ImageVerifierCode 换一换
格式:PDF , 页数:12 ,大小:429.20KB ,
资源ID:588251      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-588251.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 11586-2-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) service definition《信息技术 开放系.pdf)为本站会员(孙刚)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 11586-2-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) service definition《信息技术 开放系.pdf

1、BRITISH STANDARD BS ISO/IEC 11586-2:1996 Information technology OpenSystems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) service definition (ITU-T Rec. X.831 (1995)| ISO/IEC 11586-2:1996) ICS 35.100.70BS ISO/IEC 11586-2:1996 This British Standard, having be

2、en prepared under the direction of the DISC Board, was published under the authority of the Standards Board and comes into effect on 15 November 1996 BSI 11-1998 ISBN 0 580 26545 5 National foreword This British Standard reproduces verbatim ISO/IEC 11586-2:1996, and implements it as the UK national

3、standard. The UK participation in its preparation was entrusted to Technical Committee IST/21, Open Systems Interconnection, Data Management and Open Distributed Processing, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European commi

4、ttee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee is available on request. Cross-references The British St

5、andards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or using the “Find” facility of the BSI Standards Electronic Catalogue. A British Standar

6、d does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an

7、 inside front cover, the ISO/IEC front cover, pages ii to iv, pages 1 to 4 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on theinside front cover. Amendments issued since publication Amd.

8、No. Date CommentsBS ISO/IEC 11586-2:1996 ii BSI 11-1998 Contents Page Introduction 1 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations|International Standards 1 3 Definitions 1 4 Abbreviations 1 5 Conventions 2 6 Service overview 2 6.1 Specific service facilities 2 6.2 Procedural mode

9、l for SE-TRANSFER service facility 2 7 Service definition 3 7.1 Parameters of service primitives 3 7.2 Service primitives 3 8 Sequencing information 4BS ISO/IEC 11586-2:1996 BSI 11-1998 iii Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

10、Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity

11、. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee

12、, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 11586-2 was prepared

13、 by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 21, Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.831. ISO/IEC 11586 consists of the following

14、parts, under the general title Information technology Open Systems Interconnection Generic upper layers security: Part 1: Overview, models and notation; Part 2: Security Exchange Service Element (SESE) service definition; Part 3: Security Exchange Service Element (SESE) protocol specification; Part

15、4: Protecting transfer syntax specification; Part 5: Security Exchange Service Element Protocol Implementation Conformance Statement (PICS) proforma; Part 6: Protecting transfer syntax Protocol Implementation Conformance Statement (PICS) proforma.iv blankBS ISO/IEC 11586-2:1996 BSI 11-1998 1 Introdu

16、ction This Recommendation|International Standard forms part of a series of Recommendations| multi-part International Standards, which provide(s) a set of facilities to aid the construction of Upper Layers protocols which support the provision of security services. The parts are as follows: Part 1: O

17、verview, Models and Notation; Part 2: Security Exchange Service Element Service Definition; Part 3: Security Exchange Service Element Protocol Specification; Part 4: Protecting Transfer Syntax Specification; Part 5: Security Exchange Service Element PICS Proforma; Part 6: Protecting Transfer Syntax

18、PICS Proforma. This Recommendation|International Standard constitutes Part 2 of this series. 1 Scope 1.1 This series of Recommendations|International Standards defines a set of generic facilities to assist in the provision of security services in application layer protocols. These include: a) a set

19、of notational tools to support the specification of selective field protection requirements in an abstract syntax specification, and to support the specification of security exchanges and security transformations; b) a service definition, protocol specification and PICS proforma for an application-s

20、ervice-element (ASE) to support the provision of security services within the Application Layer; c) a specification and PICS proforma for a security transfer syntax, associated with Presentation Layer support for security services in the Application Layer. 1.2 This Recommendation|International Stand

21、ard defines the service provided by the Security Exchange Service Element (SESE). The SESE is an ASE which allows the communication of security information to support the provision of security services within the Application Layer. 2 Normative references The following Recommendations and Internation

22、al Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation|International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on thi

23、s Recommendation|International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bur

24、eau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations| International Standards ITU-T Recommendation X.200 (1994)| ISO/IEC7498-1:1994, Information technology Open Systems Interconnection Basic Reference Model: The Basic Model. ITU-T Recommendation X.8

25、03 (1994)| ISO/IEC10745:1995, Information technology Open Systems Interconnection Upper layers security model. 3 Definitions The following terms are used as defined in ITU-TRec.X.803|ISO/IEC10745: security exchange; security exchange item. 4 Abbreviations For the purposes of this Recommendation| Int

26、ernational Standard, the following abbreviations apply: ASE Application Service Element OSI Open Systems Interconnection PICS Protocol Implementation Conformance Statement SEI Security Exchange ItemBS ISO/IEC 11586-2:1996 2 BSI 11-1998 5 Conventions Clause 7 employs a tabular presentation of the SES

27、E service primitive parameters. Each parameter is summarized using the following notation: 6 Service overview The security exchange service element provides for the communication of information associated with any security exchange, as described in Part 1. This service is typically used for the tran

28、sfer of authentication, access control, non-repudiation or security management information. 6.1 Specific service facilities The following service facilities are defined: a) SE-TRANSFER; b) SE-U-ABORT; c) SE-P-ABORT. The SE-TRANSFER service facility is used to initiate a security exchange of a certai

29、n type, transfer the first security-exchange-item (SEI), as well as transfer the other SEIs of a security exchange. It is the only service facility required in completing a security exchange. The SE-U-ABORT service facility is used by the SESE service user to indicate that an error has occurred. Thi

