[unix-history] / usr / othersrc / contrib / isode / quipu-new.8

.TL
Upgrading Quipu-6.0 to Quipu-6.8
.AU 
Colin Robbins
.AI
X-Tel Services Ltd
.AB
.nh
This is a brief note to describe the differences between Quipu 6.8 and
the previous major release of Quipu -- Quipu-6.0.
.LP
To clarify the version numbers, Quipu-6.0 was distributed with ISODE-6.0.
Quipu-6.1 was an upgrade to Quipu released by UCL a short time after
ISODE-6.0.
Quipu-6.8 is part of ISODE-6.8.
When I refer to Quipu-6.0 in the following text, this includes
Quipu-6.1.
.LP 
You should be able to compile and install the new code and
everything should work as before.  However there is some
tailoring you can do to increase the efficiency of your DSA, and some
new feature you may wish to use.
.LP
A WORD OF WARNING: This version of Quipu writes its EDB files in a
slightly different format to 6.0.  Once a 6.8 DSA writes an EDB file
there is no easy way to roll back - make sure you have a back up.
.AE

.NH
Robustness 
.LP
One of the primary reasons for having this beta test is because we
need to be sure then next Major version (i.e Quipu-7.0) is robust. Any
failure in this version of Quipu should be investigated and reported
to Quipu-support@cs.ucl.ac.uk, if it isn't reported it may not get fixed !

.NH 
Pepsy 
.LP
The old pepy based encoders/decoders have been replaced with table
driven encoders/decoders using a tool called pepsy, written by Andrew
Worsley.  This means the binaries are a lot smaller (and compile a lot
quicker).  This also increases the encoding/decoding speed.
.LP
If you have written your own DUA's using the old libdsap and call the
old pepy encode or decode routines directly, you
will need to add
.IP
	#include <isode/quipu/syntaxes.h>
.LP
to the .c files that call the encoder and decoders.

.NH
Shared Libraries Under SunOS4.1
.LP
ISODE and Quipu can be compiled
with shared libraries, again this makes the binaries smaller which
seems to help reduce the DSA paging problems (see config/sunos4.make to see
how to generate shared libraries).


.NH
DSA manages its own entry.  
.LP
A DSA now manages its own entry in the
DIT.  This is one of the most important changes to Quipu, and has the
potential for causing the most trouble!
Generally the MASTER EDB in
which you DSAs entry resides is not held by your DSA.  
This means it is
difficult for a DSA to modify its own entry, so for example it can't
keep its version number uptodate.  With Quipu 6.8, a DSA holding the
MASTER EDB knows that any DSAs whose version number is 6.8 or greater 
wants to manage its own entry.
To allow this to happen, The DSA holding the MASTER EDB "spot shadows"
the remote DSA entry.  That is, from
time to time it connects to the DSA in question, reads its entry,
and writes the result back into the MASTER EDB file.  So modify
operations on the DSAs entry can now take place in your local DSA.  This 
has the advantage that attributes such as the version number are
kept up to date.
.LP
There is a bit of a boot strap problem.  You will need to modify the
version number in 
your DSAs entry in the MASTER EDB first time to tell it you are running
Quipu-6.8.
You will have to do this by connecting straight to the relevant remote DSA
over DAP to do the modify.  If you connect straight to you local DSA it
knows it is running 6.8, so will assume it has control of the version
number and won't let you change it!
.LP
There is another problem when modifying the presentation 
address of a DSA. 
You must make
sure the DSA with the MASTER EDB reads the new address, BEFORE you
move the DSA.  If not it will always attempt to connect to the wrong
address to shadow the entry
(Alternatively you could use a ts_bridge to make it looks as if the 
old address still works).
This problem did exist before, but is now made worse!
.LP
If your DSA does not hold the MASTER EDB file for its own entry, then
there is a fundamental assumption that the DSA that does hold the
MASTER EDB file is also running the new 6.8 code.  
If it does not operations WILL go wrong.  This means the new
Quipu must be inserted into the DIT `top down'.
.LP
To perform this shadowing, the DSA has to read its own entry across an
un-authenticated DSP link, thus it can not read any attributes that
are protected by ACLs.  
So all important attributes in the DSAs entry MUST be publically
readable (this includes the unused userPassword attribute).
If they are not readable the shadowing operation will fail.
.NH
Spot Shadowing
.LP
As an extension to the above, a DSA can `spot shadow'
other entries in the DIT.  When searching, often a large part of the
time is involved with chaining off to other DSAs to search aliases.
To enhance performance it
is sometimes useful to have a cached copy of the alias locally.  To
arrange this, you can add:
.IP   
shadow_attribute aliasedObjectName 
.LP
to your quiputailor file.  The
the DSA will make sure it has a cached copy of all DNs referenced by
aliasedObjectName attributes.  Similarly seeAlso, masterDSA or any DN
attribute can be shadowed.
.LP
Spot shadowing can also used to interface the Quipu world to the
non-Quipu world.  
If part of the DIT is not stored in a Quipu DSA, and the non
Quipu DSA wants to master an entry which is held in a Quipu MASTER EDB, the entry can be
spot shadowed.  You should ask quipu-support@cs.ucl.ac.uk for details
of how to do this.


