X.500/LDAP as OID and URN resolver Erik Andersen Andersen’s L-Service era@x500.eu Hierarchical idendities Object Identifiers (OIDs) uniquely identifies object by recognising the hierarchical structure of objects Uniform Resource Names (RDNs) uniquely identifies object by recognising the hierarchical structure of objects Directory Distinguished Names uniquely identifies object by recognising the hierarchical structure of objects According, these identifiers can be mapped into each other However - - - Mapping to the DIT The Directory Distinguished Name is not only a hierarchical identity scheme The Directory Information Tree information model is tightly related to Directory Distinguished Names Information may be associated with each component of a Distinguished Name by being stored in the corresponding entry of the Directory Information Tree Information types Q: What kind information can you store? A: Any type! Text; photos; speech; certificates; and what ever may be represented in a digital form Possible DIT subtree representing object identifier components Root of Directory Information Tree (DIT) ”oidC1obj” (itu-t) oidC1-attr=0 ”oidC1obj” (joint-iso-itu-t) oidC1-attr=2 ”oidC1obj” (iso) oidC1-attr=1 ”oidC2obj” oidC2-attr=0 ”oidCobj” oidC-attr= 10891 ”oidCobj” oidC-attr= 15459 ”oidC2obj” oidC2-attr=27 ”oidCobj” oidC-attr= 15961 ”oidCobj” oidC-attr=8 ”oidCobj” oidC-attr=1 ”oidCobj” oidC-attr=4 ”Object class (type of entry)” ”oidCobj” oidC-attr=9 ”oidCobj” oidC-attr=n1 ”oidCobj” oidC-attr=12 ”oidCobj” oidC-attr=5 Attribute with value (entry content) ”oidCobj” oidC-attr=n2 ”oidCobj” oidC-attr=n3 DIT subtree of OIDs defined as URNs Root of Directory Information Tree (DIT) ”urnC1obj” urnC1="oid" ”urnC2obj” urnC2="0" ”urnC2obj” urnC2="1" ”urnC2obj” urnC2="2" ”urnCobj” urnC="0" ”urnCobj” urnC="15459" ”urnCobj” urnC="5" ”urnCobj” urnC="4" ”urnCobj” urnC="5" ”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj” urnC="1" urnC="2" urnC="3" urnC="4" urnC="5" urnC="6" urnC="7" ”Object class (type of entry)” Attribute with value (entry content) Representing URNs in LDAP/X.500 Root of Directory Information Tree (DIT) ”urnCobj” urnC="iso" ”urnC1obj” urnC1="epc" ”urnC2obj” urnC2="std" ”urnC2obj” urnC2="id" ”urnCobj” urnC="iec" ”urnCobj” urnC="9594" ”urnCobj” urnC="-1" ”urnC1obj” urnC1="iso" ”urnCobj” urnC="-2" ”urnCobj” urnC="iso-iec" ”urnCobj” urnC="8824" ”urnCobj” urnC="-3" ”urnCobj” urnC="15459" ”urnCobj” urnC="-4" ”urnCobj” urnC="-5" ”urnCobj” urnC="sgtin" ”urnCobj” urnC="grai" ”urnCobj” urnC="sscc" ”urnCobj” urnC="-6" ”urnCobj” urnC="gsrn" ”urnCobj” urnC="giai" ”urnCobj” urnC="gdti" X.500/LDAP directory support for Tag-based applications Erik Andersen Andersen’s L-Service era@x500.eu RFID Information Acquisition 1. Some kind of object has an Radio Frequency Identification (RFID) tag attached 2. The RFID ID-tag is read by tag reader (ID terminal) 3. Information associated with the object is retrieved from some information provider using the RFID tag information as key X.500/LDAP as the information provider Use of Directory technology Directory infrastructure AIDC media ID terminal AIDC client system DUA or LDAP client LDAP/X.500 advantages By use of off-the-shelf software. Use of well known technology. In some cases: a single access allows retrieval of the information associated with an RFID tag or it allows retrieving a URL for the associated information. it is not necessary to convert the UII to URN format. Relevant pieces of information may be represented by directory attributes Has extensive search and filter capabilities. Possibility for return of diverse and complex data structures. Extensive security functions (important in many situations, e.g. For military applications). Players and documentation GS1 EPCglobal (http://www.epcglobalinc.org) GS1 General Specifications, Version 10 EPCglobal Tag Data Standards, Version 1.5 ISO/IEC JTC1/SC31 ISO/IEC 15418, ISO/IEC 15459 Series, ISO/IEC 15961 Series, ISO/IEC 15962 , ISO/IEC 15963, ISO/IEC 18000 Series, ISO/IEC 19762 Series The list is certainly not complete Players and documentation (cont.) ISO TC 122 ISO 17363 to ISO 17367 Common Working