diff options
Diffstat (limited to 'doc/rfc/rfc1564.txt')
-rw-r--r-- | doc/rfc/rfc1564.txt | 1179 |
1 files changed, 1179 insertions, 0 deletions
diff --git a/doc/rfc/rfc1564.txt b/doc/rfc/rfc1564.txt new file mode 100644 index 0000000..d760000 --- /dev/null +++ b/doc/rfc/rfc1564.txt @@ -0,0 +1,1179 @@ + + + + + + +Network Working Group P. Barker +Request for Comments: 1564 University College London +Category: Informational R. Hedberg + Technical University Delft + January 1994 + + + DSA Metrics + (OSI-DS 34 (v3)) + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +Abstract + + This document defines a set of criteria by which a DSA implementation + may be judged. Particular issues covered include conformance to + standards; performance; demonstrated interoperability. The intention + is that the replies to the questions posed provide a fairly full + description of a DSA. Some of the questions will yield answers which + are purely descriptive; others, however, are intended to elicit + answers which give some measure of the utility of the DSA. The marks + awarded for a DSA in each particular area should give a good + indication of the DSA's capabilities, and its suitability for + particular uses. + + Please send comments to the authors or to the discussion group + <osi-ds@CS.UCL.AC.UK>. + +Table of Contents + + 1. Overview 2 + 2. General Information 3 + 3. Conformance to OSI Standards 4 + 3.1 Directory protocols............................. 4 + 3.2 Implementors' agreements and profiles ......... 6 + 3.3 Protocol stacks................................. 6 + 3.4 DIT structure ................................. 7 + 4. Other protocols 7 + 5. Extensions to the 1988 Standard 7 + 5.1 Schema ......................................... 7 + 5.2 Support for replication......................... 8 + 5.3 Support for access control ..................... 8 + 5.4 Miscellaneous ................................. 9 + 6. Miscellaneous characteristics 10 + + + +Barker & Hedberg [Page 1] + +RFC 1564 DSA Metrics January 1994 + + + 7. Management tools 11 + 7.1 Dynamic system management ..................... 11 + 7.2 Static system management ...................... 12 + 7.3 Data management................................. 12 + 8. Operational Use 12 + 9. Interoperability 12 + 10. Performance 13 + 10.1 Speed for various operations .................. 14 + 10.1.1 Bind ..................................... 14 + 10.1.2 List ..................................... 15 + 10.1.3 Search .................................. 15 + 10.1.4 Read ..................................... 16 + 10.1.5 Add entry................................. 16 + 10.1.6 Modify entry ............................. 16 + 10.1.7 Modify RDN .............................. 16 + 10.1.8 Query rate .............................. 17 + 10.2 The results..................................... 17 + 10.3 Environment used for benchmarking ............. 17 + 11. Security Considerations 21 + 12. Authors' Addresses 21 + +1. Overview + + The purpose of this document is to define some metrics by which DSA + products can be measured. Such metrics are valuable as whilst an + X.500 DSA must conform to the specification in the standard - this is + a sine qua non - protocol conformance is not in itself the hallmark + of a usable implementation. A DSA must perform operations within a + reasonable time; a DSA must offer good throughput of queries; a DSA + must be able to handle a reasonable volume of data; if modification + operations are provided, some sort of access control must be + provided; a DSA and its data must be manageable. + + In many respects, it is almost impossible to say that one DSA is + better than other from looking at the responses to questions in this + document. For some, the cost or level of support will be the key + criterion. For another user, the flexibility of the schema + management facilities, or the feasibility of running the DSA over an + existing relational database, will be of prime importance. In many + respects DSAs will just be different, rather than better or worse. + However, all other things being equal, the look-up speed of a DSA is + very obviously measurable, and there is a substantial number of + questions on the speed of the various X.500 operations, and in + particular on the look-up operations. + + Throughout this document, some of the questions posed are annotated + with a square-bracketed points score and an explanation as to how the + points should be allocated. For example, a question might be + + + +Barker & Hedberg [Page 2] + +RFC 1564 DSA Metrics January 1994 + + + appended with "[2 if yes]", indicating score 2 points for an + affirmative answer to that question. These points scores should be + collated in Table 1 at the end of the document. The questions on DSA + performance are judged to be important enough to have a separate + table for those results: they appear in Table 2 (and optionally + Table 3). Together, these tables constitute a measure of the DSA. + + The metrics are on a section by section basis, which should help the + reader who is seeking, for example, a DSA with fast look-up + capabilities and extensive access control facilities, to focus on the + critical aspects of a DSA for their particular requirement. No + conclusions should be inferred from adding the scores together into + one overall grand total and comparing such totals for different DSAs, + as no attempt is made to assign weights to the different + characteristics. + + Whilst much of this document should usually be completed by the + developers or suppliers of an implementation, the section on + performance could be completed by anyone running the implementation. + Indeed, it will be beneficial if several sets of performance figures + can be gathered for each implementation, for a variety of hardware + platforms. + +2. General Information + + This section contains general information about the implementation + under discussion. + + 1. Name of the information provider ................................ + .................................................................... + + 2. Name of the implementation ...................................... + + 3. Version number of the DSA described in this document ............ + + 4. Are there plans to implement the additional features describe in + the 1992/3 standard? [6 for full implementation, 4 if both + access control and replication to be implemented, 2 for some + 1992 features] .................................................. + + 5. Name and address of supplier or person to contact ............... + .................................................................... + .................................................................... + .................................................................... + .................................................................... + .................................................................... + .................................................................... + + + + +Barker & Hedberg [Page 3] + +RFC 1564 DSA Metrics January 1994 + + + 6. Describe the hardware and software platforms supported by the DSA + [up to 4 points may be awarded for this question] + + (a) Hardware (If appropriate, can summarise as, for example + "generic UNIX platform") .................................. + + (b) O/S (state version if critical) + + i. UNIX) (be sure to indicate which flavour - e.g., + SYSV [1], BSD [1], SUNOS, etc) .......................... + + ii. VMS) [1] ................................................ + + iii. MS-DOS [1] .............................................. + + iv. Macintosh [1] ........................................... + + v. Other) [1] .............................................. + + 7. Name any other software required to run the system which is not + supplied with the operating system or with the DSA software + itself. Examples might include a database package, or + communications software ......................................... + .................................................................... + + 8. Is this DSA an integrated part of a software package, and in such + case which ? ................................................... + .................................................................... + + 9. Is the software free? If the DSA needs other packages, are these + also freely available? [3 if completely free, 1 if requires + commercial software package] .................................... + .................................................................... + + 10. Is commercial support available for this implementation? [3] ... + + 11. Is free, best effort support available from the developers? [2]. + + 12. Is free support available via user groups or email lists? [2] .. + +3. Conformance to OSI Standards + +3.1 Directory protocols + + 13. Does the DSA implement DAP? + + (a) Read ASE? [2] ............................................... + + + + +Barker & Hedberg [Page 4] + +RFC 1564 DSA Metrics January 1994 + + + (b) Search ASE? [2] ............................................. + + (c) Modify ASE? [2] ............................................. + + 14. Does the DSA implement DSP? + + (a) Chained read ASE? [2] ....................................... + + (b) Chained search ASE? [2] ..................................... + + (c) Chained modify ASE? [2] ..................................... + + 15. Statement requirements according to section 9.2.1 in X.519. + + (a) Supported application-contexts? ............................ + + (b) Capable of acting as first-level DSA? [1] ................... + + (c) Chained mode supported? [1] ................................ + + (d) Security-level(s) supported? [1 for strong + 1 for protected + simple + 1 for simple authentication] ....................... + + (e) All attribute types according to X.520? [1] ................ + + (f) All object classes according to X.521? [1] ................. + + 16. Does the implementation meet the conformance clauses in section + 9.2.2 and 9.2.3 of X.519? + Static requirements [2 if yes on all] + + (a) Abstract syntaxes of application contexts ................... + + (b) Abstract syntaxes of information framework .................. + + (c) Minimal knowledge ........................................... + + (d) Support of root context ..................................... + + (e) Abstract syntax - attribute types ........................... + + (f) Abstract syntax - object classes ............................ + + Dynamic requirements [2 if yes on all] + + (a) Mapping onto underlying services ............................ + + (b) Distributed operations - referrals .......................... + + + +Barker & Hedberg [Page 5] + +RFC 1564 DSA Metrics January 1994 + + + (c) DirectoryAccessAC - referrals ............................... + + (d) DirectorySystemAC - referrals ............................... + + (e) Chained mode ................................................ + + 17. Please list all conformance testing work applied to the + implementation (specify conformance test version number). [2 if + any testing] + .................................................................... + .................................................................... + .................................................................... + .................................................................... + +3.2 Implementors' agreements and profiles + + Does the DSA conform to the following implementors' agreements? If + so, state parts and version numbers. + + 18. EWOS? [1] ....................................................... + .................................................................... + .................................................................... + + 19. OIW? [1] ........................................................ + .................................................................... + .................................................................... + + Does the DSA conform to the following profiles? If so, state which + version numbers. + + 20. UK GOSIP? [1] ................................................... + + 21. US GOSIP? [1] ................................................... + + + State any other GOSIP profiles to which the DSA conforms ............ + +3.3 Protocol stacks + + 22. Which of the following transport and network layer protocols does + the DSA support: + + (a) TP.x over CONS (state transport class)? [2] ................ + + (b) TP.4 over CLNS? [2] ......................................... + + (c) TP.x over X.25(1980) (state transport class)? [2] .......... + + + + +Barker & Hedberg [Page 6] + +RFC 1564 DSA Metrics January 1994 + + +3.4 DIT structure + + 23. A suggested DIT structure, detailing an object class hierarchy, is + presented in X.521. Does the DSA: + + (a) Enforce this hierarchy? .................................... + + (b) Allow the enforcement of this hierarchy? ................... + + 24. Are structure rules optional or mandatory? ..................... + +4. Other protocols + + 25. Not everybody uses OSI protocols at the network layer. Does the + DSA support other "network" layer protocols? + + (a) TP.0 over RFC1006 over TCP/IP [3] ........................... + + (b) State any other options supported. ......................... + ................................................................ + + 26. Does the DSA also run over any lightweight stack? If so, + describe it with reference to the OSI seven layer model [1] ..... + + 27. Can local DUAs access the DSA directly by some method of + inter-process communications? [1] .............................. + .................................................................... + +5. Extensions to the 1988 Standard + +5.1 Schema + + 28. Does the DSA fully support RFC1274, "The COSINE and Internet + X.500 Schema"? [2] ............................................ + If not, please supply a list of all those object classes, + attribute types and attribute syntaxes in RFC1274 which are + supported on a separate sheet. This might be summarised by + saying, for example, "all those with standard attribute + syntaxes", or "all except fooBar". + + 29. Does the DSA implement the schema management defined in the 1992 + standard? [2] .................................................. + + 30. If not, is the schema stored in the Directory? In a distributed + manner[2] or centralised[1] ? .................................. + + 31. Can a DSA manager extend the schema and add new + + + + +Barker & Hedberg [Page 7] + +RFC 1564 DSA Metrics January 1994 + + + (a) Attribute types with existing syntaxes? With compilation + [1], or without compilation [2] ............................. + + (b) Attribute syntaxes? With compilation [1], or without + compilation [2] ............................................. + + (c) Attribute sets? With compilation [1], or without compilation + [2] ......................................................... + ................................................................ + + (d) Object classes? With compilation [1], or without compilation + [2] ......................................................... + ................................................................ + + 32. Is it possible to add in or modify DIT structure rules, with + compilation [1], without compilation [2] ........................ + +5.2 Support for replication + + 33. Does the DSA support the replication mechanisms as described in + the 1992 standard [2]? + .................................................................... + + 34. Does the DSA support any other replication mechanisms? ......... + + (a) Replication part of RFC1276 [2] ............................. + + (b) Other (please give a reference to any description of the + mechanisms, and indicate whether these mechanisms are used by + any other implementations) [1 for any mechanism] ............ + ................................................................ + ................................................................ + ................................................................ + + 35. If the DSA supports replication, does it support: + + (a) Replication of a single entry? [2] ......................... + + (b) Replication of a set of sibling entries? [2] ............... + + (c) Replication of a subtree? [2] .............................. + +5.3 Support for access control + + 36. Does the DSA support access control as described in the 1992 + standard [3]? .................................................. + + 37. If not, does the DSA have any access control mechanisms at all? + + + +Barker & Hedberg [Page 8] + +RFC 1564 DSA Metrics January 1994 + + + [2] ............................................................. + + 38. If yes, does the access control scheme support the following: + + (a) Allow a user to maintain their own entry? [1] .............. + + (b) Allow a user to maintain some attributes in their own entry, + but not all attributes? [1] ................................ + + (c) Give management rights to a DSA manager in a fashion analogous + to the privileges given to a UNIX super-user? [1] .......... + + (d) Give management rights to a data manager on a per subtree + basis? [1] ................................................. + + (e) Give management rights (to an entry, group of entries, + subtree, etc) to a group of users? [1] ..................... + + (f) Give access rights to users on the basis of the leading + portion of their Distinguished Name? [1] ................... + + (g) Is it possible to define a protection mechanism for each + individual attribute type in one entry? [1] ................ + + (h) Maximum number of Distinguished Names that can be defined for + one access right to one attribute in one entry? If unlimited, + state the constraints. [1 if more than 6 DNs are feasible] : + + (i) Does the DSA support the extended access control techniques + described in "An Access Control approach for Searching and + Listing" by Hardcastle-Kille and Howes, in the Internet + Draft, OSI-DS 21? [2] + ................................................................ + + (j) If there are features of the access control mechanisms which + are not brought out by the above questions, please describe + these additional features [up to 2 for wonderful additional + features!] ................................................. + ................................................................ + ................................................................ + ................................................................ + +5.4 Miscellaneous + + 39. Does the DSA fully support RFC1276, "Replication and Distributed + Operations extensions to provide an Internet Directory using + X.500"? [2] .... If not, please give a list of features that are + supported. + + + +Barker & Hedberg [Page 9] + +RFC 1564 DSA Metrics January 1994 + + + .................................................................... + .................................................................... + + 40. If the DSA uses RFC1006 and/or X.25(1980) at the network layer, + does the DSA conform to RFC1277, "Encoding Network Addresses to + support operation over non-OSI lower layers" [3] ............... + +6. Miscellaneous characteristics + + 41. Does the DSA use its own database, or can it be used in + conjunction with a general-purpose database package such as + Oracle? [1 for own, 1 for ability to map onto general purpose + databases, 1 if any such mappings have been made] ............... + .................................................................... + + 42. If the DSA runs as a static server, state the start-up time for a + DSA with a database of 20000 entries. If this varies widely + according to configuration options, give figures for the various + options. ....................................................... + .................................................................... + + 43. What is the maximum number of simultaneous associations that the + DSA may have open? [1 if more than 15 associations] ............ + + 44. Maximum database size, in entries, megabytes, or as appropriate. + If none, state what the constraints are. [1 if a database of + more than 100,000 entries is feasible] .......................... + + 45. What is the run-time size of an entry as specified in section 10 + (on performance)? This should be the marginal size of an entry + and thus should include the overhead of default indexes, etc. .. + + 46. What is the on-disk database size of an entry as specified in + section 10 on performance? ..................................... + + 47. Does the DSA make of indexing? [2 if yes] ...................... + + If so: + + (a) Can the database be fully inverted? [1] .................... + If not, state for which: + + i. attributes indexes are automatically built .............. + ............................................................ + ............................................................ + + ii. attributes/attribute syntaxes indexes may be built ...... + ............................................................ + + + +Barker & Hedberg [Page 10] + +RFC 1564 DSA Metrics January 1994 + + + ............................................................ + + (b) Does the index improve performance on: + + i. Exact match [1] ......................................... + + ii. Leading substring match [1] ............................. + + iii. Approximate match [1] ................................... + + iv. Any substring match [1] ................................. + + v. Trailing substring match [1] ............................ + + (c) What is the increase in run-time size of an entry when adding + an index? + ................................................................ + + (d) What is the increase in on-disk database size of adding + another index? + ................................................................ + + 48. What sort of approximate match algorithm does the DSA use? + Describe it briefly ............................................. + .................................................................... + .................................................................... + .................................................................... + + 49. Does the DSA attempt to use relay DSAs (which have access to more + than one network) in order to achieve connectivity with DSAs + which are not on the same network? [2] ......................... + +7. Management tools + +7.1 Dynamic system management + + 50. Are there tools for monitoring DSA activity, using: + + (a) DAP? [1] .................................................... + + (b) CMIP? [1] ................................................... + + (c) SNMP? [1] ................................................... + + 51. Are there tools for controlling a run-time DSA? [2] ............. + + + + + + +Barker & Hedberg [Page 11] + +RFC 1564 DSA Metrics January 1994 + + +7.2 Static system management + + 52. If knowledge information is stored within the DIT, are there + tools for knowledge management? [2] ............................ + + 53. Are there tools for checking that attributes with Distinguished + Name syntax contain values of entries in the DIT (i.e., they do + not contain "dangling pointers")? [1] ........................ + +7.3 Data management + + 54. If the DSA doesn't use a general-purpose database package, what + data management tools are available? ........................... + .................................................................... + + 55. Are there any tools for arboriculture - the moving, copying or + deleting of DIT subtrees? [2] .................................. + +8. Operational Use + + The DSA may have lots of wonderful features -- on paper! But has the + DSA been shown to work in practice? The following measures are + intended to give some measure of confidence that the DSA's viability + has been demonstrated. + + 56. How many entries in the largest DSA in use in operational use? : + + 57. What is the largest set of DSAs supporting an organisation? .... + + 58. What is the estimated number of organisations using this + implementation for service use? [8 if more than 100 + organisations, 5 if more than 50 organisations, 3 if more than 20 + organisations, 2 if more than 5 organisations, 1 if more than 1 + organisation] ................................................... + + 59. Is this DSA used commercially with an installed base of more than + 10 customers? [2] .............................................. + +9. Interoperability + + The X.500 Directory is the OSI Directory. OSI stands for Open + Systems Interconnection -- DSAs have to be able to inter-operate. + They also have to be seen to interoperate. + + 60. Is this DSA in use in X.500 pilots? ............................ + + (a) Is this DSA in use anywhere in the COSINE/Internet Pilot? [3] + + + + +Barker & Hedberg [Page 12] + +RFC 1564 DSA Metrics January 1994 + + + ................................................................ + + (b) Is this DSA in use in any other major pilot? [2] ........... + + 61. Name any other systems which you believe the system to + interoperate with. (It is not sufficient to say "any system + which supports the conformance clauses ...") .................. + .................................................................... + .................................................................... + .................................................................... + + 62. Please name all interoperability testing applied to the + implementation, specify test suite and what other implementation + that was used [1 per implementation, up to maximum of 5] ........ + .................................................................... + .................................................................... + .................................................................... + .................................................................... + .................................................................... + +10. Performance + + This section should give an outline to the expected performance of + the DSA. A number of operations are timed in order to give a feel for + the DSA's speed and throughput. Note that all operations should be + resolvable within a single DSA. Chaining and referral are not + assessed, although it should be possible to infer, albeit + approximately, the speed of distributed operations. + + i. The tests should be made against an organisational database of + 20000 entries. Some tests are against subsets of this data, and + so the database should be set up according to the following + instructions. + + Create an organisational DSA with 20000 entries below the + organisation node. Sub-divide this data into a number of + organisational units, one of which should contain 1000 entries, + another of which should contain 100 entries, and a third which + should contain just 10 entries. The entries, which should + differ, should be created with the following attributes: + + (a) Common Name + + (b) Surname + + (c) Telephone number + + (d) Postal Address (of 100 characters) + + + +Barker & Hedberg [Page 13] + +RFC 1564 DSA Metrics January 1994 + + + (e) Object class + + ii. In all the tests, two timings should be taken. In order to + normalise the test results as much as possible, it is suggested + that these tests be undertaken on an otherwise lightly loaded + machine. + + (a) A typical "cold start" reading should be given. In this + case the system will not have the advantage of any benefits + that derive from operating system paging, or caching. + + (b) A best possible figure should be given, which indicates the + upper limit of DSA performance. + + iii. The timings should relate to the default set-up, and should be + entered in Table 2. If significant performance gains can be made + by use of configuration options, such as building extra indexes + to support searches, measures of the improved performance may + also be given, and should be entered in Table 3. + Attention should be also drawn to any optimisations, heuristic or + otherwise, which are not evidenced in the following tests. + + iv. Please note that the tests should be made using a DUA and DSA + with full 7-layer stacks, rather than some lightweight protocol. + +10.1 Speed for various operations + + The tests are described, one subsection per operation. The results + should be entered in Table 2 (and Table 3 if a non-default set-up is + also measured). + +10.1.1 Bind + + The time it takes for a DUA to bind to the Directory. This time + should include all the initialisation time a DUA process needs before + it can query the Directory: e.g., reading of tailor files, schema + information, etc. Give the bind time for each of the following + levels of authentication. State "n/a" if the implementation does not + support a particular level of authentication. + + 63. Anonymous + + 64. Simple + + 65. Simple protected + + 66. Strong + + + + +Barker & Hedberg [Page 14] + +RFC 1564 DSA Metrics January 1994 + + +10.1.2 List + + Give the time for listing a set of organisational unit sibling + entries. + + 67. 10 entries + + 68. 