![[ Directory Chart ]](http://home.netscape.com/comprod/server_central/product/directory/images/directory_chart.gif)
My vision is that this Directory should be the main repository of all Staff descriptive and contact information. A properly maintained directory of all staff, their department, title, roles, and mailing, phone fax and email contact information is a very useful resource. Access to it should be made as easy as possible. This Directory should used for creating (or totally replacing) Email Address Books, Name Router data files, hand-maintained mailing lists, the Telephone Book Database, local departmental telephone books etc.
I use the term "Directory Service" rather than just "Directory" because there is more to the problem than just creating a data repository. Policies need to be defined with respect to structure, content, access, backups and replication. Procedures need to be put in place to automatically update information in the Directory, and extract it to update other databases. Users need tools to be able to access it, update it, and have it help them in their day-to-day lives.
Finally I describe other Monash Directory Services that I have been involved with.
The greater variety of people that are involved in the project, the higher the probability that the Directory Service will have a long life. If the Directory covers a wide range of interests and is flexible enough to handle future requirements, then people won't become dis-satisfied with the Directory and go off and create Yet-Another-People-Database.
"I don't care what they say about me, as long as they spell my name right"I understand that the Monash Staff Database (ISIS) has each staff member's Full Legal Name represented as two fields: Family Name and Christian Names, stored in ALL CAPITALS.-- Curley's Law
This immediately creates problems when you are trying to store and later display most Oriental-style names. If a person's name name is "Tang Chung Wing", then "Tang" is their Family Name, and "Chung Wing" are their "Christian" names, and will be stored in ISIS as such. Then, when we come to retrieve and print their name the normal "Christian names Family name" template is used and their name will be printed as "Chung Wing Tang" which is wrong.
Frequently, a person prefers to be known by a name other than their Full Legal Name:
The X.500 solution to this problem is to have 2 attributes for each person: commonName and surname. The commonName attribute can be multi-valued and holds the full text of each of the names that the person is known by, and the surname attribute holds just their family name. As well, one of the commonName values will be chosen as the distinguished value, and will be used in creating the Distinguished Name of the person's entry.
Role entries would also be useful to have in the Directory. Mailing lists could contain entries such as "Enquiries, Department of X" and the mail will go to the current role occupant(s). The advantage of this scheme is that the entries in the mailing list don't need to be changed when the incumbent people change. There are also uses in the management of the Directory, where you can authorise "DataManager, Department of Y" to modify all Department of Y's entries and not have to change the security settings on every person's entry when the person filling the DataManager role changes.
Apart from the official approved university structure there often are extra organisational levels within a department, such as branches, sections or project teams. Although it is possible to model these extra structures explicitly within the naming hierarchy, it does make the names of people's entries longer, and makes it harder to browse the Directory to find people. I recommend instead that these internal structures should be captured as description attributes of an entry.
In the case of a person working for several departments, I recommend the use of Alias entries to redirect lookup requests across to their main entry. Using Alias entries will clearly identify that that there is only one real person not several, and will ensure that there is only one copy of the person's details to be kept up to date. Furthermore, paper or electronic mail sent to "everyone" won't generate multiple messages for this one person.
Given that there are so many students name clashes even within a course or year will be impossible to avoid, and so entries for students might need to be named using their name as will as some other tie-breaking qualifier, e.g. "Bill Smith / 123", "Bill Smith / 217".
The Student name space might be reserved, but only populated when a particular chooses to make their own information publicly available.
[ Insert picture here showing the hierarchical structure of the proposed Monash namespace ]
For a long time, people have been trying to create world-wide directory services. Some approaches were too complicated, some approaches didn't scale well, and others didn't offer the features that people needed etc. For an excellent analysis of why networked electronic directories have been so hard to deploy see Where Are The Network Applications? by Andrew Waugh of CSIRO DIT.
One of the important things for using any networked service is having a client program to access the service on the desktop of the users' choice. Since Andrew Waugh's paper was was written, we have witnessed the introduction of the World Wide Web, and it's the phenomenal rate of deployment and use. Therefore, if the Monash Staff Directory is accessible using a normal Web browser (perhaps via a gateway), then a lot of programming work is saved, and users can start accessing the Directory so much quicker.
Summarising from The Lightweight Directory Access Protocol: X.500 Lite:
X.500 is the OSI directory service. X.500 defines the following components:LDAP assumes the same information model and name space as X.500, and uses a subset of the functional model.
