slow to incorporate the X.500 Standards into their electronic mail applications.
理想的に、ユーザは直接彼らの電子メール・アプリケーションからX.500にアクセスできるべきです。 ベンダー(前記のようにものを除いた)は彼らの電子メール・アプリケーションにX.500 Standardsを組み入れるのが遅いです。
5.0 Datamanagement & Pilot Projects
5.0 Datamanagementと試験計画
5.1 Simple Internet White Pages Service
5.1 簡単なインターネットホワイトページサービス
A wide variety of directory services retrieval protocols has emerged in the time since the original Internet White Pages was begun in 1989. To ensure that decentralized implementations will have interoperability with other providers, the IETF Integrated Directory Services Working Group, is working to create a draft focusing on the common information and operational modeling issues to which all Internet White Pages Services (IWPS) must conform to.
さまざまなディレクトリサービス検索プロトコルがオリジナルのインターネットホワイトページが1989年に始められて以来の時間、現れています。 分散実装がそうしてしまうだろうというのを保証するために、他のプロバイダーがある相互運用性(IETF Integratedディレクトリサービス作業部会)は一般的な情報に焦点を合わせる草稿と操作上のモデリング問題を作成する働きですすべてのインターネットホワイトページServices(IWPS)が従わなければならない。
Utilizing current information servers, the conceptual model described includes issues regarding naming, schema, query and response issues for a narrowly defined subset of directory services. The goal of this paper is to establish a simple set of information objects, coupled with a basic set of process requirements that will form a basis which can lead to ubiquitous IWPS. With this goal in mind, it will be easier to proved a consistent User view of the various directory services.
現行情報サーバを利用して、説明された概念モデルはディレクトリサービスの辛うじて定義された部分集合のための命名、図式、質問、および応答問題に関する問題を入れます。 この紙の目標は、より簡単である様々なディレクトリサービスの一貫したUser視点であると立証されて、念頭では、それがなるこの目標で簡単なセットの情報オブジェクト(遍在しているIWPSに通じることができる基礎を形成する基本的なセットのプロセスに結びつけられた要件)を設立することです。
5.2 InterNIC
5.2 InterNIC
The InterNIC [9] is a collaborative project of two organizations working together to offer the Internet community a full scope of network information services. Established in January 1993 by the National Science Foundation, the InterNIC provides registration services and directory and database services to the Internet. (Internet a global network of more than 13,000 computers networks, connecting over 1.7 million computers and used by an estimated 13 million people.) In keeping up with the exponential growth of the Internet, the InterNIC provides a guide to navigate the maze of available resources.
InterNIC[9]はネットワーク情報サービスの完全な範囲をインターネットコミュニティに提供するために一緒に働いている2つの組織の共同プロジェクトです。 1993年1月に国立科学財団で確立していて、InterNICはインターネットへの登録サービス、ディレクトリ、およびデータベース・サービスを提供します。 (170万台以上のコンピュータを接続して、およそ1300万人の人によって使用されて、1万3000台以上のコンピュータの世界的なネットワークがネットワークでつなぐインターネット。) インターネットの急激な増加について行くのに、InterNICは、利用可能資源の錯綜にナビゲートするためにガイドを提供します。
InterNIC provides two types of services; InterNIC directory and database services and registration services. AT&T provides the directory and database services, acting as the pointer to numerous resources on the network offering X.500 to help users easily locate other users and organizations on the Internet.
InterNICは2つのタイプのサービスを提供します。 InterNICディレクトリ、データベース・サービス、および登録サービス。 AT&Tはディレクトリとデータベース・サービスを提供します、ユーザが容易に他のユーザと組織のインターネットに場所を見つけるのを助けるためにX.500を提供しながら指針としてネットワークに関する多数のリソースに機能して。
Jennings Informational [Page 13] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[13ページ]のRFC1943
5.3 ESnet
5.3 ESnet
The Energy Sciences Network [10], is a nationwide computer data communications network whose primary purpose is support multiple program, open scientific research. As part of this support, ESnet offers networking services including information access and retrieval, directory services, group communications series, remote file access services and infrastructure services. As a early member of the White-Pages Pilot Project, ESnet continues to be a part of the worldwide distributed directory service based on the ISO/OSI X.500 standard. There are over nineteen ESnet organization represented in the directory, comprising over 120,000 entries. ESnet provides access to seven other sites via the X.500 DSAs.
