BS ISO IEC 11586-5-1997 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) protocol implementation con.pdf

1、BRITISH STANDARD BS ISO/IEC 11586-5:1997 Information technology OpenSystems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) Protocol Implementation Conformance Statement (PICS) proforma (ITU-T Rec. X.834 (1996)|ISO/IEC 11586-5:1997) ICS 35.100.70BSISO/IEC11586

2、-5:1997 This British Standard, having been prepared under the directionof the DISC Board, waspublished under the authorityof the Standards Boardand comes into effect on 15September1997 BSI 09-1999 ISBN 0 580 27859 X National foreword This British Standard reproduces verbatim ISO/IEC11586-5:1997 and

3、implements it as the UK national standard. The UK participation in its preparation was entrusted to Technical Committee IST/21, Open Systems Interconnection, Data Management and Open Distributed Processing, which has the responsibility to: aid enquirers to understand the text; present to the respons

4、ible international/European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee can be obtained on requ

5、est to its secretary. From1January1997, all IEC publications have the number60000 added to the old number. For instance, IEC27-1 has been renumbered as IEC60027-1. For a period of time during the change over from one numbering system to the other, publications may contain identifiers from both syste

6、ms. Cross-references The British Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or using the “Find” facility of the BSI Standards Elec

7、tronic Catalogue. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This d

8、ocument comprises a front cover, an inside front cover, pages i and ii, theISO/IEC title page, pages ii to iv, pages1 to7 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on the inside front

9、cover. Amendments issued since publication Amd. No. Date CommentsBSISO/IEC11586-5:1997 BSI 09-1999 i Contents Page National foreword Inside front cover Foreword iii Text of ISO/IEC 11586-5 1ii blankBSISO/IEC11586-5:1997 ii BSI 09-1999 Contents Page Foreword iii Introduction 1 1 Scope 1 2 Normative r

10、eferences 1 2.1 Identical Recommendations|International Standards 1 2.2 Paired Recommendations|International Standards equivalent in technical content 1 3 Definitions 2 4 Abbreviations 2 5 Conventions 2 6 Conformance 2 Annex A Protocol Implementation Conformance Statement (PICS) proforma for the SES

11、E protocol 3 A.1 Notations defined for the proforma 3 A.1.1 Status column 3 A.1.2 Support column 3 A.2 PICS numbers 3 A.3 Completion of the PICS 3 A.4 Date of statement 4 A.5 Implementation details 4 A.6 ITU-T Rec. X.832|ISO/IEC 11586-3 protocol details 4 A.6.1 ITU-T Rec. X.832|ISO/IEC 11586-3 techn

12、ical corrigenda implemented 4 A.7 Global statement of conformance 5 A.8 Supported APDUs 5 A.9 Supported APDU parameters 5 A.9.1 SE-Transfer (SETR) 5 A.9.2 SE-U-Abort (SEAB) 5 A.9.3 SE-P-Abort (SEPA) 5 A.9.4 Problem codes 6 A.10 Abstract syntax 6 A.11 Application Context 6 A.12 Security exchanges 6 A

13、.12.1 Class of Security Exchange Supported 6 A.12.2 Exchange Supported 6 A.12.3 Directory Authentication Exchange (one way) 7 A.12.4 Directory Authentication Exchange (two way) 7 A.12.5 Simple Negotiation Exchange 7 Descriptors: Data processing, information interchange, network interconnection, open

14、 systems interconnection, communication procedure, security techniques, protocols, implementation.BSISO/IEC11586-5:1997 BSI 09-1999 iii Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide

15、standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fiel

16、ds of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted

17、 by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least75% of the national bodies casting a vote. International Standard ISO/IEC11586-5 was prepared by Joint Technical Committee ISO/IEC JTC1, Information t

18、echnology, Subcommittee SC 21, Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.834. ISO/IEC11586 consists of the following parts, under the general title Information technology Open

