This paper describes the mechanisms that are needed in order to provide a secure directory service based on the X.500 data model. A brief introduction to the X.500 data model is given followed by an overview of the Lightweight Directory Access Protocol. Security can be provided by three functions: an application level firewall, an authentication mechanism, and an access control scheme. A description of the X.500 and LDAP access control models is presented followed by the authentication methods that have been standardised for LDAPv3. A companion paper describes a directory application firewall
