ImageVerifierCode 换一换
格式:PDF , 页数:140 ,大小:1.26MB ,
资源ID:436569      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-436569.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS ISO IEC 9594-8-2001 Information technology Open Systems Interconnection The Directory Public-key and attribute certificate frameworks (INCITS Adoption).pdf)为本站会员(syndromehi216)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS ISO IEC 9594-8-2001 Information technology Open Systems Interconnection The Directory Public-key and attribute certificate frameworks (INCITS Adoption).pdf

1、Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Date of ANSI Approval: 12/24/2003Published by American National Standards Institute,25 West 43rd Street, New York, New York 10036Copyright 2003 by Information Technology Industry Council

2、 (ITI).All rights reserved.These materials are subject to copyright claims of International Standardization Organization (ISO), InternationalElectrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council(ITI). Not for resale. No part of t

3、his publication may be reproduced in any form, including an electronic retrieval system, withoutthe prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW,Washington, DC 20005.Printed in the United States of AmericaReference numberISO

4、/IEC 9594-8:2001(E)ISO/IEC 2001INTERNATIONAL STANDARD ISO/IEC9594-8Fourth edition2001-08-01Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks Technologies de linformation Interconnexion de systmes ouverts (OSI) Lannuaire: Cadres de cl p

5、ublique et de certificat dattribut ISO/IEC 9594-8:2001(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the c

6、omputer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to c

7、reate this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform

8、the Central Secretariat at the address given below. ISO/IEC 2001 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

9、either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web www.iso.ch Printed in Switzerland ii ISO/IEC 2001 All rights reserved CONTENTS Page Intr

10、oduction viii SECTION 1 GENERAL . 1 1 Scope 1 2 Normative references 2 2.1 Identical Recommendations | International Standards. 2 2.2 Paired Recommendations | International Standards equivalent in technical content. 3 3 Definitions 3 3.1 OSI Reference Model security architecture definitions. 3 3.2 D

11、irectory model definitions. 3 3.3 Definitions. 4 4 Abbreviations 6 5 Conventions 7 6 Frameworks overview 7 6.1 Digital signatures. 8 SECTION 2 PUBLIC-KEY CERTIFICATE FRAMEWORK. 10 7 Public-keys and public-key certificates 11 7.1 Generation of key pairs . 15 7.2 Public-key certificate creation. 15 7.

12、3 Certificate validity. 15 8 Public-key certificate and CRL extensions. 17 8.1 Policy handling 18 8.1.1 Certificate policy . 18 8.1.2 Cross-certification . 19 8.1.3 Policy mapping 20 8.1.4 Certification path processing. 20 8.1.5 Self-issued certificates. 20 8.2 Key and policy information extensions

13、. 21 8.2.1 Requirements. 21 8.2.2 Public-key certificate and CRL extension fields . 21 8.2.2.1 Authority key identifier extension. 22 8.2.2.2 Subject key identifier extension 22 8.2.2.3 Key usage extension 22 8.2.2.4 Extended key usage extension. 23 8.2.2.5 Private key usage period extension . 24 8.

14、2.2.6 Certificate policies extension. 24 8.2.2.7 Policy mappings extension 25 8.3 Subject and issuer information extensions 26 8.3.1 Requirements. 26 8.3.2 Certificate and CRL extension fields. 26 8.3.2.1 Subject alternative name extension . 26 8.3.2.2 Issuer alternative name extension 26 8.3.2.3 Su

15、bject directory attributes extension 27 8.4 Certification path constraint extensions. 27 8.4.1 Requirements. 27 8.4.2 Certificate extension fields 28 8.4.2.1 Basic constraints extension 28 8.4.2.2 Name constraints extension. 29 8.4.2.3 Policy constraints extension 30 8.4.2.4 Inhibit any policy exten

