1、CSA INTERNATIONAL / - National Standard of Canada CAN/CSA=ISO/IEC 11 586-3-00 (ISO/IEC 11586-31996) _ . _ . . - - - ._ - - _. International Standard ISO/IEC 11586-3:1996 (first edition, 1996-06-01) has been adopted without modification as CSA Standard CAN/CSA-ISO/IEC 11586-3-00, which has been appro
2、ved as a National Standard of Canada by the Standards Council of Canada. March 2000 ISBN 1-55324-046-4 Information technology - Open Systems interconnection - Generic upper layers security: Security Exchange Service Element (SESE) protocol specification Technologies de /information - lnterconnexion
3、de systemes ouverts (OS11 - SBcurite des couches superieures generiques: Spdcification du protocole pour Ielement de service dPchange de securite (SESE) (Reaffirmed 2004) Reference number ISO/IEC 11 586-3:7996() The Canadian Standards Association, which operates under the name CSA International (CSA
4、), under whose auspices this National Standard has been produced, was chartered in 191 4 and accredited by the Standards Council of Canada to the National Standards system in 1973. It is a not-for-profit, nonstatutory, voluntary membership association engaged in standards development and certificati
5、on activities. and users - including manufacturers, consumers, retailers, unions and professional organizations, and governmental agencies. The standards are used widely by industry and commerce and often adopted by municipal, provincial, and federal governments in their regulations, particularly in
6、 the fields of health, safety, building and construction, and the environment. indicate their support for CSAs standards development by volunteering their time and skills to CSA Committee work and supporting the Associations objectives through sustaining memberships. The more than 7000 committee vol
7、unteers and the 2000 sustaining memberships together form CSAs total membership from which its Directors are chosen. Sustaining memberships represent a major source of income for CSAs standards development activities. in support of and as an extension to its standards development activities. To ensu
8、re the integrity of its certification process, the Association regularly and continually audits and inspects products that bear the CSA Mark. Toronto, CSA has regional branch offices in major centres across Canada and inspection and testing agencies in eight countries. Since 191 9, the Association h
9、as developed the necessary expertise to meet its corporate mission: CSA is an independent service organization whose mission is to provide an open and effective forum for activities facilitating the exchange of goods and services through the use of standards, certification and related services to me
10、et national and international needs. For futher information on CSA services, write to CSA International 178 Rexdale Boulevard Toronto, Ontario, M9W 1 R3 Canada CSA standards reflect a national consensus of producers Individuals, companies, and associations across Canada The Association offers certif
11、ication and testing services In addition to its head office and laboratory complex in The Standards Council of Canada is the coordinating body of the National Standards system, a federation of independent, autonomous organizations working towards the further development and improvement of voluntary
12、standardization in the national interest. The principal objects of the Council are to foster and promote voluntary standardization as a means of advancing the national economy, benefiting the health, safety, and welfare of the public, assisting and protecting the consumer, facilitating domestic and
13、international trade, and furthering international cooperation in the field of standards. has been approved by the Standards Council of Canada and one which reflects a reasonable agreement among the views of a number of capable individuals whose collective interests provide to the greatest practicabl
14、e extent a balance of representation of producers, users, consumers, and others with relevant interests, as may be appropriate to the subject in hand. It normally is a standard which is capable of making a significant and timely contribution to the national interest. Approval of a standard as a Nati
15、onal Standard of Canada indicates that a standard conforms to the criteria and procedures established by the Standards Council of Canada. Approval does not refer to the technical content of the standard; this remains the continuing responsibility of the accredited standards-development organization.