1000 entries + +10.1.3 Search + + In this section, two sets of search operations should be performed on + the DSA. + + i. A single level search of 100 entries within an organisational + unit. + + ii. An organisation subtree search, on the subtree of 20000 entries. + + The following searches should be tried. Unless otherwise stated, the + "XXX" or "YYY" part of the search filter should be chosen in such a + way as to return a single result. Unless stated otherwise the + results should return all attributes for the entry. + + 69. Exact match for a surname: + + surname=XXX + + 70. Leading substring match for a common name: + + commonName=XXX* + + 71. Any substring match for a common name: + + commonName=*XXX* + + 72. Trailing substring match for a common name: + + commonName=*XXX + + 73. Approximate match for a common name: + + commonName"=XXX + + 74. More complex filter, searching by object class and two other + attribute types: + + + + + +Barker & Hedberg [Page 15] + +RFC 1564 DSA Metrics January 1994 + + + objectClass=person AND + (commonName=XXX* OR telephoneNumber=*YYY) + + 75. Search returning all entries (i.e., 100 entries in the single + level search, and all 20000 entries in the subtree search: + + objectClass=* + + In this case, no attribute values should be returned in the + result set. + +10.1.4 Read + + 76. A single read operation, returning all attributes. + +10.1.5 Add entry + + 77. Add an entry beneath an entry which has: + + (a) 0 children + + (b) 10 children + + (c) 1000 children + +10.1.6 Modify entry + + Modify an attribute value, other than an RDN value, for an entry + which has + + 1. 10 siblings + + 2. 1000 siblings + + 78. Modify an entry + + (a) Add description attribute + + (b) Remove description attribute + +10.1.7 Modify RDN + + Modify an RDN value for an entry with the following number of + siblings. + + + + + + + +Barker & Hedberg [Page 16] + +RFC 1564 DSA Metrics January 1994 + + + 79. Modify RDN + + (a) 10 siblings + + (b) 1000 siblings + +10.1.8 Query rate + + As the time taken for a single read will usually be negligible, the + following list and set of reads should give a clearer indication of + the query rate. + + 80. A list to return 100 entries for persons, and then a read of each + entry returning all attribute values. + +10.2 The results + + The results of the tests just described should be entered in Table 2 + (and optionally Table 3), at the end of the document. + +10.3 Environment used for benchmarking + + Date of test......................................................... + Name of tester ...................................................... + The results will be directly correlated to the test set-up used, and + in particular, the hardware. Please answer the following questions + to describe the test environment: + + (a) Processor (make and model) .................................. + + (b) Processor speed (MIPS) ...................................... + + (c) Primary memory available .................................... + + (d) If disk-based DSA, disk I/O interface and disk speed ........ + + (e) O/S version ................................................. + + (f) Network type and bandwidth (e.g., 10 Mbit Ethernet) ......... + + (g) Protocols in transport layer and below (e.g., TP 0, RFC1006, + TCP/IP) ..................................................... + + (h) How/where timings obtained? + + o C procedural interface .................................. + + o DUA shell (e.g., Quipu's DISH) .......................... + + + +Barker & Hedberg [Page 17] + +RFC 1564 DSA Metrics January 1994 + + + +-------------------------------------------------+ + | Section || Points | + +--------------------------------||---------------+ + | No.||Description |Maximum|Scored | + +----||--------------------------|-------|--------+ + | || | | | + | 2||General Information | 20 | | + +----||--------------------------|-------|--------+ + | || | | | + | 3||Conformance to OSI | 35 | | + +----||--------------------------|-------|--------+ + | || | | | | + | 4||Other protocols | 5 | | + +----||--------------------------|-------|--------+ + | || | | | | + | 5||Extensions| Schema | 16 | | + +----|| |---------------|-------|--------+ + | || | | | | + | ||to the |Replication | 10 | | + +----|| |---------------|-------|--------+ + | || | | | | + | ||1988 |Access Control | 15 | | + +----|| |---------------|-------|--------+ + | || | | | | + | ||standard |Miscellaneous | 5 | | + +----||--------------------------|-------|--------+ + | ||Miscellaneous | | | + | 6||characteristics | 15 | | + +----||--------------------------|-------|--------+ + | || | | | + | 7||Management tools | 10 | | + +----||--------------------------|-------|--------+ + | || | | | + | 8||Operational use | 10 | | + +----||--------------------------|-------|--------+ + | || | | | + | 9||Interoperability | 10 | | + +----||--------------------------|-------|--------+ + | || | see | | + | 10||Performance |table 2| | + +-------------------------------------------------+ + + Table 1: DSA Metrics + + + + + + + + +Barker & Hedberg [Page 18] + +RFC 1564 DSA Metrics January 1994 + + + +------------------------------------------------------+ + | Operation || Cold DSA || Optimum | + | || || Performance | + +-------------------||---------------||----------------+ + | Bind || || | + | --Anonymous ||.............. || .............. | + | --Simple ||.............. || .............. | + | --Simple Prot ||.............. || .............. | + | --Strong ||.............. || .............. | + +-------------------||---------------||----------------+ + | List || || | + | -- 10 entries ||.............. || .............. | + | -- 1000 entries||.............. || .............. | + +-------------------||---------------||----------------+ + | Search |single|subtree |single|subtree | + | |level | |level | | + | |------|--------|------|----------| + | -- exact |.... |...... |..... | ...... | + | -- leading sub |.... |...... |..... | ...... | + | -- any sub |.... |...... |..... | ...... | + | -- trailing sub |.... |...... |..... | ...... | + | -- approx |.... |...... |..... | ...... | + | -- complex |.... |...... |..... | ...... | + | -- return all |.... |...... |..... | ...... | + +--------------------|------|--------|------|----------| + | Read ||.............. || .............. | + +-------------------||---------------||----------------+ + | Add || || | + | 0 siblings ||.............. || .............. | + | 10 siblings ||.............. || .............. | + | 1000 siblings ||.............. || .............. | + +-------------------||---------------||----------------+ + | Modify || || | + | 10 siblings ||.............. || .............. | + | 1000 siblings ||.............. || .............. | + +-------------------||---------------||----------------+ + | Modify RDN || || | + | 10 siblings ||.............. || .............. | + | 1000 siblings ||.............. || .............. | + +-------------------||---------------||----------------+ + | Query rate ||.............. || .............. | + +-------------------||---------------||----------------+ + + Table 2: Speed of operations - default set-up + + + + + + + +Barker & Hedberg [Page 19] + +RFC 1564 DSA Metrics January 1994 + + + +------------------------------------------------------+ + | Operation || Cold DSA || Optimum | + | || || Performance | + +-------------------||---------------||----------------+ + | Bind || || | + | --Anonymous ||.............. || .............. | + | --Simple ||.............. || .............. | + | --Simple Prot ||.............. || .............. | + | --Strong ||.............. || .............. | + +-------------------||---------------||----------------+ + | List || || | + | -- 10 entries ||.............. || .............. | + | -- 1000 entries||.............. || .............. | + +-------------------||---------------||----------------+ + | Search |single|subtree |single|subtree | + | |level | |level | | + | |------|--------|------|----------| + | -- exact |.... |...... |..... | ...... | + | -- leading sub |.... |...... |..... | ...... | + | -- any sub |.... |...... |..... | ...... | + | -- trailing sub |.... |...... |..... | ...... | + | -- approx |.... |...... |..... | ...... | + | -- complex |.... |...... |..... | ...... | + | -- return all |.... |...... |..... | ...... | + +--------------------|------|--------|------|----------| + | Read ||.............. || .............. | + +-------------------||---------------||----------------+ + | Add || || | + | 0 siblings ||.............. || .............. | + | 10 siblings ||.............. || .............. | + | 1000 siblings ||.............. || .............. | + +-------------------||---------------||----------------+ + | Modify || || | + | 10 siblings ||.............. || .............. | + | 1000 siblings ||.............. || .............. | + +-------------------||---------------||----------------+ + | Modify RDN || || | + | 10 siblings ||.............. || .............. | + | 1000 siblings ||.............. || .............. | + +-------------------||---------------||----------------+ + | Query rate ||.............. || .............. | + +-------------------||---------------||----------------+ + + Table 3: Speed of operations - non-default set-up + + + + + + + +Barker & Hedberg [Page 20] + +RFC 1564 DSA Metrics January 1994 + + +Security Considerations + + Security issues are not discussed in this memo. + +Authors' Addresses + + Paul Barker + Department of Computer Science + University College London + Gower Street + London + WC1E 6BT + United Kingdom + + Phone: +44 71 380 7366 + Fax: +44 71 387 1397 + EMail: P.Barker@cs.ucl.ac.uk + + + Roland Hedberg + Rekencentrum + Delft Technical University + Michiel de Ruyterweg 10-12 + Postbus 354, 2600 AJ Delft + The Netherlands + + Phone: +31 15 785210 + EMail: Roland.Hedberg@rc.tudelft.nl + + OR + + Roland Hedberg + Umdac + University of Umea + s-901 87 Umea + Sweden + + Phone: +46 90 165204 + EMail: Roland.Hedberg@umdac.umu.se + + + + + + + + + + + + +Barker & Hedberg [Page 21] +
\ No newline at end of file |