Energy Sciences Network[10]はプライマリ目的がサポート複数のプログラム、開いている科学的調査である全国的なコンピュータデータ通信網です。 このサポートの一部として、ESnetは情報アクセス、検索、ディレクトリサービス、グループコミュニケーションシリーズ、リモートファイルアクセスサービス、およびインフラストラクチャサービスを含むネットワークサービスを提供します。 Pilot Project、ESnetがずっとホワイト-ページである初期のメンバーとして、世界的な分配されたディレクトリサービスの一部がISO/OSI X.500規格を基礎づけました。 12万以上のエントリーを包括して、ディレクトリで代表された19以上ESnet組織があります。 ESnetはX.500 DSAsを通して他の7つのサイトへのアクセスを提供します。
6.0 Recommendations
6.0 推薦
6.1 General
6.1 一般
The X.500 Directory technology is available through several options. Vendors can provide consultation for schema design as well as supply, install, and support the software to perform the operations required. For smaller organizations or companies who do not want to administer their own DSA, there are providers available who will maintain the DSAs remotely and provide this service to the Internet. Those with network and management expertise, can either operate independently or join one of several white pages directory projects. Careful consideration must be given to the initial investment required and the required maintenance process.
X.500ディレクトリ技術はいくつかのオプションで利用可能です。 ベンダーは、必要である操作を実行するために供給と同様に図式デザインのための相談を提供して、インストールして、ソフトウェアを支えることができます。 それら自身のDSAを管理したがっていないより小さい組織か会社のために、DSAsを離れて維持して、なるインターネットに対するこのサービスを提供するのに利用可能なプロバイダーがあります。 ネットワークと経営の手腕、缶があるものは、いくつかのホワイトページディレクトリプロジェクトの1つを独自に操作するか、または接合します。 必要である設備投資と必要なメインテナンスプロセスに熟慮を与えなければなりません。
6.2 Getting Started
6.2 使用前に
Successful initialization of a directory service requires a systematic approach. The complexity of offering this type of service becomes more apparent as implementation progresses. Several aspects must be considered as this service becomes a cooperative effort among the technical, administrative, organizational, and legal disciplines. Procedures must be defined and agreed to at the initial phase of implementing an X.500 Directory service [13]. The following are issues that should be addressed in these procedures.
ディレクトリサービスのうまくいっている初期化はシステム・アプローチを必要とします。 実装が進歩をするとき、このタイプのサービスを提供する複雑さは、より明らかになります。 このサービスが技術的で、管理的、そして、組織的で、法的な規律の中で協調的努力になるので考えられて、いくつかの局面はそうしなければなりません。 X.500ディレクトリがサービス[13]であると実装する初期位相で手順を定義されて、同意しなければなりません。 ↓これはこれらの手順で扱われるべきである問題です。
6.3 Who are the Customers?
6.3 Customersはだれですか?
Defining the customer and the customer requirements will determine the scope of service to offer. What is the primary purpose for the directory service? A company may find it desirable to do away with a paper directory while simultaneously providing the current directory information. The directory may be for internal use only or expanded to any users with Internet access. Will the customer use the
顧客と顧客の要求を定義するのは提供するサービスの範囲を決定するでしょう。 ディレクトリサービスのためのプライマリ目的は何ですか? 会社は、同時にカレントディレクトリ情報を提供している間、紙のディレクトリを片づけるのが望ましいのがわかるかもしれません。 ディレクトリは、内部の使用だけのためにあるか、またはインターネット・アクセスに従って、どんなユーザにも広げられるかもしれません。 顧客は使用するでしょう。
Jennings Informational [Page 14] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[14ページ]のRFC1943
directory for e-mail address only or is other locational information such as postal address and telephone number a requirement?
Eメールアドレスだけのためのディレクトリ、郵便の宛先や電話番号a要件の他のlocational情報はそうです。
The directory may provide information to electronic customers such as distributed computing applications as well. In this case, the data must be provided in machine readable format.
