1、 International Telecommunication Union ITU-T X.501TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Corrigendum 2(04/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Models Technical Corrigendum 2 Recomm
2、endation ITU-T X.501 (2008) Technical Corrigendum 2 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.1
3、50X.179 Administrative arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.
4、269 Security Protocols X.270X.279 Layer Managed Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599OSI NETWORKING AND SY
5、STEM ASPECTS Networking X.600X.629 Efficiency X.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems management framework and architecture X.700X.709 Management communication service and protocol
6、X.710X.719 Structure of management information X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, concurrency and recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OP
7、EN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299 SECURE APPLICATIONS AND SERVICES X.1300X.1399 CYBERSECURITY INFORMATION EXCHANGE X.1500X.1599 For further details, please refer to the lis
8、t of ITU-T Recommendations. Rec. ITU-T X.501 (2008)/Cor.2 (04/2012) i INTERNATIONAL STANDARD ISO/IEC 9594-2 RECOMMENDATION ITU-T X.501 Information technology Open Systems Interconnection The Directory: Models Technical Corrigendum 2 History Edition Recommendation Approval Study Group 1.0 ITU-T X.501
9、 1988-11-25 2.0 ITU-T X.501 1993-11-16 7 3.0 ITU-T X.501 1997-08-09 7 3.1 ITU-T X.501 (1997) Technical Cor. 1 2000-03-31 7 3.2 ITU-T X.501 (1997) Amd. 1 2000-03-31 7 3.3 ITU-T X.501 (1997) Technical Cor. 2 2001-02-02 7 3.4 ITU-T X.501 (1997) Technical Cor. 3 2005-05-14 17 4.0 ITU-T X.501 2001-02-02
10、7 4.1 ITU-T X.501 (2001) Technical Cor. 1 2005-05-14 17 4.2 ITU-T X.501 (2001) Technical Cor. 2 2005-11-29 17 4.3 ITU-T X.501 (2001) Cor. 3 2008-05-29 17 5.0 ITU-T X.501 2005-08-29 17 5.1 ITU-T X.501 (2005) Cor. 1 2008-05-29 17 5.2 ITU-T X.501 (2005) Cor. 2 2008-11-13 17 5.3 ITU-T X.501 (2005) Cor.
11、3 2011-02-13 17 5.4 ITU-T X.501 (2005) Cor. 4 2012-04-13 17 6.0 ITU-T X.501 2008-11-13 17 6.1 ITU-T X.501 (2008) Cor. 1 2011-02-13 17 6.2 ITU-T X.501 (2008) Cor. 2 2012-04-13 17 ii Rec. ITU-T X.501 (2008)/Cor.2 (04/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations
12、specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on t
13、hem with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU
14、-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is use
15、d for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the
16、 Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of
17、any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Pro
18、perty Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, i
19、mplementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior wr
20、itten permission of ITU. ISO/IEC 9594-2:2008/Cor.2:2012 (E) Rec. ITU-T X.501 (2008)/Cor.2 (04/2012) 1 INTERNATIONAL STANDARD RECOMMENDATION ITU-T Information technology Open Systems Interconnection The Directory: Models Technical Corrigendum 2 (covering resolution to defect reports 357, 359, 360, 36
21、1, 363, 370 and 371) 1) Correction of the defects reported in defect report 357 In clause 13.7.6 and Annex B replace the STRUCTURE-RULE information object with: STRUCTURE-RULE := CLASS , if it applies to any attribute type the object identifier or any attribute type (id-oa-allAttributeTypes) may be
22、used (defined in Annex B); In Annex B add to the end of the allocation of object identifiers for operational attributes: id-oa-allAttributeTypes OBJECT IDENTIFIER := id-oa 48 6) Correction of the defects reported in defect report 370 In clause 22.5 just before the note, add a new paragraph: The subo
23、rdinate references making up the root naming context are conceptually placed in DSA specific entries (DSEs) immediately subordinate to the root DSE (see 24.2). The DSE type shall be subr. 7) Correction of the defects reported in defect report 371 In clause 27.3.3, change the OP-BIND-ROLE information
