ITU-T X 520 CORR 1-2014 Information technology – Open Systems Interconnection – The Directory Selected attribute types Technical Corrigendum 1 (Study Group 17)《信息技术 开放系统互连 目录 选定的属.pdf

1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.520 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Corrigendum 1 (11/2014) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Sel

2、ected attribute types Technical Corrigendum 1 Recommendation ITU-T X.520 (2012) Technical Corrigendum 1 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switchin

3、g X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS

4、proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS

5、X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems management framework and architecture X.70

6、0X.709 Management communication service and protocol X.710X.719 Structure of management information X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, concurrency and recovery X.850X.859 Transaction processing X.860X.879 Remote operations X

7、.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299 SECURE APPLICATIONS AND SERVICES X.1300X.1399 CYBERSECURITY INFORMATION EXCHANGE X.15

8、00X.1599 CLOUD COMPUTING SECURITY X.1600X.1699 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.520 (2012)/Cor.1 (11/2014) i INTERNATIONAL STANDARD ISO/IEC 9594-6 RECOMMENDATION ITU-T X.520 Information technology Open Systems Interconnection The Directory: Selecte

9、d attribute types Technical Corrigendum 1 Summary This technical corrigendum, Corrigendum 1 to Rec. ITU-T X.520 (2012) | ISO/IEC 9594-6:2014 covers resolutions to defect reports 392, 395 and 396. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.520 1988-11-25 11.1002/1000/3

10、010 2.0 ITU-T X.520 1993-11-16 7 11.1002/1000/3011 3.0 ITU-T X.520 1997-08-09 7 11.1002/1000/4127 3.1 ITU-T X.520 (1997) Technical Cor. 1 2000-03-31 7 11.1002/1000/5042 3.2 ITU-T X.520 (1997) Amd. 1 2000-03-31 7 11.1002/1000/5041 3.3 ITU-T X.520 (1997) Technical Cor. 2 2001-02-02 7 11.1002/1000/5322

11、 3.4 ITU-T X.520 (1997) Technical Cor. 3 2002-04-13 17 11.1002/1000/6027 4.0 ITU-T X.520 2001-02-02 7 11.1002/1000/5324 4.1 ITU-T X.520 (2001) Technical Cor. 1 2002-04-13 17 11.1002/1000/6028 4.2 ITU-T X.520 (2001) Technical Cor. 2 2005-11-29 17 11.1002/1000/8636 4.3 ITU-T X.520 (2001) Cor. 3 2008-0

12、5-29 17 11.1002/1000/9439 5.0 ITU-T X.520 2005-08-29 17 11.1002/1000/8508 5.1 ITU-T X.520 (2005) Cor. 1 2008-05-29 17 11.1002/1000/9440 5.2 ITU-T X.520 (2005) Cor. 2 2008-11-13 17 11.1002/1000/9628 5.3 ITU-T X.520 (2005) Cor. 3 2011-02-13 17 11.1002/1000/11050 5.4 ITU-T X.520 (2005) Cor. 4 2012-04-1

13、3 17 11.1002/1000/11590 6.0 ITU-T X.520 2008-11-13 17 11.1002/1000/9598 6.1 ITU-T X.520 (2008) Cor. 1 2011-02-13 17 11.1002/1000/11051 6.2 ITU-T X.520 (2008) Cor. 2 2012-04-13 17 11.1002/1000/11591 6.3 ITU-T X.520 (2008) Cor. 3 2012-10-14 17 11.1002/1000/11742 7.0 ITU-T X.520 2012-10-14 17 11.1002/1

14、000/11743 7.1 ITU-T X.520 (2012) Cor. 1 2014-11-13 17 11.1002/1000/12350 _ * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.

