Misplaced Pages

#132867

53-646: The intelligence is provided by network nodes on the service layer , distinct from the switching layer of the core network , as opposed to solutions based on intelligence in the core switches or equipment. The IN nodes are typically owned by telecommunications service providers such as a telephone company or mobile phone operator . IN is supported by the Signaling System #7 (SS7) protocol between network switching centers and other network nodes owned by network operators. The IN concepts, architecture and protocols were originally developed as standards by

106-594: A basis upon which operators could build services in addition to those already present on a standard telephone exchange . A complete description of the IN emerged in a set of ITU-T standards named Q.1210 to Q.1219 , or Capability Set One (CS-1) as they became known. The standards defined a complete architecture including the architectural view, state machines, physical implementation and protocols. They were universally embraced by telecom suppliers and operators, although many variants were derived for use in different parts of

159-422: A hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number. LDAP is specified in a series of Internet Engineering Task Force (IETF) Standard Track publications called Request for Comments (RFCs), using the description language ASN.1 . The latest specification is Version 3, published as RFC 4511 (a road map to

212-405: A lower resource layer. The lower layers may also be named control layer and transport layer (the transport layer is also referred to as the access layer in some architectures). The concept of service layer is used in contexts such as Intelligent networks (IN), WAP , 3G and IP Multimedia Subsystem (IMS). It is defined in the 3GPP Open Services Architecture (OSA) model, which reused

265-410: A new entry into the directory-server database. If the distinguished name in the add request already exists in the directory, then the server will not add a duplicate entry but will set the result code in the add result to decimal 68, "entryAlreadyExists". In the above example, uid=user,ou=people,dc=example,dc=com must not exist, and ou=people,dc=example,dc=com must exist. When an LDAP session

318-416: A response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER). The client may request the following operations: In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before the connection is timed out. A common alternative method of securing LDAP communication

371-485: A separate port, by default 636. LDAPS differs from LDAP in two ways: 1) upon connect, the client and server establish TLS before any LDAP messages are transferred (without a StartTLS operation) and 2) the LDAPS connection must be closed upon TLS closure. Some "LDAPS" client libraries only encrypt communication; they do not check the host name against the name in the supplied certificate. The Abandon operation requests that

424-407: A subtree starting from a specific entry, e.g. " dc=example,dc=com " and its children. Servers may also hold references to other servers, so an attempt to access " ou=department,dc=example,dc=com " could return a referral or continuation reference to a server that holds that part of the directory tree. The client can then contact the other server. Some servers also support chaining , which means

477-606: A successor to DIXIE and DAS . Mark Wahl of Critical Angle Inc., Tim Howes, and Steve Kille started work in 1996 on a new version of LDAP, LDAPv3, under the aegis of the Internet Engineering Task Force (IETF). LDAPv3, first published in 1997, superseded LDAPv2 and added support for extensibility, integrated the Simple Authentication and Security Layer , and better aligned the protocol to the 1993 edition of X.500. Further development of

530-698: Is not the opposite of the Bind operation. Clients can abort a session by simply closing the connection, but they should use Unbind. Unbind allows the server to gracefully close the connection and free resources that it would otherwise keep for some time until discovering the client had abandoned the connection. It also instructs the server to cancel operations that can be canceled, and to not send responses for operations that cannot be canceled. An LDAP uniform resource identifier (URI) scheme exists, which clients support in varying degrees, and servers return in referrals and continuation references (see RFC 4516): Most of

583-517: Is a conceptual layer within a network service provider architecture. It aims at providing middleware that serves third-party value-added services and applications at a higher application layer . The service layer provides capability servers owned by a telecommunication network service provider, accessed through open and secure Application Programming Interfaces (APIs) by application layer servers owned by third-party content providers . The service layer also provides an interface to core networks at

SECTION 10

#1732791851133

636-430: Is also used as the basis for Microsoft 's Active Directory . A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS (LDAP over TLS/SSL, see below). The client then sends an operation request to the server, and a server sends responses in return. With some exceptions, the client does not need to wait for

689-490: Is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with

742-424: Is created, that is, when an LDAP client connects to the server, the authentication state of the session is set to anonymous. The BIND operation establishes the authentication state for a session. Simple BIND and SASL PLAIN can send the user's DN and password in plaintext , so the connections utilizing either Simple or SASL PLAIN should be encrypted using Transport Layer Security (TLS). The server typically checks

795-470: Is using an SSL tunnel . The default port for LDAP over SSL is 636. The use of LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification. This usage has been deprecated along with LDAPv2, which was officially retired in 2003. The protocol provides an interface with directories that follow the 1993 edition of the X.500 model: A DN may change over