ディレクトリはまた、分散コンピューティングアプリケーションなどの電子顧客に情報を提供するかもしれません。 この場合、マシンの読み込み可能な形式にデータを提供しなければなりません。
Will the customers extend across country boundaries? Information may be considered private by one country and not by another. It is necessary to be aware of the legalities and restrictions for the locality using the data. Some counties have published a Code of Conduct with the IETF, explicitly stating the legal restrictions on directory and list data. Check the archives to determine if the country with whom information will be shared has presented such information.
顧客は国の境界に達するでしょうか? 情報は個人的であると別のものではなく、1つの国によって考えられるかもしれません。 場所のためのlegalitiesと制限がデータを使用するのを意識しているのが必要です。 いくつかのカウンティーがIETFと共にConductのCodeを発行しました、ディレクトリとリストデータに明らかに法的規制を述べて。 アーカイブをチェックして、情報が共有される国がそのような情報を提示したかどうか決定してください。
6.4 What are the contents of the Directory?
6.4 ディレクトリのコンテンツは何ですか?
The information presented in the directory is tightly coupled with the purpose. If the purpose is to provide addressing information for individuals, then customary information would include: Name, address, phone, e-mail address, facsimile number, pager, etc. If the use of the directory is to facilitate electronic mail routing then the destination mail address needs to be included for each user. No other information should be presented in the directory if it is not directly related to the purpose.
ディレクトリに提示された情報はしっかり目的に結びつけられます。 通例の情報は目的がアドレス指定情報を個人に提供することであるなら以下を含んでいるでしょう。 名前、アドレス、電話、Eメールアドレス、ファクシミリ番号、ポケットベルなど ディレクトリの使用が電子メールルーティングを容易にすることであるなら、目的地郵便の宛先は、各ユーザのために含まれる必要があります。 直接目的にそれに関連しないなら、ディレクトリに他の情報を全く提示するべきではありません。
If the directory is internal only, it may be desirable to include the registrants title as well. Remember that information available on the Internet is generally open to anyone who wants to access it. Individuals wishing to target a specific market may access directories to create customer mailing lists.
ディレクトリが内部であるなら、単にまた、記入者が題をつけるインクルードに望ましいかもしれません。 それにアクセスしたがっているだれにとっても、一般に、インターネットで利用可能な情報が開いているのを覚えていてください。 特定の市場を狙いたがっている個人は、顧客メーリングリストを作成するためにディレクトリにアクセスするかもしれません。
The structure or schema of the X.500 Directory must be an initial consideration. Will the hierarchy follow the company structure or is a different approach more practical? How many entries will there be in the directory five or 50,000? A complex hierarchyfor thousands of users may affect the efficiency of queries.
X.500ディレクトリの構造か図式が初期の考慮であるに違いありません。 階層構造は社内体制に従うでしょうか、異なるアプローチが、より実用的ですか? いくつのエントリーに、5か5万がディレクトリにあるでしょうか? ユーザの複雑なhierarchyfor数千は質問の効率に影響するかもしれません。
6.5 What are the rights of the individuals?
6.5 個人の権利は何ですか?
The subjects included in the directory shall have well defined rights. These may be mandated by company policy, legal restrictions, and the ultimate use of the directory. For a basic Internet White Pages Service these rights may include:
ディレクトリに対象を含んでいると、権利はよく定義されるものとしました。 これらはディレクトリの企業目的、法的規制、および究極の使用で強制されるかもしれません。 基本的なインターネットホワイトページServiceに関しては、これらの権利は以下を含むかもしれません。
Jennings Informational [Page 15] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[15ページ]のRFC1943
1. the option of inclusion in the directory
2. the right of access to the information
3. the right to have inaccurate entries corrected
1. 包含のオプション、情報3へのディレクトリ2のアクセス権、不正確なエントリーを修正させる権利
The terms and conditions for employees of an organization may affect these rights. On becoming an employee of any organization, an individual inevitably agrees to forego certain personal privacies and to accept restrictions.
組織の従業員のための条件はこれらの権利に影響するかもしれません。 どんな組織の従業員にもなると、個人は、ある個人のプライバシーに先立って、制限を受け入れるのに必然的に同意します。
Every organization should develop and publish the "rights" that can be expected by the list registrants.
