1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.519 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2016) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Protocol specific
2、ations Recommendation ITU-T X.519 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administra
3、tive arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Proto
4、cols X.270X.279 Layer Managed Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Netw
5、orking X.600X.629 Efficiency X.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems management framework and architecture X.700X.709 Management communication service and protocol X.710X.719 Struct
6、ure of management information X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, concurrency and recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PR
7、OCESSING X.900X.999 INFORMATION AND NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299 SECURE APPLICATIONS AND SERVICES X.1300X.1399 CYBERSECURITY INFORMATION EXCHANGE X.1500X.1599 CLOUD COMPUTING SECURITY X.1600X.1699 For further details, pl
8、ease refer to the list of ITU-T Recommendations. Rec. ITU-T X.519 (10/2016) i INTERNATIONAL STANDARD ISO/IEC 9594-5 RECOMMENDATION ITU-T X.519 Information technology Open Systems Interconnection The Directory: Protocol specifications Summary Recommendation ITU-T X.519 | ISO/IEC 9594-5 specifies the
9、Directory Access Protocol, the Directory System Protocol, the Directory Information Shadowing Protocol and the Directory Operational Binding Management Protocol which fulfil the abstract services specified in Recommendation ITU-T X.501 | ISO/IEC 9594-2, Recommendation ITU-T X.511 | ISO/IEC 9594-3, R
10、ecommendation ITU-T X.518 | ISO/IEC 9594-4 and Recommendation ITU-T X.525 | ISO/IEC 9594-9. It includes specifications for supporting underlying protocols to reduce the dependency on external specifications. The protocols may be encoded using all standard ASN.1 encoding rules. History Edition Recomm
11、endation Approval Study Group Unique ID* 1.0 ITU-T X.519 1988-11-25 11.1002/1000/3007 2.0 ITU-T X.519 1993-11-16 7 11.1002/1000/3008 3.0 ITU-T X.519 1997-08-09 7 11.1002/1000/4126 3.1 ITU-T X.519 (1997) Technical Cor. 1 2000-03-31 7 11.1002/1000/5040 3.2 ITU-T X.519 (1997) Amd. 1 2000-03-31 7 11.100
12、2/1000/5039 3.3 ITU-T X.519 (1997) Technical Cor. 2 2001-02-02 7 11.1002/1000/5319 4.0 ITU-T X.519 2001-02-02 7 11.1002/1000/5321 4.1 ITU-T X.519 (2001) Cor. 1 2008-05-29 17 11.1002/1000/9437 5.0 ITU-T X.519 2005-08-29 17 11.1002/1000/8507 5.1 ITU-T X.519 (2005) Cor. 1 2008-05-29 17 11.1002/1000/943
13、8 5.2 ITU-T X.519 (2005) Cor. 2 2011-02-13 17 11.1002/1000/11048 5.3 ITU-T X.519 (2005) Cor. 3 2012-04-13 17 11.1002/1000/11588 6.0 ITU-T X.519 2008-11-13 17 11.1002/1000/9597 6.1 ITU-T X.519 (2008) Cor. 1 2011-02-13 17 11.1002/1000/11049 6.2 ITU-T X.519 (2008) Cor. 2 2012-04-13 17 11.1002/1000/1158
14、9 7.0 ITU-T X.519 2012-10-14 17 11.1002/1000/11741 8.0 ITU-T X.519 2016-10-14 17 11.1002/1000/13035 Keywords Attribute, chaining, directory, directory information tree, directory system agent, directory user agent, distinguished name, referral. _ * To access the Recommendation, type the URL http:/ha
15、ndle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.519 (10/2016) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of
16、telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing te
17、lecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by th
18、e procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both
19、a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when al
20、l of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RI
21、GHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by IT
22、U members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this
23、may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T
24、X.519 (10/2016) iii CONTENTS Page 1 Scope 1 2 References 1 2.1 Normative references 1 2.2 Non-normative references . 2 3 Definitions 2 3.1 Basic Directory definitions 2 3.2 Distributed Operation Definitions . 3 3.3 Protocol specification definitions 3 4 Abbreviations . 4 5 Conventions 4 6 Common pro
25、tocol specification 5 6.1 Directory associations and operations . 5 6.2 Specification for Directory operations 6 6.3 Directory protocol overview . 7 6.4 Operation codes . 8 6.5 Error codes 8 6.6 Abstract syntaxes 9 7 Directory protocols using the OSI stack . 9 7.1 OSI-PDUs . 9 7.2 Directory PDU stru
26、cture 9 7.3 Session PDUs 10 7.4 OSI addressing 11 7.5 Procedure and sequencing . 11 7.6 Directory PDU specifications 11 8 Directory protocol mapping onto OSI services 26 8.1 Abstract syntaxes and transfer syntaxes 26 8.2 Application-context . 26 8.3 Session Layer specification . 28 8.4 Use of transp
27、ort service . 34 8.5 OSI Transport Layer on top of TCP 34 9 IDM protocol 48 9.1 IDM-PDUs 48 9.2 Sequencing requirements 50 9.3 Protocols 51 9.4 Reject reasons 51 9.5 Abort reasons 52 9.6 Mapping onto TCP/IP . 52 9.7 Addressing 53 9.8 Use of TLS 53 10 Directory protocol mapping onto the IDM protocol
28、. 54 10.1 DAP-IP protocol 54 10.2 DSP-IP protocol 54 10.3 DISP-IP protocol . 55 10.4 DOP-IP protocol 55 11 Protocol stack coexistence 55 11.1 Coexistence between OSI and IDM stacks . 55 11.2 Coexistence in the presence of LDAP . 56 11.3 Defining network addresses for Internet Protocol, version 4 sup
