The ATN (Air Traffic Network) Directory is defined by ICAO (International Civil Aviation Authority) as a part of the overall ATN specifications. A major goal of the ATN Directory is to support AMHS, which is described in Isode's AMHS Solutions Page. Isode uses directory services as a core part of its AMHS solution, and to enable the Extended ATS Message Service, that requires support of the ATN Directory.
The ATN Directory has broader scope than AMHS, and is appropriate for holding general information and in particular PKI and security related information.
What Isode Provides
Isode provides everything needed to build, operate and use an ATN directory:
- Isode's M-Vault X.500 directory sever is the core component of an ATN Directory. It has full compliance to the ICAO DOC 9880 specifications for ATN Directory products, and supports chaining, replication and security features.
- Isode's Sodium (Secure Open Data, Identity & User Manager) management GUI provides secure management of data.
- Isode’s Sodium Sync, which enables data synchronization with external data.
- Tools for operational management of directory services, and integration with standard network management systems.
- The Isode ATN Directory API is use to connect AMHS applications to M-Vault X.500 using X.500 DAP (Directory Access Protocol). This allows lookup of information such as Certificates and AMHS parameters, and supports mappings between AFTN addresses and X.400 O/R Addresses.
- A script to enable use of the AMC provided mapping tables by mapping to LDIF so that they can be loaded into a directory.
Isode's mature and robust product have been deployed for many years in demanding operational environments, including within AMHS solutions used by over 70 countries. Isode's directory is fully ICAO compliant with excellent security features (including strong authentication for all directory protocols and signed operations) and comprehensive GUIs for data and operational management.
ATN Directory Architecture
The ATN Directory holds data in a hierarchy containing information about CAAs (Civil Aviation Authorities) and other ATN users. The above screen shot, using example data in Isode’s directory administration tool (Sodium), shows how this data could look. This screenshot show an entry for an AMHS User Agent (UA) which includes information on the associated AFTN address of the UA. Data in the ATN Directory is available to users worldwide.
The diagram above shows how the ATN Directory is provided by multiple directory servers, and can support AMHS and non-AMHS applications utilizing data in the ATN Directory. Directory data will be stored in a server operated by the data owner. This model allows a CAA to start with a single directory server containing the CAA's own data for local use. This isolated server can then be connected to other servers using one or both of two mechanisms:
- Chaining, where one server knows about data held in another, and can connect to that server in order to retrieve data for an end user or application.
- Replication, where selected data is copied to another server, thus making it available locally to users of that server.
This interconnection will allow incremental building of a distributed global service.
How AMHS Uses the ATN Directory
AMHS, as described in Isode's AMHS Solution Page, requires use of the ATN Directory in order to provide the Extended ATS Message Service. This provides the following benefits to the user:
- Recipient validation prior to and after message submission.
- Access to the end user X.509 certificate.
- Access to information about (potential) message recipients.
- Determining AMHS capabilities (e.g., maximum message size supported), and in particular determining if the Extended ATS Service is supported by the message recipient. This allows an originator to determine the service level a recipient supports, and to only send messages with Extended ATS Service capabilities to recipients that can correctly handle this.
An additional benefit of using the ATN Directory is to manage address mapping between X.400 OR Addresses and AFTN addresses. The following diagram illustrates the information held in the directory to enable this mapping:
Click to show/hide details.
This mapping can be used by AFTN/AMHS Gateways, and also to enable users to enter AFTN addresses and have them automatically converted. Holding this mapping in the directory enables the same mapping information to be easily used by all users and servers that need it, and to be conveniently managed in a machine oriented format. Isode's ATN Directory API provides simple calls to enable applications to easily use this mapping.
The ATN Directory holds data that needs to be managed. The tool to do this is often referred to as an ADUA (Administrative Directory User Agent). Sodium (Secure Open Directory, User and Identity Manager) is Isode's ADUA. Sodium provides a flexible GUI for data administration with features that include:
- Use of Strong Authentication and Signed Operations may be chosen for all operations.
- Support for the full ATN Directory Schema, that may be extended as needed.
- Display of data based on XML templates that may be adapted for local requirements.
- Templates for convenient entry and display of structured attributes.
- Integrated management of PKI (X.509) data and associated identity management.
The screenshot above shows the AMHS/AFTN mapping configuration.
In some cases data will be managed indirectly. For example mapping data may be obtained from the European Directory Service (EDS) anticipated to be deployed by Eurocontrol. In this case, data will simply be replicated in, using X.500 DISP.
Mapping data may also be obtained from the AMC as CSV files. Isode provides scripts to enable conversion of this data to LDIF, which can then be loaded into the directory use Sodium or Sodium Sync.
The ATN Directory is critical infrastructure that is important in itself and as support for other applications. It is important to monitor servers for availability and correct operation. Isode provides two approaches to achieve this.
This first approach is use of SNMP (Simple Network Management Protocol) for this. Isode's M-Vault X.500 can be monitored with standard SNMP Management tools, such as HP OpenView or Solstice Enterprise Manager. The big advantage of SNMP is that it enables operational management to be integrated with management of networks and other components with a single operator interface.
The second approach is Isode's M-Vault Console tool, which provides GUI monitoring of one or more M-Vault directory servers. M-Vault Console also has knowledge of directory replication and can monitor replication agreements from both ends. This is important to ensure that all servers are up to date with the most recent information.
Isode has written a number of whitepapers that give more information on the ATN Directory, and its use by AMHS:
- How AMHS users
benefit from directory
This paper looks at how an AMHS end application, such as an AMHS Terminal sending and receiving flight plans, will utilize and benefit from the directory. This paper assumes a very basic understanding of AMHS and ATN Directory.
- Deploying ATN Directory
with AMHS: What you can do now
Much discussion on ATN Directory has set out a big vision as to how directories can interconnect globally and solve a wide range of problems. This paper gives a much more pragmatic and short term view and looks the nature of the ATN Directory and its deployment in support of AMHS together with what products and systems can be deployed today.
- Addressing in AMHS:
Building a solution that works for the end-user
AMHS provides a complex addressing scheme, which is used in conjunction with the ATN Directory. Users need to address messages, and the complexity of the AMHS addressing has potential to make this difficult. This whitepaper explains how AMHS and the ATN Directory can be used together to provide a simple and effective user experience
- ATN Directory Vision:
An Infrastructure for Supporting AMHS and Ground to Ground Communication
This paper sets out the benefits of using an ATN Directory in support of AMHS (Air Traffic Services (ATS) Message Handling Services) and ground to ground messaging communication, and explains how this directory could be deployed in conjunction with AMHS.