あらゆる組織が、リスト記入者が予想できる「権利」を開発して、発行するべきです。
6.6 Data Integrity
6.6 データの保全
Information that needs to be included in the directory may come from various sources. Demographic information may originate from the human resources department. Electronic mail addresses may be provided by the computer network department. To guarantee data integrity, it is advised that the data be identified and maintained as corporate information.
ディレクトリに含まれる必要がある情報は様々なソースから来るかもしれません。 人口学的情報は人事部から発するかもしれません。 電子メールアドレスはコンピュータネットワーク部によって提供されるかもしれません。 保証データ保全に、それは、データが特定されると忠告されて、企業情報として主張されます。
The required timeliness of the data is unique for each DSA. Updates to the data may be a frequent as once a day or once a month. Updates to the data must be provided on a regular basis. In cases where data is time sensitive, an attribute should be included to display the most recent maintenance date.
各DSAに、データの必要なタイムリーさであるのはユニークです。 データへのアップデートは1日あたりの一度か一度1カ月として頻繁なaであるかもしれません。 定期的にデータへのアップデートを提供しなければなりません。 データが時間機密である場合では、属性は、最新のメインテナンス期日を表示するために含まれるべきです。
A regular check for data accuracy should be included in the directory administration. Faulty information may put an organization in breach of any data protection laws and possibly render the company as unreliable.
データ精度のための定期的なチェックはディレクトリ管理に含まれるべきです。 不完全な情報は、どんなデータ保護法の不履行にも組織を入れて、ことによると頼り無いとして会社をするかもしれません。
6.7 Data Security
6.7データ機密保護
Securing networked information resources is inherently complex. Attempts must be made to preserve the security of the data. These may include access control lists (ACLs), limiting the number or responses allowed to queries, or internal/external access to the directory.
ネットワークでつながれた情報がリソースであると機密保護するのは本来複雑です。 データのセキュリティを保持するのを試みをしなければなりません。 これらはアクセスコントロールリスト(ACLs)を含むかもしれません、数、質問に許容された応答、またはディレクトリへの内部の、または、外部のアクセスを制限して。
The 1993 recommendations have added a complex access control model that is designed to tightly restrict the access that users may have to the information in the Directory. Local protection is configured by the implementor. A secure X.500 Directory should provide tools to protect against destruction, falsification, and loss of data.
1993年の推薦はしっかり、ユーザがディレクトリにおける情報に持っているかもしれないアクセスを制限するように設計されている複雑なアクセス制御モデルを加えました。 地方の保護は作成者によって構成されます。 安全なX.500ディレクトリは、破壊、改竄、およびデータの喪失から守るためにツールを提供するべきです。
There is not a tool yet that will protect against the misuse of data. There are flags and limits that can be set from within the application that will serve somewhat as a barrier to such unwanted
ツールがありませんが、それはデータの誤用から守るでしょう。 いくらかそのようなものに求められていないバリアとして機能するアプリケーションから設定できる旗と限界があります。
Jennings Informational [Page 16] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[16ページ]のRFC1943
use. Any restrictions however, also will affect the legitimate users. One suggestion is to post a notice of illegitimate use within each entry. This of course will only serve as a deterrent and as an asset should legal action be required.
使用。 また、しかしながら、どんな制限も正統のユーザに影響するでしょう。 1つの提案は各エントリーの中に違法な使用の通知を掲示することです。 訴訟が必要である場合にだけ、これは抑止力として資産としてもちろん機能するでしょう。
Again, caution must be taken when transferring data between country and state borders. In the US data regulations differ from state to state.
国と州の境の間にデータを移すとき、一方、警告を取らなければなりません。 米国データでは、規則は述べる状態と異なっています。
6.8 Data Administration
6.8 データ管理
The decentralized nature of the X.500 Directory service means that each organization has complete control over the data. As part of a global service however, it is important that the operation of the DSA be monitored and maintained in a consistent manner. Authorization must be given to the local manager of the information and in some cases, the subjects included in the directory may also have modification privileges.
