As mentioned above, many of the operation results, and one error result, contain at least one entry name. Entry names may be the object of confidentiality policy because each name reveals information about the the structure of the DIT which may, in turn, reveal information about the organizational structure of the organization(s) that control(s) the name. For example, a private company may choose to have their subtree of the DIT reflect the company's true organizational structure while also regarding that structure as proprietary information. A company might want their DIT subtree to reflect the company's organizational structure because it helps employees use the Directory more effectively; they can use their knowledge of the organizational structure to find entries they need. A hypothetical policy might allow disclosure of Distinguished Names in query and error results generated for company ``insiders'' (i.e., employees of the company) while disallowing such disclosure in operation and error results generated for ``outsiders.'' Such a policy is fully supported by the standardized access control mechanisms.
When confidentiality policy precludes disclosure of a Distinguished Name in an operation result, the Directory conceals the name by various means depending on what the operation is. For READ and COMPARE operation results, the Distinguished Name of the target entry is concealed by simply returning the same name that was specified by the user in the operation request. This action is also taken when avoiding disclosure of the Distinguished Name of the base entry for a LIST or SEARCH operation. Note that the name specified by the user in the operation request is either an alias name or the Distinguished Name; in either case, the Directory returns a name that was already known by the user.
Concealing the Distinguished Name of an entry immediately subordinate to the base of a LIST operation must be handled differently since the operation request does not provide a name that can be echoed back in the operation result. To conceal the Distinguished Name in this case, the Directory will take one of two actions. The responding Directory System Agent (DSA) first checks to see if a ``locally defined alternate name'' has been established. Such a name is ``locally defined'' because there is no standardized means of designating an ``alternate name''; the alternate name is identified by the responding (i.e., local) DSA by means that are defined by the DSA implementor or by functional profiles. An alternate name is an alias name for the entry whose Distinguished Name is to be concealed. If an alternate name has been established in the responding DSA, the operation result will contain the alternate name. If an alternate name has not been established in the responding DSA, the entry is omitted from the operation result.
Similarly, for the SEARCH operation, the Distinguished Name of a nonbase object is concealed by using a locally defined alternate name if such a name is available. If an alternate name is not available, the entry is completely omitted from the operation result.
A particular error result, known as NAME-ERROR, contains an entry name that may be controlled by confidentiality policy. A NAME-ERROR result contains an entry name for which:
In the process of identifying such a name, several special cases arise that may involve returning an empty name or an alternate name. The use of alternate names is based on criteria similar to that described above for operation results.