As we mentioned yesterday, those who started the X.500 work in the 1980s envisaged a global directory that would have broad use, including provision of a global white pages and support of the sister X.400 messaging specification. Measured against this ambitious goal, the technology "failed."

Although many major directories (Microsoft AD, Novell eDirectory, etc.) don’t directly support X.500, there are many large and small directory vendors that support the X.500 protocols for use in those markets that need them. As with LDAP, the X.500 protocols are broadly "complete," and there is no reason to expect much change in them.

X.500 directory deployments are also driven by security requirements, and many directories are in support of applications with significant security requirements. The relationship with X.509 PKI is beneficial to X.500, and we expect to see increased use of X.509-based authentication in conjunction with X.500/LDAP directories.

Directories will typically use LDAP without authentication for reading and searching — data in the directory are generally made fully available to those who have network access to the servers. But there are often stringent security and audit requirements on updates. X.500 Access Control becomes important in a distributed deployment, and signed operations (a neat X.500 feature, not available with LDAP) are beneficial and sometimes required for updates in high-security deployments.

X.500 has an important ongoing role for directories with distribution and/or security requirements.

… Steve Kille

Those who started the X.500 work in the 1980s envisaged a global directory that would have broad use, including provision of a global white pages and support of the sister X.400 messaging specification. By measure of this ambitious goal, the technology failed. However, this technology has been a tremendous success, but not exactly in the way its originators intended.

X.500 spawned two technologies that have very broad commercial adoption. The first of these is LDAP, which is based on and requires conformance to the core X.500 standards. It is not widely realized how closely the key X.500 and LDAP protocol authors worked together. LDAP is a stable and widely used protocol for directory access. Many systems have been built around this — for example, X.509 PKI (Public Key Infrastructure) was developed with X.500 and is very widely used, generally in conjunction with LDAP.

The core X.500 protocols also have an important ongoing role. Attempts in the 1990s to build a full directory specification around LDAP (with replication and access control) were abandoned. If you want to build a distributed directory based on open standards, X.500 is the only game in town. Where systems have a requirement for open directory interconnect, X.500 DSP (Directory System Protocol) is still specified. Highly replicated directories are needed for reliability in many situations. X.500 DISP (Directory Information Shadowing Protocol) is the obvious and only open choice here. As well as being chosen by those who understand the requirements, some industries mandate X.500 as the basis for directory services, notably military directories (with ACP 133) and aviation (with the ATN directory).

… Steve Kille