1、Amendment 1:1999 to National Standard of Canada CAN/CSA-2243.180-89 Amendment 1:1992 to International Standard IS0 8571-1:1988 has been adopted without modification as Amendment 1:1999 to CAN/CSA-Z243.180-89. This Amendment was reviewed by the CSA Technical Committee on Information Technology (TCIT)
2、 under the jurisdiction of the Strategic Steering Committee on Information Technology and deemed acceptable for use in Canada. July 1999 Information processing systems - Open Systems Interconnection - File Transfer, Access and Management - Part 1 : General introduction AMENDMENT 1 : Filestore Manage
3、ment ( Reaf f i r med 2004) Technologies de Iinformation - lnterconnexion de systernes ouverts (09) - Transfert, acces et gestion de fichiers - Partie 7 : Introduction generale AMENDEMENT I : Gestion du systerne de fichiers Reference number IS0 8571-1 : 1988/Amd.l: 1992 (E) IS0 857 1-1 :I 988/Amd. 1
4、 :I992 (E) Foreword IS0 (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of IS0 or IEC participate in the development of International Standards thr
5、ough technical committees established by the respective organization to deal with particular fields of technical activity. IS0 and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non- governmental, in liaison with IS0 and IEC, al
6、so take part in the work. In the field of information technology, IS0 and IEC have established a joint technical committee, lSO/lEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard req
7、uires approval by at least 75 % of the national bodies casting a vote. Amendment 1 to International Standard IS0 8571-1:1988 was prepared by Joint Technical Committee lSO/lEC JTC 1, Information technology. IS0 8571-1 consists of the following parts, under the general title Information processing sys
8、tems - Open Systems Interconnection - File Transfer, Access and Management - Part 7 : General introduction - Part 2 : Virtual Filestore Definition - Part 3 : File Service Definition - Part 4 : File Protocol Specification - Part 5 : Protocol Implementation Conformance Statement Proforma 0 ISOilEC 199
9、2 All rights reserved. No part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the publisher. ISOilEC Copyright Office Case postale 56 CH-1211 Geneve 20 Switzerland IS0 8
10、57 1-1 :1988/Amd.l :I992 (E) Information processing systems - Open Systems Interconnection - File Transfer, Access and Management - Part 1 : General introduction AMENDMENT 1 : Filestore Management NOTE - This amendment has additional subclauses and tables to IS0 8571 which are indicated by the use o
11、f lower case Roman letters beginning with “a“ and imply ordering alphabetically, following the clause with the same numerical value in IS0 8571. These and all subsequent subclauses, tables, and cross references will be renumbered in subsequent editions. 0 Introduction (amend 3rd paragraph, page 1) I
12、S0 8571 defines services for file transfer, access and management. It also specifies a protocol available within the application layer of the Reference Model. The service defined is of the category Application Service Element (ASE). It is concerned with identifiable bodies of information which can b
13、e treated as files, stored and managed within open systems, or passed between application processes. (amend 4th paragraph, page 7) IS0 8571 defines a basic file service. It provides sufficient facilities to support file transfer, file access, and management of files stored on open systems. IS0 8571
14、does not specify the interfaces to a file transfer, access or management facility within the local system. 5 FTAM definitions (append after clause 5, page 4) 5.8 Filestore Management 5.8.1 object A file, file-directory, or reference. 5.8.2 file-directory An object that provides a mechanism for the l
15、ogical grouping of files, referen these indicate the actions appropriate to the object and its contents if any (in terms of the constraint set applied, in the case of files) and the local storage mechanisms (by means of the permitted actions object attribute) and express any access control constrain
16、ts affecting object access; the path-access-control object attributes (see section two) of all file-directory and reference objects used to locate the target object; these may express access control constraints affecting the object access as well; the current state of the filestore, particularly, in
17、 the case of file objects, the constraints implied by any concurrent access in progress to the same object; in the case of file access, the values of the activity attributes established by parameters of the file service when the data transfer regime was being negotiated. (amend 3rd paragraph, page 7
18、) The first diagram shows that the actions appropriate to an object are those which are allowed by the file structure as expressed by the structural constraint set (in the case of file objects), the permitted actions attribute, the access control attribute, and the path access control attributes of
19、all file-directory and reference objects used to locate the target object. (amend 4th paragraph, page 7) When performing file access, the initiator requests a set of actions while building up the data transfer regime, and at each stage the negotiation of parameters may result in a restriction either
20、 of the set of actions requested, or of the set the system would allow, or both. When the association is initialized, actions are limited by the service class and the set of functional units negotiated. When the file is selected, a subset of these actions may result from the permitted actions agreed
21、. Lastly, when the file is opened, the actions to be used are declared in the stated processing mode. 9.2 Accountlng (amend 1st paragraph, page 8) The FTAM service defines a basic mechanism for the carriage of accounting and charging information. Account names may be associated with an object to cov
22、er the costs arising from its storage, and accounts may be associated with regimes to cover the costs of actions performed on objects during the course of the regime. (amend 2nd paragraph, page 8) Corresponding charging parameters allow the costs incurred against these accounts to be reported when a
23、 regime is terminated. An account may be set up when an FTAM regime is initialized, but this may be over- ridden by nested regimes to allow actions within the nested regimes to be charged against a separate account if necessary. 9.3 Concurrency control (amend Ist paragraph, page 8) Concurrency contr
24、ol is only defined for access to file objects. The objective of the concurrency control mechanisms is to ensure that an initiator has a consistent view of the file by restricting shared access. These mechanisms are designed to provide a way for a user to perform a coordinated series of actions witho
25、ut interference from concurrent accesses. 9.4 Access control (inset? after Ist paragraph, page 9) Access control information is derived from two separate sources. The object being accessed may have access control information associated with it in the form of the access control attribute. In addition
26、, each file-directory or reference object used in the complete pathname identifying the accessed object may have additional access control information in the form of their path access control attributes. To perform an action on an object, an initiator must be granted access to the requested action i
27、n the access control list of the path access control attribute of each file-directory or reference object used in the 3 IS0 857 1-1 :1988/Amd.1:1992 (E) identification of the target object. Additionally, access to the requested action must be granted in the access control list of the target objects
28、access control attribute. (amend 2nd paragraph, page 9) In addition to the actions given in the path access control entries and access control entry, allowed concurrency control combinations can also be included when accessing file objects (see clause 9.3). If they are not included, the performance
29、of concurrency control on file objects is determined locally by the files tore. (amend 6th paragraph, page 9) In establishing the FTAM regime and the file selection and open regimes, values are established for various activity attributes corresponding to the possible items in the list. In particular
30、, the initiator asks to perform a certain set of actions by setting the current access request activity attribute when establishing a selection regime. When establishing the selection regime, before allowing the requested actions, the responding entity scans each access control list involved to dete
31、rmine if the activity attribute values match any of the entries. If, for each access control list involved, a match for the set of actions is found, and the associated tests are satisfied, the actions can be performed; if no match is found in any of the access control lists, the request is rejected.
