ANSI ISO IEC 9594-3-2001 Information technology Open Systems Interconnection The Directory Abstract service definition (Adopted by INCITS)《信息技术.开放系统互连.目录 INCITS采用抽象服务定义》.pdf

1、Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Date of ANSI Approval: 12/24/2003Published by American National Standards Institute,25 West 43rd Street, New York, New York 10036Copyright 2003 by Information Technology Industry Council

2、 (ITI).All rights reserved.These materials are subject to copyright claims of International Standardization Organization (ISO), InternationalElectrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council(ITI). Not for resale. No part of t

3、his publication may be reproduced in any form, including an electronic retrieval system, withoutthe prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW,Washington, DC 20005.Printed in the United States of AmericaReference numberISO

4、/IEC 9594-3:2001(E)ISO/IEC 2001INTERNATIONAL STANDARD ISO/IEC9594-3Fourth edition2001-12-15Information technology Open Systems Interconnection The Directory: Abstract service definition Technologies de linformation Interconnexion de systmes ouverts (OSI) Lannuaire: Dfinitions du service abstrait ISO

5、/IEC 9594-3:2001(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In dow

6、nloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in th

7、e General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address

8、 given below. ISO/IEC 2001 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO

9、s member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web www.iso.ch Published by ISO in 2002 Printed in Switzerland ii ISO/IEC 2001 All rights reserved ISO/IEC 9594-3:2001(E) ISO/IEC

10、2001 All rights reserved iiiCONTENTS Page 1 Scope 1 2 Normative references . 1 2.1 Identical Recommendations | International Standards . 1 2.2 Other references . 2 3 Definitions 2 3.1 Basic Directory definitions. 2 3.2 Directory model definitions . 2 3.3 Directory information base definitions. 2 3.4

11、 Directory entry definitions . 3 3.5 Name definitions 3 3.6 Distributed operations definitions 3 3.7 Abstract service definitions 3 4 Abbreviations . 4 5 Conventions . 4 6 Overview of the Directory service . 4 7 Information types and common procedures . 5 7.1 Introduction 5 7.2 Information types def

12、ined elsewhere 5 7.3 Common arguments . 6 7.4 Common results . 9 7.5 Service controls 9 7.6 Entry information selection 12 7.7 Entry information. 15 7.8 Filter. 17 7.9 Paged results. 20 7.10 Security parameters 21 7.11 Common elements of procedure for access control 22 7.12 Managing the DSA Informat

13、ion Tree 24 7.13 Procedures for families of entries. 25 8 Bind and Unbind operations. 26 8.1 Directory Bind 26 8.2 Directory Unbind . 29 9 Directory Read operations 29 9.1 Read . 29 9.2 Compare. 32 9.3 Abandon. 34 ISO/IEC 9594-3:2001(E) iv ISO/IEC 2001 All rights reserved Page 10 Directory Search op

14、erations . 34 10.1 List 34 10.2 Search 37 11 Directory Modify operations 48 11.1 Add Entry. 49 11.2 Remove Entry. 51 11.3 Modify Entry 52 11.4 Modify DN. 56 12 Errors 58 12.1 Error precedence 58 12.2 Abandoned . 59 12.3 Abandon Failed 59 12.4 Attribute Error 60 12.5 Name Error. 61 12.6 Referral. 61

15、12.7 Security Error. 62 12.8 Service Error 63 12.9 Update Error. 64 13 Analysis of search arguments. 65 13.1 General check of search filter. 66 13.2 Check of request-attribute-profiles. 67 13.3 Check of controls and hierarchy selections 68 Annex A Abstract Service in ASN.1. 70 Annex B Operational se

16、mantics for Basic Access Control. 82 Annex C Examples of searching families of entries . 96 C.1 Single family example 96 C.2 Multiple families example 97 Annex D Amendments and corrigenda . 100 ISO/IEC 9594-3:2001(E) ISO/IEC 2001 All rights reserved vForeword ISO (the International Organization for

17、Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective orga

18、nization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technol

19、ogy, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of the joint technical committee is to prepare International Standards. Draft International Standards

20、adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this part of ISO/IEC 9594 may b

21、e the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Users and implementors should note the existence of a “defect resolution” procedure in ISO/IEC JTC 1 to identify and correct errors in International Standards through the publicat

22、ion of Technical Corrigenda. Identical corrections are made to the corresponding ITU-T Recommendations through Corrigenda and may also be made in the form of Implementors Guides. Details of Technical Corrigenda to International Standards are available on the ISO website; published Technical Corrigen

23、da can be obtained via the ISO webstore or from the ISO and IEC national bodies. Corrigenda and Implementors Guides to ITU-T Recommendations can be obtained from the ITU-T website. ISO/IEC 9594-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Tele

24、communications and information exchange between systems, in collaboration with ITU-T. The identical text is published as ITU-T Rec. X.511. This fourth edition of ISO/IEC 9594-3 constitutes a technical revision of the third edition (ISO/IEC 9594-3:1998), which is provisionally retained in order to su

25、pport implementations based on the third edition. This edition also incorporates Corrigendum 1:2002. ISO/IEC 9594 consists of the following parts, under the general title Information technology Open Systems Interconnection The Directory: Part 1: Overview of concepts, models and services Part 2: Mode