.NH
Search Indexes 
.LP
The performance of subtree searching has been
greatly improved, a significant part of this has been obtained by some
code donated by Tim Howes to add AVL trees and indexing to Quipu.  To
get the best out of your DSA, a bit of tailoring is needed.  

.PP
You need to define which attributes should be indexed, typically
commonName and surname, so add the following to quiputailor:
.IP
   optimize_attr commonName
.sp 0
   optimize_attr surname 
.LP
You can add others (only string attributes), but care should be taken
not to add indexes unnecessarily.  There is a balance to be found
between holding the indexs in core, and the actual benefit.  Too many
indexes makes the core size large, and increases paging problems.  

.PP
The index is only made for subtree searches in certain parts of the
DIT, you need to define which.  Typically you will just do this for
the whole organisation by adding
.IP
   index_subtree c=XX@o=My org
.LP
to quipu tailor.  However if some OU's are also large, you may want
to index them as well e.g.
.IP
   index_subtree c=XX@o=My org@ou=Large OU.
.LP
The index is only used for equality, approximate and initial substring
matching.  General wildcard matches are not improved by indexing, but
should still be quicker than QUIPU-6.0 due to some scheduling improvements.
.LP
(NOTE: The TURBO_LOAD compile option has now been removed, as the introduction
of AVL trees has a similar effect.  TURBO_DISK remains)


.NH
Inherited attributes
.LP
Attribute inheritance is a mechanism where an entry can get default
attribute values from its parent entry.
This can be used to make the in core database significantly smaller
(and easier to manage).
For example, entries of the object class `person' for a particular
organisation might all have the same postal address attribute.
Using inheritance this attribute can be placed in the entry one level above,
and inherited down.
.LP
For example, if the following was an attribute of the parent entry
.PS
    	inheritedAttribute = person $ default (
.sp 0 
    	postalAddress= UCL $ Gower Street $ London $ WC1E 6BT
.sp 0 
	telephoneNumber= +44 71-387-7050
.sp 0 
	)
.PE
.LP
Then all entires belonging to the `person' objectclass at the level
below would inherit the postalAddress and TelephoneNumber attributes
IF there is not already a value there.
.LP
This is particularly useful for access control lists.
Full details are given in the Manual.


.NH
DSA relay
.LP
If your DSA is not connected to
one of the major networks (Internet, IPSS...), it may from time to time
get references to a DSA that it can not connect to directly, so the
operation can not proceed.
.LP
The DSA relay attribute in your DSAs entry supplies the DN of a DSA(s)
that is listening on  both your network and 
the major networks you are not connected to.
There needs to be an agreement between the managers of the two 
DSAs because the
relay DSA will be asked to perform operations on your behalf.
.LP
For example, if the DSA `x' has access to IPSS and Internet, but DSA `y'
only has IPSS access, DSA `y' might add a relayDSA attribute to it own
entry, with the DN of DSA `x' as the value.
Then when DSA `y' gets a reference to an Internet based DSA, it will chain
the operation the DSA `x'.
.LP
Clearly, if every DSA chooses the same relay DSA, that DSA will soon
become overloaded and reject your association attempts with a `busy'
error.  So some care is needed in choosing the `right' DSA (We
recognise that there 
needs to be some form of `relay authorisation' for ISODE-7.0 and are
looking at possible solutions).


.NH
NULL EDBs.
.LP
You can now create NULL EDB files, that is a file that
contains only a two line header, and no entries.  This should 
make writing scripts to
build databases a little easier.  It also has the advantage that the
last entry from any one level in the DIT can now be removed, this was
previously greeted with `unwilling to perform' error message.