- An informational model -- determines the form and character of information in the directory.
- A name space -- allows the information to be referenced and organised.
- A functional model -- determines what operations can be performed on the information.
- An authentication framework -- allows information in the directory to be secured.
- A distributed operation model -- determines how data is distributed and how operations are carried out.
Tim Howes (previously at University of Michigan, now Netscape) recently wrote:
The success that the LDAP API has had so far is because it's pretty easy to understand and use. It's certainly not because it lets you do things other APIs don't. In the end, the API(s) that win will be those that people use. For people to start using the API, it has to be understandable and easy. For people to continue using the API, it has to be powerful and flexible enough to do everything they want. LDAP does ok on the first requirement, I think. The trick is to evolve it to continue meeting the second requirement, without losing the first one.
An advantage of LDAP is that code that implements LDAP, and a number of LDAP-speaking applications are available FREE. A compelling reason to use any technology.
As an added bonus, the LDAP protocol doesn't need to be used to talk to an X.500 Directory System Agent (DSA) server. There are other server types such as a stand-alone LDAP server that uses a high-performance disk-based database, an interface to arbitrary UNIX commands, or a UNIX passwd file.
In a April 22, 1996 Press Release more than 40 companies announced support for LDAP as the standard for directory services on the Internet. Novell for example are working on LDAP access to NDS. Netscape announced the Netscape Directory Server. "Netscape also plans to support LDAP in future versions of ... Netscape Navigator client software. LDAP-compliant address book and electronic mail applications in Netscape Navigator will provide users easy access to Netscape Directory Server and other LDAP-compliant directory servers."
Of course there are other directory lookup protocols including whois++ and CCSO / PH. Good references to read more about the directory technology are: Internet Directory Information and X.500 & LDAP: Road Map & FAQ and
For the really keen people, the 500+ pages of the X.500 1993 Edition Standards are available for Anonymous FTP, or you can view my paper copy.
There will have to be lots of cross-checking to see if person X in one database is or isn't the same person as person Y in the other database.
The hierarchy in the Telephone Book and Staff Databases are different from each other, both are different from the official University structure, and these three will in turn be different from the model of the University structure stored in the final Directory.
Hopefully, the Telephone Book Database will only have to be mapped and loaded once. After than the Directory should be used as the repository for all naming and descriptive information, and the Telephone Book Database updated from the Directory, using Staff number as the matching key.
Expect extra work whenever the names or hierarchy of departments changes. This will effect each of the data sources (but not all simultaneously) and each of the mappings to and from the information sources. Any cross-links in the Directory for Aliases, Roles and access rights will also need to be updated.
One thing I will make a special plea for is that some name and contact information be accessible by people outside the University. Obviously, they will not have access to all the attributes stored about a person, but if they can use some directory service to find some person they are looking for, and obtain contact details for them.
Check first.
If people don't know the Directory is there, then they won't use it.
If they don't use it, they won't receive all of the possible benefits.
If they don't use it, they won't realise that their or other people's entries are incorrect and have them changed.
People have a right to know that information is being kept about them, and the procedures to have that information corrected etc. (see previous section).
It is much better to have one common database containing all the information previously maintained in separate databases, or have information from one database being used to update fields in another database. If you do have data being updated in one database from another, it is important that one of these databases be declared to be the "master" copy of this information and the others be the slaves. Updates to the slave copies shouldn't be allowed and will be lost when the next update from the master arrives, i.e. don't have loops where the same data can be updated in the slave copies and migrated back to the master.
When Loading or updating data in one database from another, it is extremely useful to have a key present in both databases that can be used to uniquely identify which records in each database refer to the same entity.
There can be problems cause by some simple-minded ways of doing this. One way is to take periodic snapshots of one database find differences between snapshots and then create an update script from that. This often leads to loss of useful information about the change, e.g. a change of name of a person or department can be mapped into a "delete" of the old thing, followed by an "add" of a new thing. Entries will normally be created using information from several source databases as well as manually entered information like "my research interests", and so a delete followed by an add using data from one database will cause much information to be lost.
dish, I was able to find him at "c=SE, o=Umea Universitet, ou=Anatomi, cn=Per Stal".
Luckily the name parts along the way had multiple versions in different languages, both with and without accents.
