ITU-T X 741-1995 Information Technology - Open Systems Interconnection - Systems Management Objects and Attributes for Access Control - Data Networks and Open System Communications3 .pdf

1、INTERNATIONAL TELECOMMUNICATION UNION ITU-T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU DATA NETWORKS AND OPEN SYSTEM COMMUNICATIONS OS1 MANAGEMENT X.741 (04195) INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SYSTEMS MANAGEMENT: OBJECTS AND ATTRIBUTES FOR ACCESS CONTROL ITU-T Recommenda

2、tion X.741 FOREWORD IT (International Telecommunication Union) is the United Nations Specialized Agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITIJ-T) is a permanent organ of the . Some 179 member countries, 84 telecom operating entities, 145 scientific

3、 and indushiai organizations and 38 international organizations participate in ITU-T which is the body which sets world telecommunications standards (Recommendations). The approval of Recommendations by the Members of -T is covered by the procedure laid down in WTSC Resolution No. 1 (Helsinki, 1993)

4、. In addition, the World Telecommunication Standardization Conference (WTSC), which meets every four years, approves Recommendations submitted to it and establishes the study programme for the following period. In some areas of information technology which fail within -Ts purview. the necessary stan

5、dards are prepared on a collaborative basis with IS0 and EC. The text of -T Recommendation X.741 was approved on the 10th of April 1995. The identical text is ais0 published as ISO/IEC International Standard 10164-9. NOTE In this Recommendation, the expression “Administration” is used for concisenes

6、s to indicate both a telecommunication administration and a recognized operating agency. c O ITU 1995 All rights reserved. No-pari of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and crofilrn, without permission in writi

7、ng from the ITU, except as noted in footnotes 6) to 10) i6 Annexes B to F respectively. .- STD-ITU-T RECMN X.741-ENGL 1775 118b2571 Ob19255 33T = Services and Facilities I?ZT-T X-SERIES RECOMMENDATIONS DATA NETWORKS AND OPEN SYSTEM COMMUNICATIONS (February 1994) ORGANIZATION OF X-SERIES RECOMMENDATI

8、ONS X. 1 -X. 19 I Subject area I Recommendation Series I Interfaces Transmission, Signalling and Switching Network Aspects 1 PUBLIC DATA NETWORKS I I X.20-X.49 X.50-X.89 X.90-X. 149 Maintenance Administrative Arrangements X. 150-X, 179 X. 180-X. 199 - Model and Notation x.200-x.209 Service Definitio

9、ns X.210-X.219 I OPEN SYSTEMS INTERCONNECTION I I Connection-mode Protocol Specifications Connectionless-mode Protocol Specifications X.220-X.229 X.230-X.239 - Protocol Identification Security Protocols I PICSProformas I X.240-X.259 I X.260-X.269 X.270-X.279 Layer Managed Objects Conformance Testing

10、 X.280-X.289 X.290-X.299 I INTERWORKING BETWEEN NETWORKS I I General x.300-x.349 Management MESSAGE HANDLING SYSTEMS X.370-X.399 x.400-x.499 DIRECTORY I Naming, Addressing and Registration I X.650-X.679 I x.500-x.599 OS1 NETWORKING AND SYSTEM ASPECTS Networking I SECURITY I X.800-X.849 I X.600-X.649

11、 Abstract Syntax Notation One (ASN.l) OS1 MANAGEMENT I Transaction Processing I X.860-X.879 I X.680-X.699 x.700-x.799 OS1 APPLICATIONS Commitment, Concurrency and Recovery X.850-X.859 Remote Operations OPEN DISTRIBUTED PROCESSING X. 8 80-X. 899 x.900-x.999 CONTENTS 1 Scope 2 Normative references . I

12、dentical Recommendations I International Standards i . Paired Recommendations I Intemational Standards equivalent in technical content 3 Definitions 3.1 Basic reference model definitions . 3.2 Security architecture definitions . 3.3 Management framework definitions . 3.4 Security frameworks overview

13、 definitions . 3.5 Access control framework definitions 3.6 3.7 3.8 Implementation conformance statement proforma definitions . 3.9 Event report management definitions . 3.10 OS1 conformance testing definitions . 3.11 Additional definitions . 2.1 2.2 Systems management overview definitions Managemen

14、t information model definitions . 8 9 Symbols and abbreviations . Conventions Requirements Interpretation of the Access Control Model . 7.1 Overview . 7.2 Access control policies 7.3 Access control information . 7.4 Access control procedures 7.5 Representation of access control rules Generic definit