.NH
New EDB format.
.LP
To facilitate faster loading of EDB files, the
format has changed slightly (The format DISH presents to the user is,
however the same as before).  With multiple attributes instead of
repeating the attribute type, which then has to be looked up in tables,
lines can be split using a `\\` continuation character.  For example,
previously the following multivaled attribute was recognised:
.IP
	  cn= Colin Robbins & Colin John Robbins 
.LP
as well as
.IP
	  cn= Colin Robbins
.sp 0
	  cn= Colin John Robbins 
.LP
Now, the following is also allowed (and is more widely used by DSAs)...
.IP
	  cn= Colin Robbins &\\
.sp 0
	      Colin John Robbins

.NH
Listen address
.LP
Sometimes, particularly in the X.25 world, the
address used to call a DSA is not the same as the address the DSA must
listen on.  So a new attribute "listenAddress" attribute has been introduced.
If the address your DSA wants to listen on is different to the address
it need to present to the outside world, use the listenAddress to
define the address the DSA should listen on, and the standard
PresentationAddress for the address remote DSAs should call.

.NH
Modify from dish.
.LP
Instead of always invoking an editor to modify an
entry, you can now do it all from the command line with the following
operations:
.IP
   modify -add <attribute> 
.LP
or
.IP
   modify -remove <attribute>

.NH
Secure searching.
.LP
In Quipu-6.1 it was only possible to search a
part of the DIT if it was publicly readable, and only public readable
attributes 
were searched.  This restriction is now lifted IF the DSA performing
the search holds the entire subtree being searched.


.NH
 User Friendly Naming
.LP
The concept of UFN - User Friendly Naming has been introduced to some
of the interfaces, and an example tool (others/quipu/uips/ufn) has
been written to demonstrate the capabilities.

.LP
A UFN is a concise representation used to identify a DN.
For example "C Robbins, X-Tel, GB" is sufficient to identify
the long winded "c=GB@o=X-Tel Services Ltd@cn=Colin Robbins".
A UFN is also context sensitive, so if I was already located in the GB part
of the DIT "C Robbins, X-Tel" would be sufficient, or if under the
X-Tel part of the DIT "C Robbins" would be enough.
.LP
A paper `Using the OSI Directory to achieve User Friendly Naming' by
S.Kille describes the approach in full.

.NH 
isoentity & isoservice replacement
.LP	  
The directory can now be used as a replacement for isoentities and
isoservices.  The isode-gen(8) manual page describes how to set things
up, and describes a 
.B
bootsvc 
.R
script to load the DSA with the relevant
data.  There are some scripts in others/quipu/tools/scripts to help
manage such entries once created.
You are strongly encouraged to register your OSI application in the
directory then using UFN, operations such as
.IP
	ftam "cs, ucl, GB"
.sp 0
	vt "x-tel, gb"
.sp 0
	imisc "psi, us"
.LP
will start to work.

.LP
If the DSA fails to find a entity, the old isoentities file is used as a back up.

.NH
IXI
.LP
IXI has become part of the standard macro definitions.  If you have
the line
.IP
    ts_interim: IXI
.LP
in your isotailor file, it should be removed.  If you do not
remove the line, you will get a harmless warning about
.IP
    duplicate prefixes for communities "IXI" and "IXI"
.LP
for some processes.
.LP
You should make sure you 
have re-installed ALL applications that read the isotailor
before removing this IXI definition.  Once is is removed old applications
WILL fail.

.NH
Asynch DUA
.LP
There is an (undocumented) asynchronous interface to the dsap library.

.NH
Alias management
.LP
A management version of dish can be found in others/quipu/uips/manage.
This has additional command to add/delete and check alias entries in
to DIT.

.NH
DSA statistics tools
.LP
There is a script in others/quipu/tools/dsastats which can process the
quipu.log file produced by a DSA and provide some statistics on the
DSA usage.

.NH
DSC
.LP
others/quipu/uips/dsc provides a simple DUA that prompts fom certain
information such as name and organisation, and return with full name,
phone number and email address.

.NH
X-Windows DUA
.LP
The two X-Window DUA's released by Brunel University shortly after
ISODE-6.0 have been integrated into this release, together with `sd'
an enhanced version of the `widget' interfaces.