848-689: The Advanced Intelligent Network (AIN) as the variant of Intelligent Network for North America, and performed the standardization of the AIN on behalf of the major US operators. The original goal of AIN was AIN 1.0, which was specified in the early 1990s ( AIN Release 1 , Bellcore SR-NWT-002247, 1993). AIN 1.0 proved technically infeasible to implement, which led to the definition of simplified AIN 0.1 and AIN 0.2 specifications. In North America, Telcordia SR-3511 (originally known as TA-1129+) and GR-1129-CORE protocols serve to link switches with

901-571: The ITU-T which is the standardization committee of the International Telecommunication Union ; prior to this a number of telecommunications providers had proprietary implementations. The primary aim of the IN was to enhance the core telephony services offered by traditional telecommunications networks, which usually amounted to making and receiving voice calls, sometimes with call divert. This core would then provide

954-452: The SIP signalling protocol. The network elements contained within the service layer are generically referred to as 'service platforms' however the 3GPP specification (3GPP TS 23.228 V8.7.0) defines several types of service platforms: The SIP Application Server (AS) performs the same function as a Telephony Application Server in a pre-IMS network, however it is specifically tailored to support

1007-451: The mobile phone environment, and allowed mobile phone operators to offer the same IN services to subscribers while they are roaming as they receive in the home network. CAMEL has become a major standard in its own right and is currently maintained by 3GPP . The last major release of the standard was CAMEL phase 4. It is the only IN standard currently being actively worked on. Bellcore (subsequently Telcordia Technologies ) developed

1060-565: The IN systems such as Service Control Points (SCPs) or Service Nodes. SR-3511 details a TCP/IP-based protocol which directly connects the SCP and Service Node. GR-1129-CORE provides generic requirements for an ISDN-based protocol which connects the SCP to the Service Node via the SSP. While activity in development of IN standards has declined in recent years, there are many systems deployed across

1113-482: The IN was the need for a more flexible way of adding sophisticated services to the existing network. Before the IN was developed, all new features and/or services had to be implemented directly in the core switch systems. This made for long release cycles as the software testing had to be extensive and thorough to prevent the network from failing. With the advent of the IN, most of these services (such as toll-free numbers and geographical number portability) were moved out of

SECTION 20

#1732791851133

1166-509: The IN, such as Custom Local Area Signaling Services (CLASS) and prepaid telephone calls. The main concepts (functional view) surrounding IN services or architecture are connected with SS7 architecture: The core elements described above use standard protocols to communicate with each other. The use of standard protocols allows different manufacturers to concentrate on different parts of the architecture and be confident that they will all work together in any combination. The interfaces between

1219-525: The LDAPv3 specifications themselves and of numerous extensions adding features to LDAPv3 has come through the IETF . In the early engineering stages of LDAP, it was known as Lightweight Directory Browsing Protocol , or LDBP . It was renamed with the expansion of the scope of the protocol beyond directory browsing and searching, to include directory update functions. It was given its Lightweight name because it

1272-478: The SASL/EXTERNAL, the client requests the server derive its identity from credentials provided at a lower level (such as TLS). Though technically the server may use any identity information established at any lower level, typically the server will use the identity information established by TLS. Servers also often support the non-standard "LDAPS" ("Secure LDAP", commonly known as "LDAP over SSL") protocol on

1325-676: The SIP signalling protocol for use in an IMS network. An OSA Service Capability Server acts as a secure gateway between the IMS network and an application which runs upon the Open Services Architecture (this is typically a SIP to Parlay gateway) The IM-SSF (IP Multimedia Service Switching Function) acts as a gateway between the IMS network and application servers using other telecommunication signalling standards such as INAP and CAMEL . In service-oriented architecture (SOA),

1378-591: The SSP and the SCP are SS7 based and have similarities with TCP/IP protocols. The SS7 protocols implement much of the OSI seven-layer model . This means that the IN standards only had to define the application layer , which is called the Intelligent Networks Application Part or INAP . The INAP messages are encoded using ASN.1 . The interface between the SCP and the SDP is defined in

1431-457: The authentication state of the session and each unsuccessful BIND request resets the authentication state of the session. To delete an entry, an LDAP client transmits a properly formed delete request to the server. The Search operation is used to both search for and read entries. Its parameters are: The server returns the matching entries and potentially continuation references. These may be returned in any order. The final result will include