26、ls Part 3: Abstract service definition Part 4: Procedures for distributed operation Part 5: Protocol specifications Part 6: Selected attribute types Part 7: Selected object classes Part 8: Public-key and attribute certificate frameworks Part 9: Replication Part 10: Use of systems management for admi

27、nistration of the Directory Annex A forms a normative part of this part of ISO/IEC 9594. Annexes B, C and D are for information only. ISO/IEC 9594-3:2001(E) vi ISO/IEC 2001 All rights reserved Introduction This Recommendation | International Standard, together with the other Recommendations | Intern

28、ational Standards, has been produced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directory. The information held by t

29、he Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals, and distribution lists. The Directory plays a significant role in Open Systems Interconnection, whos

30、e aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: from different manufacturers; under different managements; of different levels of complexity; and of different ages. This Recommendatio

31、n | International Standard defines the capabilities provided by the Directory to its users. This fourth edition technically revises and enhances, but does not replace, the third edition of this Recommendation | International Standard. Implementations may still claim conformance to the third edition.

32、 However, at some point, the third edition will not be supported (i.e. reported defects will no longer be resolved). It is recommended that implementations conform to this fourth edition as soon as possible. This fourth edition specifies version 1 and version 2 of the Directory protocols. The first

33、and second editions specified only version 1. Most of the services and protocols specified in this edition are designed to function under version 1. However, some enhanced services and protocols, e.g. signed errors, will not function unless all Directory entities involved in the operation have negot

34、iated version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in the four editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility defined in this edition of ITU-T Rec. X.519 | ISO/IE

35、C 9594-5. Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the Directory abstract service. Annex B, which is not an integral part of this Recommendation | International Standard, provides charts that describe the semantics associated w

36、ith Basic Access Control as it applies to the processing of a Directory operation. Annex C, which is not an integral part of this Recommendation | International Standard, gives examples of the use of families of entries. Annex D, which is not an integral part of this Recommendation | International S

37、tandard, lists the amendments and defect reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-3:2001 (E) ITU-T X.511 (02/2001 E) 1 INTERNATIONAL STANDARD ISO/IEC 9594-3 : 2001 (E) ITU-T Rec. X.511 (2001 E) ITU-T RECOMMENDATION Informa

38、tion technology Open Systems Interconnection The Directory: Abstract service definition 1 Scope This Recommendation | International Standard defines in an abstract way the externally visible service provided by the Directory. This Recommendation | International Standard does not specify individual i

39、mplementations or products. 2 Normative references The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid.

40、 All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO main

41、tain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations | International Standards ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994, Information t

42、echnology Open Systems Interconnection Basic Reference Model: The Basic Model. ITU-T Recommendation X.500 (2001) | ISO/IEC 9594-1:2001, Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services. ITU-T Recommendation X.501 (2001) | ISO/IEC 9594-2:200

43、1, Information technology Open Systems Interconnection The Directory: Models. ITU-T Recommendation X.509 (2000) | ISO/IEC 9594-8:2001, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.518 (2001) | ISO/IEC 9594-

44、4:2001, Information technology Open Systems Interconnection The Directory: Procedures for distributed operation. ITU-T Recommendation X.519 (2001) | ISO/IEC 9594-5:2001, Information technology Open Systems Interconnection The Directory: Protocol specifications. ITU-T Recommendation X.520 (2001) | IS

45、O/IEC 9594-6:2001, Information technology Open Systems Interconnection The Directory: Selected attribute types. ITU-T Recommendation X.521 (2001) | ISO/IEC 9594-7:2001, Information technology Open Systems Interconnection The Directory: Selected object classes. ITU-T Recommendation X.525 (2001) | ISO

46、/IEC 9594-9:2001, Information technology Open Systems Interconnection The Directory: Replication. ITU-T Recommendation X.530 (2001) | ISO/IEC 9594-10:2001, Information technology Open Systems Interconnection The Directory: Use of systems management for administration of the Directory. ITU-T Recommen

47、dation X.680 (1997) | ISO/IEC 8824-1:1998, Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation. ITU-T Recommendation X.681 (1997) | ISO/IEC 8824-2:1998, Information technology Abstract Syntax Notation One (ASN.1): Information object specification. ISO/IEC 959

48、4-3:2001 (E) 2 ITU-T X.511 (02/2001 E) ITU-T Recommendation X.682 (1997) | ISO/IEC 8824-3:1998, Information technology Abstract Syntax Notation One (ASN.1): Constraint specification. ITU-T Recommendation X.683 (1997) | ISO/IEC 8824-4:1998, Information technology Abstract Syntax Notation One (ASN.1):

49、 Parameterization of ASN.1 specifications. ITU-T Recommendation X.880 (1994) | ISO/IEC 13712-1:1995, Information technology Remote Operations: Concepts, model and notation. ITU-T Recommendation X.881 (1994) | ISO/IEC 13712-2:1995, Information technology Remote Operations: OSI realizations Remote Operations Service Element (ROSE) service definition. 2.2 Other references RFC 2025 (1996), The Simple Public-Key GSS-A