.NH
T.61 strings.
.LP
T.61 strings can be represented by mapping them onto an ISO 8859-1
character set (e.g as supported by some X-Window fonts).
.LP
Accented characters are represented by two octets, the first indicating the
accent and the second the base character to be accented. Note that some
combinations of accent and character do not have an equivalent in ISO 8859-1,
and hence cannot be displayed on an ISO 8859-1 device.
.LP
A few example mappings...
.LP
.PS
     T.61 Character		EDB file code
.sp 1
     n tilde 			\\c4n
.sp 0 
     e circumflex		\\c3e
.sp 0 
     a grave			\\c1a
.sp 0 
     a acute			\\c2a
.PE

.LP
You need to tell the DUA that you have the ability to display the
correct characters, this can be acheived in one of two ways:
.IP 1)
In the dsaptailor file, you can add
     ch_set ISO8859
.LP
or

.IP 2) 
set the environment variable CH_SET to "ISO8859", e.g., using `csh'
     setenv CH_SET ISO8859

.LP
Some EDB files currently have the wrong T.61 codes for some national
characters.  These should now be replaced with the correct T.61 code.


.NH
Photos
.LP

Kevin Jordan has given the old g3fax code a major, and much needed
overhaul.  This release provides the framework for better handling of
photo attributes in future releases.  Until ISODE-7.0 if you use 
the `pbmtofax' tool to encode any new photographs, you should use 
the `-old' flag to ensure that other people can display the pictures using
their 6.0/6.1 based code.  This options has not been hard wired, as
you may wish to experiment with the new tools.

.LP
There is tool to convert the g3fax pictures to postscript.

.NH
Authentication
.LP
Your DSA can now insist on various levels of authentication.
For example, it can be made to reject bind operations that do not supply a DN.
This is set via the `authentication' quiputailor variable.  The value
`DN' tells to reject bind's unless a DN is supplied, and `simple'
insists that simple authentication at the very least is used.

.NH
Address Selectors
.LP
Quipu now checks that the PSEL, SSEL and TSEL supplied by a calling
entity match the selectors defined in the DSAs presentationAddress
attribute.  If they do not, the association is rejected with a message
of the form:
.IP
Session entity not attached to TSAP

.NH
libdsap changes
.LP
There are a few changes to the dsap library programmers should be
aware of.
.IP a)
Calls to the *_decode() routine such as dn_decode() and as_decode()
are no longer needed.
.IP b)
The AttributeType structure is now just a pointer into the OID tables,
thus `at_table' struct reference is no longer needed.
So code of the form
.B
at->at_table.oa_syntax  
.R
should be replaced with
.B
at->oa_syntax
.R
and
.B
at->at_oid
.R
replaced with
.B
at->oa_at.ot_oid
.R
\.

.IP c)
A few other routines have had their parameters changed slightly, so
you should run your programs through lint (making sure you 
bring in the dsap and isode
lint libraries) to check your procedure calls.


.NH
Manual
.LP
The Quipu Manual has been updated to reflect all these new features.

.NH
Thanks...
.LP
The Quipu team would like to thank Tim Howes, George Michaelson,
Andrew Worsley, Andrew Findlay, Piete Brooks, Kevin Jordan, 
Gier Pederson, Juha Heinanen, Petri Jokela, Peter Yee and many
others people for enhancing, bug reporting and fixing, and testing
this and the many other versions of Quipu since ISODE-6.1 to
destruction.