32、 (amend 7th paragraph, page 9) Thus in summary, the path access control list is a permanent property of file-directories and references, and the access control list is a permanent property of all objects. They are stored for as long as the object exists. For an initiator to gain permission to perfor
33、m a given set of actions, an access check is made against the path access control list of each file-directory or reference listed in the complete pathname used to identify a target object, and an access check is made against the access control list of the target object. These access checks are perfo
34、rmed on each file considered for inclusion into the generalized selection group. Only files which allow the requested actions by the requesting initiator are included in the generalized selection group. In addition, these access checks are performed whenever a regime implying access to a single obje
35、ct is set up; the access granted remains valid for the duration of that regime. Access checks are also applied when interrogating the filestore for its contents. 4 IS0 8571 -1 :1988/Amd.l:1992 (E) Section two: Virtual Filestore - General Concepts 11.3 Form of the virtual filestore (amend 1st paragra
36、ph, page 13) The definition of the Virtual Filestore forms a schema for the description of an organization of filed information. In this definition, there are three kinds of objects - files, file-directories, and references (see figure 6a). Each type of object is distinguishable, and has specific ch
37、aracteristics. All objects share the following in common: one or more pathnames that identify a path of access, and allow the object to be referenced without ambiguity; other descriptive object attributes which express properties of the object such as accounting information, history, etc.; object at
38、tributes expressing the actions capable of being performed on the object. (amend 2nd paragraph, page 13) These are all aspects of the object which can be observed by any authorized initiator. If two observers make the same inquiry about these aspects of a single object, they will obtain the same inf
39、ormation about its properties, provided that no modification took place between the inquiries. These properties are called object attributes. (amend 3rd paragraph, page 13) There are also activity attributes describing the relation between the object and a particular initiator, concerned with things
40、 like authentication, data transfer options, accumulated cost, etc.; there is an independent set of values for these activity attributes for each activity in progress. This set is created after the FTAM regime involving the filestore is initialized, maintained while it persists, and destroyed at lat
41、est when it is finally released. (append after 3rd paragraph, page 13) A pathname is resolved to an object by a series of steps using components of the pathname to locate the intermediate objects along the path in turn (see Part 2, clause 5a.3.2). If the object located when a pathname is resolved is
42、 not of the type required for the operation to be performed then an error is reported. 1 1.3.1 File objects Characteristics specific to a file object are a) file attributes describing the logical structure and dimensions of the data stored in the file; b) any file access data units forming the conte
43、nts of this file. (amend 4th paragraph, page 14) Some file attributes place constraints on the structure of the files content. This structure is preserved during the lifetime of the file. However, not all users accessing the file are Concerned with its full generality. For instance, there may be a n
44、eed to access a complex hierarchical file as if it were flat in order to construct summary reports, or it may not be necessary to access the smallest structural units of a file independently on all occasions. In addition to the file attributes used in file creation and file management for describing
45、 the permanent tile access structure, there is a specified access context indicating, when a read data transfer is requested, the subset of the file structuring information and user data from the file access data unit to be transferred. (append to subclause 11.3, page 14) 11.3.2 File-dlrectory objec
46、ts A file-directory object maintains the relation of parenthood between itself and directly subordinate objects. The primary relationship between objects in the filestore is parenthood (the dual relationship of parenthood is childhood). The objects in the filestore form a tree under parenthood, wher
47、e: a) files map to nodes with zero or one data unit; b) directories and references map to nodes without data units; c) files may only occur as leaf nodes; d) references may only occur as leaf nodes. The sequence of parenthood relationships from the root of the filestore to an object is called the pr
48、imary path to the object, and the sequence of object names on it is the primary pathname. 11.3.3 Reference objects A reference object is linked to a single target object which is either a file or a filsdirectory. References may not be linked to other references. 5 IS0 857 1-1 :I 988/Amd.l: 1992 (E)
49、0 - directory - reference - parenthood 0 - + - linkage Figure 6a - An example tree structure of a VFS For any reference, there exists a single linkage relationship from the reference object to another object in the filestore. Linkage is modeled in this standard by the value of the “referenced object“ attribute of the reference, which records the primary pathname of the object to which the link is made. 11.4 Attribute dynamics (amend Ist paragraph, page 14) The attributes of an object reflect the state of the object as actually stored. Communication between the initiator and the responder bu