分散X.500ディレクトリサービスの本質は、各組織にはデータの完全なコントロールがあることを意味します。 しかしながら、グローバルにサービスの一部として、DSAの操作が一貫した方法でモニターされて、維持されるのは、重要です。 承認は情報を地元のマネージャに与えられなければなりません、そして、また、ディレクトリに対象を含んでいると、いくつかの場合、変更特権は持たれているかもしれません。
Once the service is running, the importance of guaranteed operation can not be overstated. Maintenance of the local Directory will be an integral part of normal administrative procedures within the organization and must be defined and agreed upon in the initial stages of development.
サービスがいったん稼働していると、保証された操作の重要性を誇張できません。 初期の開発段階でローカルのディレクトリのメインテナンスを組織の中の正常な行政手続の不可欠の部分であり、定義されて、同意しなければなりません。
6.9 Conclusion
6.9 結論
Establishing a Directory service within an organization will involve a great deal of cooperative effort. It is essential to get commitment from the integral parties of an organization at the onset. This includes the technical, legal, and data managements components of the organization. Executive level commitment will make it much easier to get the cooperation necessary.
組織の中でディレクトリサービスを確立すると、大きな協調的努力がかかわるでしょう。 開始のときに組織の不可欠のパーティーから委任を得るのは不可欠です。 これは技術的であるのと、法的、および組織のデータ監理コンポーネントを含んでいます。 幹部社員レベル委任で、協力が必要になるのがはるかに簡単になるでしょう。
Operational procedures must be clearly defined, as the inclusion in a globally distributed service has wide visibility. Adherence to these procedures must be maintained to the highest degree possible as misinformation may result in unintentional legal violations and unreliable access or data can adversely affect on a companys reputation.
明確にグローバルに分配されたサービスでの包含には広い目に見えることがあると操作手順を定義しなければなりません。 誤伝が意図的でない法的な違反と頼り無いアクセスをもたらすかもしれないか、またはデータがcompanys評判で悪影響を与えることができるようにこれらの手順への固守を極度に可能に維持しなければなりません。
An X.500 Directory can be extremely useful for an organization if it operates as designed. It may serve as the "hub" of the information routing and the basis for several everyday activities. A successful service will be one of the most important tools for communication in the computer network environment. For people to make use of the service, they must be able to rely on consistent and accurate information.
設計されているように作動するなら、X.500ディレクトリは非常に組織の役に立つ場合があります。 それは情報ルーティングの「ハブ」といくつかの日々の活動の基礎として機能するかもしれません。 うまくいっているサービスはコンピュータネットワーク環境におけるコミュニケーションのための最も重要なツールの1つになるでしょう。 人々がサービスを利用するように、彼らは一貫して正確な情報を当てにすることができなければなりません。
Jennings Informational [Page 17] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[17ページ]のRFC1943
References
参照
1. CCITT Blue Book, Volume VIII - Fascicle VIII.8, November 1988.
1. CCITT紳士録、巻VIII--1988年11月の分冊VIII.8。
2. RFC 1632; A Revised Catalog of Available X.500
Implementations. A. Getchell; ESnet, S.
Sataluri; AT&T.
2. RFC1632。 利用可能なX.500実装の改訂されたカタログ。 A。 ゲッチェル。 ESnet、S.Sataluri。 AT&T。
3. RFC 1274; The COSINE and Internet X.500 Schema. P. Barker &
S. Kille.
3. RFC1274。 コサインとインターネットX.500図式。 P。 バーカーとS.Kille。
4. CCITT Blue Book, Volume VIII - Fascicle VIII - Rec. X.509,
November 1988.
4. CCITT紳士録、巻VIII--分冊VIII--Rec。 1988年11月のX.509。
5. RFC 1295; User Bill of Rights for entries and listing in the
Public Directory. Networking Working Group; IETF, January
1992.
5. RFC1295。 エントリーへのユーザ権利の章典とPublicディレクトリにおけるリスト。 ネットワーク作業部会。 1992年1月のIETF。
6. STD 35, RFC 1355; Privacy and Accuracy Issues in Network
Information Center Databases. Curran, Marine, August 1992.
