What is X.500?
The X.500 specification is a standard for how information about objects, like people, and application was being stored, maintained, update, interrogated and even deleted. Entries about objects are organised in a hierarchical structure reflecting the real life hierarchy.
Information in an X.500 directory may be distributed and/or replicated among different directory servers. A directory server is called a Directory System Agent (DSA). A client accessing an X.500 directory is called a Directory User Agent (DUA). A client may also be a Lightweight Directory Access Protocol (LDAP) client.
Security Features
· Access control –has a standard that defines the security mechanisms to protect information in the directory and also restrict user access to it meaning the users are restrict from seeing it or even modifying the information.
· Strong authentication – protect against replay and denial-of-service attacks but most importantly, is to build trust between the X.500 directory components which will validates the identity of directory users for access control.
· Digital signature – a message encrypted by the private key can be decrypted by anyone holding a copy of the public key. If decryption is possible, only the holder of the private key could have sent this message. This technique is used to create digital signatures.
When a message is to be digitally signed, a hash of the message is created. The hash is encrypted using the private key and appended to the message as a digital signature. The receiver decrypts the signature using the public key. It then creates its own hash of the message. If the two hashes are identical, the receiver knows that the message has been transmitted unchanged and that the sender’s identity is known with a high level of certainty. This gives an end-to-end security also in a distributed environment.
No comments:
Post a Comment