1484-529: The components described below are optional. For example, " ldap://ldap.example.com/cn=John%20Doe,dc=example,dc=com " refers to all user attributes in John Doe's entry in ldap.example.com , while " ldap:///dc=example,dc=com??sub?(givenName=John) " searches for the entry in the default server (note the triple slash, omitting the host, and the double question mark, omitting the attributes). As in other URLs, special characters must be percent-encoded . There

1537-519: The concept of directory services to information technology and computer networking , their input culminating in the comprehensive X.500 specification, a suite of protocols produced by the International Telecommunication Union (ITU) in the 1980s. X.500 directory services were traditionally accessed via the X.500 Directory Access Protocol (DAP), which required the Open Systems Interconnection (OSI) protocol stack . LDAP

1590-401: The connection. It can provide data confidentiality (to protect data from being observed by third parties) and/or data integrity protection (which protects the data from tampering). During TLS negotiation the server sends its X.509 certificate to prove its identity. The client may also send a certificate to prove its identity. After doing so, the client may then use SASL /EXTERNAL. By using

1643-504: The core switch systems and into self-contained nodes, creating a modular and more secure network that allowed the service providers themselves to develop variations and value-added services to their networks without submitting a request to the core switch manufacturer and waiting for the long development process. The initial use of IN technology was for number translation services, e.g. when translating toll-free numbers to regular PSTN numbers; much more complex services have since been built on

Intelligent Network - Misplaced Pages Continue

1696-429: The entry in the meantime. Servers may implement extensions that support this, though. The Extended Operation is a generic LDAP operation that can define new operations that were not part of the original protocol specification. StartTLS is one of the most significant extensions. Other examples include Cancel and Password Modify. The StartTLS operation establishes Transport Layer Security (the descendant of SSL ) on

1749-573: The entry; it is neither an attribute nor a part of the entry. " cn=John Doe " is the entry's RDN (Relative Distinguished Name), and " dc=example,dc=com " is the DN of the parent entry, where " dc " denotes ' Domain Component '. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like " cn " for common name, " dc " for domain component, " mail " for email address, and " sn " for surname. A server holds

1802-599: The form of JAIN and Parlay . From a technical viewpoint, the SCE began to move away from its proprietary graphical origins towards a Java application server environment. The meaning of "intelligent network" is evolving in time, largely driven by breakthroughs in computation and algorithms. From networks enhanced by more flexible algorithms and more advanced protocols, to networks designed using data-driven models to AI enabled networks. Service layer In intelligent networks (IN) and cellular networks, service layer

1855-586: The form of an integer. If the client requests a version that the server does not support, the server must set the result code in the BIND response to the code for a protocol error. Normally clients should use LDAPv3, which is the default in the protocol but not always in LDAP libraries. BIND had to be the first operation in a session in LDAPv2, but is not required as of LDAPv3. In LDAPv3, each successful BIND request changes

1908-639: The idea of the Parlay API for third-party servers. In software design, for example Service-oriented architecture , the concept of service layer has a different meaning. The service layer of an IMS architecture provides multimedia services to the overall IMS network. This layer contains network elements which connect to the Serving-CSCF (Call Session Control Function) using the IP multimedia Subsystem Service Control Interface (ISC). The ISC interface uses

1961-451: The keyword delete and the changetype designator modify . If the attribute is multi-valued, the client must specify the value of the attribute to delete. There is also a Modify-Increment extension which allows an incrementable attribute value to be incremented by a specified amount. The following example using LDIF increments employeeNumber by 5 : When LDAP servers are in a replicated topology, LDAP clients should consider using

2014-490: The lifetime of the entry, for instance, when entries are moved within a tree. To reliably and unambiguously identify entries, a UUID might be provided in the set of the entry's operational attributes . An entry can look like this when represented in LDAP Data Interchange Format (LDIF), a plain text format (as opposed a binary protocol such as LDAP itself): " dn " is the distinguished name of

2067-478: The new RDN (Relative Distinguished Name), optionally the new parent's DN, and a flag that indicates whether to delete the value(s) in the entry that match the old RDN. The server may support renaming of entire directory subtrees. An update operation is atomic: Other operations will see either the new entry or the old one. On the other hand, LDAP does not define transactions of multiple operations: If you read an entry and then modify it, another client may have updated

2120-418: The password against the userPassword attribute in the named entry. Anonymous BIND (with empty DN and password) resets the connection to anonymous state. SASL (Simple Authentication and Security Layer) BIND provides authentication services through a wide range of mechanisms, e.g. Kerberos or the client certificate sent with TLS. BIND also sets the LDAP protocol version by sending a version number in