19、Systems Interconnection Generic upper layers security: Part 1: Overview, models and notation; Part 2: Security Exchange Service Element (SESE) service definition; Part 3: Security Exchange Service Element (SESE) protocol specification; Part 4: Protecting transfer syntax specification; Part 5: Securi

20、ty Exchange Service Element (SESE) Protocol Implementation Conformance Statement (PICS) proforma; Part 6: Protecting transfer syntax Protocol Implementation Conformance Statement (PICS) Proforma. Annex A forms an integral part of this part of ISO/IEC11586.iv blankBSISO/IEC11586-5:1997 BSI 09-1999 1

21、Introduction This Recommendation|International Standard forms part of a series of Recommendations|International Standards that provide generic upper layer security services. The parts are as follows: Part 1: Overview, Model and Notation; Part 2: Security Exchange Service Element Service Definition;

22、Part 3: Security Exchange Service Element Protocol Specification; Part 4: Protecting Transfer Syntax Specification; Part 5: Security Exchange Service Element Service PICS Proforma; Part 6: Protecting Transfer Syntax PICS Proforma. This Recommendation|International Standard constitutes Part5 of the s

23、eries. Part 3 defines a protocol for the communication of security exchange information between open systems as part of the operation of a security mechanism. To evaluate the conformance of a particular implementation, it is necessary to have a description of the capabilities and options which have

24、been implemented. Suchadescription is called a Protocol Implementation Conformance Statement (PICS). This Recommendation|International Standard includes the PICS proforma for the security exchange service element protocol specified in Part3 and the security exchanges defined in Part1, Annex C. 1 Sco

25、pe This Recommendation|International Standard defines a Protocol Implementation Conformance Statement (PICS) proforma for the detailed expression of the conformance requirements of ITU-T Rec. X.832|ISO/IEC11586-3 and Annex C of ITU-T Rec. X.830|ISO/IEC11586-1. This PICS proforma is in compliance wit

26、h the relevant requirements, and in accordance with the relevant guidance for a PICS proforma, given in ITU-T Rec. X.291 and ISO/IEC 9646-2. Detail of the use of this proforma is provided in this Recommendation|International Standard. Implementations claiming conformance toITU-T Rec. X.832|ISO/IEC 1

27、1586-3 or Annex C of ITU-T Rec. X.830|ISO/IEC 11586-1 shall complete the proforma as part of the conformance requirements. The level of detail required in the proforma exceeds that of the protocol specification by requiring details to uniquely identify the implementation and the supplier. NOTEPICS a

28、re related to base Recommendations and Standards and only base Recommendations and Standards. PICS structure might be expanded and refined for other documents using the base Standards (e.g. ISPICS). 2 Normative references The following Recommendations and International Standards contain provisions w

29、hich, through reference in this text, constitute provisions of this Recommendation|International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and the parties to agreements based on this Recommendation|Internationa

30、l Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a

31、 list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations|International Standards ITU-T Recommendation X.210 (1993)|ISO/IEC 10731:1994 Information technology Open Systems Interconnection Basic Reference Model: Conventions for the definition of OSI services. ITU-T Recommendation X

32、.830 (1995)|ISO/IEC 11586-1:1996, Information technology Open Systems Interconnection Generic upper layers security: Overview, models and notation. ITU-T Recommendation X.832 (1995)|ISO/IEC 11586-3:1996, Information technology Open Systems Interconnection Generic upper layers security: Security Exch

33、ange Service Element (SESE) protocol specification. 2.2 Paired Recommendations|International Standards equivalent in technical content ITU-T Recommendation X.290 (1995), OSI conformance testing methodology and framework for protocol Recommendations for ITU-T applications General concepts.BSISO/IEC11

34、586-5:1997 2 BSI 09-1999 ISO/IEC 9646-1:1994, Information technology Open Systems Interconnection Conformance testing methodology and framework Part 1: General concepts. ITU-T Recommendation X.291 (1995), OSI conformance testing methodology and framework for protocol Recommendations for ITU-T applic