16、sion 30 ISO/IEC 9594-8:2001(E) ISO/IEC 2001 All rights reserved iiiPage 8.5 Basic CRL extensions 30 8.5.1 Requirements. 30 8.5.2 CRL and CRL entry extension fields. 31 8.5.2.1 CRL number extension 31 8.5.2.2 Reason code extension 32 8.5.2.3 Hold instruction code extension 32 8.5.2.4 Invalidity date

17、extension 33 8.5.2.5 CRL scope extension. 33 8.5.2.6 Status referral extension 35 8.5.2.7 CRL stream identifier extension 36 8.5.2.8 Ordered list extension 36 8.5.2.9 Delta information extension 37 8.6 CRL distribution points and delta-CRL extensions. 37 8.6.1 Requirements. 37 8.6.2 CRL distribution

18、 point and delta-CRL extension fields 38 8.6.2.1 CRL distribution points extension. 38 8.6.2.2 Issuing distribution point extension. 39 8.6.2.3 Certificate issuer extension 40 8.6.2.4 Delta CRL indicator extension 40 8.6.2.5 Base update extension . 41 8.6.2.6 Freshest CRL extension. 41 9 Delta CRL r

19、elationship to base. 41 10 Certification path processing procedure . 42 10.1 Path processing inputs . 42 10.2 Path processing outputs . 43 10.3 Path processing variables 43 10.4 Initialization step . 43 10.5 Certificate processing 44 10.5.1 Basic certificate checks . 44 10.5.2 Processing intermediat

20、e certificates 44 10.5.3 Explicit policy indicator processing 45 10.5.4 Final processing. 46 11 PKI directory schema . 46 11.1 PKI directory object classes and name forms 46 11.1.1 PKI user object class . 46 11.1.2 PKI CA object class. 46 11.1.3 CRL distribution points object class and name form. 46

21、 11.1.4 Delta CRL object class 47 11.1.5 Certificate Policy published Technical Corrigenda can be obtained via the ISO webstore or from the ISO and IEC national bodies. Corrigenda and Implementors Guides to ITU-T Recommendations can be obtained from the ITU-T website. International Standard ISO/IEC

22、9594-8 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and information exchange between systems, in collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.509. This fourth edition of ISO/IEC 9594-8 co

23、nstitutes a technical revision of the third edition (ISO/IEC 9594-8:1998), which is provisionally retained in order to support implementations based on the third edition. This edition also incorporates Corrigendum 1:2000. ISO/IEC 9594 consists of the following parts, under the general title Informat

24、ion technology Open Systems Interconnection The Directory: Part 1: Overview of concepts, models and services Part 2: Models Part 3: Abstract service definition Part 4: Procedures for distributed operation Part 5: Protocol specifications Part 6: Selected attribute types Part 7: Selected object classe

25、s Part 8: Public-key and attribute certificate frameworks Part 9: Replication Part 10: Use of systems management for administration of the Directory Annexes A, B and F form a normative part of this part of ISO/IEC 9594. Annexes C, D, E, G, H and I are for information only. Introduction This Recommen

26、dation | International Standard, together with other Recommendations | International Standards, has been produced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information which they hold, can be

27、viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application-entities, people, terminals and distribution lists.

28、 The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: from different manufacturers; under different managements;

29、 of different levels of complexity; and of different ages. Many applications have requirements for security to protect against threats to the communication of information. Virtually all security services are dependent upon the identities of the communicating parties being reliably known, i.e. authen

30、tication. This Recommendation | International Standard defines a framework for public-key certificates. That framework includes specification of data objects used to represent the certificates themselves as well as revocation notices for issued certificates that should no longer be trusted. The publ

31、ic-key certificate framework defined in this Specification, while it defines some critical components of a Public-key Infrastructure (PKI), it does not define a PKI in its entirety. However, this Specification provides the foundation upon which full PKIs and their specifications would be built. Simi

32、larly, this Recommendation | International Standard defines a framework for attribute certificates. That framework includes specification of data objects used to represent the certificates themselves as well as revocation notices for issued certificates that should no longer be trusted. The attribut

33、e certificate framework defined in this Specification, while it defines some critical components of a Privilege Management Infrastructure (PMI), it does not define a PMI it its entirety. However, this Specification provides the foundation upon which full PMIs and their specifications would be built.