2173-572: The post-read control to verify updates instead of a search after an update. The post-read control is designed so that applications need not issue a search request after an update – it is bad form to retrieve an entry for the sole purpose of checking that an update worked because of the replication eventual consistency model. An LDAP client should not assume that it connects to the same directory server for each request because architects may have placed load-balancers or LDAP proxies or both between LDAP clients and servers. Modify DN (move/rename entry) takes

Intelligent Network - Misplaced Pages Continue

2226-401: The result code. The Compare operation takes a DN, an attribute name and an attribute value, and checks if the named entry contains that attribute with that value. The MODIFY operation is used by LDAP clients to request that the LDAP server make changes to existing entries. Attempts to modify entries that do not exist will fail. MODIFY requests are subject to access controls as implemented by

2279-411: The server abort an operation named by a message ID. The server need not honor the request. Neither Abandon nor a successfully abandoned operation send a response. A similar Cancel extended operation does send responses, but not all implementations support this. The Unbind operation abandons any outstanding operations and closes the connection. It has no response. The name is of historical origin, and

2332-431: The server contacts the other server and returns the results to the client. LDAP rarely defines any ordering: The server may return the values of an attribute, the attributes in an entry, and the entries found by a search operation in any order. This follows from the formal definitions - an entry is defined as a set of attributes, and an attribute is a set of values, and sets need not be ordered. The ADD operation inserts

2385-444: The server. The MODIFY operation requires that the distinguished name (DN) of the entry be specified, and a sequence of changes. Each change in the sequence must be one of: LDIF example of adding a value to an attribute: To replace the value of an existing attribute, use the replace keyword. If the attribute is multi-valued, the client must specify the value of the attribute to update. To delete an attribute from an entry, use

2438-455: The service layer is the third layer in a five-abstraction-layer model. The model consists of Object layer, Component layer, Service layer, Process layer and Enterprise layer. The service layer can be considered as a bridge between the higher and lower layers, and is characterized by a number of services that are carrying out individual business functions. LDAP The Lightweight Directory Access Protocol ( LDAP / ˈ ɛ l d æ p / )

2491-486: The standards to be an X.500 Directory Access Protocol or DAP. A more lightweight interface called LDAP has emerged from the IETF which is considerably simpler to implement, so many SCPs have implemented that instead. The core CS-1 specifications were adopted and extended by other standards bodies. European flavours were developed by ETSI , American flavours were developed by ANSI , and Japanese variants also exist. The main reasons for producing variants in each region

2544-593: The technical specifications is provided by RFC4510 ). A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users. LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this relationship, LDAP is sometimes called X.500-lite. Telecommunication companies' understanding of directory requirements were well developed after some 70 years of producing and managing telephone directories. These companies introduced

2597-411: The world (see Variants below). Following the success of CS-1, further enhancements followed in the form of CS-2. Although the standards were completed, they were not as widely implemented as CS-1, partly because of the increasing power of the variants, but also partly because they addressed issues which pushed traditional telephone exchanges to their limits. The major driver behind the development of

2650-480: The world which use this technology. The architecture has proved to be not only stable, but also a continuing source of revenue with new services added all the time. Manufacturers continue to support the equipment and obsolescence is not an issue. Nevertheless, new technologies and architectures have emerged, especially in the area of VoIP and SIP . More attention is being paid to the use of APIs in preference to protocols like INAP, and new standards have emerged in

2703-542: Was not as network intensive as its DAP predecessor and thus was more easily implemented over the Internet due to its relatively modest bandwidth usage. LDAP has influenced subsequent Internet protocols, including later versions of X.500, XML Enabled Directory (XED), Directory Service Markup Language (DSML), Service Provisioning Markup Language (SPML), and the Service Location Protocol (SLP). It

SECTION 50

#1732791851133

2756-662: Was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler (and now widespread) TCP/IP protocol stack. This model of directory access was borrowed from the DIXIE and Directory Assistance Service protocols. The protocol was originally created by Tim Howes of the University of Michigan , Steve Kille of Isode Limited, Colin Robbins of Nexor and Wengyik Yeong of Performance Systems International , circa 1993, as

2809-499: Was to ensure interoperability between equipment manufactured and deployed locally (for example different versions of the underlying SS7 protocols exist between the regions). New functionality was also added which meant that variants diverged from each other and the main ITU-T standard. The biggest variant was called Customised Applications for Mobile networks Enhanced Logic , or CAMEL for short. This allowed for extensions to be made for

#132867