35、ations Abstract test suite specification. ISO/IEC 9646-2:1994, Information technology Open Systems Interconnection Conformance testing methodology and framework Part 2: Abstract Test Suite specification. 3 Definitions 3.1 this Recommendation|International Standard makes use of the following terms de

36、fined in ITU-T Rec. X.290 and ISO/IEC 9646-1: a) Protocol Implementation Conformance Statement (PICS); b) PICS proforma; c) Protocol Implementation eXtra Information for Testing (PIXIT). 4 Abbreviations 4.1 The following abbreviations used in this Recommendation|International Standard are defined in

37、 ITU-T Rec. X.290 and ISO/IEC9646-1: a) PICS; b) PIXIT. 5 Conventions This Recommendation|International Standard uses the descriptive conventions in the OSI Service Conventions, ITU-T Rec. X.210|ISO/IEC10731. The PICS proforma annex has been designed to be a self contained section of this Recommenda

38、tion|International Standard, for use in testing and procurement. 6 Conformance A conforming PICS proforma shall be technically equivalent to the ITU-T|ISO/IEC published PICS proforma and shall preserve the numbering and ordering of the items in the ITU-T|ISO/IEC PICS proforma. A PICS which conforms

39、to this Recommendation|International Standard shall: a) describe an implementation which conforms to ITU-T Rec. X.832|ISO/IEC11586-3; b) be a conforming PICS proforma, which has been completed in accordance with the instruction for completion given inA.1 andA.3; and c) include the information necess

40、ary to uniquely identify both the supplier and the implementation.BSISO/IEC11586-5:1997 BSI 09-1999 3 Annex A Protocol Implementation Conformance Statement (PICS) proforma for the SESE protocol 1) (This annex forms an integral part of this Recommendation|International Standard) A.1 Notations defined

41、 for the proforma In order to reduce the size of tables in the PICS proforma, notations have been introduced that have allowed the use of a multi-column layout, where the columns are headed “Status”, and “Support”. The definition of each of these follows. A.1.1 Status column This column indicates th

42、e level of support required for conformance to ITU-T Rec. X.832|ISO/IEC11586-3. The values are as follows: A.1.2 Support column The “Support” column shall be completed by the supplier or implementor to indicate the level of implementation of each feature. The proforma has been designed such that the

43、 only entries required in the “Support” column are: A.2 PICS numbers Each line within the PICS proforma which requires implementation detail to be entered is numbered at the left hand edge of the line. This numbering is included as a means of uniquely identifying all possible implementation details

44、within the PICS proforma. The need for such unique referencing has been identified by the testing bodies. The means of referencing individual responses should be to specify the following sequence: a) a reference to the smallest subclause enclosing the relevant item; b) a solidus character, “/”; c) t

45、he reference number of the row in which the response appears; d) if, and only if, more than one response occurs in the row identified by the reference number, then each possible entry is implicitly labelled a, b, c, etc., from left to right, and this letter is appended to the sequence. A.3 Completio

46、n of the PICS The implementor shall complete all entries in the column marked “Support”. In certain clauses of the PICS proforma further guidance for completion may be necessary. Such guidance shall supplement the guidance given in this clause and shall have a scope restricted to the clause in which

47、 it appears. In addition, other specifically identified information shall be provided by the implementor where requested. No changes shall be made to the proforma except the completion as required. Recognizing that the level of detail required may, in some instances, exceed the space available for r

48、esponses a number of responses specifically allow for the addition of appendices to the PICS. 1) Copyright release for PICS proforma: Users of this Recommendation|International Standard may freely reproduce the PICS proforma in this annex so that it can be used for its intended purpose, and may furt

49、her publish the completed PICS. M Mandatory support is required. O Optional support is permitted for conformance to ITU-T Rec. X.832|ISO/IEC 11586-3. If implemented, it must conform to the specifications and restrictions contained in ITU-T Rec. X.832|ISO/IEC 11586-3. These restrictions may affect the optionality of other items. n/a The item is not applicable. cn The item is conditional (where n is the number which identifies the condition which is applicable). The definitions for the conditional statements