1、 International Telecommunication Union ITU-T X.500TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services Recommen
2、dation ITU-T X.500 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangemen
3、ts X.180X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279
4、 Layer Managed Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.62
5、9 Efficiency X.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems management framework and architecture X.700X.709 Management communication service and protocol X.710X.719 Structure of managemen
6、t information X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, concurrency and recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.
7、999 INFORMATION AND NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299 SECURE APPLICATIONS AND SERVICES X.1300X.1399 CYBERSECURITY INFORMATION EXCHANGE X.1500X.1599 For further details, please refer to the list of ITU-T Recommendations. Rec.
8、ITU-T X.500 (10/2012) i INTERNATIONAL STANDARD ISO/IEC 9594-1 RECOMMENDATION ITU-T X.500 Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services Summary Recommendation ITU-T X.500 | International Standard ISO/IEC 9594-1 introduces the concepts of
9、the Directory and the DIB (Directory Information Base) and overviews the services and capabilities which they provide. History Edition Recommendation Approval Study Group 1.0 ITU-T X.500 1988-11-25 2.0 ITU-T X.500 1993-11-16 7 3.0 ITU-T X.500 1997-08-09 7 3.1 ITU-T X.500 (1997) Amd. 1 2000-03-31 7 4
10、.0 ITU-T X.500 2001-02-02 7 5.0 ITU-T X.500 2005-08-29 17 6.0 ITU-T X.500 2008-11-13 17 7.0 ITU-T X.500 2012-10-14 17 ii Rec. ITU-T X.500 (10/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and co
11、mmunication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis.
12、 The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resoluti
13、on 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and
14、 a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are me
15、t. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possib
16、ility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Re
17、commendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest informat
18、ion and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2014 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.500 (10/2012) iii CONTENTS Page 1 S
19、cope 1 2 Normative references . 1 2.1 Identical Recommendations | International Standards 1 3 Definitions 2 3.1 Communication model definitions 2 3.2 Directory model definitions 2 3.3 Distributed Operation definitions 3 3.4 Replication definitions 3 3.5 Basic directory definitions 3 4 Abbreviations
20、. 3 5 Conventions 3 6 Overview of the Directory 4 7 The Directory Information Base (DIB) 5 8 The Directory service . 7 8.1 Introduction . 7 8.2 Service qualification 7 8.3 Directory interrogation 8 8.4 Directory modification 8 8.5 Other outcomes . 9 9 The distributed Directory . 9 9.1 Functional mod
21、el . 9 9.2 Organizational model 10 9.3 Operation of the model 10 10 Access control in the Directory 13 11 Service administration 14 12 Replication in the Directory . 15 12.1 Introduction . 15 12.2 Forms of Directory replication 15 12.3 Replication and consistency of Directory information 16 12.4 Vie
22、ws of replication 16 12.5 Replication and Access Control 17 13 Directory protocols . 17 14 Systems management of the Directory . 17 14.1 Introduction . 17 14.2 Management of the DIT domain . 18 14.3 Management of Directory components . 18 Annex A Applying the Directory 19 A.1 The Directory environme
23、nt . 19 A.2 Directory service characteristics . 19 A.3 Patterns of use of the Directory . 19 Annex B Amendments and corrigenda . 23 iv Rec. ITU-T X.500 (10/2012) Introduction This Recommendation | International Standard together with other Recommendations | International Standards, has been produced
24、 to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as
25、the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals and distribution lists. The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of
26、technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: from different manufacturers; under different managements; of different levels of complexity; and of different ages. This Recommendation | International Standard introduces
27、 and models the concepts of the Directory and of the DIB and overviews the services and capabilities which they provide. Other Recommendations | International Standards make use of these models in defining the abstract service provided by the Directory, and in specifying the protocols through which
28、this service can be obtained or propagated. This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks, may be mandated for use
29、 in certain environments through profiles. This seventh edition technically revises and enhances, the sixth edition of this Recommendation | International Standard. This seventh edition specifies versions 1 and 2 of the Directory protocols. The first and second editions specified only version 1. Mos
30、t of the services and protocols specified in this edition are designed to function under version 1. However some enhanced services and protocols, e.g., signed errors, will not function unless all Directory entities involved in the operation have negotiated version 2. Whichever version has been negot
