X.500/LDAP as OID and URN resolver Erik Andersen

advertisement
X.500/LDAP
as OID and URN
resolver
Erik Andersen
Andersen’s L-Service
era@x500.eu
Hierarchical idendities
Object Identifiers (OIDs) uniquely identifies object by
recognising the hierarchical structure of objects
Uniform Resource Names (RDNs) uniquely identifies
object by recognising the hierarchical structure of
objects
Directory Distinguished Names uniquely identifies
object by recognising the hierarchical structure of
objects
According, these identifiers can be mapped into
each other
However - - -
Mapping to the DIT
The Directory Distinguished Name is not only a hierarchical
identity scheme
The Directory Information Tree information model is tightly
related to Directory Distinguished Names
Information may be associated with each component of a
Distinguished Name by being stored in the corresponding
entry of the Directory Information Tree
Information types
Q: What kind information can you store?
A: Any type!
Text;
photos;
speech;
certificates; and
what ever may be represented
in a digital form
Possible DIT subtree representing object identifier
components
Root of Directory
Information Tree
(DIT)
”oidC1obj”
(itu-t)
oidC1-attr=0
”oidC1obj”
(joint-iso-itu-t)
oidC1-attr=2
”oidC1obj”
(iso)
oidC1-attr=1
”oidC2obj”
oidC2-attr=0
”oidCobj”
oidC-attr=
10891
”oidCobj”
oidC-attr=
15459
”oidC2obj”
oidC2-attr=27
”oidCobj”
oidC-attr=
15961
”oidCobj”
oidC-attr=8
”oidCobj”
oidC-attr=1
”oidCobj”
oidC-attr=4
”Object class (type of entry)”
”oidCobj”
oidC-attr=9
”oidCobj”
oidC-attr=n1
”oidCobj”
oidC-attr=12
”oidCobj”
oidC-attr=5
Attribute with value (entry content)
”oidCobj”
oidC-attr=n2
”oidCobj”
oidC-attr=n3
DIT subtree of OIDs defined as URNs
Root of Directory
Information Tree
(DIT)
”urnC1obj”
urnC1="oid"
”urnC2obj”
urnC2="0"
”urnC2obj”
urnC2="1"
”urnC2obj”
urnC2="2"
”urnCobj”
urnC="0"
”urnCobj”
urnC="15459"
”urnCobj”
urnC="5"
”urnCobj”
urnC="4"
”urnCobj”
urnC="5"
”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj” ”urnCobj”
urnC="1" urnC="2" urnC="3" urnC="4" urnC="5" urnC="6" urnC="7"
”Object class (type of entry)”
Attribute with value (entry content)
Representing URNs in LDAP/X.500
Root of Directory
Information Tree
(DIT)
”urnCobj”
urnC="iso"
”urnC1obj”
urnC1="epc"
”urnC2obj”
urnC2="std"
”urnC2obj”
urnC2="id"
”urnCobj”
urnC="iec"
”urnCobj”
urnC="9594"
”urnCobj”
urnC="-1"
”urnC1obj”
urnC1="iso"
”urnCobj”
urnC="-2"
”urnCobj”
urnC="iso-iec"
”urnCobj”
urnC="8824"
”urnCobj”
urnC="-3"
”urnCobj”
urnC="15459"
”urnCobj”
urnC="-4"
”urnCobj”
urnC="-5"
”urnCobj”
urnC="sgtin"
”urnCobj”
urnC="grai"
”urnCobj”
urnC="sscc"
”urnCobj”
urnC="-6"
”urnCobj”
urnC="gsrn"
”urnCobj”
urnC="giai"
”urnCobj”
urnC="gdti"
X.500/LDAP
directory support for
Tag-based applications
Erik Andersen
Andersen’s L-Service
era@x500.eu
RFID Information Acquisition
1. Some kind of object has an Radio Frequency
Identification (RFID) tag attached
2. The RFID ID-tag is read by tag reader (ID terminal)
3. Information associated with the object is retrieved
from some information provider using the RFID
tag information as key
X.500/LDAP as the information provider
Use of Directory technology
Directory
infrastructure
AIDC
media
ID terminal
AIDC client system
DUA or
LDAP
client
LDAP/X.500 advantages
By use of off-the-shelf software.