6. STD35、RFC1355。 ネットワーク情報のプライバシーと精度問題はデータベースを中心に置きます。 カラン、海兵隊員、1992年8月。
7. RFC 1006, ISO Transport Class 2 Non-use of Explicit Flow
Control over TCP RFC 1006 extension. Y. Pouffary, June 1995.
7. RFC1006、TCP RFC1006拡張子の上のExplicit Flow ControlのISO Transport Class2Non-使用。 Y。 1995年6月のPouffary。
8. Colin Robbins, NEXOR Ltd., Nottingham, London.
c.robbins@nexor.co.uk
8. ロンドンコリン・ロビンス、NEXOR Ltd.、ノッティンガム、 c.robbins@nexor.co.uk
9. InterNIC; Collaborative effort of AT&T and
Network Solutions; info@internic.net
9. InterNIC。 AT&TとNetworkソリューションの共同努力。 info@internic.net
10. ESnet; Managed and funded by the US Department of Energys
Energy Research Office in Scientific Computing (DOE/ER/OSC).
10. ESnet。 Scientific Computing(DOE/ER/OSC)の米国Energysエネルギー研究事務所部によって管理されて、資金を供給されます。
11. RFC 1777; Lightweight Directory Access Protocol, W. Yeong,
T. Howes, S. Kille, March 1995.
11. RFC1777。 ライトウェイト・ディレクトリ・アクセス・プロトコル、W.Yeong、T.ハウズ、S.Kille、1995年3月。
12. Building a Directory Service, Final Report test phase SURFnet
X.500 pilot project, June 1995.
12. ディレクトリサービスを組み込んで、Final ReportテストフェーズSURFnet X.500はプロジェクト、1995年6月を操縦します。
13. The X.500 Directory Services: a discussion of the concerns
raised by the existence of a global Directory, Julia M. Hill,
Vol.2/No.1 Electronic Networking, Spring 1992.
13. X.500ディレクトリサービス: グローバルなディレクトリ、ジュリア・M.ヒル、Vol.2/No.1Electronic Networking(Spring1992)の存在によって高められた関心の議論。
14. Directory Services and Privacy Issues, E. Jeunik and E.
Huizer.
14. ディレクトリサービス、プライバシーの問題、E.Jeunik、およびE.Huizer。
Jennings Informational [Page 18] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[18ページ]のRFC1943
15. The Little Black Book; Mail Bonding with OSI Directory
Services, Marshall T. Rose, Simon & Schuster Company,
1992.
15. 小さい黒い本。 OSIディレクトリサービス、マーシャル・T.ローズ、サイモン、およびシュスター社、1992との接着を郵送してください。
16. NYSERNet White Pages Pilot Project: Status Report; NYSERNet
Technical Report #89-12-31-1, Marshall T. Rose, December 1989.
16. NYSERNetホワイトページ試験計画: 現状報告。 NYSERNet技術報告書#89-12-31-1、マーシャルT.は1989年12月に上昇しました。
17. RFC 1798, Connection-less Lightweight Directory Access
Protocol, A. Young, June 1995.
17. RFC1798、コネクションレスなライトウェイト・ディレクトリ・アクセス・プロトコル、A.ヤング、1995年6月。
18. RFC 1781; Using the OSI Directory to Achieve User Friendly
Naming, S. Kille, March 1995.
18. RFC1781。 1995年3月にユーザフレンドリーな命名、S.Killeを達成するOSIディレクトリを使用します。
19. draft-ietf-pds-iwps-design-spec-01.txt, Tony Genovese;
Microsoft, Work in Progress, July 1995.
19. トニーGenovese、ietf-pds-iwpsデザイン仕様01.txtを作成してください。 マイクロソフト、進歩、1995年7月に、働いてください。
20. draft-ietf-ids-privacy-00.txt, B. Jennings; Sandia National
Laboratories, S. Sataluri; AT&T, Work in Progress, November
1994.
20. B.ジョニングス、ietfイドプライバシー00.txtを作成してください。 サンディア国立研究所、S.Sataluri。 AT&T、進歩、1994年11月に、働いてください。
Glossary
用語集
ACL Access Control List; a mechanism to restrict access to data
stored in an X.500 Directory Service
ACLアクセスコントロールリスト。 X.500ディレクトリサービスで保存されたデータへのアクセスを制限するメカニズム
Attribute A collection of attributes belong to an entry in the
Directory Service, and contain information belonging
to that entry.