Colin
Commit	Line	Data
7227d4a4 WJ	1	.TL
	2	Upgrading Quipu-6.0 to Quipu-6.8
	3	.AU
	4	Colin Robbins
	5	.AI
	6	X-Tel Services Ltd
	7	.AB
	8	.nh
	9	This is a brief note to describe the differences between Quipu 6.8 and
	10	the previous major release of Quipu -- Quipu-6.0.
	11	.LP
	12	To clarify the version numbers, Quipu-6.0 was distributed with ISODE-6.0.
	13	Quipu-6.1 was an upgrade to Quipu released by UCL a short time after
	14	ISODE-6.0.
	15	Quipu-6.8 is part of ISODE-6.8.
	16	When I refer to Quipu-6.0 in the following text, this includes
	17	Quipu-6.1.
	18	.LP
	19	You should be able to compile and install the new code and
	20	everything should work as before. However there is some
	21	tailoring you can do to increase the efficiency of your DSA, and some
	22	new feature you may wish to use.
	23	.LP
	24	A WORD OF WARNING: This version of Quipu writes its EDB files in a
	25	slightly different format to 6.0. Once a 6.8 DSA writes an EDB file
	26	there is no easy way to roll back - make sure you have a back up.
	27	.AE
	28
	29	.NH
	30	Robustness
	31	.LP
	32	One of the primary reasons for having this beta test is because we
	33	need to be sure then next Major version (i.e Quipu-7.0) is robust. Any
	34	failure in this version of Quipu should be investigated and reported
	35	to Quipu-support@cs.ucl.ac.uk, if it isn't reported it may not get fixed !
	36
	37	.NH
	38	Pepsy
	39	.LP
	40	The old pepy based encoders/decoders have been replaced with table
	41	driven encoders/decoders using a tool called pepsy, written by Andrew
	42	Worsley. This means the binaries are a lot smaller (and compile a lot
	43	quicker). This also increases the encoding/decoding speed.
	44	.LP
	45	If you have written your own DUA's using the old libdsap and call the
	46	old pepy encode or decode routines directly, you
	47	will need to add
	48	.IP
	49	#include <isode/quipu/syntaxes.h>
	50	.LP
	51	to the .c files that call the encoder and decoders.
	52
	53	.NH
	54	Shared Libraries Under SunOS4.1
	55	.LP
	56	ISODE and Quipu can be compiled
	57	with shared libraries, again this makes the binaries smaller which
	58	seems to help reduce the DSA paging problems (see config/sunos4.make to see
	59	how to generate shared libraries).
	60
	61
	62	.NH
	63	DSA manages its own entry.
	64	.LP
65	A DSA now manages its own entry in the
66	DIT. This is one of the most important changes to Quipu, and has the
67	potential for causing the most trouble!
68	Generally the MASTER EDB in
69	which you DSAs entry resides is not held by your DSA.
70	This means it is
71	difficult for a DSA to modify its own entry, so for example it can't
72	keep its version number uptodate. With Quipu 6.8, a DSA holding the
73	MASTER EDB knows that any DSAs whose version number is 6.8 or greater
74	wants to manage its own entry.
75	To allow this to happen, The DSA holding the MASTER EDB "spot shadows"
76	the remote DSA entry. That is, from
77	time to time it connects to the DSA in question, reads its entry,
78	and writes the result back into the MASTER EDB file. So modify
79	operations on the DSAs entry can now take place in your local DSA. This
80	has the advantage that attributes such as the version number are
81	kept up to date.
82	.LP
83	There is a bit of a boot strap problem. You will need to modify the
84	version number in
85	your DSAs entry in the MASTER EDB first time to tell it you are running
86	Quipu-6.8.
87	You will have to do this by connecting straight to the relevant remote DSA
88	over DAP to do the modify. If you connect straight to you local DSA it
89	knows it is running 6.8, so will assume it has control of the version
90	number and won't let you change it!
91	.LP
92	There is another problem when modifying the presentation
93	address of a DSA.
94	You must make
95	sure the DSA with the MASTER EDB reads the new address, BEFORE you
96	move the DSA. If not it will always attempt to connect to the wrong
97	address to shadow the entry
98	(Alternatively you could use a ts_bridge to make it looks as if the
99	old address still works).
100	This problem did exist before, but is now made worse!
101	.LP
102	If your DSA does not hold the MASTER EDB file for its own entry, then
103	there is a fundamental assumption that the DSA that does hold the
104	MASTER EDB file is also running the new 6.8 code.
105	If it does not operations WILL go wrong. This means the new
106	Quipu must be inserted into the DIT `top down'.
107	.LP
108	To perform this shadowing, the DSA has to read its own entry across an
109	un-authenticated DSP link, thus it can not read any attributes that
110	are protected by ACLs.
111	So all important attributes in the DSAs entry MUST be publically
112	readable (this includes the unused userPassword attribute).