Use of well known technology.
In some cases:
a single access allows retrieval of the information associated with an RFID tag or it
allows retrieving a URL for the associated information.
it is not necessary to convert the UII to URN format.
Relevant pieces of information may be represented by
directory attributes
Has extensive search and filter capabilities.
Possibility for return of diverse and complex data structures.
Extensive security functions (important in many situations,
e.g. For military applications).
Players and documentation
GS1 EPCglobal (http://www.epcglobalinc.org)
GS1 General Specifications, Version 10
EPCglobal Tag Data Standards, Version 1.5
ISO/IEC JTC1/SC31
ISO/IEC 15418, ISO/IEC 15459 Series, ISO/IEC 15961 Series, ISO/IEC 15962 , ISO/IEC
15963, ISO/IEC 18000 Series, ISO/IEC 19762 Series
The list is certainly not complete
Players and documentation (cont.)
ISO TC 122
ISO 17363 to ISO 17367
Common Working Group
ISO TC 104
ISO/TS 10891, ISO 10374
ITU-T Q.12/17 | ISO/IEC JTC1/SC6 WG9
ITU-T X.668 | ISO/IEC 9834-9
ITU-T SG 13
ITU-T Y.2213
The list is certainly not complete
18000-6C & 3m3, Memory structure
Memory Banks
11
[User]
10
TID
01
UII
00
Reserved
[ ] = Optional
UII = Unique Item Identifier
RFU
DSFID
TID
TID
[Extended
Protocol Control]
UII
(may be EPC)
Protocol Control
CRC-16
Access Password
Kill Password
Data Objects formatted:
¥ Precursor, [OID], length,
Object
¥ Sensors/Battery-assist
¥ See ISO/IEC 15961
and ISO/IEC 15962
¥
¥
¥
¥
MDID
Part number
Serial number
Burned in or written
and permalocked by
IC manufacturer
Memory Bank 01’B
Length in words (of 16 bits)
Protocol Control
AFI (ISO)
Cyclic Redundancy
Check (16 bits)
(Confirms UII memory content)
Length
(5 bits)
Reserved
(EPC)$
(8 bits)
Toggle bit: 0=EPC/1=ISO
AFI = Application Family Identifier
EPC = Electronic Product Code
UII = Unique Item Identifier
UII
Zero fill
to Word
boundary
Relevant tag information for
directory support
In a RFID based application an ID-terminal reads
data from an ID-tag
From the point of this presentation, the data that is
of most interest is:
A toggle switch telling whether the tag content is defined by the
GS1 EPC specifications or by ISO or ISO/IEC International
Standards
The Unique Item Identifier (UII) – EPC UII or ISO UII
An Object Identifier (OID) and/or Application Family Identifier (AFI)
for ISO UIIs
Uniqueness of UII
EPC:
A UII {EPC} is unique within the scope of EPC
UII
Header
Toggle switch
EPC application is indicated by first octet (header) of UII
ISO:
An Object Identifier + UII {ISO} is unique within the scope of ISO
OID
And/or
+
UII
AFI
A particular UII may have two formats:
RFID binary format
A numeric character or alpha numeric format
GS1 EPCglobal
EPC Search using the EPC UII in a
limited environment
Attribute Value
Assertions
X.500/LDAP
Data base
EPC UII
AIDC
media
Filter:epcUii
ID terminal
Entry
epcUii
<content> | contentUrl
(uiiInUrn, tagLocation)
uiiInUrn
contentUrl
or
<content>
tagLocation
Search using the (AFI, UII) tuple
Attribute Value
Assertions
X.500/LDAP
Data base
AFI + UII
AIDC
media
Filter: tagAfi & isoUii
ID terminal
Entry
<content> | contentUrl
[uiiInUrn, tagOid, tagLocation]
tagOid
tagAfi
isoUii
uiiInUrn
contentUrl
or
<content>
tagLocation
SGTIN-96 Partitions
(Serialized Global Trade Item Number – 96 bits)
Filter
Partition
44 bits
Header
x’30’
F0
Header
x’30’
F1
Header
x’30’
F2
Header
x’30’
F3
Company Prefix
Header
x’30’
F4
Company Prefix
38 bits
Company Prefix
Company Prefix
Company Prefix
Header
x’30’ F
5
Header
x’30’ F
6 Company Prefix
Serial Number
Item
Ref.