29、port . 56 11.4 Definition of NSAP-like address for long addressing information . 57 12 Versions and the rules for extensibility 57 12.1 Use of extension markers 57 iv Rec. ITU-T X.519 (10/2016) Page 12.2 DUA to DSA . 58 12.3 DSA to DSA 58 12.4 Rules of extensibility for NSAP addresses 59 12.5 Rules
30、of extensibility for object classes 60 12.6 Rules of extensibility for user attribute types 60 13 Conformance 60 13.1 Conformance by DUAs . 60 13.2 Conformance by DSAs 61 13.3 Conformance by a shadow supplier 64 13.4 Conformance by a shadow consumer 65 Annex A Common protocol specifications in ASN.1
31、 . 66 Annex B OSI Protocol in ASN.1 68 Annex C Directory OSI Protocols in ASN.1 74 Annex D IDM Protocol in ASN.1 77 Annex E Directory IDM Protocols in ASN.1 . 80 Annex F Directory operational binding types . 82 Annex G Amendments and corrigenda . 83 Rec. ITU-T X.519 (10/2016) v Introduction This Rec
32、ommendation | International Standard, together with other Recommendations | International Standards, has been produced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they hold, can
33、 be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals and distribution li
34、sts. The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: from different manufacturers; under different manageme
35、nts; of different levels of complexity; and of different ages. This Recommendation | International Standard specifies the application service elements and application contexts for two protocols the Directory Access Protocol (DAP) and the Directory System Protocol (DSP). The DAP provides for access t
36、o the Directory to retrieve or modify Directory information. The DSP provides for the chaining of requests to retrieve or modify Directory information to other parts of the distributed Directory System where the information may be held. In addition, this Recommendation | International Standard speci
37、fies the application service elements and application contexts for the Directory Information Shadowing Protocol (DISP) and the Directory Operational Binding Management Protocol (DOP). The DISP provides for the shadowing of information held in one DSA to another DSA. The DOP provides for the establis
38、hment, modification and termination of bindings between pairs of DSAs for the administration of relationships between the DSAs (such as for shadowing or hierarchical relationships). This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be de
39、fined by other standards groups and industry forums. Many of the features defined as optional in these frameworks may be mandated for use in certain environments through profiles. This eighth edition technically revises and enhances the seventh edition of this Recommendation | International Standard
40、. This eighth edition specifies versions 1 and 2 of the Directory protocols. The first and second editions specified only version 1. Most of the services and protocols specified in this edition are designed to function under version 1. However some enhanced services and protocols, e.g., signed error
41、s, will not function unless all Directory entities involved in the operation have negotiated version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in the eight editions, except for those specifically assigned to version 2, are accommodat
42、ed using the rules of extensibility defined in this edition of Rec. ITU-T X.519 | ISO/IEC 9594-5. Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the common specifications for the Directory protocols. Annex B, which is an integral par
43、t of this Recommendation | International Standard, provides the ASN.1 module for the OSI protocol specification. Annex C, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the Directory OSI protocols. Annex D, which is an integral part of this R
44、ecommendation | International Standard, provides the ASN.1 module for the IDM protocol specification. Annex E, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the Directory IDM protocols. Annex F, which is an integral part of this Recommendati
45、on | International Standard, provides the ASN.1 module which contains all the ASN.1 object identifiers assigned to identify operational binding types in this series of Recommendations | International Standards. Annex G, which is not an integral part of this Recommendation | International Standard, l
46、ists the amendments and defect reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-5:2017 (E) Rec. ITU-T X.519 (10/2016) 1 INTERNATIONAL STANDARD RECOMMENDATION ITU-T Information technology Open Systems Interconnection The Directory:
47、 Protocol specifications 1 Scope This Recommendation | International Standard specifies the Directory Access Protocol, the Directory System Protocol, the Directory Information Shadowing Protocol, and the Directory Operational Binding Management Protocol which fulfil the abstract services specified i
48、n Rec. ITU-T X.511 | ISO/IEC 9594-3, Rec. ITU-T X.518 | ISO/IEC 9594-4, Rec. ITU-T X.525 | ISO/IEC 9594-9, and Rec. ITU-T X.501 | ISO/IEC 9594-2. 2 References 2.1 Normative references The following Recommendations and International Standards contain provisions which, through reference in this text,
49、constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of curr
