ANSI INCITS ISO IEC 9594-5-2001 Information technology Open Systems Interconnection The Directory Protocol specifications (Adopted by INCITS).pdf

1、Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Date of ANSI Approval: 12/24/2003Published by American National Standards Institute,25 West 43rd Street, New York, New York 10036Copyright 2003 by Information Technology Industry Council

2、 (ITI).All rights reserved.These materials are subject to copyright claims of International Standardization Organization (ISO), InternationalElectrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council(ITI). Not for resale. No part of t

3、his publication may be reproduced in any form, including an electronic retrieval system, withoutthe prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW,Washington, DC 20005.Printed in the United States of AmericaReference numberISO

4、/IEC 9594-5:2001(E)ISO/IEC 2001INTERNATIONAL STANDARD ISO/IEC9594-5Fourth edition2001-12-15Information technology Open Systems Interconnection The Directory: Protocol specifications Technologies de linformation Interconnexion de systmes ouverts (OSI) Lannuaire: Spcification du protocole ISO/IEC 9594

5、-5:2001(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading

6、this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General

7、 Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given be

8、low. ISO/IEC 2001 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member

9、body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web www.iso.ch Published by ISO in 2002 Printed in Switzerland ii ISO/IEC 2001 All rights reserved ISO/IEC 9594-5:2001(E) ISO/IEC 2001 All

10、rights reserved iiiCONTENTS Page Introduction v 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations | International Standards 1 2.2 Paired Recommendations | International Standards equivalent in technical content 2 2.3 ISO/IEC Standards 2 2.4 Other references 2 3 Definitions 3 3.1 OSI R

11、eference Model Definitions. 3 3.2 Remote Operations Definitions. 3 3.3 Basic Directory Definitions. 3 3.4 Distributed Operation Definitions. 3 3.5 Upper layer security definitions 3 4 Abbreviations 4 5 Conventions 4 6 OSI protocol overview 5 6.1 Remote Operations Specification and OSI Realization 5

12、6.2 Directory ROS-Objects and Contracts 6 6.3 DAP Contract and Packages . 7 6.4 DSP Contract and Packages 8 6.5 DISP Contracts and Packages . 9 6.6 DOP Contract and Packages . 10 6.7 Use of underlying services 10 7 Directory protocol OSI abstract syntax. 12 7.1 Abstract syntaxes 12 7.2 Directory app

13、lication contexts 14 7.3 Operation Codes 16 7.4 Error Codes . 16 8 Directory protocol mapping onto OSI services. 17 8.1 Application contexts omitting RTSE 17 8.2 Application contexts including RTSE. 19 9 IDM protocol 20 9.1 IDM-PDUs 20 9.2 Use of OPERATION and ERROR classes 22 9.3 Sequencing require

14、ments 22 9.4 Protocols . 23 9.5 Reject reasons . 23 9.6 Abort reasons 24 9.7 Mapping onto TCP/IP . 24 9.8 Addressing 25 10 Directory protocol mapping onto the IDM protocol. 25 10.1 DAP-IP Protocol . 26 10.2 DSP-IP Protocol 26 10.3 DISP-IP Protocol. 26 10.4 DOP-IP Protocol . 26 11 Protocol stack coex

15、istence 27 11.1 Coexistence between OSI and IDM stacks . 27 11.2 Coexistence in the presence of LDAP. 27 11.3 Defining an NSAP format for LDAP 27 ISO/IEC 9594-5:2001(E) iv ISO/IEC 2001 All rights reserved Page 12 Versions and the rules for extensibility 28 12.1 DUA to DSA. 29 12.2 DSA to DSA . 29 12

16、.3 Rules of extensibility for object classes 31 12.4 Rules of extensibility for user attribute types 31 13 Conformance 31 13.1 Conformance by DUAs. 31 13.2 Conformance by DSAs . 32 13.3 Conformance by a shadow supplier 36 13.4 Conformance by a shadow consumer 37 Annex A DAP in ASN.1. 38 Annex B DSP

17、in ASN.1 41 Annex C DISP in ASN.1. 44 Annex D DOP in ASN.1. 48 Annex E IDM Protocol in ASN.1 . 51 Annex F Directory IDM Protocols in ASN.1 54 Annex G Reference definition of protocol object identifiers 56 Annex H Directory operational binding types 58 Annex I Amendments and corrigenda. 59 ISO/IEC 95

18、94-5:2001(E) ISO/IEC 2001 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the develo

19、pment of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-government

20、al, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of the

21、 joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. At

22、tention is drawn to the possibility that some of the elements of this part of ISO/IEC 9594 may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Users and implementors should note the existence of a “defect resolution” procedure

23、 in ISO/IEC JTC 1 to identify and correct errors in International Standards through the publication of Technical Corrigenda. Identical corrections are made to the corresponding ITU-T Recommendations through Corrigenda and may also be made in the form of Implementors Guides. Details of Technical Corr

24、igenda to International Standards are available on the ISO website; published Technical Corrigenda can be obtained via the ISO webstore or from the ISO and IEC national bodies. Corrigenda and Implementors Guides to ITU-T Recommendations can be obtained from the ITU-T website. ISO/IEC 9594-5 was prep