Item
Ref.
Item
Reference
Item
Reference
Company Prefix Item Reference
Item Reference
Serial Number
Serial Number
Serial Number
Serial Number
Serial Number
Serial Number
Retrieving EPC UII format information
Attribute Value
Assertions
X.500/LDAP
Data base
EPC UII
AIDC
media
Filter: (epcHeader &
epcPartition)
UII type
entry
ID terminal
epcHeader
epcPartition
uiiFormat
<Misc. Info>
uiiFormat
Formatting information
The formatting information returned from the
directory allows separation of UII into components
A printed character representation may be produced
A URN representaion of the UII may be generated
The URN DIT Subtree for EPC UIIs
”urnC1obj”
urnC1="epc"
”urnC2obj”
urnC2="id"
”urnCobj”
urnC="sgtin"
Company Prefix level
Item Reference level
Serial number level
”urnCobj”
urnC="sscc"
”urnCobj”
urnC="igln"
”urnCobj”
urnC="grai"
”urnCobj”
urnC="giai"
”urnCobj”
urnC="gsrn"
”urnCobj”
”urnCobj”
”urnCobj”
urnC="793591651" urnC="793591651" urnC="793591651"
”urnCobj”
urnC="9179"
”urnCobj”
urnC="9180"
”urnCobj”
urnC="9181"
”urnCobj”
”urnCobj”
”urnCobj”
urnC="793591651" urnC="793591652" urnC="793591653"
”urnCobj”
urnC="gdti"
ISO/IEC 15459 Format retrieval
ISO/IEC 15459 Series specifies rules for identification
of Transport Units
A Transport Unit is assigned a so-called license plate
(UII)
A transport unit is handled by several parties, sender,
receiver, carriers, customs authorities, etc.
Determination of length of UII components
General ISO/IEC 15459
Data Identifier format
DI
IAC
Company Identification
Number (CIN)
Issuing Agency Code
Serial Number/
Part Number
6 bits character encoding
Data Identifier
Data Identifier (DI):
A specified character (or string of characters) that defines the
general category or intended use of the data that follows.
Consists of one alphabetic character alone or prefixed by one to
three numeric characters
Values registered by ANSI MH10.8.2
Examples:
25S
Id of a party identified by IAC and CIN followed by a Serial Number
J
Unique license plate number – unspecified – max 35 characters
1 J to 6J Unique license plate number – different type of packeting / EDI data –
max 20 or 35 characters
25P
Id of a party identified by IAC and CIN followed by a Part Number
25B
As for 25S for a returnable transport item
Issuing Agency Codes
A Issuing Agency is an entity for allocating identities
to organisations (companies)
An issuing Agency is given a unique Issuing Agency
Code (IAC)
The IAC together with the assigned organistion
identity is globally unique identification of the
organisation.
IACs are allocated by Registration Authority, which
currently is
Nederlands
Normalisatie-instituut
List of assigned IACs may be found here: http://iso15459.nen.nl
Retrieving ISO UII format information
Attribute Value
Assertions
X.500/LDAP
Data base
AFI and ISO UII
AIDC
media
Filter: (tagAfi & isoTagDi
& isoTagIac)
UII type
entry
ID terminal
tagOid
tagAfi
isoTagDi
isoTagIac
uiiFormat
uiiFormat
<Misc. Info>
URN generation
IANA registers URN name spaces, i.e. the first
component after the lead urn: component.
