|
Home : History
The development of ViewDS began in 1989 at the Telstra Research
Laboratories in Melbourne, Australia, to meet Telstra's organizational
requirements for a corporate electronic directory. The development
was led by Rolf Exner and Dr Stephen Legg then at the forefront
in the development and design of the global ISO X.500 standard.
As part of this development Telstra built into the directory solution
a set of sophisticated search capabilities designed to make the
implementation extremely easy to use by any web or windows user
providing support for approximate matching on a search request,
including phonetic matching and spelling correction, truncation
matching, abbreviations, keyword matching, synonyms, and any combinations
of these requests.
In 1999, a licence to exploit the View500 (now known as ViewDS) software was granted to Adacel Technologies Ltd. Acacel continued the development of View500 adding native support for LDAP v2 and v3.
In 2004 eB2Bcom, Australia's leading identity management solution
provider, acquired the View500 business, which included licences
to exploit Telstra's and Adacel's IP (now consolidated within eB2Bcom,)
the customer base and the development and support teams. eB2Bcom
has continued to develop and maintain the View500 product whilst
maintaining an active role in the LDAP, PKIX and XED (XML Enabled
directory) standards advancements. A range of new features and facilities
have been added, not least the ability to store XML objects and
schema in the Directory and to provide for searching, using Component
matching, any directory data including XML objects.
The most recent ViewDS release (Version 7.0) provides major improvements
in the way that ViewDS servers can be managed, configured and maintained.
View details of the released versions below:
[+]
All
[+]
ViewDS Version 7.0
The current version for ViewDS is 7.0, which was released in October 2009. The new
features that have been included in ViewDS 7.0 are:
ViewDS Management Agent
The ViewDS Management Agent is a Windows application that allows the central management
of one or more ViewDS servers.The ViewDS Management Agent replaces the View500 AdminDUA.
Remote Administration Service
The Remote Administration Service (RAS) is a new component that is provided with the ViewDS
server. The RAS allows the Management Agent to completely manage a ViewDS server, including
file system settings and the ability to start and stop a ViewDS server.
Updated Documentation Suite
The ViewDS documentation is provided as three documents; the Installation and Operations Guide,
the Technical Reference Guide for the Directory System Agent, and the Technical Reference Guide
for the User Interfaces.
Role and Time based Access Control
The Basic Access Control scheme has been extended to allow dynamic user inclusion for an access
control item. User inclusion can be based on a search filter which allows a user's inclusion to be
based on the attributes of the user's entry.
This extension to the Basic Access Control scheme facilitates attribute based access control,
role based access control and access controls based on times (e.g. day of week, hour if day, etc).
Word List Management
The management of word lists, such as synonyms, noise words and truncations can be managed at runtime
and are now stored within the DIT. By storing these words in the DIT, they can now be replicated to other ViewDS servers.
[+]
Version 6.0
The new features that were added to the 6.0 release are listed below.
X.500 Technology
Internet Directly Mapped Protocol (IDMP)
IDMP is a protocol which provides a TCP/IP transport for DAP, DISP
(Shadowing), and DSP (distributed operation) operations.
LDAP Technology
Simple Authentication and Security Layer (SASL)
A mandatory user authentication scheme for LDAP is the SASL Digest-MD5
mechanism. Instead of the user transmitting their username and password
clearly to the LDAP Server, SASL allows only hashed values to be
transmitted.
XML Enabled Directory (XED)
View500 Version 6.0 is the only directory available that supports
XED.
The XML Enabled Directory is a newly developed standard, which defines
a framework that leverages off existing technology such as ASN.1,
XML, X.500 and LDAP.
Some of the features available in version 6.0, due to XED, include:
Robust XML Encoding Rules (RXER)- RXER is an XML based encoding
rule. Instead of using an unreadable binary encoding rule (such
as BER), the directory is now able to encode data using RXER, a
text based encoding rule.
XIDMP
Currently, IDMP can be used to send DAP, DSP, and DISP PDU's over
a TCP/IP connection. IDMP states that these PDU's must be encoded
using the Basic Encoding Rules (BER). XIDMP allows the IDMP PDU's
to be transmitted in an XML based encoding, such as RXER.
XML Lightweight Directory Access Protocol (XLDAP)
XLDAP is semantically equivalent to LDAP, with the major difference
being the encoding rule used to encode the PDU. RXER is used to
encode XLDAP PDU's.
XED defines two transport mechanisms in which XLDAP messages can
be transmitted over, XLDAP over TCP/IP and XLDAP over SOAP 1.1.
ViewDS will support both of these mechanisms in the next release.
