ATN DirectoryAir Traffic Network Directory to Support AMHS Messaging
The Air Traffic Network (ATN) Directory is defined by the International Civil Aviation Authority as a part of the overall ATN specifications. A major goal of the ATN Directory is to support Aviation Messaging (AMHS), which is described on the AMHS Messaging page.
Directory is a core element in Isode's offering for the Civil Aviation market both as a core element in AMHS Messaging and to enable the Extended ATS Message Service.
What Isode Provides
Isode provides everything needed to build an ATN directory:
- M-Vault: an LDAP/X.500 Directory Server which is the core component of an ATN Directory. It has full compliance to the ICAO DOC 9880 specifications for ATN Directory products, and supports chaining, replication and security features.
- Sodium-Sync: enables synchronization between directory servers and other data sources such as files and databases
- Directory Client API: used to connect AMHS applications to M-Vault X.500 using X.500 DAP (Directory Access Protocol). This allows lookup of information such as Certificates and AMHS parameters, and supports mappings between AFTN addresses and X.400 O/R Addresses.
Isode's mature and robust product have been deployed for many years in demanding operational environments, including within AMHS solutions used by over 100 countries. Isode's directory is fully ICAO compliant with excellent security features (including strong authentication for all directory protocols and signed operations) and comprehensive GUIs for data and operational management.
ATN Directory Architecture
The ATN Directory holds data in a hierarchy containing information about CAAs (Civil Aviation Authorities) and other ATN users. Data in the ATN Directory is available to users worldwide.
The diagram above shows how the ATN Directory is provided by multiple directory servers, and can support AMHS and non-AMHS applications utilizing data in the ATN Directory. Directory data will be stored in a server operated by the data owner. This model allows a CAA to start with a single directory server containing the CAA's own data for local use. This isolated server can then be connected to other servers using one or both of two mechanisms:
- Chaining, where one server knows about data held in another, and can connect to that server in order to retrieve data for an end user or application.
- Replication, where selected data is copied to another server, thus making it available locally to users of that server.
This interconnection will allow incremental building of a distributed global service.
How AMHS uses the ATN Directory
AMHS, as described in AMHS Messaging page, requires use of the ATN Directory in order to provide the Extended ATS Message Service. This provides the following benefits to the user:
- Recipient validation prior to and after message submission.
- Access to the end user X.509 certificate.
- Access to information about (potential) message recipients.
- Determining AMHS capabilities (e.g., maximum message size supported), and in particular determining if the Extended ATS Service is supported by the message recipient. This allows an originator to determine the service level a recipient supports, and to only send messages with Extended ATS Service capabilities to recipients that can correctly handle this.
An additional benefit of using the ATN Directory is to manage address mapping between X.400 OR Addresses and AFTN addresses. This mapping can be used by AFTN/AMHS Gateways, and also to enable users to enter AFTN addresses and have them automatically converted. Holding this mapping in the directory enables the same mapping information to be easily used by all users and servers that need it, and to be conveniently managed in a machine oriented format. Isode's ATN Directory API provides simple calls to enable applications to easily use this mapping.
Our [ATN directory vision] whitepaper sets out the benefits of using an ATN Directory in support of AMHS and ground to ground messaging communication, and explains how this directory could be deployed in conjunction with AMHS.
The ATN Directory holds data that needs to be managed. The tool to do this is often referred to as an ADUA (Administrative Directory User Agent). Sodium (Secure Open Directory, User and Identity Manager) is Isode's ADUA. Sodium provides a flexible GUI for data administration.
In some cases data will be managed indirectly, for example mapping data may be obtained from the European Directory Service (EDS). In this case, data will simply be replicated in, using X.500 DISP.
Mapping data may also be obtained as CSV files. Isode provides scripts to enable conversion of this data to LDIF, which can then be loaded into the directory use Sodium or Sodium Sync.
The ATN Directory is critical infrastructure that is important in itself and as support for other applications. It is important to monitor servers for availability and correct operation. Although Isode provides two approaches to achieve this, the recommended approach is to use Isode's M-Vault Console tool, which provides GUI monitoring of one or more M-Vault directory servers. M-Vault Console also has knowledge of directory replication and can monitor replication agreements from both ends. This is important to ensure that all servers are up to date with the most recent information.