1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.520 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2016) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Selected attribut
2、e types Recommendation ITU-T X.520 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administr
3、ative arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Prot
4、ocols X.270X.279 Layer Managed Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Net
5、working X.600X.629 Efficiency X.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems management framework and architecture X.700X.709 Management communication service and protocol X.710X.719 Struc
6、ture of management information X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, concurrency and recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED P
7、ROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299 SECURE APPLICATIONS AND SERVICES X.1300X.1399 CYBERSECURITY INFORMATION EXCHANGE X.1500X.1599 CLOUD COMPUTING SECURITY X.1600X.1699 For further details, p
8、lease refer to the list of ITU-T Recommendations. Rec. ITU-T X.520 (10/2016) i INTERNATIONAL STANDARD ISO/IEC 9594-6 RECOMMENDATION ITU-T X.520 Information technology Open Systems Interconnection The Directory: Selected attribute types Summary Recommendation ITU-T X.520 | ISO/IEC 9594-6 defines a nu
9、mber of attribute types and matching rules which may be found useful across a range of applications of the Directory. One particular use for many of the attributes defined is in the formation of names, particularly for the classes of objects defined in Rec. ITU-T X.521 | ISO/IEC 9594-7. Other attrib
10、utes types, called notification attributes, provide diagnostic information. This Recommendation | International Standard defines context types which supply characteristics associated with attribute values. It also includes definitions for LDAP syntaxes relevant for attribute types and matching rules
11、. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.520 1988-11-25 11.1002/1000/3010 2.0 ITU-T X.520 1993-11-16 7 11.1002/1000/3011 3.0 ITU-T X.520 1997-08-09 7 11.1002/1000/4127 3.1 ITU-T X.520 (1997) Technical Cor. 1 2000-03-31 7 11.1002/1000/5042 3.2 ITU-T X.520 (1997) Am
12、d. 1 2000-03-31 7 11.1002/1000/5041 3.3 ITU-T X.520 (1997) Technical Cor. 2 2001-02-02 7 11.1002/1000/5322 3.4 ITU-T X.520 (1997) Technical Cor. 3 2002-04-13 17 11.1002/1000/6027 4.0 ITU-T X.520 2001-02-02 7 11.1002/1000/5324 4.1 ITU-T X.520 (2001) Technical Cor. 1 2002-04-13 17 11.1002/1000/6028 4.
13、2 ITU-T X.520 (2001) Technical Cor. 2 2005-11-29 17 11.1002/1000/8636 4.3 ITU-T X.520 (2001) Cor. 3 2008-05-29 17 11.1002/1000/9439 5.0 ITU-T X.520 2005-08-29 17 11.1002/1000/8508 5.1 ITU-T X.520 (2005) Cor. 1 2008-05-29 17 11.1002/1000/9440 5.2 ITU-T X.520 (2005) Cor. 2 2008-11-13 17 11.1002/1000/9
14、628 5.3 ITU-T X.520 (2005) Cor. 3 2011-02-13 17 11.1002/1000/11050 5.4 ITU-T X.520 (2005) Cor. 4 2012-04-13 17 11.1002/1000/11590 6.0 ITU-T X.520 2008-11-13 17 11.1002/1000/9598 6.1 ITU-T X.520 (2008) Cor. 1 2011-02-13 17 11.1002/1000/11051 6.2 ITU-T X.520 (2008) Cor. 2 2012-04-13 17 11.1002/1000/11
15、591 6.3 ITU-T X.520 (2008) Cor. 3 2012-10-14 17 11.1002/1000/11742 7.0 ITU-T X.520 2012-10-14 17 11.1002/1000/11743 7.1 ITU-T X.520 (2012) Cor. 1 2014-11-13 17 11.1002/1000/12350 8.0 ITU-T X.520 2016-10-14 17 11.1002/1000/13036 Keywords Attribute, attribute type, context, directory, directory system
16、 agent, directory user agent, distinguished name, matching rule. _ * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.520 (10/
17、2016) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible fo
18、r studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T stud
19、y groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis
20、with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory pr
21、ovisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use o
22、f such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no pos
23、ition concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, prot
24、ected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part
25、of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.520 (10/2016) iii CONTENTS Page 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations | International Standards 1 2.2 Other references 2 2.3 ISO/IEC Standards 3 3 Defi
26、nitions 3 4 Abbreviations . 3 5 Conventions 3 6 Definition of selected attribute types 5 6.1 System attribute types . 5 6.2 Labelling attribute types 5 6.3 Geographical attribute types 9 6.4 Organizational attribute types . 11 6.5 Explanatory attribute types 12 6.6 Postal addressing attribute types
27、. 14 6.7 Telecommunications addressing attribute types 16 6.8 Preferences attribute types 19 6.9 OSI application attribute types 20 6.10 Relational attribute types . 20 6.11 Domain attribute types 22 6.12 Hierarchical attribute types . 22 6.13 Attributes for applications using tag-based identificati
28、on . 23 6.14 Simple Authentication attributes held by object entries 26 6.15 Password policy attributes . 29 6.16 Notification attributes 33 6.17 LDAP defined attribute types 37 7 String preparation . 39 7.1 Transcode 39 7.2 Map . 39 7.3 Normalize 39 7.4 Prohibit 39 7.5 Check bidi . 40 7.6 Insignifi
29、cant Character Removal . 40 8 Definition of matching rules . 40 8.1 String matching rules 40 8.2 Syntax-based matching rules . 43 8.3 Time matching rules 46 8.4 First component matching rules 47 8.5 Word matching rules . 48 8.6 Approximate Matching Rules . 51 8.7 Special Matching Rules . 51 8.8 Zona