Extended LDAP Data Interchange Format (ELDIF)
The LDIF specification imposes restrictions that result in XML encoded
values being converted into an unreadable Base64 format within LDIF
dumps.
ELDIF extends the current LDIF specification to make allowances
for XML encoded values so their human readable encoding is retained.
For more information on XED, including the set of standards which
define the XED framework, visit the XED website, which can be found
in the Links section.
[+]
Version 5.3
Version 5.3 became available on the 15th of November, 2002.
This release included enhancements to the security of passwords within the directory.
Value hashing
ViewDS's proprietary value hashing scheme was implemented into the directory. This
value protection scheme is a configurable policy that can be used to protect passwords
when they are stored into and returned out of the directory.
The password values can be protected by a range of hash algorithms.
When a password is in a hashed format it can be safely returned out of the
directory over insecure channels. This is due to the fact that it becomes
cryptographically infeasible for an attacker to obtain the user's cleartext
password from a hashed version.
[+]
Version 5.2
Version 5.2 of ViewDS became available on the 25th of June, 2002.
Tree Browsing
This version of ViewDS saw the WebDUA get a facelift to illustrate new functionality.
The major upgrades included new graphics and Tree Browsing functionality. The WebDUA
now allows user's to navigate through the Directory Information Tree via a graphical interface.
LDAP Enhancements
In the DSA Server, additional portions of the LDAP specification were implemented. Such features include:
* LDAP Controls.
Controls are defined as part of the LDAP standard and can be used to convey
additional information or functionality through the existent LDAP protocol. Newly supported controls included:
# Server Side Sorting Control
This control allows LDAP clients to request that the DSA sort search results before returning them.
# Paged Search results Control.
This control can be used by clients to instruct the DSA server to only return a subset
(whose size is specified by the client) of results. The client is then able to repeat
the request and get the next set of results at its leisure.
# Proxied Authorization Control.
This control allows an LDAP Client to perform LDAP operations on behalf of other users.
This is useful when applications manage their own user authentication, and would like
to act on the user's behalf to access the directory.
# LDAP Password Policy Control.
When an LDAP Password Policy is being applied within the directory, this control can
be used to convey information from the DSA to the user. Such information may include
the amount of time that a user has left before they must change their password.
* LDAP Extension - Transport Layer Security.
This extended operation provides additional security for LDAP connections.
* LDAP Password Policy.
This standards based feature allows an administrator to specify password
policies for password attributes. This policy is highly configurable and
allows the administrator to enforce an appropriate level of password security
to reduce the possibility of a security breach due to password compromise.
* Chaining LDAP Operations
Leveraging off the X.500's distribution protocols, the DSA is now able to
convert an LDAP request into DAP and distribute the operation to other DSA's.
This mechanism allows an LDAP client to interact more fully within an X.500
distributed environment.
AdminDUA
The AdminDUA was enhanced to allow access control information to be imported
and exported from the directory. Once exported, access control information
can be easily imported from a file. This saves time, since making the
configuration via a GUI can be by-passed.
[+]
Version 5.1
ViewDS, Version 5.1, was released on the 25th of July 2001.
Native LDAP
This was the first version of ViewDS that contained native LDAP support.
Removing the need for an X.500/LDAP gateway, Native LDAP provided performance
and reliability benefits for ViewDS.
LDAP Data Interchange Format
LDIF, the LDAP Data Interchange Format, also became supported. This allowed
ViewDS to bulk-load large volumes of data in an efficient manner, which
is especially useful for loading information from other directories.
OpennSSL Enhancements
The security of directory information, whilst in transmission, was increased
with the support for LDAP over SSL. OpenSSL libraries being used by ViewDS
were updated to support SSLv3 and TLSv1, in addition to the already existent SSLv2.
Other security enhancements included the support for securely retrieving passwords
from the directory. This feature allowed password values to be obtained from
the directory in a hashed format.
[+]
Version 4.7
On the 30th of October 2000, Adacel released the 4.7 version of ViewDS.
24 x 7
In 4.7, the DSA became capable of continuous operation, 24 hours a day,
7 days a week. The DSA no longer required a routine shutdown when various log files became too large.
GUI Enhancements
Version 4.7 included changes to the GUI's which allowed them to provide the following functionality:
* Anonymous Browsing
* Increased control over the configuration of Access Control
Various bug fixes, made to the DSA, PDUA, WebDUA, SDUA, VFLOAD, AdminDUA, LDAP
gateway, VTDUA and WinDUA were all bundled into the 4.7 release.
The LDAP-API component of ViewDS was deprecated from the 4.7 release.
|