15、520 (2012)/Cor.1 (11/2014) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. IT

16、U-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for st

17、udy by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a

18、 collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain

19、 certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express re

20、quirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Ri

21、ght. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intell

22、ectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2015 All righ

23、ts reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ISO/IEC 9594-6:2014/Cor.1:2015 (E) Rec. ITU-T X.520 (2012)/Cor.1 (11/2014) 1 INTERNATIONAL STANDARD ITU-T RECOMMENDATION Information technology Open Systems Interconnecti

24、on The Directory: Selected attribute types Technical Corrigendum 1 1) Correction of the defects reported in defect report 392 1.1) Clause 6.3.1 Update clause 6.3.1 as shown: 6.3.1 Country Name A value of Tthe Country Name countryName attribute type specifies a country. When used as a component of a

25、directory name, it identifies the country in which the named object is physically located or with which it is associated in some other important way. An attribute value for country name is a string chosen from ISO 3166-1 alpha-2 or ISO 3166-3 alpha-2. countryName ATTRIBUTE := SUBTYPE OF name WITH SY

26、NTAX CountryName SINGLE VALUE TRUE LDAP-SYNTAX countryString.&id LDAP-NAME “c“ ID id-at-countryName CountryName := PrintableString(SIZE (2) (CONSTRAINED BY - ISO 3166 alpha-2 codes only - ) CountryName := PrintableString(SIZE (2) - ISO 3166 codes only 1.2) New attribute types for three-letter countr

27、y code and for a numeric country code 1.2.1) Clauses 6.3.1 and 6.3.2 Add the following definitions after clause 6.3.1, starting with a new clause 6.3.2 and renumber subsequent clauses: 6.3.2 Three-character country code A value of countryCode3a attribute type specifies a country. When used as a comp

28、onent of a directory name, it identifies the country in which the named object is physically located or with which it is associated in some other important way. An attribute value for countryCode3a is a string chosen from ISO 3166-1 alpha-3. countryCode3c ATTRIBUTE := SUBTYPE OF name WITH SYNTAX Cou

29、ntryCode3c SINGLE VALUE TRUE LDAP-SYNTAX countryString3c.&id LDAP-NAME “c3“ ID id-at-countryCode3c CountryCode3c := PrintableString(SIZE (3) (CONSTRAINED BY - ISO 3166 alpha-3 codes only - ) 6.3.3 Numeric character country code A value of countryCode3n attribute type specifies a country. When used a

30、s a component of a directory name, it identifies the country in which the named object is physically located or with which it is associated in some other important way. An attribute value for countryCode3n is a string chosen from ISO 3166-1 numeric-3. ISO/IEC 9594-6:2014/Cor.1:2015 (E) 2 Rec. ITU-T

31、X.520 (2012)/Cor.1 (11/2014) countryCode3n ATTRIBUTE := SUBTYPE OF name WITH SYNTAX CountryCode3n SINGLE VALUE TRUE LDAP-SYNTAX countryString3n.&id LDAP-NAME “n3“ ID id-at-countryCode3n CountryCode3n := NumericString(SIZE (3) (CONSTRAINED BY - ISO 3166 numeric-3 codes only - ) 1.3) Clauses 9.1.4 and

32、 9.1.5 Add new clauses 9.1.4 and 9.1.5 after clause 9.1.3: 9.1.4 Three character country string syntax countryString3a SYNTAX-NAME := LDAP-DESC “Country String alphas-3“ DIRECTORY SYNTAX CountryCode3c ID id-asx-countryString3c A value which has an LDAP country string syntax as a three-printable char

33、acter string according to ISO 3166-1 alpha-3. 9.1.5 Numeric country string syntax countryString3n SYNTAX-NAME := LDAP-DESC “Country String numeric-3“ DIRECTORY SYNTAX CountryCode3n ID id-asx-countryString3n A value which has an LDAP country string syntax as a three numeric string according to ISO 31

34、66-1 numeric-3. 1.4) Annex A definitions Add the definitions introduced/updated above to Annex A. 1.5) Additions to Annex A In Annex A, at the appropriate places, add: id-at-countryCode3c OBJECT IDENTIFIER := id-at 98 id-at-countryCode3n OBJECT IDENTIFIER := id-at 99 id-asx-countryString3c OBJECT ID

35、ENTIFIER := id-asx 7 id-asx-countryString3n OBJECT IDENTIFIER := id-asx 8 2) Correction of the defects reported in defect report 395 2.1) References Add the following references to clause 2.2: IETF RFC 3492 (2003), Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Appl

