ImageVerifierCode 换一换
格式:PDF , 页数:238 ,大小:2.30MB ,
资源ID:436563      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-436563.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS ISO IEC 9594-2-2001 Information technology Open Systems Interconnection The Directory Models (Adopted by INCITS).pdf)为本站会员(figureissue185)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS ISO IEC 9594-2-2001 Information technology Open Systems Interconnection The Directory Models (Adopted by INCITS).pdf

1、Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Date of ANSI Approval: 12/24/2003Published by American National Standards Institute,25 West 43rd Street, New York, New York 10036Copyright 2003 by Information Technology Industry Council

2、 (ITI).All rights reserved.These materials are subject to copyright claims of International Standardization Organization (ISO), InternationalElectrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council(ITI). Not for resale. No part of t

3、his publication may be reproduced in any form, including an electronic retrieval system, withoutthe prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW,Washington, DC 20005.Printed in the United States of AmericaReference numberISO

4、/IEC 9594-2:2001(E)ISO/IEC 2001INTERNATIONAL STANDARD ISO/IEC9594-2Fourth edition2001-12-15Information technology Open Systems Interconnection The Directory: Models Technologies de linformation Interconnexion de systmes ouverts (OSI) Lannuaire: Les modles ISO/IEC 9594-2:2001(E) PDF disclaimer This P

5、DF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therei

6、n the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the

7、PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2001 All rights res

8、erved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the reque

9、ster. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web www.iso.ch Published by ISO in 2002 Printed in Switzerland ii ISO/IEC 2001 All rights reserved ISO/IEC 9594-2:2001(E) ISO/IEC 2001 All rights reserved iiiCONTENTS Page

10、 SECTION 1 GENERAL 1 1 Scope . 1 2 Normative references 2 2.1 Identical Recommendations | International Standards. 2 2.2 Paired Recommendations | International Standards equivalent in technical content. 3 3 Definitions 3 3.1 OSI Reference Model Definitions . 3 3.2 Basic directory definitions. 3 3.3

11、Distributed operation definitions. 3 3.4 Replication definitions. 3 4 Abbreviations 4 5 Conventions 4 SECTION 2 OVERVIEW OF THE DIRECTORY MODELS 6 6 Directory Models 6 6.1 Definitions. 6 6.2 The Directory and its Users. 6 6.3 Directory and DSA Information Models . 7 6.4 Directory Administrative Auth

12、ority Model. 8 SECTION 3 MODEL OF DIRECTORY USER INFORMATION. 9 7 Directory Information Base 9 7.1 Definitions. 9 7.2 Objects. 10 7.3 Directory Entries . 10 7.4 The Directory Information Tree (DIT) 10 8 Directory Entries. 11 8.1 Definitions. 11 8.2 Overall Structure . 12 8.3 Object Classes . 13 8.4

13、Attribute Types 15 8.5 Attribute Values 15 8.6 Attribute Type Hierarchies 15 8.7 Contexts. 16 8.8 Matching Rules 17 8.9 Entry Collections. 20 8.10 Compound entries and families of entries . 21 9 Names . 22 9.1 Definitions. 22 9.2 Names in General 22 9.3 Relative Distinguished Names. 23 9.4 Name Matc

14、hing . 24 9.5 Names returned during operations. 24 9.6 Names held as attribute values or used as parameters . 25 9.7 Distinguished Names. 25 9.8 Alias Names 25 10 Hierarchical groups. 26 10.1 Definitions. 26 10.2 Hierarchical relationship . 27 ISO/IEC 9594-2:2001(E) iv ISO/IEC 2001 All rights reserv

15、ed Page SECTION 4 DIRECTORY ADMINISTRATIVE MODEL 28 11 Directory Administrative Authority model. 28 11.1 Definitions. 28 11.2 Overview . 28 11.3 Policy. 29 11.4 Specific administrative authorities 29 11.5 Administrative areas and administrative points. 30 11.6 DIT Domain policies . 32 11.7 DMD polic

16、ies 32 SECTION 5 MODEL OF DIRECTORY ADMINISTRATIVE AND OPERATIONAL INFORMATION. 34 12 Model of Directory Administrative and Operational Information 34 12.1 Definitions. 34 12.2 Overview . 34 12.3 Subtrees . 35 12.4 Operational attributes 37 12.5 Entries 38 12.6 Subentries 38 12.7 Information model f