Current position: @c=SE@o=Umea Universitet@ou=Anatomi commonName - Per St\caal commonName - Per Stal surname - St\caal surname - Stal title - forsk stud telephoneNumber - +46 (0)90 - 16 76 04 rfc822Mailbox - Per.Stal@anatomy.umu.se lastModifiedTime - Wed Mar 15 00:41:24 1995 ...And using another Directory User Agent,
sd:
.------------------------------------------------------------------------------. | QUIPU X.500 Screen Directory. | `------------------------------------------------------------------------------' .-------..-------..-------..-------------------..----------..------------------. |q Quit ||h Help ||l List ||w Widen Search Area||b History ||Go To Number: 37 | `-------'`-------'`-------'`-------------------'`----------'`------------------' .------------------------------------------------------------------------------. |Search Area: SE, Umea Universitet, Anatomi | `------------------------------------------------------------------------------' .--------------------..--------------------------------------------------------. |t Type: Person ||s Search for: | `--------------------'`--------------------------------------------------------' .-.commonName - Per St\caal |]|commonName - Per Stal |*|surname - St\caal |*|surname - Stal |*|telephoneNumber - +46 (0)90 - 16 76 04 |*|rfc822Mailbox - Per.Stal@anatomy.umu.se |*|title - forsk stud |*| |*| |*| |[| `-'
People outside Monash should have at least this amount of access to information about Monash people.
A mailing list subscription is an attribute of a person, and hence when they are removed from the Directory, all their mailing list subscriptions automatically disappear!
The Staff Database, ISIS, defines who is a Staff member at Monash. To become a staff member at Monash, you need to become registered in this database. The Staff Directory can provide a listing service for the names of Monash staff members. Adding someone to the Staff Directory doesn't make them a Monash Staff Member. If a change needs to be made to the name of a staff member, it has to be authorised through ISIS, not through the Staff Directory.
Likewise, Council Minutes would be the official Registration point for correct titles of departments, centres and schools, and the Staff Directory would be used as the Listing Service.
Conversely, the Staff Directory could be used as the official Registration point for Job Titles. Attributes of a person such as "Safety Officer" or "Faculty Webmaster" would be required to be registered as such in the Staff Directory before it becomes "official".
The Monash directory structure was based on the Telephone Book Database, and all the name, title, department, telephone and FAX information was obtained from there too.
The pilot directory contains 7306 Monash entries distributed across 488 organisational units. Only a small number of entries had additional information such as Email address added, mostly due to problems configuring inherited access controls.
The pilot directory service can be accessed using:
wp.monash.edu.au as user fred.
John.Mann@wp.monash.edu.au
John.Mann@x500.monash.edu.au used to do a LDAP lookup on the name to route mail to it's correct destination, but this doesn't seem to be working any more.
teldir.
The pilot directory has been running almost unattended for several years.
Today, the Name Router supports 11,068 Name to mailbox mappings and 7249 mailbox to Name mappings for approximately 7,300 different people.
Some extensions have been made to the Name Router input file format to help create Pegasus Mail Address Books. See http://www.monash.edu.au/cc/micros/pmail/addressb.htm .
Most recently, another tag, Lists: has been defined for the input file format to enable per-person mailing list membership to be maintained automatically. The mailing lists are regenerated from the Name Router files every night.
As an example one person's Name Router entry looks like:
! Fax: 52779 ! Street: Clayton ! Postal: 405 ! Notes: Associate Dean Research ! Lists: sgsstaff, sgsacademic, sgsgroup4, sgsmale Dick . Gunstone Education Dick-G@edus2.educ.monash.edu.au >Richard . Gunstone Education Dick-G@edus2.educ.monash.edu.auMail sent to
Dick.Gunstone@Education.monash.edu.au
or Richard.Gunstone@Education.monash.edu.au or any abbreviation of these name-based Email addresses will be routed through to Dick-G@edus2.educ.monash.edu.au , and mail from Dick-G@edus2.educ.monash.edu.au will go out as being from Dick.Gunstone@Education.monash.edu.au .
Also, Dick.Gunstone@Education.monash.edu.au will be put in the automatically maintained sgsstaff, sgsacademic, sgsgroup4, and sgsmale mailing lists.
It was always planned that the current flat ASCII file input format would be replaced by a real database with a front-end that would check that users didn't make mistakes when entering data etc.
I, and the postmasters would welcome integration of the Name Router data into a real directory that was linked to the Staff and Telephone Databases, but still allowed the ability to enter extra information such as name aliases and mailing list subscriptions.