A Quick Overview of X.500

Although you can find a more detailed explanation of the X.500 specification in Chapter 25, a short introduction must be given here to discuss the benefits involved with using the X.509 format and X.500 fields. The X.509 specification uses the identity and naming techniques of X.500 to develop a distinguished name for the issuer and subject. A distinguished name is a name that uniquely identifies the subject or issuer. The issuer, or subject, of the certificate could be an organization, group , or individual. The DN is comprised of many pieces, such as common name (CN) and organizational unit (OU), which is used to distinguish one user from another.

Here is an example to help you understand these concepts. Assume that there is an organization named RichWare,LLC . RichWare that has only one user in the Development department named Rich Helton in Denver, CO . Because there is only one individual who meets those requirements, the user is distinguished from everyone else in the organization.

The organization RichWare,LLC can be mapped to www.richware.com for direct access into the organization's servers. The user can be identified in the organization, and the organization can be found on the Internet. Therefore, the user can be found from the Internet, thus mapping the identity from an X.500 name format to an exact individual on the Internet. Figure 24-1 depicts this structure. Do not worry about understanding all the details; they are discussed later in this chapter.

Figure 24-1: The organization of X.500