1、CSA INTERNATIONAL - 1 National Standard of Canada CAN/CSA-ISO/ZEC 11 586-1 -00 (ISO/IEC 11586-11996) International Standard ISO/IEC 11586-1:1996 (first edition, 1996-06-01) has been adopted without modification as CSA Standard CAN/CSA-ISO/IEC 11586-1-00, which has been approved as a National Standar
2、d of Canada by the Standards Council of Canada. ISBN 1-55324-1 00-2 March 2000 Information technology - Open Systems Interconnection - Generic upper layers securitv: Overview, models and notation (Reaffirmed 2004) Technologies de 1 information - lnterconnexion de systemes ouverts (OS/) - Securitg de
3、s couches sup6rieures generiques: Presentation, modeies et notation Reference number tSO/tEC 11 586-1 11 996() The Canadian Standards Association, which operates under the name CSA International (CSA), under whose auspices this National Standard has been produced, was chartered in 191 4 and accredit
4、ed by the Standards Council of Canada to the National Standards system in 1973. It is a not-for-profit, nonstatutory, voluntary membership association engaged in standards development and certification activities. and users - including manufacturers, consumers, retailers, unions and professional org
5、anizations, and governmental agencies. The standards are used widely by industry and commerce and often adopted by municipal, provincial, and federal governments in their regulations, particularly in the fields of health, safety, building and construction, and the environment. indicate their support
6、 for CSAs standards development by volunteering their time and skills to CSA Committee work and supporting the Associations objectives through sustaining memberships. The more than 7000 committee volunteers and the 2000 sustaining memberships together form CSAs total membership from which its Direct
7、ors are chosen. Sustaining memberships represent a major source of income for CSAs standards development activities. in support of and as an extension to its standards development activities. To ensure the integrity of its certification process, the Association regularly and continually audits and i
8、nspects products that bear the CSA Mark. Toronto, CSA has regional branch offices in major centres across Canada and inspection and testing agencies in eight countries. Since 191 9, the Association has developed the necessary expertise to meet its corporate mission: CSA is an independent service org
9、anization whose mission is to provide an open and effective forum for activities facilitating the exchange of goods and services through the use of standards, certification and related services to meet national and international needs. For futher information on CSA services, write to CSA Internation
10、al 178 Rexdale Boulevard Toronto, Ontario, M9W 1 R3 Canada CSA standards reflect a national consensus of producers Individuals, companies, and associations across Canada The Association offers certification and testing services In addition to its head office and laboratory complex in The Standards C
11、ouncil of Canada is the coordinating body of the National Standards system, a federation of independent, autonomous organizations working towards the further development and improvement of voluntary standardization in the national interest. The principal objects of the Council are to foster and prom
12、ote voluntary standardization as a means of advancing the national economy, benefiting the health, safety, and welfare of the public, assisting and protecting the consumer, facilitating domestic and international trade, and furthering international cooperation in the field of standards. has been app
13、roved by the Standards Council of Canada and one which reflects a reasonable agreement among the views of a number of capable individuals whose collective interests provide to the greatest practicable extent a balance of representation of producers, users, consumers, and others with relevant interes
14、ts, as may be appropriate to the subject in hand. It normally is a standard which is capable of making a significant and timely contribution to the national interest. Approval of a standard as a National Standard of Canada indicates that a standard conforms to the criteria and procedures established
15、 by the Standards Council of Canada. Approval does not refer to the technical content of the standard; this remains the continuing responsibility of the accredited standards-development organization. Those who have a need to apply standards are encouraged to use National Standards of Canada whenever
16、 practicable. These standards are subject to periodic review; therefore, users are cautioned to obtain the latest edition from the organization preparing the standard. The responsibility for approving National Standards of Canada rests with the Standards Council of Canada 45 OConnor Street, Suite 12