Two registration of interest:
epc - to generate a URN from an EPC UII
Example: urn:epc:id:sgtin:0614141.000024.400.
iso – to generate a URN from an ISO UII
Proposal for ISO/IEC 15459:
urn:iso:std:iso-iec:15459.<DI>.<IAC>.<CIN>.<serial/part number>
Example:
urn:iso:std:iso-iec:15459:25S.UN.043325711.MH803120000001
Data Identifier (DI)
Issuing Agency Code (IAC)
Company Identification Number (CIN)
Serial/part number
Representing URNs in LDAP/X.500
”urnC1obj”
urnC1="iso"
”urnC2obj”
urnC2="std"
”urnCobj”
urnC="iso"
”urnCobj”
”urnCobj”
urnC="iso-iec" urnC="iso-ieee"
”urnCobj”
urnC="15459"
”urnCobj”
”urnCobj”
”urnCobj”
Data Identity level urnC="25B" urnC="25P" urnC="25S"
”urnCobj”
urnC="J"
Issuing Agency
Code level
”urnCobj” ”urnCobj” ”urnCobj”
urnC="J" urnC="KDK" urnC="OD"
Company Identification Number level
”urnCobj”
urnC="123456789"
Serial/Part Number
level
”urnCobj”
urnC="1J"
”urnCobj”
urnC="SI"
”urnCobj”
urnC="234567890"
”urnCobj”
urnC="MH803120000001"
”urnCobj”
urnC="2J"
”urnCobj”
urnC="3J"
”urnCobj” ”urnCobj”
urnC="UN" urnC="VIB"
”urnCobj”
urnC="345678901"
”urnCobj”
urnC="MH803120000002"
”urnCobj”
urnC="MH803120000003"
Use of digital signature
Attribute Value
Assertions
X.500/LDAP
Data base
Filter: tagAfi & isoUii
AFI + UII
Signed Info
AIDC
media
Entry
ID terminal
<content> | contentUrl
pkiPath
[uiiInUrn, tagOid, tagLocation]
tagOid
tagAfi
isoUii
uiiInUrn
contentUrl
or
<content>
tagLocation
pkiPath
Distribution of URN subtree
”urnC1obj”
urnC1="iso"
urnC=123456789
”urnC2obj”
urnC2="std"
Company site
<Misc. Info>
”urnCobj”
urnC="iso"
”urnCobj”
”urnCobj”
urnC="iso-iec" urnC="iso-ieee"
”urnCobj”
urnC="15459"
”urnCobj” ”urnCobj” ”urnCobj”
urnC="25B" urnC="25P" urnC="25S"
”urnCobj”
urnC="J"
”urnCobj” ”urnCobj” ”urnCobj”
urnC="J" urnC="KDK" urnC="OD"
”urnCobj”
urnC="123456789"
”urnCobj”
urnC="1J"
”urnCobj”
urnC="SI"
”urnCobj”
urnC="234567890"
”urnCobj”
urnC="2J"
”urnCobj”
urnC="3J"
”urnCobj” ”urnCobj”
urnC="UN" urnC="VIB"
”urnCobj”
urnC="345678901"
Directory infrastructure for
specific application
Master
directory
X.500/
LDAP
Data
base
Company
directory
Company
directory
X.500/
LDAP
X.500/
LDAP
Data base
Data base
Several independent infrastructures
Defence
organisation
Aviation
industry
Auto
industry
Container
shipping
ITU-T Y.2213 support requirements
Not affected by a single of failure
Location-based service support
Forward identifier resolution
As shown in examples above
Reverse identifier resolution
Identification of tag/tag reader from associated information
One-to-many association between tag and users
Different information associated with tag for different users
We have all answer to all that
END
Download