34、 Information objects for holding PKI and PMI objects in the Directory and for comparing presented values with stored values are also defined. This Recommendation | International Standard also defines a framework for the provision of authentication services by the Directory to its users. This Recomme

35、ndation | International Standard provides the foundation frameworks upon which industry profiles can be defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks, may be mandated for use in certain environments through profiles. This fourth e

36、dition technically revises and enhances, but does not replace, the third edition of this Recommendation | International Standard. Implementations may still claim conformance to the third edition. However, at some point, the third edition will not be supported (i.e. reported defects will no longer be

37、 resolved). It is recommended that implementations conform to this fourth edition as soon as possible. This fourth edition specifies version 1 and 2 of the Directory protocols. The first and second editions specified only version 1. Most of the services and protocols specified in this edition are de

38、signed to function under version 1. However some enhanced services and protocols, e.g. signed errors, will not function unless all Directory entities involved in the operation have negotiated version 2. Whichever version has been negotiated, differences between the services and between the protocols

39、 defined in the four editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility defined in this edition of ITU-T Rec. X.519 | ISO/IEC 9594-5. Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 m

40、odule which contains all of the definitions associated with the frameworks. Annex B, which is an integral part of this Recommendation | International Standard, provides rules for generating and processing Certificate Revocation Lists. Annex C, which is not an integral part of this Recommendation | I

41、nternational Standard, provides examples of delta-CRL issuance. ISO/IEC 9594-8:2001(E) ISO/IEC 2001 All rights reserved ixAnnex D, which is not an integral part of this Recommendation | International Standard, provides examples of privilege policy syntaxes and privilege attributes. Annex E, which is

42、 not an integral part of this Recommendation | International Standard, is an introduction to public-key cryptography. Annex F, which is an integral part of this Recommendation | International Standard, defines object identifiers assigned to authentication and encryption algorithms, in the absence of

43、 a formal register. Annex G, which is not an integral part of this Recommendation | International Standard, contains examples of the use of certification path constraints. Annex H, which is not an integral part of this Recommendation | International Standard, contains an alphabetical list of informa

44、tion item definitions in this Specification. Annex I, which is not an integral part of this Recommendation | International Standard, lists the amendments and defect reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-8:2001(E) x ISO/

45、IEC 2001 All rights reserved The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this part of ISO/IEC 9594 may involve the use of a patent concerning the CRL distribution p

46、oint facility. ISO and IEC take no position concerning the evidence, validity and scope of this patent right. The holder of this patent right has assured ISO and IEC that he is willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the w

47、orld. In this respect, the statement of the holder of this patent right is registered with ISO and IEC. Information may be obtained from: Entrust Technologies Mr. Mike Morgan, Senior Legal Counsel 750 Heron Road, Suite E08 Ottawa, Ontario K1V 1A7 Canada Attention is drawn to the possibility that som

48、e of the elements of this part of ISO/IEC 9594 may be the subject of patent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 9594-8 : 2001 (E) ITU-T Rec. X.509 (2000 E) 1 INTERNATIONAL STANDARD ISO/IEC 9594-8 :

49、 2001 (E) ITU-T Rec. X.509 (2000 E) ITU-T RECOMMENDATION INFORMATION TECHNOLOGY OPEN SYSTEMS INTERCONNECTION THE DIRECTORY: PUBLIC-KEY AND ATTRIBUTE CERTIFICATE FRAMEWORKS SECTION 1 GENERAL 1 Scope This Recommendation | International Standard addresses some of the security requirements in the areas of authentication and other security services through the provision of a set of frameworks upon which full services can be based. Specifically, this Recommendation | International Standard defines frameworks for: Pu

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1