1、 International Telecommunication Union ITU-T X.511TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2008) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Abstract service definition ITU-T Recommendation X
2、.511 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199
3、OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed
4、 Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X
5、.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Information
6、X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATIO
7、N AND NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299 SECURE APPLICATIONS AND SERVICES X.1300X.1399 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. X.511 (11/2008) i INTERNATIONAL STANDARD ISO/IEC 9594-3
8、ITU-T RECOMMENDATION X.511 Information technology Open Systems Interconnection The Directory: Abstract service definition Summary ITU-T Recommendation X.511 | ISO/IEC 9594-3 defines in an abstract way the externally visible service provided by the Directory, including bind and unbind operations, rea
9、d operations, search operations, modify operations and errors. Source ITU-T Recommendation X.511 was approved on 13 November 2008 by ITU-T Study Group 17 (2009-2012) under the ITU-T Recommendation A.8 procedure. An identical text is also published as ISO/IEC 9594-3. ii ITU-T Rec. X.511 (11/2008) FOR
10、EWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studyin
11、g technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups
12、which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO
13、and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions
14、(to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such word
15、s does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position conc
16、erning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by p
17、atents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this pu
18、blication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. X.511 (11/2008) iii CONTENTS Page 1 Scope . 1 2 Normative references 1 2.1 Identical Recommendations | International Standards . 1 2.2 Other references 2 3 Definitions 2 3.1 Basic Directory
19、definitions 2 3.2 Directory model definitions. 2 3.3 Directory information base definitions. 2 3.4 Directory entry definitions 2 3.5 Name definitions. 3 3.6 Distributed operations definitions. 3 3.7 Abstract service definitions . 3 4 Abbreviations 4 5 Conventions 4 6 Overview of the Directory servic
20、e 4 7 Information types and common procedures 5 7.1 Introduction . 5 7.2 Information types defined elsewhere. 5 7.3 Common arguments. 6 7.4 Common results 9 7.5 Service controls 9 7.6 Entry information selection . 12 7.7 Entry information 15 7.8 Filter 16 7.9 Paged results 19 7.10 Security parameter
21、s . 21 7.11 Common elements of procedure for access control. 22 7.12 Managing the DSA Information Tree 24 7.13 Procedures for families of entries . 25 8 Bind and Unbind operations . 26 8.1 Directory Bind 26 8.2 Directory Unbind 28 9 Directory Read operations 28 9.1 Read. 29 9.2 Compare . 31 9.3 Aban
22、don . 33 10 Directory Search operations 33 10.1 List. 33 10.2 Search. 37 11 Directory Modify operations. 47 11.1 Add Entry 47 11.2 Remove Entry 49 11.3 Modify Entry . 51 11.4 Modify DN 54 12 Errors. 56 12.1 Error precedence. 56 12.2 Abandoned 57 12.3 Abandon Failed 57 12.4 Attribute Error 58 12.5 Na
23、me Error 58 12.6 Referral. 59 iv ITU-T Rec. X.511 (11/2008) Page 12.7 Security Error. 60 12.8 Service Error 60 12.9 Update Error 62 13 Analysis of search arguments 63 13.1 General check of search filter 63 13.2 Check of request-attribute-profiles 65 13.3 Check of controls and hierarchy selections. 6
24、6 13.4 Check of matching use . 67 Annex A Abstract Service in ASN.1 68 Annex B Operational semantics for Basic Access Control . 79 Annex C Examples of searching families of entries 92 C.1 Single family example 92 C.2 Multiple families example. 93 Annex D External ASN.1 module . 96 Annex E Amendments
25、 and corrigenda. 100 ITU-T Rec. X.511 (11/2008) v Introduction This Recommendation | International Standard, together with the other Recommendations | International Standards, has been produced to facilitate the interconnection of information processing systems to provide directory services. A set o
26、f such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about
27、objects such as application entities, people, terminals, and distribution lists. The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of informatio
28、n processing systems: from different manufacturers; under different managements; of different levels of complexity; and of different ages. This Recommendation | International Standard defines the capabilities provided by the Directory to its users. This Recommendation | International Standard provid
29、es the foundation frameworks upon which industry profiles can be defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks, may be mandated for use in certain environments through profiles. This sixth edition technically revises and enhances,