Group ISO TC 104 ISO/TS 10891, ISO 10374 ITU-T Q.12/17 | ISO/IEC JTC1/SC6 WG9 ITU-T X.668 | ISO/IEC 9834-9 ITU-T SG 13 ITU-T Y.2213 The list is certainly not complete 18000-6C & 3m3, Memory structure Memory Banks 11 [User] 10 TID 01 UII 00 Reserved [ ] = Optional UII = Unique Item Identifier RFU DSFID TID TID [Extended Protocol Control] UII (may be EPC) Protocol Control CRC-16 Access Password Kill Password Data Objects formatted: ¥ Precursor, [OID], length, Object ¥ Sensors/Battery-assist ¥ See ISO/IEC 15961 and ISO/IEC 15962 ¥ ¥ ¥ ¥ MDID Part number Serial number Burned in or written and permalocked by IC manufacturer Memory Bank 01’B Length in words (of 16 bits) Protocol Control AFI (ISO) Cyclic Redundancy Check (16 bits) (Confirms UII memory content) Length (5 bits) Reserved (EPC)$ (8 bits) Toggle bit: 0=EPC/1=ISO AFI = Application Family Identifier EPC = Electronic Product Code UII = Unique Item Identifier UII Zero fill to Word boundary Relevant tag information for directory support In a RFID based application an ID-terminal reads data from an ID-tag From the point of this presentation, the data that is of most interest is: A toggle switch telling whether the tag content is defined by the GS1 EPC specifications or by ISO or ISO/IEC International Standards The Unique Item Identifier (UII) – EPC UII or ISO UII An Object Identifier (OID) and/or Application Family Identifier (AFI) for ISO UIIs Uniqueness of UII EPC: A UII {EPC} is unique within the scope of EPC UII Header Toggle switch EPC application is indicated by first octet (header) of UII ISO: An Object Identifier + UII {ISO} is unique within the scope of ISO OID And/or + UII AFI A particular UII may have two formats: RFID binary format A numeric character or alpha numeric format GS1 EPCglobal EPC Search using the EPC UII in a limited environment Attribute Value Assertions X.500/LDAP Data base EPC UII AIDC media Filter:epcUii ID terminal Entry epcUii <content> | contentUrl (uiiInUrn, tagLocation) uiiInUrn contentUrl or <content> tagLocation Search using the (AFI, UII) tuple Attribute Value Assertions X.500/LDAP Data base AFI + UII AIDC media Filter: tagAfi & isoUii ID terminal Entry <content> | contentUrl [uiiInUrn, tagOid, tagLocation] tagOid tagAfi isoUii uiiInUrn contentUrl or <content> tagLocation SGTIN-96 Partitions (Serialized Global Trade Item Number – 96 bits) Filter Partition 44 bits Header x’30’ F0 Header x’30’ F1 Header x’30’ F2 Header x’30’ F3 Company Prefix Header x’30’ F4 Company Prefix 38 bits Company Prefix Company Prefix Company Prefix Header x’30’ F 5 Header x’30’ F 6 Company Prefix Serial Number Item Ref. Item Ref. Item Reference Item Reference Company Prefix Item Reference Item Reference Serial Number Serial Number Serial Number Serial Number Serial Number Serial Number Retrieving EPC UII format information Attribute Value Assertions X.500/LDAP Data base EPC UII AIDC media Filter: (epcHeader & epcPartition) UII type entry ID terminal epcHeader epcPartition uiiFormat <Misc. Info> uiiFormat Formatting information The formatting information returned from the directory allows separation of UII into components A printed character representation may be produced A URN representaion of the UII may be generated The URN DIT Subtree for EPC UIIs ”urnC1obj” urnC1="epc" ”urnC2obj” urnC2="id" ”urnCobj” urnC="sgtin" Company Prefix level Item Reference level Serial number level ”urnCobj” urnC="sscc" ”urnCobj” urnC="igln" ”urnCobj” urnC="grai" ”urnCobj” urnC="giai" ”urnCobj” urnC="gsrn" ”urnCobj” ”urnCobj” ”urnCobj” urnC="793591651" urnC="793591651" urnC="793591651" ”urnCobj” urnC="9179" ”urnCobj” urnC="9180" ”urnCobj” urnC="9181" ”urnCobj” ”urnCobj” ”urnCobj” urnC="793591651" urnC="793591652" urnC="793591653" ”urnCobj” urnC="gdti" ISO/IEC 15459 Format retrieval ISO/IEC 15459 Series specifies rules for identification of Transport Units A Transport Unit is assigned a so-called license plate (UII) A transport unit is handled by several parties, sender, receiver, carriers, customs authorities, etc. Determination of length of UII components General ISO/IEC 15459 Data Identifier format DI IAC Company Identification Number (CIN) Issuing