1、 International Telecommunication Union ITU-T X.518TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2008) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Procedures for distributed operation ITU-T Recomme
2、ndation X.518 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.
3、180X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Laye
4、r Managed Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Ef
5、ficiency X.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management In
6、formation X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999
7、INFORMATION AND NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299 SECURE APPLICATIONS AND SERVICES X.1300X.1399 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. X.518 (11/2008) i INTERNATIONAL STANDARD ISO/I
8、EC 9594-4 ITU-T RECOMMENDATION X.518 Information technology Open Systems Interconnection The Directory: Procedures for distributed operation Summary ITU-T Recommendation X.518 | ISO/IEC 9594-4 specifies the procedures by which the distributed components of the Directory interwork in order to provide
9、 a consistent service to its users. Source ITU-T Recommendation X.518 was approved on 13 November 2008 by ITU-T Study Group 17 (2009-2012) under the ITU-T Recommendation A.8 procedure. An identical text is also published as ISO/IEC 9594-4. ii ITU-T Rec. X.518 (11/2008) FOREWORD The International Tel
10、ecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and
11、tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Rec
12、ommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recom
13、mendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperab
14、ility or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that com
15、pliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validi
16、ty or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be requir
17、ed to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced
18、, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. X.518 (11/2008) iii CONTENTS Page SECTION 1 GENERAL. 1 1 Scope . 1 2 Normative references 1 2.1 Identical Recommendations | International Standards . 1 2.2 Other references 2 3 Definitions 2 3.1 Communication Model De
19、finitions. 2 3.2 Basic Directory Definitions. 2 3.3 Directory Model Definitions 2 3.4 DSA Information Model definitions 2 3.5 Abstract Service definitions. 3 3.6 Directory replication definitions. 3 3.7 Distributed operation definitions 3 4 Abbreviations 5 SECTION 2 OVERVIEW 6 5 Conventions 5 6 Over
20、view 6 7 Distributed Directory System Model 7 8 DSA Interactions Model 7 8.1 Decomposition of a request. 8 8.2 Uni-chaining 8 8.3 Multi-chaining 9 8.4 Referral. 10 8.5 Mode determination. 10 SECTION 4 DSA ABSTRACT SERVICE 11 9 Overview of DSA Abstract Service 11 10 Information types . 11 10.1 Introd
21、uction . 11 10.2 Information types defined elsewhere. 11 10.3 Chaining Arguments 12 10.4 Chaining Results. 14 10.5 Operation Progress 15 10.6 Trace Information . 15 10.7 Reference Type. 16 10.8 Access point information 16 10.9 DIT Bridge knowledge. 17 10.10 Exclusions . 17 10.11 Continuation Referen
22、ce 18 11 Bind and Unbind 19 11.1 DSA Bind 19 11.2 DSA Unbind 19 12 Chained operations . 19 12.1 Chained operations 20 12.2 Chained Abandon operation 20 12.3 Chained operations and protocol version 21 13 Chained errors . 21 13.1 Introduction . 21 13.2 DSA Referral . 21 iv ITU-T Rec. X.518 (11/2008) P
23、age SECTION 5 DISTRIBUTED PROCEDURES. 22 14 Introduction. 22 14.1 Scope and Limits 22 14.2 Conformance 22 14.3 Conceptual model . 22 14.4 Individual and cooperative operation of DSAs 22 14.5 Cooperative agreements between DSAs. 23 15 Distributed Directory behaviour 23 15.1 Cooperative fulfilment of
24、operations. 23 15.2 Phases of operation processing. 23 15.3 Managing Distributed Operations. 24 15.4 Loop handling 25 15.5 Other considerations for distributed operation. 25 15.6 Authentication of Distributed Operations. 27 16 The Operation Dispatcher. 27 16.1 General Concepts 27 16.2 Procedures of
25、the Operation Dispatcher. 31 16.3 Overview of procedures 32 17 Request Validation procedure . 33 17.1 Introduction . 33 17.2 Procedure parameters. 34 17.3 Procedure definition 35 18 Name Resolution procedure 37 18.1 Introduction . 37 18.2 Find DSE procedure parameters. 37 18.3 Procedures. 38 19 Oper
26、ation evaluation . 48 19.1 Modification procedure 48 19.2 Single entry interrogation procedure . 54 19.3 Multiple entry interrogation procedure 54 20 Continuation Reference procedures 67 20.1 Chaining strategy in the presence of shadowing 67 20.2 Issuing chained subrequests to a remote DSA . 69 20.3
27、 Procedures parameters. 69 20.4 Definition of the procedures 70 20.5 Abandon procedure . 78 21 Results Merging procedure. 79 22 Procedures for distributed authentication. 81 22.1 Originator authentication 82 22.2 Results authentication 82 SECTION 6 KNOWLEDGE ADMINISTRATION. 83 23 Knowledge administr
28、ation overview 83 23.1 Maintenance of knowledge references. 83 23.2 Requesting cross reference 84 23.3 Knowledge inconsistencies . 85 23.4 Knowledge references and contexts 85 24 Hierarchical operational bindings. 86 24.1 Operational binding type characteristics 86 24.2 Operational binding informati