15、ions . 8.1 Managed objects . 8.2 Parameters . 8.3 Name bindings 8.4 Attributes . 8.5 Imported generic definitions . 8.6 Compliance . Service definition . 9.1 Introduction . 9.2 Access control management service . 9.3 Targets administration service . 9.4 Initiators administration service 9.5 Operatio

16、ns administration service . 9.6 Label administration service . 9.7 Access control notification service . 10 Functional units 1 1 Protocol 11.1 Elements of procedure . i 1.2 Abstract syntax 1 1.3 Negotiation of access control functional unit . Relationship with other functions 12 i3 . ITU-T Rec . X.7

17、41(1995 E) Page 1 2 2 2 3 4 4 4 4 4 5 5 5 5 5 6 6 6 6 7 7 8 8 9 13 14 14 23 23 23 24 24 24 24 24 25 25 25 26 26 26 26 26 26 27 27 1 13 Conformance . . . . . . . . . . 13.1 Static conformance . 13.2 Dynamic conformance ;. 13.3 Management information conformance requirements Annex A - Definition of ma

18、nagement information Annex B - MCS proforma . Annex C - MiCS proforma Annex D - MOCS proforma . Annex E - MRCS proforma for name binding Annex F - MIDS (Parameter) proforma Annex G - CMIP Access Control Parameter Annex H -Relationship to ITU-T Rec. X.812 I ISO/IEC 10181-3: Security Frameworks in Ope

19、n Systems - Access Control . . . . . . . . . . . 11 . i- Page 29 29 29 30 31 49 57 61 102 104 105 106 1TLJ.T Rec. X.741(1995 E) Summary This Recommendation I International Standard specifies an Access Control Security Model and the management information necessary for creating and administering acce

20、ss control associated with OS1 Systems Management. Security policy adopted for any instance of use is not specified and is left as an implementation choice. This Specification is of generic application and is applicable to the security management of many types of application. It is expected to be ad

21、opted for TMN use. . ITU-T Rec. X.741(1995 E) 111 STD-ITU-T RECMN X-79L-ENGL 1775 48b2571 Ob17257 T85 = ISO/IEC 10164-9 : 1995 (E) INTERNATIONAL STANDARD ITU-T RECOMMENDATION INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SYSTEMS MANAGEMENT: OBJECTS AND ATTRIBUTES FOR ACCESS CONTROL 1 Scope

22、 The specifications contained herein are applicable to the provision of access control for applications that use OS1 management services and protocols. This Recommendation I International Standard - establishes user requirements for the provision of access control for applications that use OS1 manag

23、ement services and protocols; - interprets and applies the general model of access control defined in ITU-T Rec.X.812 i ISO/IEC 10181-3 for use with management applications that use OS1 management services and protocols; defines procedures for the imposition of access control rules in conjunction wi

24、th the use of OS1 management services and protocols; defines managed object classes and attribute types that a) represent some of the access control information that may be used in the provision of access control; and b) are only for use when the management of the access control information is to be

25、 achieved using systems management; specifies the protocol that is necessary to exchange the access control information defined in this Recommendation I International Standard, when the exchange is achieved using OS1 systems management; specifies conformance requirements for open systems that claim

26、to support access control for applications that use OS1 management services and protocols; specifies conformance requirements for open systems that claim to support the management of the access control information defined in this Recommendation I Intemational Standard. - - - - - The access control i

27、nformation identified by this Recommendation I International Standard may be used in support of access control schemes based on access control lists, capabilities, security labels, and contextual constraints. This Recommendation I International Standard does not - - - define an access control policy

28、 for applications that use OS1 management services and protocols; define security (or management) domains in which an access control policy may be imposed; define how the components of an access control function be implemented, nor where those components be located; specify the form of any access co

29、ntrol information that is temporady or permanently stored in an open system; specify any access control mechanisms, nor mandate the use of any particular access control mechanism; mandate that access control information be managed, and if it is to be managed, that management be achieved using OS1 sy

30、stems management; describe how communicating management application entities act to make access control decisions on behalf of, or for the benefit of any third party; specify any conformance re uirement for the access control parameter defined in this Recommendation I International Standard. , . - -

31、 - - - % - ITU-T Rec. X.741 (1995 E) 1 ISO/IEC 10164-9 : 1995 (E) 2 Normative references The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation I International Standard. At the time of publicati

32、on, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards lis

33、ted below. Members of LEC and IS0 maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the IT maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations i International Standards - ITU-T Recommendation X.200 (199

34、4) I ISO/IEC 7498-1 : 1994, Information technology - Open Sysrems Interconnection -Basic Reference Model: The Basic Model. ITU-T Recommendation X.509 (1993) I ISOLEC 9594-8: 1995, Infonnation technology - Open Systems Interconnection - The Directory: Authentication framework. CCITT Recommendation X.