17、00 Ottawa, Ontario, K1 P 6N7 Canada A National Standard of Canada is a standard which CSA INTERNATIONAL c . Les normes nationales du Canada sont publi6es en versions frangaise et anglaise. Although the intended primary application of this Standard is stated in its Scope, it is important to note that
18、 it remains the responsibility of the users to judge its suitability for their particular purpose. Information technology - Open Systems Interconnection - Generic upper layers security: Overview, models and notation CAN/CSA-I.SO/IEC 7 7 586- 7 -00 CAN/CSA-ISO/IEC 11 586-1 -00 Infomation technology -
19、 Open Systems Interconnection - Generic upper layers security: models and notation Overview, CSA Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadi
20、ans serve as the Canadian Advisory Committee (CAC) on ISO/IEC joint Technical Committee 1 on Information Technology (ISO/IEC JTCI ) for the Standards Council of Canada (SCC), the IS0 member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the Internatio
21、nal Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). This International Standard was reviewed by the CSA TClT under the jurisdiction of the Strategic Steering Committee on Information Technology and deemed acceptable for
22、use in Canada. (A committee membership list is available on request from the CSA Project Manager.) From time to time, ISO/IEC may publish addenda, corrigenda, etc. The CSA TClT will review these documents for approval and publication. For a listing, refer to the CSA Information Products catalogue or
23、 CSA Info Update or contact a CSA Sales representative. This Standard has been formally approved, without modification, by these Committees and has been approved as a National Standard of Canada by the Standards Council of Canada. March 2000 0 CSA international - 2000 All rights resewed. No part of
24、this publication may be reproduced in any form whatsoever without the prior permission of the publisher. /SO/C material is reprinted with permission. inquiries regurding this National Standard of Canada should be addressed to CSA International, 7 78 Rexdale Boulevard, Toronto, Ontario, M9W 7 R3. Mar
25、ch 2000 CSA/l 1 NTE R NAT IO NAL STANDARD ISO/IEC 11586-1 First edition 1996-06-01 Information technology - Open Systems Interconnection - Generic upper layers security: Overview, models and notation Technologies de 1 information - interconnexion de systernes ouverts (OS/) - Securite des couches sup
26、erieures generiques: Presentation, modeles et notation Reference number ISO/IEC 11 586-1 :I 996(E) ISO/IEC 11586-1: 1996(E) Contents 1 2 7 8 Scope Normative references . 2.1 Identical Recommendations I International Standards 2.2 Definitions. . Abbreviations . General overview . Security exchanges .
27、 6.1 Security exchange model 6.2 Notation for specifying security exchanges Security transformations 7.1 Security transformation model . 7.2 Notation for specifying security transformations 8.1 Basic notation 8.2 8.3 Mapping protection requirements to security transformations . 8.4 Notation for spec
28、ifying protection mappings Paired Recommendations I International Standards equivalent in technical content Abstract syntax notation for selective field protection . Notation with transformation qualifier 9 Conformance Annex A - ASN . 1 definitions . Annex B - Registration of security exchanges and
29、security transformations . Annex C - Security exchange specifications Annex D - Security transfom n specifications Annex E - Protection mapp -Ig specifications . Annex F - Object identifier usage . Annex G - Guidelines for the use of generic upper layers security facilities . Annex I3 - Relationship
30、 to other standards . Annex I - Examples of use of the generic upper layers security facilities Annex J - Bibliography . Page 1 1 2 2 2 4 4 5 5 6 7 7 11 12 12 14 15 15 16 17 22 23 27 38 41 42 47 50 54 0 ISOlIEC 1996 A11 rights reserved . Unless otherwise specified. no part of this publication may be
31、 reproduced or utilized in any form or by any means. electronic or mechanical. including photocopying and microfilm. without permission in writing from the publisher . ISO/IEC Copyright Office Case postale 56 CH-1211 Genke 20 Switzerland 0 ISO/IEC ISODEC 11586-1: 1996(E) Foreword IS0 (the Internatio
32、nal Organization for Standardization) and IEC (the International ElectrotechnicaI Commission) form the specialized system for worldwide standardization. National bodies that are members of IS0 or IEC participate in the development of International Standards through technical committees established b
33、y the respective organization to deal with particular fields of technical activity. IS0 and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non- governmental, in liaison with IS0 and IEC, also take part in the work. In the field