16、 Those who have a need to apply standards are encouraged to use National Standards of Canada whenever practicable. These standards are subject to periodic review; therefore, users are cautioned to obtain the latest edition from the organization preparing the standard. The responsibility for approvin
17、g National Standards of Canada rests with the Standards Council of Canada 45 OConnor Street, Suite 1200 Ottawa, Ontario, K1 P 6N7 Canada A National Standard of Canada is a standard which CSA INTERNATIONAL c . Les normes nationales du Canada sont publi6es en versions frangaise et anglaise. Although t
18、he intended primary application of this Standard is stated in its Scope, it is important to note that it remains the responsibility of the users to judge its suitability for their particular purpose. CAN/CSA-ISO/IEC 7 1586-3-00 lnformation technology - Open Systems hterconnection - Generic upper lay
19、ers security: Security Exchange Service Element (SESE) protocol specification CAN/CSA-ISO/!IEC 1 1586-3-00 Infomation technology - Open Systems Interconnection - Generic upper layers security: Security Exchange Service Element (SESE) protocol specifkation CSA Preface Standards development within the
20、 Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISOJIEC JTC1) for th
21、e Standards Council of Canada (SCC), the IS0 member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). This I
22、nternational Standard was reviewed by the CSA TCIT under the jurisdiction of the Strategic Steering Committee on Information Technology and deemed acceptable for use in Canada. (A committee membership list is available on request from the CSA Project Manager.) From time to time, ISO/IEC may publish
23、addenda, corrigenda, etc. The CSA TCIT will review these documents for approval and publication. For a listing, refer to the CSA Information Products catalogue or CSA /do Update or contact a CSA Sales representative. This Standard has been formally approved, without modification, by these Committees
24、 and has been approved as a National Standard of Canada by the Standards Council of Canada. March 2000 0 CSA International - 2000 All rights reserved. No part of this publication may be reproduced in any form whatsoever without the prior permission of the publisher. 1SO/IEC material is reprinted wit
25、h permission. Inquiries regarding this National Standard of Canada should be addressed to CSA International, 7 78 Rexdale Boulevard, Toronto, Ontario, M9W 1 R3. March 2000 CSA/I I NT E R N AT I 0 N AL STANDARD ISO/IEC 11586-3 First edition 1996-06-01 Information technology - Open Systems Interconnec
26、tion - Generic upper layers security: Security Exchange Service Element (SESE) protocol specification Technologies de Iinformation - interconnexion de systemes ouverts (OS/) - Securite des couches superieures generiques: Specification du protocole pour /element de service dechange de securite (SESE)
27、 Reference number ISO/IEC 11 586-3:1996(3 ISOAEC 11586-3: 1996(E) Contents I Scope 2 Nonnative references . Identical Recommendations I International Standards 2.1 3 4 5 4 7 Definitions Abbreviations . Overview of the protocol . 5.1 Service provision 5.2 Use of underlying services Elements of proced
28、ure 6.1 APDUs used 6.2 Transfer procedure 6.3 User-initiated abort procedure 4.4 Provider-initiated abort procedure Structure and encoding of SESE APDUs . 7.1 Generic APDU specification . 7.2 Abstract syntax construction . Mapping to underlying services . 8.1 General 8.2 Mapping to ACSE services . C
29、onformance 9.1 Statement Requirements . 9.2 Static Requirements 9.3 Dynamic Requirements . Annex A . SEPM state tables . A.1 General A.2 Conventions A.3 Tables Annex I3 . Basic SESE application context definition B.2 Application Service Elements . B.l Application Context Name B.3 SESE APDU Mappings
30、B.4 PDV concatenation constraints . B.5 PDV embedding constraints B.6 Procedural constraints . B.7 Presentation context constraints 0 1SO/IEC 1996 All rights reserved . Unless otherwise specified. no part of this publication may be reproduced or utilized in any form or by any means. electronic or me
31、chanical. including photocopying and microfilm. without permission in writing from the publisher . ISO/IEC Copyright Office 9 Case postale 56 CH- 121 I Gentve 20 Switzerland Page 1 1 1 2 2 2 2 2 3 3 3 3 3 4 4 6 6 6 7 7 7 7 7 8 8 8 8 11 11 11 11 11 11 12 12 11 0 ISO/IEC ISODEC 11586-3: 1996(E) Forewo
32、rd IS0 (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of IS0 or IEC participate in the development of International Standards through technical co