30、s service is used to abnormally terminate a security exchange in progress. Optionally, this service may also abnormally terminate the ASO-association. The SE-P-ABORT service facility is used by the SESE service provider to indicate that an error has occurred. This service is used to abnormally termi

31、nate a security exchange in progress. Optionally, this service may also abnormally terminate the ASO-association. 6.2 Procedural model for SE-TRANSFER service facility Part 1 of this Recommendation|International Standard defines the following procedural model for security exchanges: An initial Secur

32、ity Exchange Item (SEI) is transferred from A to B. This is optionally followed by one or more transfers of SEIs between A and B, according to the specific security exchange identified in the SE-TRANSFER. The sequence may be terminated upon receipt of any SEI, by generation of an error indication by

33、 either service user or service provider. The time-sequence diagram shown below is an example illustrating the special case of a sequence of SEI transfers in alternate directions for an n-way security exchange. (This is an example of the “Alternating” class of exchange defined in 6.1 of ITU-T Rec. X

34、.830|ISO/IEC 11586-1.) M Presence of the parameter is mandatory O Presence of the parameter is an SESE protocol machine option U Presence of the parameter is an SESE service user option C Presence of the parameter is conditional (=) The value of this parameter is identical to the value of the corres

35、ponding parameter of the preceding SESE service primitive.BS ISO/IEC 11586-2:1996 BSI 11-1998 3 7 Service definition The SESE service primitives are of the following types: 7.1 Parameters of service primitives Following are descriptions of the service primitives parameters. 7.1.1 Security exchange i

36、dentifier This parameter identifies the particular type of security exchange being initiated. The identifier is established when the security exchange is defined, using the SECURITY-EXCHANGE information object class defined in Part 1. 7.1.2 Invocation identifier This parameter identifies a particula

37、r security exchange invocation. It is used for subsequently referring to that invocation for correlation purposes, in a SE-TRANSFER, SE-U-ABORT, or SE-P-ABORT primitives. Invocation identifiers are especially useful in handling multiple security exchange invocations within the context of, for exampl

38、e, an application association. Invocation identifiers are provided by the users of services which initiate security exchanges, and it is the responsibility of such users to ensure that these identifiers are unambiguous within the scope of all active security exchange invocations. 7.1.3 Security exch

39、ange item The item to be conveyed, as implied by the security exchange identifier. 7.1.4 Item identifier In a SE-TRANSFER primitive, this parameter indicates which item of the security exchange this primitive is conveying. In a SE-U-ABORT or SE-P-ABORT primitive, this parameter indicates the item of

40、 a security exchange on which an error condition has been detected. The specification of a security exchange may place specific constraints on the use of the “item identifier”. It is the responsibility of the SESE user to ensure that these constraints are met. 7.1.5 Start flag In a SE-TRANSFER primi

41、tive, this parameter is used to indicate the transfer of the first security-exchange-itemof a security exchange. 7.1.6 End flag In a SE-TRANSFER primitive, this parameter is used to indicate that this security exchange item corresponds to the last security exchange required to satisfy the security m

42、echanism. It is needed to accommodate those mechanisms requiring n exchanges, where n is not known a priori. 7.1.7 Error list This parameter is one or more lists of error codes with optional error parameters. The error code indicates the cause of a SE-U-ABORT being generated. Error codes are establi

43、shed when a security exchange is defined, using the SE-ERROR information object class defined in Part 1. The optional error parameters provide additional information describing the cause of an abort. 7.1.8 Problem code This parameter indicates the cause of an SE-P-ABORTbeing generated. The set of po

44、ssible values is specified in clause 6 of Part 3. 7.1.9 Fatality indicator In a SE-U-ABORT request primitive, this parameter is used to indicate to the SESE service provider whether or not the ASO-association (e.g.application association) must be terminated. In a SE-U-ABORT indication and SE-P-ABORT

45、 indication primitives, this parameter is used to indicate to the SESE service user whether or not the ASO-association (e.g. application association) must be terminated. 7.2 Service primitives The parameters of the SESE service primitives are provided below. (Refer to 6.1 for a definition of the SES

46、E services, and to 7.1 for a description of the specific parameters.) 7.2.1 SE-TRANSFER service The parameters of the SE-TRANSFER service are as follows: SE-TRANSFER Non-confirmed SE-U-ABORT Non-confirmed SE-P-ABORT Provider-initiated Parameter Name Req Ind Security exchange identifier M M(=) Invoca

47、tion identifier U C(=) Security exchange item M M(=) Item identifier U C(=) Start flag U C(=) End flag U C(=)BS ISO/IEC 11586-2:1996 4 BSI 11-1998 7.2.2 SE-U-ABORT service The parameters of the SE-U-ABORT service are as follows: 7.2.3 SE-P-ABORT service The parameters of the SE-P-ABORT service are a

48、s follows: 8 Sequencing information The only sequencing constraint stipulated in this Service definition is that the invocation of SE-TRANSFER primitives with the same invocation identifier must be consistent with 7.1.2. Parameter Name Req Ind Invocation identifier U C(=) Item identifier U C(=) Erro

49、r list U C(=) Fatality Indicator U C(=) Parameter Name Ind Invocation identifier O Item identifier O Problem code M Fatality Indicator OblankBSI 389 Chiswick High Road London W4 4AL | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BSI British Standards Institution BSI is the independent national body responsible for prepar

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1