Agency Code Serial Number/ Part Number 6 bits character encoding Data Identifier Data Identifier (DI): A specified character (or string of characters) that defines the general category or intended use of the data that follows. Consists of one alphabetic character alone or prefixed by one to three numeric characters Values registered by ANSI MH10.8.2 Examples: 25S Id of a party identified by IAC and CIN followed by a Serial Number J Unique license plate number – unspecified – max 35 characters 1 J to 6J Unique license plate number – different type of packeting / EDI data – max 20 or 35 characters 25P Id of a party identified by IAC and CIN followed by a Part Number 25B As for 25S for a returnable transport item Issuing Agency Codes A Issuing Agency is an entity for allocating identities to organisations (companies) An issuing Agency is given a unique Issuing Agency Code (IAC) The IAC together with the assigned organistion identity is globally unique identification of the organisation. IACs are allocated by Registration Authority, which currently is Nederlands Normalisatie-instituut List of assigned IACs may be found here: http://iso15459.nen.nl Retrieving ISO UII format information Attribute Value Assertions X.500/LDAP Data base AFI and ISO UII AIDC media Filter: (tagAfi & isoTagDi & isoTagIac) UII type entry ID terminal tagOid tagAfi isoTagDi isoTagIac uiiFormat uiiFormat <Misc. Info> URN generation IANA registers URN name spaces, i.e. the first component after the lead urn: component. Two registration of interest: epc - to generate a URN from an EPC UII Example: urn:epc:id:sgtin:0614141.000024.400. iso – to generate a URN from an ISO UII Proposal for ISO/IEC 15459: urn:iso:std:iso-iec:15459.<DI>.<IAC>.<CIN>.<serial/part number> Example: urn:iso:std:iso-iec:15459:25S.UN.043325711.MH803120000001 Data Identifier (DI) Issuing Agency Code (IAC) Company Identification Number (CIN) Serial/part number Representing URNs in LDAP/X.500 ”urnC1obj” urnC1="iso" ”urnC2obj” urnC2="std" ”urnCobj” urnC="iso" ”urnCobj” ”urnCobj” urnC="iso-iec" urnC="iso-ieee" ”urnCobj” urnC="15459" ”urnCobj” ”urnCobj” ”urnCobj” Data Identity level urnC="25B" urnC="25P" urnC="25S" ”urnCobj” urnC="J" Issuing Agency Code level ”urnCobj” ”urnCobj” ”urnCobj” urnC="J" urnC="KDK" urnC="OD" Company Identification Number level ”urnCobj” urnC="123456789" Serial/Part Number level ”urnCobj” urnC="1J" ”urnCobj” urnC="SI" ”urnCobj” urnC="234567890" ”urnCobj” urnC="MH803120000001" ”urnCobj” urnC="2J" ”urnCobj” urnC="3J" ”urnCobj” ”urnCobj” urnC="UN" urnC="VIB" ”urnCobj” urnC="345678901" ”urnCobj” urnC="MH803120000002" ”urnCobj” urnC="MH803120000003" Use of digital signature Attribute Value Assertions X.500/LDAP Data base Filter: tagAfi & isoUii AFI + UII Signed Info AIDC media Entry ID terminal <content> | contentUrl pkiPath [uiiInUrn, tagOid, tagLocation] tagOid tagAfi isoUii uiiInUrn contentUrl or <content> tagLocation pkiPath Distribution of URN subtree ”urnC1obj” urnC1="iso" urnC=123456789 ”urnC2obj” urnC2="std" Company site <Misc. Info> ”urnCobj” urnC="iso" ”urnCobj” ”urnCobj” urnC="iso-iec" urnC="iso-ieee" ”urnCobj” urnC="15459" ”urnCobj” ”urnCobj” ”urnCobj” urnC="25B" urnC="25P" urnC="25S" ”urnCobj” urnC="J" ”urnCobj” ”urnCobj” ”urnCobj” urnC="J" urnC="KDK" urnC="OD" ”urnCobj” urnC="123456789" ”urnCobj” urnC="1J" ”urnCobj” urnC="SI" ”urnCobj” urnC="234567890" ”urnCobj” urnC="2J" ”urnCobj” urnC="3J" ”urnCobj” ”urnCobj” urnC="UN" urnC="VIB" ”urnCobj” urnC="345678901" Directory infrastructure for specific application Master directory X.500/ LDAP Data base Company directory Company directory X.500/ LDAP X.500/ LDAP Data base Data base Several independent infrastructures Defence organisation Aviation industry Auto industry Container shipping ITU-T Y.2213 support requirements Not affected by a single of failure Location-based service support Forward identifier resolution As shown in examples above Reverse identifier resolution Identification of tag/tag reader from associated information One-to-many association between tag and users Different information associated with tag for different users We have all answer to all that END