30、l Match 51 8.9 Identity matching rules 54 8.10 Password policy matching rules 55 8.11 LDAP defined matching rules . 56 9 Definition of syntaxes. 57 9.1 Directory syntaxes . 57 9.2 IETF syntaxes 58 10 Definition of Context Types . 64 10.1 Language Context . 64 10.2 Temporal Context 64 iv Rec. ITU-T X
31、.520 (10/2016) Page 10.3 Locale Context 68 10.4 LDAP Attribute Option Context . 68 Annex A Selected attribute types in ASN.1 69 Annex B Attribute types for password policy in ASN.1 . 99 Annex C Upper bounds 105 Annex D Alphabetical index of attributes, matching rules and contexts 106 Annex E Example
32、s for zonal match matching rules . 108 Annex F Mapping Object Identifiers and Uniform Resource Names into Distinguished Names . 110 F.1 Scope of this annex . 110 F.2 Object identifier resolution 110 F.3 Uniform Resource Name (URN) resolution 111 Annex G Object identifier based Directory names . 114
33、G.1 Scope of this annex . 114 G.2 Transformation of object identifiers into Directory names . 114 G.3 The use of object-identifier-based Directory names 114 Annex H Amendments and corrigenda . 116 Rec. ITU-T X.520 (10/2016) v Introduction This Recommendation | International Standard, together with o
34、ther Recommendations | International Standards, has been produced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directo
35、ry. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals, and distribution lists. The Directory plays a significant role in Open
36、Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: from different manufacturers; under different managements; of different levels of complexity; and of diffe
37、rent ages. This Recommendation | International Standard defines a number of attribute types which may be found useful across a range of applications of the Directory, as well as a number of standard attribute syntaxes and matching rules. One particular use for many of the attributes defined herein i
38、s in the formation of names, particularly for the classes of objects defined in Rec. ITU-T X.521 | ISO/IEC 9594-7. This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be defined by other standards groups and industry forums. Many of the fe
39、atures defined as optional in these frameworks may be mandated for use in certain environments through profiles. This eighth edition technically revises and enhances the seventh edition of this Recommendation | International Standard. This eighth edition specifies versions 1 and 2 of the Directory p
40、rotocols. The first and second editions specified only version 1. Most of the services and protocols specified in this edition are designed to function under version 1. However some enhanced services and protocols, e.g., signed errors, will not function unless all Directory entities involved in the
41、operation have negotiated version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in the eight editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility defined in Rec. ITU-T X.519 | I
42、SO/IEC 9594-5. Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 notation for the complete module which defines the attributes, attribute syntaxes and matching rules. Annex C, which is not an integral part of this Recommendation | International St
43、andard, provides a table of attribute types, for easy reference. Annex D, which is not an integral part of this Recommendation | International Standard, provides an example of upper bounds value constraints. These constraints are not reflected in these Directory Specifications, but are provided as a
44、 reference for those implementations applying these constraints. Annex E, which is not an integral part of this Recommendation | International Standard, lists alphabetically the attributes and matching rules defined in this Directory Specification. Annex F, which is not an integral part of this Reco
45、mmendation | International Standard, gives examples relevant to the definition of zonal matching. Annex G, which is not an integral part of this Recommendation | International Standard, describes how a directory distinguished name may be based on object identifiers and on Uniform Resource Names (URN
46、s). Annex H, which is not an integral part of this Recommendation | International Standard, describes an alternative way of generating directory distinguished based on object identifiers. It contains information retrieved from Rec. ITU-T X.660 | ISO/IEC 9834-1. Annex I, which is not an integral part
47、 of this Recommendation | International Standard, lists the amendments and defect reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-6:2017 (E) Rec. ITU-T X.520 (10/2016) 1 INTERNATIONAL STANDARD ITU-T RECOMMENDATION Information tec
48、hnology Open Systems Interconnection The Directory: Selected attribute types SECTION 1 GENERAL 1 Scope This Recommendation | International Standard defines a number of attribute types and matching rules which may be found useful across a range of applications of the Directory. Attribute types and ma
49、tching rules fall into three categories, as described below. Some attribute types and matching rules are used by a wide variety of applications or are understood and/or used by the Directory itself. NOTE 1 It is recommended that an attribute type or matching rule defined in this Recommendation | International Standard be used, in preference to the generation of a new one, whenever it is appropriate for the application. NOTE 2 The attribute and context