25、ared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and information exchange between systems, in collaboration with ITU-T. The identical text is published as ITU-T Rec. X.519. This fourth edition of ISO/IEC 9594-5 constitutes a technical rev

26、ision of the third edition (ISO/IEC 9594-5:1998), which is provisionally retained in order to support implementations based on the third edition. This edition also incorporates Corrigendum 1:2002. ISO/IEC 9594 consists of the following parts, under the general title Information technology Open Syste

27、ms Interconnection The Directory: Part 1: Overview of concepts, models and services Part 2: Models Part 3: Abstract service definition Part 4: Procedures for distributed operation Part 5: Protocol specifications Part 6: Selected attribute types Part 7: Selected object classes Part 8: Public-key and

28、attribute certificate frameworks Part 9: Replication Part 10: Use of systems management for administration of the Directory Annexes A to H form a normative part of this part of ISO/IEC 9594. Annex I is for information only. ISO/IEC 9594-5:2001(E) vi ISO/IEC 2001 All rights reserved Introduction This

29、 Recommendation | International Standard, together with the other Recommendations | International Standards, has been produced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they h

30、old, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals and distrib

31、ution lists. The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: from different manufacturers; under different

32、managements; of different levels of complexity; and of different ages. This Recommendation | International Standard specifies the application service elements and application contexts for two protocols the Directory Access Protocol (DAP) and the Directory System Protocol (DSP). The DAP provides for

33、access to the Directory to retrieve or modify Directory information. The DSP provides for the chaining of requests to retrieve or modify Directory information to other parts of the distributed Directory System where the information may be held. In addition this Recommendation | International Standar

34、d specifies the application service elements and application contexts for the Directory Information Shadowing Protocol (DISP) and the Directory Operational Binding Management Protocol (DOP). The DISP provides for the shadowing of information held in one DSA to another DSA. The DOP provides for the e

35、stablishment, modification and termination of bindings between pairs of DSAs for the administration of relationships between the DSAs (such as for shadowing or hierarchical relationships). This fourth edition technically revises and enhances, but does not replace, the third edition of this Recommend

36、ation | International Standard. Implementations may still claim conformance to the third edition. However, at some point, the third edition will not be supported (i.e. reported defects will no longer be resolved). It is recommended that implementations conform to this fourth edition as soon as possi

37、ble. This fourth edition specifies version 1 and version 2 of the Directory protocols. The first and second editions specified only version 1. Most of the services and protocols specified in this edition are designed to function under version 1. However some enhanced services and protocols, e.g. sig

38、ned errors, will not function unless all Directory entities involved in the operation have negotiated version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in the four editions, except for those specifically assigned to version 2, are ac

39、commodated using the rules of extensibility defined in this edition of ITU-T Rec. X.519 | ISO/IEC 9594-5. This Directory Specification also specifies an alternative version of the DAP, DSP, DISP and DOP protocols, known as DAP-IP, DSP-IP, DISP-IP and DOP-IP respectively, which are mappings of the co

40、rresponding abstract services directly onto the TCP/IP protocol instead of onto an OSI stack. These alternative protocols allow support of Directory service elements without the implementation overhead of supporting a full OSI stack. Annex A, which is an integral part of this Recommendation | Intern

41、ational Standard, provides the ASN.1 module for the directory access protocol. Annex B, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the directory system protocol. Annex C, which is an integral part of this Recommendation | International St

42、andard, provides the ASN.1 module for the directory information shadowing protocol. Annex D, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the directory operational binding management protocol. Annex E, which is an integral part of this Reco

43、mmendation | International Standard, provides the ASN.1 module for the IDM protocol specification. ISO/IEC 9594-5:2001(E) ISO/IEC 2001 All rights reserved viiAnnex F, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the Directory IDM protocols.

44、 Annex G, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module which contains all the ASN.1 object identifiers assigned in this Recommendation | International Standard. Annex H, which is an integral part of this Recommendation | International Standard,

45、 provides the ASN.1 module which contains all the ASN.1 object identifiers assigned to identify operational binding types in this series of Recommendations | International Standards. Annex I, which is not an integral part of this Recommendation | International Standard, lists the amendments and defe

46、ct reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-5:2001 (E) ITU-T X.519 (02/2001 E) 1 INTERNATIONAL STANDARD ISO/IEC 9594-5:2001 (E) ITU-T RECOMMENDATION Information technology Open Systems Interconnection The Directory: Protoc

47、ol specifications 1 Scope This Recommendation | International Standard specifies the Directory Access Protocol, the Directory System Protocol, the Directory Information Shadowing Protocol, and the Directory Operational Binding Management Protocol fulfilling the abstract services specified in ITU-T R

48、ec. X.511 | ISO/IEC 9594-3, ITU-T Rec. X.518 | ISO/IEC 9594-4, and ITU-T Rec. X.525 | ISO/IEC 9594-9. 2 Normative references The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation | Internationa

49、l Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maint