113	If they are not readable the shadowing operation will fail.
114	.NH
115	Spot Shadowing
116	.LP
117	As an extension to the above, a DSA can `spot shadow'
118	other entries in the DIT. When searching, often a large part of the
119	time is involved with chaining off to other DSAs to search aliases.
120	To enhance performance it
121	is sometimes useful to have a cached copy of the alias locally. To
122	arrange this, you can add:
123	.IP
124	shadow_attribute aliasedObjectName
125	.LP
126	to your quiputailor file. The
127	the DSA will make sure it has a cached copy of all DNs referenced by
128	aliasedObjectName attributes. Similarly seeAlso, masterDSA or any DN
129	attribute can be shadowed.
130	.LP
131	Spot shadowing can also used to interface the Quipu world to the
132	non-Quipu world.
133	If part of the DIT is not stored in a Quipu DSA, and the non
134	Quipu DSA wants to master an entry which is held in a Quipu MASTER EDB, the entry can be
135	spot shadowed. You should ask quipu-support@cs.ucl.ac.uk for details
136	of how to do this.
137
138
139
140	.NH
141	Search Indexes
142	.LP
143	The performance of subtree searching has been
144	greatly improved, a significant part of this has been obtained by some
145	code donated by Tim Howes to add AVL trees and indexing to Quipu. To
146	get the best out of your DSA, a bit of tailoring is needed.
147
148	.PP
149	You need to define which attributes should be indexed, typically
150	commonName and surname, so add the following to quiputailor:
151	.IP
152	optimize_attr commonName
153	.sp 0
154	optimize_attr surname
155	.LP
156	You can add others (only string attributes), but care should be taken
157	not to add indexes unnecessarily. There is a balance to be found
158	between holding the indexs in core, and the actual benefit. Too many
159	indexes makes the core size large, and increases paging problems.
160
161	.PP
162	The index is only made for subtree searches in certain parts of the
163	DIT, you need to define which. Typically you will just do this for
164	the whole organisation by adding
165	.IP
166	index_subtree c=XX@o=My org
167	.LP
168	to quipu tailor. However if some OU's are also large, you may want
169	to index them as well e.g.
170	.IP
171	index_subtree c=XX@o=My org@ou=Large OU.
172	.LP
173	The index is only used for equality, approximate and initial substring
174	matching. General wildcard matches are not improved by indexing, but
175	should still be quicker than QUIPU-6.0 due to some scheduling improvements.
176	.LP
177	(NOTE: The TURBO_LOAD compile option has now been removed, as the introduction
178	of AVL trees has a similar effect. TURBO_DISK remains)
179
180
181	.NH
182	Inherited attributes
183	.LP
184	Attribute inheritance is a mechanism where an entry can get default
185	attribute values from its parent entry.
186	This can be used to make the in core database significantly smaller
187	(and easier to manage).
188	For example, entries of the object class `person' for a particular
189	organisation might all have the same postal address attribute.
190	Using inheritance this attribute can be placed in the entry one level above,
191	and inherited down.
192	.LP
193	For example, if the following was an attribute of the parent entry
194	.PS
195	inheritedAttribute = person $ default (
196	.sp 0
197	postalAddress= UCL $ Gower Street $ London $ WC1E 6BT
198	.sp 0
199	telephoneNumber= +44 71-387-7050
200	.sp 0
201	)
202	.PE
203	.LP
204	Then all entires belonging to the `person' objectclass at the level
205	below would inherit the postalAddress and TelephoneNumber attributes
206	IF there is not already a value there.
207	.LP
208	This is particularly useful for access control lists.
209	Full details are given in the Manual.
210
211
212	.NH
213	DSA relay
214	.LP
215	If your DSA is not connected to
216	one of the major networks (Internet, IPSS...), it may from time to time
217	get references to a DSA that it can not connect to directly, so the
218	operation can not proceed.
219	.LP
220	The DSA relay attribute in your DSAs entry supplies the DN of a DSA(s)
221	that is listening on both your network and
222	the major networks you are not connected to.
223	There needs to be an agreement between the managers of the two
224	DSAs because the
225	relay DSA will be asked to perform operations on your behalf.
226	.LP
227	For example, if the DSA `x' has access to IPSS and Internet, but DSA `y'
228	only has IPSS access, DSA `y' might add a relayDSA attribute to it own
229	entry, with the DN of DSA `x' as the value.
230	Then when DSA `y' gets a reference to an Internet based DSA, it will chain
231	the operation the DSA `x'.
232	.LP
233	Clearly, if every DSA chooses the same relay DSA, that DSA will soon