属性の属性A収集は、ディレクトリサービスにおけるエントリーに属して、そのエントリーに属す情報を含んでいます。
c= countryName; Object class definition, specifies a country.
When used as part of the directory name, it identifies the
country in which the named object is physically located.
cはcountryNameと等しいです。 国は、オブジェクトが定義を分類すると指定します。 ディレクトリ名の一部として使用されると、それは命名されたオブジェクトが物理的に位置している国を特定します。
cn= commonName; Attribute defining common name for individuals
included in a directory. In 1988 standards can be up to 64
characters.
cn= commonName。 ディレクトリに個人のための一般名を含んでいて、定義を結果と考えてください。 1988年に、規格は最大64のキャラクタであるかもしれません。
CCITT The International Telegraph and Telephone Consultative
Committee.
CCITT国際電信電話諮問委員会。
DAP Directory Access Protocol; the protocol between a DUA and a
DSA.
ディレクトリアクセス・プロトコルをちょと浸してください。 DUAとDSAの間のプロトコル。
DIB Directory Information Base; a collection of information
objects in the Directory.
DIBディレクトリInformation基地。 ディレクトリにおける、情報オブジェクトの収集。
DIT Directory Information Tree; the hierarchy of the distributed
database that makes up an X.500 service.
デイットディレクトリ情報木。 X.500サービスを作る分散データベースの階層構造。
Jennings Informational [Page 19] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[19ページ]のRFC1943
DSA Directory System Agent; an application that offers the
Directory service, this is the database for the Directory.
DSAディレクトリシステムエージェント。 ディレクトリサービスを提供するアプリケーションであり、これはディレクトリのためのデータベースです。
DUA Directory User Agent; an application that facilitates User
access to a DSA.
DUAディレクトリユーザエージェント。 DSAへのUserアクセスを容易にするアプリケーション。
E-Mail Electronic Mail. Entry A Directory Service contains entries
on people, organizations, countries, etc. Entries belong to a
certain class, and information on entries is stored in
attributes.
電子メールをメールしてください。 エントリーAディレクトリサービスは人々、組織、国などにエントリーを含んでいます。 エントリーはあるクラスに属します、そして、エントリーの情報は属性で保存されます。
ESnet Energy Sciences Network; nationwide computer data
communications network.
科学がネットワークでつなぐESnetエネルギー。 全国的なコンピュータのデータ通信網。
GUI Graphical User Interface.
GUIグラフィカルユーザインタフェイス。
IETF Internet Engineering Task Force; an internationally
represented task force charged with solving the short-term
needs of the Internet
IETFインターネット・エンジニアリング・タスク・フォース。 インターネットの短期的な必要性を解決することで告発された国際的に表された特別委員会
Internet A collection of connected networks, international,
running the Internet suite of protocols.
プロトコルのインターネットスイートを動かす接続国際的なネットワークのインターネットA収集。
InterNIC Directory of Directories, a collaborative project
between AT&T, and Network Solutions, Inc.
ディレクトリのInterNICディレクトリ、AT&Tと、ネットワークソリューションズ社の間の共同プロジェクト
IP Internet Protocol; the network protocol offering a
conectionless-mode network service in the Internet suite of
protocols.
IPインターネットプロトコル。 プロトコルのインターネットスイートでconectionless-モードネットワーク・サービスを提供するネットワーク・プロトコル。
ISODE ISO Development Environment, a research tool developed to
study the upper-layers of OSI and deploy network applications
according to the ISO OSI standards and ITU X series of
recommendations.
ISODE ISO Development Environment、研究道具は、OSIの上側の層を研究して、規格とITU Xシリーズの推薦をISO OSIに従ったネットワーク応用に配布するために展開しました。
ITU International Telecommunication Union; formerly the CCITT.
ITU国際電気通信連合。 以前CCITT。
LDAP Lightweight Directory Access Protocol, an Internet Standard
for a lightweight version of DAP running over TCP/IP.