17、or collective attributes . 39 12.8 Information model for context defaults . 40 SECTION 6 THE DIRECTORY SCHEMA 41 13 Directory Schema . 41 13.1 Definitions. 41 13.2 Overview . 41 13.3 Object class definition . 43 13.4 Attribute type definition 45 13.5 Matching rule definition 47 13.6 Relaxations and

18、tightenings. 49 13.7 DIT structure definition. 56 13.8 DIT content rule definition 58 13.9 Context type definition 59 13.10 DIT Context Use definition . 60 14 Directory System Schema. 61 14.1 Overview . 61 14.2 System schema supporting the administrative and operational information model. 61 14.3 Sy

19、stem schema supporting the administrative model 62 14.4 System schema supporting general administrative and operational requirements. 62 14.5 System schema supporting access control. 65 14.6 System schema supporting the collective attribute model. 65 14.7 System schema supporting context assertion d

20、efaults. 65 14.8 System schema supporting the service administration model . 66 14.9 System schema supporting hierarchical groups. 66 14.10 Maintenance of system schema . 67 14.11 System schema for first-level subordinates . 67 15 Directory schema administration 67 15.1 Overview . 67 15.2 Policy obj

21、ects 67 15.3 Policy parameters 68 15.4 Policy procedures 68 15.5 Subschema modification procedures . 68 15.6 Entry addition and modification procedures 69 15.7 Subschema policy attributes 69 ISO/IEC 9594-2:2001(E) ISO/IEC 2001 All rights reserved vPage SECTION 7 DIRECTORY SERVICE ADMINISTRATION . 75

22、 16 Service Administration Model 75 16.1 Definitions. 75 16.2 Service-type/user-class model . 75 16.3 Service specific administrative areas. 76 16.4 Introduction to search-rules. 77 16.5 Subfilters . 77 16.6 Filter requirements. 78 16.7 Attribute information selection based on search-rules. 78 16.8

23、Access control aspects of search-rules 79 16.9 Contexts aspects of search-rules 79 16.10 Search-rule specification . 79 16.11 Matching restriction definition 87 16.12 Search-validation function. 87 SECTION 8 SECURITY . 89 17 Security model 89 17.1 Definitions. 89 17.2 Security policies 89 17.3 Prote

24、ction of Directory operations. 90 18 Basic Access Control 94 18.1 Scope and application 94 18.2 Basic Access Control model 94 18.3 Access control administrative areas. 96 18.4 Representation of Access Control Information . 99 18.5 The ACI operational attributes 104 18.6 Protecting the ACI. 104 18.7

25、Access control and Directory operations. 105 18.8 Access Control Decision Function 105 18.9 Simplified Access Control. 106 19 Rule-based Access Control. 107 19.1 Scope and application 107 19.2 Rule-based Access Control model. 107 19.3 Access control administrative areas. 108 19.4 Security Label 108

26、19.5 Clearance. 109 19.6 Access Control and Directory operations 109 19.7 Access Control Decision Function 110 19.8 Use of Rule-based and Basic Access Control 110 20 Cryptographic Protection in Storage. 110 20.1 Data Integrity in Storage . 110 20.2 Confidentiality of stored data 112 SECTION 9 DSA MO

27、DELS 115 21 DSA Models . 115 21.1 Definitions. 115 21.2 Directory Functional Model 115 21.3 Directory Distribution Model 116 SECTION 10 DSA INFORMATION MODEL. 118 22 Knowledge 118 22.1 Definitions. 118 22.2 Introduction . 118 22.3 Knowledge References 119 22.4 Minimum Knowledge 121 22.5 First Level

28、DSAs . 122 ISO/IEC 9594-2:2001(E) vi ISO/IEC 2001 All rights reserved Page 23 Basic Elements of the DSA Information Model . 122 23.1 Definitions. 12223.2 Introduction . 122 23.3 DSA-Specific Entries and their Names . 123 23.4 Basic Elements 124 24 Representation of DSA Information . 126 24.1 Represe

29、ntation of Directory User and Operational Information 126 24.2 Representation of Knowledge References. 127 24.3 Representation of Names and Naming Contexts . 133 SECTION 11 DSA OPERATIONAL FRAMEWORK . 135 25 Overview 135 25.1 Definitions. 135 25.2 Introduction . 135 26 Operational bindings. 135 26.1

30、 General 135 26.2 Application of the operational framework. 136 26.3 States of cooperation . 137 27 Operational binding specification and management. 138 27.1 Operational binding type specification 138 27.2 Operational binding management 139 27.3 Operational binding specification templates . 140 28