31、iated, differences between the services and between the protocols defined in the seven editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility defined in Rec. ITU-T X.519 | ISO/IEC 9594-5. Annex A, which is an integral part of this Recommendat
32、ion | International Standard, describes the types of use to which the Directory can be applied. Annex B, which is not an integral part of this Recommendation | International Standard, lists the amendments and defect reports that have been incorporated to form this edition of this Recommendation | In
33、ternational Standard. ISO/IEC 9594-1:2014 (E) Rec. ITU-T X.500 (10/2012) 1 INTERNATIONAL STANDARD ITU-T RECOMMENDATION Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services 1 Scope The Directory provides the directory capabilities required by OS
34、I applications, OSI management processes, other OSI layer entities, and telecommunications services. Among the capabilities which it provides are those of “user-friendly naming“, whereby objects can be referred to by names which are suitable for citing by human users (though not all objects need hav
35、e user-friendly names); and “name-to-address mapping“ which allows the binding between objects and their locations to be dynamic. The latter capability allows OSI networks, for example, to be “self-configuring“ in the sense that addition, removal and the changes of object location do not affect OSI
36、network operation. The Directory is not intended to be a general-purpose database system, although it may be built on such systems. It is assumed, for instance, that, as is typical with communications directories, there is a considerably higher frequency of “queries“ than of updates. The rate of upd
37、ates is expected to be governed by the dynamics of people and organizations, rather than, for example, the dynamics of networks. There is also no need for instantaneous global commitment of updates; transient conditions, where both old and new versions of the same information are available, are quit
38、e acceptable. It is a characteristic of the Directory that, except as a consequence of differing access rights or unpropagated updates, the results of directory queries will not be dependent on the identity or location of the inquirer. This characteristic renders the Directory unsuitable for some te
39、lecommunications applications, for example some types of routing. For cases where the results are dependent on the identity of the inquirer, access to directory information and updates of the Directory may be denied. 2 Normative references The following Recommendations and International Standards co
40、ntain provisions which, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendat
41、ion | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the
42、ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations | International Standards Recommendation ITU-T X.200 (1994) | ISO/IEC 7498-1:1994, Information technology Open Systems Interconnection Basic Reference Model: The basic model. Recommendation ITU-T X.501 (2012
43、) | ISO/IEC 9594-2:2014, Information technology Open Systems Interconnection The Directory: Models. Recommendation ITU-T X.509 (2012) | ISO/IEC 9594-8:2014, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. Recommendation ITU-T X.511
44、(2012) | ISO/IEC 9594-3:2014, Information technology Open Systems Interconnection The Directory: Abstract service definition. Recommendation ITU-T X.518 (2012) | ISO/IEC 9594-4:2014, Information technology Open Systems Interconnection The Directory: Procedures for distributed operation. Recommendati
45、on ITU-T X.519 (2012) | ISO/IEC 9594-5:2014, Information technology Open Systems Interconnection The Directory: Protocol specifications. Recommendation ITU-T X.520 (2012) | ISO/IEC 9594-6:2014, Information technology Open Systems Interconnection The Directory: Selected attribute types. Recommendatio
46、n ITU-T X.521 (2012) | ISO/IEC 9594-7:2014, Information technology Open Systems Interconnection The Directory: Selected object classes. Recommendation ITU-T X.525 (2012) | ISO/IEC 9594-9:2014, Information technology Open Systems Interconnection The Directory: Replication. ISO/IEC 9594-1:2014 (E) 2 R
47、ec. ITU-T X.500 (10/2012) 3 Definitions For the purposes of this Recommendation | International Standard, the following definitions apply. 3.1 Communication model definitions The following terms are defined in Rec. ITU-T X.519 | ISO/IEC 9594-5: a) application-entity; b) application layer; c) applica
48、tion process. 3.2 Directory model definitions The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2: a) access control; b) Administration Directory Management Domain; c) alias; d) ancestor; e) attribute; f) attribute type; g) attribute value; h) authentication; i) compound entry; j) c
49、ontext; k) Directory Information Tree (DIT); l) Directory Management Domain (DMD); m) Directory System Agent (DSA); n) Directory User Agent (DUA); o) distinguished name; p) entry; q) family (of entries); r) hierarchical group; s) LDAP client; t) LDAP requester; u) LDAP responder; v) LDAP server; w) name; x) object (of interest); y) Private Directory Management Domain; z) related entries; aa) relative distinguished name; bb) root; cc) schema; dd) secu