LDAPライトウェイト・ディレクトリ・アクセス・プロトコル、DAPがTCP/IPをひく軽量のバージョンのためのインターネットStandard。
Object Entries in a Directory Service belong to an Object Class to
Class indicate the type and characteristic; e.g. Object Class
"person".
ディレクトリサービスにおけるオブジェクトEntriesはObject Classに属します。Classに、タイプと特性を示してください。 例えば、Object Class「人。」
OSI Open Standards Interconnection, An international
standardization program, facilitated by ISO and ITU to develop
standards for data networking.
Standards Interconnection(An国際標準化プログラム)がデータネットワークの規格を開発するためにISOとITUで容易にしたOSIオープン。
Jennings Informational [Page 20] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[20ページ]のRFC1943
o= organization; An attribute defining the company or
organization that the person works for.
o= 組織。 人が働いている会社か組織を定義する属性。
ou= organizational unit; An attribute found under organization.
Denotes the department, division, or other such sub-unit of
the organization that the person works in.
ouは組織的なユニットと等しいです。 組織で見つけられた属性。 部、分割、または人が働いている組織の他のそのようなサブ部隊を指示します。
PEM Privacy Enhanced Mail; and Internet Standard for sending
secure Electronic mail.
PEMプライバシーはメールを高めました。 そして、送付のためのインターネットStandardは、Electronicがメールであると機密保護します。
PSI Performance Systems International, Inc.; operator of the
Internet White Pages Project
国際ψ言語運用機構、Inc.。 インターネットホワイトページProjectのオペレータ
QUIPU X.500 Directory implementation developed by Colin Robbins
while at the University College of London.
ロンドンユニバーシティ・カレッジにある間、QUIPU X.500ディレクトリ実装はコリン・ロビンスで展開しました。
RDN Relative Distinguished Name; a unique identifier for each list
subject, defined by the hierarchy of the DSA.
RDNの相対的な分類名。 DSAの階層構造によって定義されたそれぞれのリスト対象のためのユニークな識別子。
RFC Request For Comments; Internet series publications
コメントを求めるRFC要求。 インターネットシリーズ刊行物
sn= surname; Attribute defining the surname of the person in the
directory.
snは姓と等しいです。 ディレクトリで人の姓を定義する属性。
TCP/IP Transmission Control Protocol and Internet Protocol; two
internet protocols.
TCP/IPトランスミッション制御プロトコルとインターネットは議定書を作ります。 2つのインターネットプロトコル。
White-Pages Electronic directory, accessible via Internet suite of
protocols.
プロトコルのインターネットスイートを通ってアクセス可能な白いページElectronicディレクトリ。
Whois An Internet standard protocol.
Whois Anインターネット標準プロトコル。
Whois++ An Internet Directory Services protocol; a possible
alternative for X.500 WPS
インターネットディレクトリサービスが議定書の中で述べるWhois++。 X.500 WPSに、可能な代替手段
White Pages Service a Directory Service that contains information on
people and organizations.
人々と組織の情報を含むページService aディレクトリサービスを空白にしてください。
X.500 A series of recommendations as defined by the ITU, that
specify a Directory Services protocol.
ITUによって定義される推薦のX.500Aシリーズであり、それはディレクトリサービスプロトコルを指定します。
Jennings Informational [Page 21] RFC 1943 Building an X.500 Directory Service in the US May 1996
1996年5月に米国でX.500ディレクトリサービスを組み込むジョニングス情報[21ページ]のRFC1943
9.0 Security Considerations
9.0 セキュリティ問題
Security issues are not discussed in this memo.
このメモで安全保障問題について議論しません。
Author's Address
作者のアドレス
Barbara Jennings Sandia National Laboratories Scientific Computing Systems P.O. Box 5800 M/S 0807 Albuquerque, NM 87106 USA
S0807アルバカーキ、5800のM/ニューメキシコ バーバラのジョニングスのサンディア国立研究所の科学計算のシステムの87106の私書箱の米国
Phone: 505-845-8554 Fax: 505-844-2067 EMail: jennings@sandia.gov
以下に電話をしてください。 505-845-8554 Fax: 505-844-2067 メールしてください: jennings@sandia.gov
Jennings Informational [Page 22]
ジョニングスInformationalです。[22ページ]
一覧
スポンサーリンク