36、ications (IDNA). IETF RFC 5890 (2010), Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework. IETF RFC 5892 (2010), The Unicode Code Points and Internationalized Domain Names for Applications (IDNA). 2.2) Abbreviations Add the following abbreviations to clause 4:

37、 IDN Internationalized Domain Name ISO/IEC 9594-6:2014/Cor.1:2015 (E) Rec. ITU-T X.520 (2012)/Cor.1 (11/2014) 3 LDH Letters, Digits, Hyphen 2.3) Clause 6.2.15 Add the following new attribute type to clause 6.2 (as clause 6.2.15): 6.2.15 Domain name A value of attribute type dnsName is used for holdi

38、ng a DNS domain name, which may be an internationalized domain names (IDN). dnsName ATTRIBUTE := WITH SYNTAX DomainName EQUALITY MATCHING RULE dnsNameMatch LDAP-SYNTAX dnsString.&id LDAP-NAME “DNS name“ ID id-at-dnsName DomainName := UTF8String (CONSTRAINED BY - Conforms to the format of a (internat

39、ionalized) domain name. - ) A value of the DomainName data type shall be in the syntax, as specified by section 2.3.1 of IETF RFC 5890 meaning that a domain name is a sequence of labels in the letters, digits, hyphen (LDH) format separated by dots. A label may be in three formats: a) All characters

40、in the label are from the Basic Latin collection as defined by ISO/IEC 10646 (i.e., having code points in the ranges 002D, 0030-0039, 0041-005A and 0061-007A) and it does not start with “xn-“. The maximum length is 63 octets. b) It is an A-label as defined in IETF RFC 5890, i.e., it starts with the

41、“xn-“ and is a U-label converted to valid ASCII characters as in item a) using the Punycode algorithm defined by IETF RFC 3492. The converted string shall be maximum 59 octets. To be valid, it shall be possible for an A-label to be converted to a valid U-label. NOTE 1 An A-label is normally not huma

42、n readable. c) It is a U-label as defined in IETF RFC 5890, i.e., it contains characters outside the Basic Latin collection. A valid U-label shall not include any characters that are not included in the restricted Unicode repertoire as defined by IETF RFC 5892 and it shall be convertible to a valid

43、A-label as defined in item b). A valid U-label may be more than 63 octets. NOTE 2 In a constraint environment, it is recommended to use a domain name whenever possible, according to item a). NOTE 3 When used as a naming attribute, a unique distinguished name may be constructed using only this attrib

44、ute type. An attribute of type dnsName to be used as a distinguished name in a public-key certificate or in an attribute certificate shall be a fully-qualified domain name (FQDN), i.e., it shall identify a particular entity. An FQDN may have an asterisk (*) as an additional leftmost label, which is

45、a substitute (wildcard) for all labels at the next levels of subdomains of the domain identified by the FQDN without the asterisk. An attribute of type dnsName holding an FQDN with a wildcard label may in some cases be used in the subject component of an end-entity public-key certificate. 2.4) New l

46、evel 2 header for clause 8.9 Add the following new level 2 header: 8.9 Identity matching rules 2.5) Change to current clause 8.9 header Change the current 8.9 header to: 8.9.1 URI match 2.6) New matching rule Add a new matching rule: ISO/IEC 9594-6:2014/Cor.1:2015 (E) 4 Rec. ITU-T X.520 (2012)/Cor.1

47、 (11/2014) 8.9.2 DNS name match The dnsNameMatch compares two values of type dnsName for equality and is defined as: dnsNameMatch MATCHING-RULE := SYNTAX DomainName LDAP-SYNTAX dnsString.&id LDAP-NAME “dnsNameMatch“ ID id-mr-dnsNameMatch The equality matching is performed label for label. If the num

48、ber of the labels in the two attribute values are different, the rule shall return FALSE. The rule shall return TRUE for each pair of labels matched for the rule to return TRUE for the two values. Otherwise, it shall return FALSE. The matching of the individual labels shall be performed as follows: a) If one of the labels to be compared is of the type defined in item a) of clause 6.2.15 and the other label is either an A-label or a U-label as defined in IETF RFC 5890, the rule sha