31、Operations for operational binding management 142 28.1 Application-context definition. 142 28.2 Establish Operational Binding operation. 142 28.3 Modify Operational Binding operation . 144 28.4 Terminate Operational Binding operation . 145 28.5 Operational Binding Error. 146 28.6 Operational Binding

32、 Management Bind and Unbind 147 Annex A Object identifier usage 149 Annex B Information Framework in ASN.1. 152 Annex C SubSchema Administration Schema in ASN.1 161 Annex D Service Administration in ASN.1 165 Annex E Basic Access Control in ASN.1 . 169 Annex F DSA Operational Attribute Types in ASN.

33、1 172 Annex G Operational Binding Management in ASN.1. 175 Annex H Enhanced security 179 Annex I The Mathematics of Trees. 185 Annex J Name Design Criteria . 186 Annex K Examples of various aspects of schema. 188 K.1 Example of an Attribute Hierarchy . 188 K.2 Example of a Subtree Specification. 188

34、 K.3 Schema Specification 189 K.4 DIT content rules. 190 K.5 DIT context use . 191 Annex L Overview of Basic Access Control Permissions 192 L.1 Introduction . 192 L.2 Permissions required for operations 192 L.3 Permissions affecting error 193 L.4 Entry level permissions . 194 L.5 Entry level permiss

35、ions . 195 ISO/IEC 9594-2:2001(E) ISO/IEC 2001 All rights reserved viiPage Annex M Examples of Access Control. 196 M.1 Introduction . 196 M.2 Design principles for Basic Access Control 196 M.3 Introduction to example. 197 M.4 Policy affecting the definition of specific and inner areas. 197 M.5 Polic

36、y affecting the definition of DACDs . 200 M.6 Policy expressed in prescriptiveACI attributes 202 M.7 Policy expressed in subentryACI attributes. 209 M.8 Policy expressed in entryACI attributes 210 M.9 ACDF examples 210 M.10 Rule-based Access Control 212 Annex N DSE Type Combinations. 213 Annex O Mod

37、elling of knowledge 215 Annex P Names held as attribute values or used as parameters 220 Annex Q Subfilters . 221 Annex R Compound entry name patterns and their use 222 Annex S Alphabetical index of definitions . 224 Annex T Amendments and corrigenda 226 ISO/IEC 9594-2:2001(E) viii ISO/IEC 2001 All

38、rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standard

39、s through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC

40、, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of the joint technical committee is t

41、o prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibi

42、lity that some of the elements of this part of ISO/IEC 9594 may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Users and implementors should note the existence of a “defect resolution” procedure in ISO/IEC JTC 1 to identify a

43、nd correct errors in International Standards through the publication of Technical Corrigenda. Identical corrections are made to the corresponding ITU-T Recommendations through Corrigenda and may also be made in the form of Implementors Guides. Details of Technical Corrigenda to International Standar

44、ds are available on the ISO website; published Technical Corrigenda can be obtained via the ISO webstore or from the ISO and IEC national bodies. Corrigenda and Implementors Guides to ITU-T Recommendations can be obtained from the ITU-T website. ISO/IEC 9594-2 was prepared by Joint Technical Committ

45、ee ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and information exchange between systems, in collaboration with ITU-T. The identical text is published as ITU-T Rec. X.501. This fourth edition of ISO/IEC 9594-2 constitutes a technical revision of the third edition (ISO

46、/IEC 9594-2:1998), which is provisionally retained in order to support implementations based on the third edition. This edition also incorporates Corrigendum 1:2002 and Corrigendum 2:2002. ISO/IEC 9594 consists of the following parts, under the general title Information technology Open Systems Inter

47、connection The Directory: Part 1: Overview of concepts, models and services Part 2: Models Part 3: Abstract service definition Part 4: Procedures for distributed operation Part 5: Protocol specifications Part 6: Selected attribute types Part 7: Selected object classes Part 8: Public-key and attribut

48、e certificate frameworks Part 9: Replication Part 10: Use of systems management for administration of the Directory Annexes A to H form a normative part of this part of ISO/IEC 9594. Annexes I to T are for information only. ISO/IEC 9594-2:2001(E) ISO/IEC 2001 All rights reserved ixIntroduction This

49、Recommendation | International Standard, together with the other Recommendations | International Standards, has been produced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (D

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1