34、of information technology, IS0 and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the
35、national bodies casting a vote. International Standard ISO/IEC 1 1586- 1 was prepared by Joint Technical Committee ISOAEC JTC 1, Znformation technology, Subcommittee SC 21, Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text
36、is published as ITU-T Recommendation X.830. ISO/IEC 11586 consists of the following parts, under the general title Znformation technology - Open Systems Interconnection - Generic upper layers security - - - - - Part 5: Security Exchange Service Element Protocol Implementation Part I: Overview, model
37、s and notation Part 2: Security Exchange Service Element (SESE service definition Part 3: Security Exchange Service Element (SESE) protocol specification Part 4: Protecting transfer syntax specification Conformance Statement (PICS) proforma Part 6: Protecting transfer syntax Protocol Implementation
38、Conformance Statement (PICS) proforma - Annexes A to F form an integral part of this part of ISO/IEC 11586. Annexes G to J are for information only. . 111 ISO/IEC 11586- 1: 1996(E) 0 ISO/IEC Introduction This Recommendation I International Standard forms part of a series of Recommendations I multi-p
39、art International Standards, which provide(s) a set of facilities to aid the construction of Upper Layers protocols which support the provision of security services. The parts are as follows: - - - - Part 1: Overview, Models and Notation; Part 2: Security Exchange Service Element Service Definition;
40、 Part 3: Security Exchange Service EIement Protocol Specification; Part 4: Protecting Transfer Syntax Specification; - - Part 5: Security Exchange Service Element PICS Proforma; Part 6: Protecting Transfer Syntax PICS Proforma. This Recornmendation I International Standard constitutes Part 1 of this
41、 series. For informative guidelines on the application of all facilities described in this series, see Annex G. It is important to note that these generic security facilities do not in themselves provide security services; they are simply construction tools for security-related protocols. Furthermor
42、e, these facilities do not necessarily provide a stand-alone solution to all security communications requirements of applications. Application standards may still need to incorporate security features within their specifications, to work in conjunction with generic security services supported by the
43、 Generic Upper Layers Security facilities. iv ISOLIEC 11586-1 : 1996 (E) INTERNATIONAL STANDARD ITU-T RECOMMENDATION INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - GENERIC UPPER LAYERS SECURITY: OVERVIEW, MODELS AND NOTATION 1 Scope 1.1 provision of security services in OS1 applications. Th
44、ese include: This series of Recommendations I International Standards defines a set of generic facilities to assist in the a) a set of notational tools to support the specification of selective field protection requirements in an abstract syntax specification, and to support the specification of sec
45、urity exchanges and security transformations; b) a service definition, protocol specification and PICS proforma for an application-service-element (ASE) to support the provision of security services within the Application Layer of OSI; a specification and PICS proforma for a security transfer syntax
46、, associated with Presentation Layer support for security services in the Application Layer. c) 1.2 1.3 This Recommendation I International Standard defines the following: a) general models of security exchange protocol functions and security transformations, based on the concepts described in the O
47、S1 Upper Layers Security Model (ITU-T Rec. X.803 I ISO/IEC 10745); b) a set of notational tools to support the specification of selective field protection requirements in an abstract syntax specification, and to support the specification of security exchanges and security transformations; a set of i
48、nformative guidelines as to the application of the generic upper layers security facilities covered by this series of Recommendations I International Standards. This Recommendation 1 International Standard does not define the following: a complete set of upper layer security facilities which may be
49、required by other Recommendations I International Standards; b) a complete set of security facilities for specific applications; the mechanisms employed to support security services. 1.4 The security exchange model, and supporting notation, are intended both for use as the basis of defining the security exchange service element in subsequent parts of this series of Recommendations I International Standards, and for use by any other ASE which may import security exchanges into its own specification. 2 No