234	become overloaded and reject your association attempts with a `busy'
235	error. So some care is needed in choosing the `right' DSA (We
236	recognise that there
237	needs to be some form of `relay authorisation' for ISODE-7.0 and are
238	looking at possible solutions).
239
240
241	.NH
242	NULL EDBs.
243	.LP
244	You can now create NULL EDB files, that is a file that
245	contains only a two line header, and no entries. This should
246	make writing scripts to
247	build databases a little easier. It also has the advantage that the
248	last entry from any one level in the DIT can now be removed, this was
249	previously greeted with `unwilling to perform' error message.
250
251	.NH
252	New EDB format.
253	.LP
254	To facilitate faster loading of EDB files, the
255	format has changed slightly (The format DISH presents to the user is,
256	however the same as before). With multiple attributes instead of
257	repeating the attribute type, which then has to be looked up in tables,
258	lines can be split using a `\\` continuation character. For example,
259	previously the following multivaled attribute was recognised:
260	.IP
261	cn= Colin Robbins & Colin John Robbins
262	.LP
263	as well as
264	.IP
265	cn= Colin Robbins
266	.sp 0
267	cn= Colin John Robbins
268	.LP
269	Now, the following is also allowed (and is more widely used by DSAs)...
270	.IP
271	cn= Colin Robbins &\\
272	.sp 0
273	Colin John Robbins
274
275	.NH
276	Listen address
277	.LP
278	Sometimes, particularly in the X.25 world, the
279	address used to call a DSA is not the same as the address the DSA must
280	listen on. So a new attribute "listenAddress" attribute has been introduced.
281	If the address your DSA wants to listen on is different to the address
282	it need to present to the outside world, use the listenAddress to
283	define the address the DSA should listen on, and the standard
284	PresentationAddress for the address remote DSAs should call.
285
286	.NH
287	Modify from dish.
288	.LP
289	Instead of always invoking an editor to modify an
290	entry, you can now do it all from the command line with the following
291	operations:
292	.IP
293	modify -add <attribute>
294	.LP
295	or
296	.IP
297	modify -remove <attribute>
298
299	.NH
300	Secure searching.
301	.LP
302	In Quipu-6.1 it was only possible to search a
303	part of the DIT if it was publicly readable, and only public readable
304	attributes
305	were searched. This restriction is now lifted IF the DSA performing
306	the search holds the entire subtree being searched.
307
308
309	.NH
310	User Friendly Naming
311	.LP
312	The concept of UFN - User Friendly Naming has been introduced to some
313	of the interfaces, and an example tool (others/quipu/uips/ufn) has
314	been written to demonstrate the capabilities.
315
316	.LP
317	A UFN is a concise representation used to identify a DN.
318	For example "C Robbins, X-Tel, GB" is sufficient to identify
319	the long winded "c=GB@o=X-Tel Services Ltd@cn=Colin Robbins".
320	A UFN is also context sensitive, so if I was already located in the GB part
321	of the DIT "C Robbins, X-Tel" would be sufficient, or if under the
322	X-Tel part of the DIT "C Robbins" would be enough.
323	.LP
324	A paper `Using the OSI Directory to achieve User Friendly Naming' by
325	S.Kille describes the approach in full.
326
327	.NH
328	isoentity & isoservice replacement
329	.LP
330	The directory can now be used as a replacement for isoentities and
331	isoservices. The isode-gen(8) manual page describes how to set things
332	up, and describes a
333	.B
334	bootsvc
335	.R
336	script to load the DSA with the relevant
337	data. There are some scripts in others/quipu/tools/scripts to help
338	manage such entries once created.
339	You are strongly encouraged to register your OSI application in the
340	directory then using UFN, operations such as
341	.IP
342	ftam "cs, ucl, GB"
343	.sp 0
344	vt "x-tel, gb"
345	.sp 0
346	imisc "psi, us"
347	.LP
348	will start to work.
349
350	.LP
351	If the DSA fails to find a entity, the old isoentities file is used as a back up.
352
353	.NH
354	IXI
355	.LP
356	IXI has become part of the standard macro definitions. If you have
357	the line
358	.IP
359	ts_interim: IXI
360	.LP
361	in your isotailor file, it should be removed. If you do not
362	remove the line, you will get a harmless warning about
363	.IP
364	duplicate prefixes for communities "IXI" and "IXI"
365	.LP
366	for some processes.
367	.LP
368	You should make sure you
369	have re-installed ALL applications that read the isotailor
370	before removing this IXI definition. Once is is removed old applications
371	WILL fail.
372
373	.NH
374	Asynch DUA
375	.LP
376	There is an (undocumented) asynchronous interface to the dsap library.