30、 but does not replace, the fifth edition of this Recommendation | International Standard. Implementations may still claim conformance to the fifth edition. However, at some point, the fifth edition will not be supported (i.e., reported defects will no longer be resolved). It is recommended that impl
31、ementations conform to this sixth edition as soon as possible. This sixth edition specifies versions 1 and 2 of the Directory protocols. The first and second editions specified only version 1. Most of the services and protocols specified in this edition are designed to function under version 1. Howe
32、ver some enhanced services and protocols, e.g., signed errors, will not function unless all Directory entities involved in the operation have negotiated version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in the six editions, except fo
33、r those specifically assigned to version 2, are accommodated using the rules of extensibility defined in ITU-T Rec. X.519 | ISO/IEC 9594-5. Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the Directory abstract service. Annex B, which
34、 is not an integral part of this Recommendation | International Standard, provides charts that describe the semantics associated with Basic Access Control as it applies to the processing of a Directory operation. Annex C, which is not an integral part of this Recommendation | International Standard,
35、 gives examples of the use of families of entries. Annex D, which is not an integral part of this Recommendation | International Standard, includes an updated copy of an external ASN.1 module referenced by this Directory Specification. Annex E, which is not an integral part of this Recommendation |
36、International Standard, lists the amendments and defect reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-3:2008 (E) ITU-T Rec. X.511 (11/2008) 1 INTERNATIONAL STANDARD ITU-T RECOMMENDATION Information technology Open Systems Inter
37、connection The Directory: Abstract service definition 1 Scope This Recommendation | International Standard defines in an abstract way the externally visible service provided by the Directory. This Recommendation | International Standard does not specify individual implementations or products. 2 Norm
38、ative references The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards
39、 are subject to revision, and parties to agreements based on this Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid
40、International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations | International Standards ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994, Information technology Open Systems Interconnec
41、tion Basic Reference Model: The Basic Model. ITU-T Recommendation X.500 (2008) | ISO/IEC 9594-1:2008, Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services. ITU-T Recommendation X.501 (2008) | ISO/IEC 9594-2:2008, Information technology Open Sys
42、tems Interconnection The Directory: Models. ITU-T Recommendation X.509 (2008) | ISO/IEC 9594-8:2008, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.518 (2008) | ISO/IEC 9594-4:2008, Information technology Ope
43、n Systems Interconnection The Directory: Procedures for distributed operation. ITU-T Recommendation X.519 (2008) | ISO/IEC 9594-5:2008, Information technology Open Systems Interconnection The Directory: Protocol specifications. ITU-T Recommendation X.520 (2008) | ISO/IEC 9594-6:2008, Information tec
44、hnology Open Systems Interconnection The Directory: Selected attribute types. ITU-T Recommendation X.521 (2008) | ISO/IEC 9594-7:2008, Information technology Open Systems Interconnection The Directory: Selected object classes. ITU-T Recommendation X.525 (2008) | ISO/IEC 9594-9:2008, Information tech
45、nology Open Systems Interconnection The Directory: Replication. ITU-T Recommendation X.530 (2008) | ISO/IEC 9594-10:2008, Information technology Open Systems Interconnection The Directory: Use of systems management for administration of the Directory. ITU-T Recommendation X.680 (2008) | ISO/IEC 8824
46、-1:2008, Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation. ITU-T Recommendation X.681 (2008) | ISO/IEC 8824-2:2008, Information technology Abstract Syntax Notation One (ASN.1): Information object specification. ITU-T Recommendation X.682 (2008) | ISO/IEC 8
47、824-3:2008, Information technology Abstract Syntax Notation One (ASN.1): Constraint specification. ISO/IEC 9594-3:2008 (E) 2 ITU-T Rec. X.511 (11/2008) ITU-T Recommendation X.683 (2008) | ISO/IEC 8824-4:2008, Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 spec
48、ifications. 2.2 Other references IETF RFC 2025 (1996), The Simple Public-Key GSS-API Mechanism (SPKM). IETF RFC 4422 (2006), Simple Authentication and Security Layer (SASL). 3 Definitions For the purposes of this Recommendation | International Standard, the following definitions apply. 3.1 Basic Dir
49、ectory definitions The following terms are defined in ITU-T Rec. X.500 | ISO/IEC 9594-1: a) Directory; b) Directory Information Base; c) (Directory) User. 3.2 Directory model definitions The following terms are defined in ITU-T Rec. X.501 | ISO/IEC 9594-2: a) Directory System Agent; b) Directory User Agent. 3.3 Directory information base definitions The following terms are defined in ITU-T Rec. X.501 | ISO/IEC 9594-2: a) alias entry; b) Direct
