A directory service provides a central repository for information about systems applications and users available in a data processing system, particularly a multi-user, networked data processing environment. The directory service provides a mechanism for managing users and computing resources. Directory services permit the centralization of network and system administration. Using a directory service, information about all the users, such as names, passwords and preferences, and all the information about resources on the network can be maintained in a single location. Additionally, user access to the computing resources, and the associated access control measures may also be incorporated in the directory service. For example, the directory service may define the relationships and access privileges between the computing resources and the users of the data processing system.
A directory is a specialized database that contains entries. Entries are composed of a collection of attributes. An entry represents an object of interest in the system, for example, users, servers, printers, applications, etc. The attributes contain information about the corresponding object.
Certain data may be sensitive for example personally identifiable information (PII) subject to privacy regulations, and thus, the directory entries containing such information should be protected against compromise. Such data may be encrypted prior to storing in the directory, and then decrypted by a receiving application on retrieval from the directory. Such a system requires that encryption keys must be maintained by both the storing and receiving entities. Alternatively, data may be encrypted as it is stored and decrypted when it is retrieved from the directory. In the former instance, because the data is communicated in encrypted, or ciphertext, form (ciphertext will be used herein to refer to data that is encrypted, although it need not be “text” per se) the connection between the directory server and the client may be an unsecured connection. Alternatively, if the client and server communicate over a secure connection, the sensitive data may be transferred in cleartext, that is, unencrypted form.
To accommodate both alternatives and maintain integrity of sensitive data stored in the directory, there is a need in the art for systems and mechanisms for selectively maintaining data in encrypted form on an object (or attribute) basis. Additionally, there is a need in the art for mechanisms to control which data is stored in encrypted form and which recipients can retrieve the data in unencrypted form and which can retrieve the data in unencrypted form.