377
378	.NH
379	Alias management
380	.LP
381	A management version of dish can be found in others/quipu/uips/manage.
382	This has additional command to add/delete and check alias entries in
383	to DIT.
384
385	.NH
386	DSA statistics tools
387	.LP
388	There is a script in others/quipu/tools/dsastats which can process the
389	quipu.log file produced by a DSA and provide some statistics on the
390	DSA usage.
391
392	.NH
393	DSC
394	.LP
395	others/quipu/uips/dsc provides a simple DUA that prompts fom certain
396	information such as name and organisation, and return with full name,
397	phone number and email address.
398
399	.NH
400	X-Windows DUA
401	.LP
402	The two X-Window DUA's released by Brunel University shortly after
403	ISODE-6.0 have been integrated into this release, together with `sd'
404	an enhanced version of the `widget' interfaces.
405
406	.NH
407	T.61 strings.
408	.LP
409	T.61 strings can be represented by mapping them onto an ISO 8859-1
410	character set (e.g as supported by some X-Window fonts).
411	.LP
412	Accented characters are represented by two octets, the first indicating the
413	accent and the second the base character to be accented. Note that some
414	combinations of accent and character do not have an equivalent in ISO 8859-1,
415	and hence cannot be displayed on an ISO 8859-1 device.
416	.LP
417	A few example mappings...
418	.LP
419	.PS
420	T.61 Character EDB file code
421	.sp 1
422	n tilde \\c4n
423	.sp 0
424	e circumflex \\c3e
425	.sp 0
426	a grave \\c1a
427	.sp 0
428	a acute \\c2a
429	.PE
430
431	.LP
432	You need to tell the DUA that you have the ability to display the
433	correct characters, this can be acheived in one of two ways:
434	.IP 1)
435	In the dsaptailor file, you can add
436	ch_set ISO8859
437	.LP
438	or
439
440	.IP 2)
441	set the environment variable CH_SET to "ISO8859", e.g., using `csh'
442	setenv CH_SET ISO8859
443
444	.LP
445	Some EDB files currently have the wrong T.61 codes for some national
446	characters. These should now be replaced with the correct T.61 code.
447
448
449	.NH
450	Photos
451	.LP
452
453	Kevin Jordan has given the old g3fax code a major, and much needed
454	overhaul. This release provides the framework for better handling of
455	photo attributes in future releases. Until ISODE-7.0 if you use
456	the `pbmtofax' tool to encode any new photographs, you should use
457	the `-old' flag to ensure that other people can display the pictures using
458	their 6.0/6.1 based code. This options has not been hard wired, as
459	you may wish to experiment with the new tools.
460
461	.LP
462	There is tool to convert the g3fax pictures to postscript.
463
464	.NH
465	Authentication
466	.LP
467	Your DSA can now insist on various levels of authentication.
468	For example, it can be made to reject bind operations that do not supply a DN.
469	This is set via the `authentication' quiputailor variable. The value
470	`DN' tells to reject bind's unless a DN is supplied, and `simple'
471	insists that simple authentication at the very least is used.
472
473	.NH
474	Address Selectors
475	.LP
476	Quipu now checks that the PSEL, SSEL and TSEL supplied by a calling
477	entity match the selectors defined in the DSAs presentationAddress
478	attribute. If they do not, the association is rejected with a message
479	of the form:
480	.IP
481	Session entity not attached to TSAP
482
483	.NH
484	libdsap changes
485	.LP
486	There are a few changes to the dsap library programmers should be
487	aware of.
488	.IP a)
489	Calls to the *_decode() routine such as dn_decode() and as_decode()
490	are no longer needed.
491	.IP b)
492	The AttributeType structure is now just a pointer into the OID tables,
493	thus `at_table' struct reference is no longer needed.
494	So code of the form
495	.B
496	at->at_table.oa_syntax
497	.R
498	should be replaced with
499	.B
500	at->oa_syntax
501	.R
502	and
503	.B
504	at->at_oid
505	.R
506	replaced with
507	.B
508	at->oa_at.ot_oid
509	.R
510	\.
511
512	.IP c)
513	A few other routines have had their parameters changed slightly, so
514	you should run your programs through lint (making sure you
515	bring in the dsap and isode
516	lint libraries) to check your procedure calls.
517
518
519	.NH
520	Manual
521	.LP
522	The Quipu Manual has been updated to reflect all these new features.
523
524	.NH
525	Thanks...
526	.LP
527	The Quipu team would like to thank Tim Howes, George Michaelson,
528	Andrew Worsley, Andrew Findlay, Piete Brooks, Kevin Jordan,
529	Gier Pederson, Juha Heinanen, Petri Jokela, Peter Yee and many
530	others people for enhancing, bug reporting and fixing, and testing
531	this and the many other versions of Quipu since ISODE-6.1 to
532	destruction.
533
534
535	Colin
536
537