24、 object class as shown: OP-BIND-ROLE := CLASS &establish BOOLEAN DEFAULT FALSE, &EstablishParam OPTIONAL, &modify BOOLEAN DEFAULT FALSE, &ModifyParam OPTIONAL, &terminate BOOLEAN DEFAULT FALSE, &TerminateParam OPTIONAL WITH SYNTAX ESTABLISHMENT-INITIATOR &establish ESTABLISHMENT-PARAMETER &Establish
25、Param MODIFICATION-INITIATOR &modify MODIFICATION-PARAMETER &ModifyParam TERMINATION-INITIATOR &terminate TERMINATION-PARAMETER &TerminateParam Also, change item b) as shown: b) The ESTABLISHMENT-PARAMETER field defines the ASN.1 type for the parameters exchanged by a DSA assuming the defined role w
26、hen an instance of the operational binding type is established. If no parameters are to be exchanged, then the NULL ASN.1 type shall be specified. Replace clauses 28.2, 28.3 and 28.4 with: 28.2 Establish Operational Binding operation 28.2.1 Establish Operational Binding syntax The Establish Operatio
27、nal Binding operation allows establishment of an operational binding instance of a predefined type between two DSAs. This is achieved through the transfer of the establishment parameters and the terms of agreement which were defined in the definition of the operational binding type. The arguments of
28、 the operation may be signed (see 17.3) by the requestor. If the target component of the SecurityParameters (see 7.10 of Rec. ITU-T X.511 | ISO/IEC 9594-3) in the request is set to signed and a result is to be returned, the result may be signed. Otherwise, the result shall not be signed. ISO/IEC 959
29、4-2:2008/Cor.2:2012 (E) Rec. ITU-T X.501 (2008)/Cor.2 (04/2012) 3 In the case of a symmetrical operational binding, either of the two DSAs may take the initiative to establish an operational binding instance of the predefined type. In the case of an asymmetrical operational binding, just one of the
30、roles are designated to initiate the establishment of an operational binding or either of the two DSAs may take the initiative depending on the definition of the operational binding type. establishOperationalBinding OPERATION := ARGUMENT EstablishOperationalBindingArgument RESULT EstablishOperationa
31、lBindingResult ERRORS operationalBindingError | securityError CODE id-op-establishOperationalBinding EstablishOperationalBindingArgument := OPTIONALLY-PROTECTED-SEQ EstablishOperationalBindingArgumentData EstablishOperationalBindingArgumentData := SEQUENCE bindingType 0 OPERATIONAL-BINDING.&id(OpBin
32、dingSet), bindingID 1 OperationalBindingID OPTIONAL, accessPoint 2 AccessPoint, - symmetric, Role A initiates, or Role B initiates initiator CHOICE symmetric 3 OPERATIONAL-BINDING.&both.&EstablishParam (OpBindingSetbindingType), roleA-initiates 4 OPERATIONAL-BINDING.&roleA.&EstablishParam (OpBinding
33、SetbindingType), roleB-initiates 5 OPERATIONAL-BINDING.&roleB.&EstablishParam (OpBindingSetbindingType), agreement 6 OPERATIONAL-BINDING.&Agreement (OpBindingSetbindingType), valid 7 Validity DEFAULT , securityParameters 8 SecurityParameters OPTIONAL OpBindingSet OPERATIONAL-BINDING := shadowOperati
34、onalBinding | hierarchicalOperationalBinding | nonSpecificHierarchicalOperationalBinding OperationalBindingID := SEQUENCE identifier INTEGER, version INTEGER Validity := SEQUENCE validFrom 0 CHOICE now 0 NULL, time 1 Time DEFAULT now:NULL, validUntil 1 CHOICE explicitTermination 0 NULL, time 1 Time
35、DEFAULT explicitTermination:NULL Time := CHOICE utcTime UTCTime, generalizedTime GeneralizedTime EstablishOperationalBindingResult := OPTIONALLY-PROTECTED-SEQ EstablishOperationalBindingResultData EstablishOperationalBindingResultData := SEQUENCE bindingType 0 OPERATIONAL-BINDING.&id(OpBindingSet),
36、bindingID 1 OperationalBindingID OPTIONAL, accessPoint 2 AccessPoint, - symmetric, Role A replies, or Role B replies initiator CHOICE symmetric 3 OPERATIONAL-BINDING.&both.&EstablishParam (OpBindingSetbindingType), roleA-replies 4 OPERATIONAL-BINDING.&roleA.&EstablishParam ISO/IEC 9594-2:2008/Cor.2:
