X.500 security feature

X.500 allows strong authentication by using public key cryptosystems and access control to information in administrative area, entry, attribute and attribute value. All aspects of security policy can be easily configured on each of its DSAs through the usage of a specialized tool or through simple editing of plain text configuration files. The security in the directory is divided into two categories, authentication of the users to verify their identity and the procedures to prevent unauthorized access to the information.

In user authentication, the purpose of such is to verify the identity of a directory user so that access can be granted to the use who claims he/she to be. There are two such schemes used namely simple authentication and strong authentication.

As to how we prevent unauthorized users, we need make use of access control to control all access to the directory information. The DIB is viewed as a collection of protected items: Entries, Attributes, Attribute Values and names. Each of this protected item is associated with a set of permission which represents the access rights of the particular users, group of users or the general public. These permissions are then further broken down into: Read, Browse, Add, Remove, Modify, Rename, Disclose on Error and many other more.

Each of the protected item indicates what kind permission does each particular user posses. When the user request for an operation, the directory will seek out for the protected item and ascertains whether the user has permission before carrying out the operation. If not, the operation will not be carried out and a security error may be returned from the system.