29、on object Class definition 88 24.3 DSA procedures for hierarchical operational binding management 89 24.4 Procedures for operations . 92 ITU-T Rec. X.518 (11/2008) v Page 24.5 Use of application contexts . 92 25 Non-specific hierarchical operational binding. 92 25.1 Operational binding type characte
30、ristics 93 25.2 Operational binding information object class definition 94 25.3 DSA procedures for non-specific hierarchical operational binding management 94 25.4 Procedures for operations . 96 25.5 Use of application contexts . 96 Annex A ASN.1 for Distributed Operations 97 Annex B Example of dist
31、ributed name resolution. 100 Annex C Distributed use of authentication 102 C.1 Summary. 102 C.2 Distributed protection model . 102 C.3 Signed chained operations. 102 C.4 Encrypted chained operations 104 C.5 Signed and encrypted distributed operations . 106 Annex D Specification of hierarchical and n
32、on-specific hierarchical operational binding types 108 Annex E Knowledge maintenance example 110 Annex F Amendments and corrigenda . 113 vi ITU-T Rec. X.518 (11/2008) Introduction This Recommendation | International Standard, together with other Recommendations | International Standards, has been pr
33、oduced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively kno
34、wn as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals and distribution lists. The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minim
35、um of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: from different manufacturers; under different managements; of different levels of complexity; and of different ages. This Recommendation | International Standard spec
36、ifies the procedures by which the distributed components of the Directory interwork in order to provide a consistent service to its users. This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be defined by other standards groups and industr
37、y forums. Many of the features defined as optional in these frameworks may be mandated for use in certain environments through profiles. This sixth edition technically revises and enhances, but does not replace, the fifth edition of this Recommendation | International Standard. Implementations may s
38、till claim conformance to the fifth edition. However, at some point, the fifth edition will not be supported (i.e., reported defects will no longer be resolved). It is recommended that implementations conform to this sixth edition as soon as possible. This sixth edition specifies versions 1 and 2 of
39、 the Directory protocols. The first and second editions specified only version 1. Most of the services and protocols specified in this edition are designed to function under version 1. However, some enhanced services and protocols, e.g., signed errors, will not function unless all Directory entities
40、 involved in the operation have negotiated version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in the six editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility defined in ITU-T
41、 Rec. X.519 | ISO/IEC 9594-5. Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for directory distributed operations. Annex B, which is not an integral part of this Recommendation | International Standard, describes an example of distribute
42、d name resolution. Annex C, which is not an integral part of this Recommendation | International Standard, describes authentication in the distributed operations environment. Annex D, which is an integral part of this Recommendation | International Standard, provides the definitions of the ASN.1 inf
43、ormation object classes introduced in this Directory Specification. Annex E, which is not an integral part of this Recommendation | International Standard, illustrates knowledge maintenance. Annex F, which is not an integral part of this Recommendation | International Standard, lists the amendments
44、and defect reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-4:2008 (E) ITU-T Rec. X.518 (11/2008) 1 INTERNATIONAL STANDARD ITU-T RECOMMENDATION Information technology Open Systems Interconnection The Directory: Procedures for dist
45、ributed operation SECTION 1 GENERAL 1 Scope This Recommendation | International Standard specifies the behaviour of DSAs taking part in the distributed Directory application. The allowed behaviour has been designed so as to ensure a consistent service given a wide distribution of the DIB across many
46、 DSAs. The Directory is not intended to be a general purpose database system, although it may be built on such systems. It is assumed that there is a considerably higher frequency of queries than of updates. 2 Normative references The following Recommendations and International Standards contain pro
47、visions which, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation | Int
48、ernational Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maint
49、ains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations | International Standards ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994, Information technology Open Systems Interconnection Basic Reference Model: The Basic Model. ITU-T Recommendation X.500 (2008) | ISO/IEC 9594-1:2008, Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services. ITU-T Recommendation X.501 (2008) | ISO/IEC 9594-2:2008, Information t