37、2012 (E) 4 Rec. ITU-T X.501 (2008)/Cor.2 (04/2012) (OpBindingSetbindingType), roleB-replies 5 OPERATIONAL-BINDING.&roleB.&EstablishParam (OpBindingSetbindingType) OPTIONAL, COMPONENTS OF CommonResultsSeq 28.2.2 Establish Operational Binding arguments The bindingType component shall specify which typ
38、e of operational binding is to be established. An operational binding type is defined by an instance of the OPERATIONAL-BINDING information object class which assigns an object identifier value to the operational binding type. If the receiver does not recognize or support the operational binding typ
39、e, it shall return an operationalBindingError with problem unsupportedBindingType. The bindingID component, when present, shall hold an identification of the new operational binding instance. If the bindingID is absent within the operation argument, the responding DSA shall assign an ID to the opera
40、tional binding instance and return it in the bindingID component of the EstablishOperationalBindingResult data type. In either case, when establishing an operational binding, both the identifier and version components of the OperationalBindingID value shall be assigned and issued by the DSA making t
41、he assignment. The identifier component of the OperationalBindingID data type shall be unique for all operational bindings between any two DSAs. However, the DSA not making the assignment shall accept an identifier component that is only unique within a specific operational binding type. If the iden
42、tifier component specifies an identifier already in use for the particular binding type, the responding DSA shall return an operationalBindingError with problem duplicateID. NOTE A pre-edition 5 system may not follow the above rule for assigning identities. The accessPoint component shall specify th
43、e access point of the initiator for subsequent interactions. The initiator component shall specify the role the DSA issuing the Establish Operational Binding operation assumes. The semantics of the roles are defined as part of the definition of the operational binding type. It is a choice of three a
44、lternatives: The symmetric alternative shall be taken, if the type of operational binding requires identical roles for the two DSAs. The establishment parameter for the initiating DSA is determined by the OP-BIND-ROLE associated with the SYMMETRIC field of the instance of OPERATIONAL-BINDING informa
45、tion object class. If this alternative is chosen in the request, but the operational binding type specifies asymmetric roles, then the responding DSA shall return an operationalBindingError with problem notAllowedForRole. The roleA-initiates alternative may be taken if both roles may be the initiato
46、r of an asymmetric operational binding and it shall be taken when only the initiating DSA may take ROLE-A. The establishment parameter for the initiating DSA is determined by the OP-BIND-ROLE associated with ROLE-A field of the instance of OPERATIONAL-BINDING information object class. If the DSA in
47、ROLE-A is not allowed to initiate the operational binding, the responding DSA shall return an operationalBindingError with problem notAllowedForRole. If the responding system does not accept the role allocation, it shall return an operationalBindingError with problem roleAssignment. The roleB-initia
48、tes alternative may be taken if both roles may be the initiator of an asymmetric operational binding and it shall be taken when only the initiating DSA may take ROLE-B. The establishment parameter for the initiating DSA is determined by the OP-BIND-ROLE associated with ROLE-B field of the instance of OPERATIONAL-BINDING information object class. If the DSA in ROLE-B is not allowed to initiate the operational binding, the responding DSA shall return an operationalBindingError with problem notAllowedForRole. If the respo