35、701 (1992) I ISO/IEC 1004019921), Information technology - Open Systems Interconnection - Systems management overview. CC Recommendation X.720 (1992) I ISO/IEC 10165-1:1993, Information technology - Open Systems Interconnection - Structure of management information: Management information model. CC

36、Recommendation X.721 (1992) I ISO/IEC 10165-2:1992, Information technology - Open Systems Interconnection - Structure of management information: Definition of management information. CCITT Recommendation X.722 (1992) I ISO/IEC 1016541992, Information technology - Open Systems Interconnection - Struc

37、ture of management information: Guidelines for the definition of managed objects. IT-T Recommendation X.724 (1993) i ISOAEC 10165-6:1994, Information technology - Open Systems Interconnection - Structure of management information: Requirements and guidelines for implementation confonnance statement

38、proformas associated with OS1 management. CCIT Recommendation X.730 (1992) I ISO/IEC 10164-1:1993, Infonnation technology - Open Systems Interconnection - Systems management: Object management function. CCITT Recommendation X.731 (1992) I ISOAEC 10164-2:1993. Information technology - Open Systems In

39、terconnection - Systems management: State management function. CCITT Recommendation X.732 (1992) I ISO/iEC 10164-3: 1993. Information technology - Open Systems Interconnection - Systems management: Attributes for representing relationships. CCITT Recommendation X.734 (1992) I ISO/IEC 10164-51993, In

40、formation technology - Open Systems Interconnection - Systems management: Event report management function. CCIT Recommendation X.736 (1992) I ISO/IEC 10164-7: 1992, Information technology - Open Systems Interconnection - Systems management: Security aiann reporting function. CCITT Recommendation X.

41、740 (1992) I ISOAEC 10164-8:1993, Information technology - Open Systems Interconnection - Systems management: Security audit trailfunction. IT-T Recommendation X.8102) I ISOAEC 10181-1.2), Infonnation technology - Open Systems Interconnection - Security frameworks for open systems: Securityframework

42、s overview. ITU-T Recommendation X.8122) I ISO/IEC 10181-3.2). Information technology - Open Systems Interconnection - Security frameworks for open systems: Access control framework. - - - - - - - - - - - - - - 2.2 Paired Recommendations I International Standards equivalent in technical content - CC

43、ITT Recommendation X.208 (1988), Specification ofAbstract Syntax Notation One (ASN. I). ISOAEC 8824: 1990, Information technology - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1). 1 As amended by ITU-T Rec. X.701/Cor.Z I ISO/iEC 1004WCor.2. *) Presently at the s

44、tage of drait. 2 ITU=T Rec. X.741(1995 E) p. ._ 2- - - - STD-ITU-T RECMN X-741-ENGL 1775 qb2571 Oh172bL b33 ISO/IEC 10164-9 : 1995 (E) - CCIIT Recommendation X.209 (1988). Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN. I). ISO/lEC 8825: 1990, Information technology - Op

45、en systems Interconnection - Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). CC Recommendation X.217 (1992), Service definition for the Association Control Service Element. IS0 8649: 1 9S3), Information processing systems - Open System Interconnection - Service defini

46、tion for the Association Control Service Element. CCIT Recommendation X.227 (1 992), Connection-oriented protocol specijcation for the Association Control Service Element. IS0 8650: 198S4), Information processing system - Open Systems Interconnection - Protocol specification for the Association Cont

47、rol Service Element. CCIIT Recommendation X.290 (1992), OSI conformance testing methodology and framework for protocol Recommendations for CClT applications - General concepts. ISO/IEC 9646-1: 1994, Information technofogy - Open Systems Interconnection - Conformance testing methodology and framework

48、 - Part I: General concepts. CC Recommendation X.291 (1992). OSI conformance testing methodology and framework for protocof Recommendations for CClT applications - Abstract test suite specification. - ISO/IEC 9646-2: 1994, Infonnation technology - Open Systems Interconnection - Conformance testing m

49、ethodology and framework - Part 2: Abstract Test Suite specification. - -T Recommendation X.2965), Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Implementation confonnunce statements. ISOAEC 9646-7:.5), Information technology - Open Systems Interconnection - Conformance testing methodology und framework - Pan 7: Implementation conformance statements. CCITT Recommendation X.700 (1992), Management framework for Op