33、mmittees established by the respective organization to deal with particular fields of technical activity. IS0 and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non- governmental, in liaison with IS0 and IEC, also take part in t
34、he work. In the field of information technology, IS0 and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by
35、 at least 75 % of the national bodies casting it vote. International Standard ISO/IEC 1 1586-3 was prepared by Joint Technical Committee ISOAEC JTC 1, Information technologj, Subcommittee SC 21. Open sysrems interconnection, data management and open distributed processing, in collaboration with ITU-
36、T. The identical text is published as ITU-T Recommendation X.832. ISO/IEC 11586 consists of the following parts, under the general title Znfornzation technology - Open Systems Interconnection - Generic upper layers security: - Part I: Overview, models and notation - Part 2: Security Exchange Service
37、 Element (SESE) service definition - Part 3: Security Exchange Service Element (SESE) protocol specification - Part 4: Protecting transfer syntax specification - Part 5: Securio Exchange Service Element Protocol Implementation Conformance Statement (PICS) proforma Part 6: Protecting transfer syntax
38、Pro toco 1 Imp kmen ta ti on Conformance Statement (PICS) proforma - Annexes A and B form an integral part of this part of ISO/IEC 11586. ISO/IEC 11586-3:1996(E) 0 ISO/IEC Introduction This Recommendation I International Standard forms part of a series of Recommendations I International Standards, w
39、hich provide(s) a set of facilities to aid the construction of Upper Layers protocols which support the provision of security services. The parts are as follows: - - - Part 1: Overview, Models and Notation; Part 2: Security Exchange Service Element Service Definition; Part 3: Security Exchange Servi
40、ce Element Protocol Specification; Part 4: Protecting Transfer Syntax Specification; Part 5: Security Exchange Service Element PICS Proforma; Part 6: Protecting Transfer Syntax PICS Proforma. This Recommendation I International Standard constitutes Part 3 of this series. iv ISOAEC 11586-3 : 1996 (E)
41、 INTERNATIONAL STANDARD ITU-T RECOMMENDATION 1 INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - GENERIC UPPER LAYERS SECURITY: SECURITY EXCHANGE SERVICE ELEMENT (SESE) PROTOCOL SPECIFICATION Scope 1.1 provision of security services in application layer protocols. These include: This series of
42、 Recommendations I International Standards defines a set of generic facilities to assist in the a set of notational tools to support the specification of selective field protection requirements in an abstract syntax specification, and to support the specification of security exchanges and security t
43、ransformations; b) a service definition, protocol specification and PICS proforma for an application-service-element (ASE) to support the provision of security services within the Application Layer; c) a specification and PICS proforma for a security transfer syntax, associated with Presentation Lay
44、er support for security services in the Application Layer. 1.2 This Recornmendation I International Standard defines the protocol provided by the Security Exchange Service Element (SESE). The SESE is an ASE which allows the communication of security information to support the provision of security s
45、ervices within the Application Layer. a) 2 Normative references The following Recornmendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions indicat
46、ed were valid. AI1 Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IE
47、C and IS0 maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations I International Standards ITU-T Recommendation X.207 (1993) I ISOflEC 9545: 1994,
48、Information technology - Open Systems Interconnection - Application Layer structure. ITU-T Recommendation X.216 (1994) I ISOAEC 8822: 1994, Informtion technology - Open Systems Interconnection - Presentation service definition. ITU-T Recommendation X.2 17 ( 1995) I ISO/IEC 8649:. ,* l). Information
49、technology - Open Systems Interconnection - Service definition for the Association Control Service Element. ITU-T Recommendation X.226 (1994) I ISO/IEC 8823- 1: 1994, Information technology - Open Systems Interconnection - Connection-oriented presentation protocol: Protocol specification. ITU-T Recommendation X.227 (1 995) i ISO/IEC 8650- 1: . l, Information technology - Open Systems Interconnection - Connection-oriented protocol for the Association Control Service Element: Protocol specification. ITU-T Recommendation X.680 (1994) I ISOAEC 8824-1: 1995, Information techno
