1、INTERNATIONAL TELECOMMUNICATION UNION)45G134 : TELECOMMUNICATIONSTANDARDIZATION SECTOROF ITU-!.G13-!#().%G0G0,!.5!%).42/$5#4)/.G0G04/G0G04(%G0G030%#) tracing malicious calls; retrieving subscriber charging information; observing subscriber charging.3.1.2 Routing and digit analysis administration3.1.
2、2.1 Routing administration (see Recommendation Z.335) managing the routing data base; querying the routing data base.3.1.2.2 Digit analysis administration managing the digit analysis data; querying the digit analysis data base.3.1.3 Traffic administration3.1.3.1 Traffic measurements administration (
3、see Recommendations E.502 and Z.336) performing traffic measurements; scheduling the execution of traffic measurements and the output of results; managing measurements data; retrieving measurements data.3.1.3.2 Traffic analysis administration (see Recommendation E.502) inputting measured data; input
4、ting the identification and capacity information of the measurement object; managing traffic data records; managing the output of reports; managing analysis description data; supervising the control of the time-delay of the various analysis operations.3.1.4 Tariff and charging administration changin
5、g the tariff for a certain traffic destination; changing parameters for a charging rate; changing time for switching between day and night rate; reading accounting statistics (accounting between operating companies); changing the parameters involved in the accounting methods for traffic between diff
6、erent operatingcompanies; retrieving of charging information._1)Subscriber administration deals with both single-line and multi-line subscribers.Fascicle X.7 - Rec. Z.331 33.1.5 System control operation setting and reading of a calendar; administering output routing; administering files; administeri
7、ng man-machine terminal capabilities; administering the system (hardware/software) configuration.3.1.6 User-system access control administration (see Appendix I to Z.331) administering authority; retrieving authority information.3.1.7 Network management administration (see Recommendation Z.337) perf
8、orming measurements of network status and performance; performing network management actions; performing network management information distribution.3.2 Maintenance functions3.2.1 Maintenance of subscribers lines testing one subscribers line and associated equipment; testing a group of subscribers l
9、ines and associated equipment; measuring one subscribers line and associated equipment; measuring a group of subscribers lines and associated equipment; blocking or unblocking a subscribers line for maintenance purposes; observing or supervising of subscribers lines and equipment.3.2.2 Maintenance o
10、f circuits between exchanges and associated equipment (see Recommendation M.250) testing/measuring one circuit or a group of circuits and associated equipment; observing and supervising circuits and associated equipment; control the status of a circuit or a group of circuits and associated equipment
11、; analysing maintenance data; administering and controlling maintenance reports.3.2.3 Switching network maintenance making test calls; initiating a call trace; holding faulty connections; testing and measuring peripheral equipment (relay sets, signalling receivers and senders, etc.); testing and mea
12、suring switch units; reducing service for low priority subscribers; setting up a connection via a specific path through the network; supervising and measuring the quality of service of the switching network; localizing faults in the speech path network; providing access for traffic observation for m
13、aintenance purposes; reporting alarms; recording switch unit status.4 Fascicle X.7 - Rec. Z.3313.2.4 Control system maintenance reporting system status; reporting alarms; localizing faults; testing on a functional basis after repair; initiating periodic testing operations; changing system configurat
14、ion for maintenance purposes; checking consistency of data; initiating restart; setting traps for programme fault tracing; changing memory contents; memory dumping for maintenance purposes; controlling overload parameters; changing the criteria for the recognition of degradation of service; reducing
15、 service for low-priority subscribers.3.3 Installation functions2)3.3.1 SPC system installation3.3.1.1 SPC system hardware installationInstalling: network blocks; trunks; signalling equipment; test equipment; blocks of subscriber-circuits; interface equipment; control equipment; memory equipment; in
16、put/output devices.3.3.1.2 SPC system software installationInstalling: operational packages; test programmes; statistics programmes; programmes patches; signalling systems programmes; services, facilities programmes; system data.3.4 Acceptance testing functionsAcceptance testing functions include an
17、y additional functions beyond those presented above to aid theadministrations when testing a system to check its compliance with the Administrations specifications._2)Installation also covers the extensions or reductions of the system after it is placed into service.Fascicle X.7 - Rec. Z.331 5APPEND
18、IX I(to Recommendation Z.331)User-system access control administrationI.1 GeneralThis appendix has been developed in accordance to the methodology defined in Recommendations Z.332 andZ.333.The main part of this appendix deals with the model of User-System Access Control Administration. A glossaryof
19、the terms used is also included.The list of functions to be controlled and the list of jobs are contained in Annex A.For each function to be controlled by means of MML, one or more functions can be derived and each of themcan be described using the metalanguage defined in Recommendation Z.333 in ord
20、er to detail the relevant informationstructure.Annex B contains a list of MML functions and information structure diagrams associated to each of them to beused as guidelines.I.2 IntroductionUser-system access control (here and after access control) is provided within a system to restrict the inputal
21、lowed to be entered in order to prevent unauthorized system modification and or viewing of information.Access control is the system function which performs the control of the access to systems and their functions bythe users.Access control administration is defined as the administration of the acces
22、s rights of the users.This Recommendation mainly covers human beings as users.Machine to machine access control administration is not covered by this appendix.It is therefore recognized that this appendix will require further study within a wider scenario including thevarious aspects of access contr
23、ol (man-machine, machine-machine, etc.).I.3 Access control modelI.3.1 IntroductionAccess criteria are defined to be the attributes that characterize the access to the system.Permissions are defined to be the rights granted to the user.Authority is defined to be the relationship between the access cr
24、iteria and the permissions.The inputs submitted are accepted by the system, provided that the system has verified the authority to enterthem.I.3.2 ModelThe main attributes (see Figure I-1/Z.331) which have been adopted to identify access criteria and permissionsare the following (other attributes of
25、 the two categories can be adopted depending on the administrations needs):a) for access criteria user identity terminal identity time intervalb) for permissions command class command parameters system identity time interval6 Fascicle X.7 - Rec. Z.331Some of the attributes listed above may not be im
26、plemented according to administration requirements.In order to facilitate access control administration, groups may be formed in terms of single access controlattributes (e.g. group of user identities can form a maintenance group).An example of implementation is represented in Figure I-2/Z.331.Fasci
27、cle X.7 - Rec. Z.331 7AuthorityAccess criteria PermissionsUser identity Terminal identity Time interval System identity Command classCommandparametersUser 1 Terminal 1 Any Any Any AnyUser 1 Terminal 2 8-17 hMonday throughFridaySystem 1 Subscrib.Administr.Direct numb. :81 000-82 000User 2 Terminal 3
28、20-8 h System 1 JunctionmaintenanceJunction identity1A23 1800User 3 Any 8-17 h System 2 Subscrib.maintenanceDirect numb. :73 000-87 000Any Terminal 4 8-17 h Any Subscrib.administr.FIGURE I-2/Z331Example of applicationI.3.3 Attributes of access controlIn the following the meaning of the main attribut
29、es which are likely to be used in the access controladministration, is described.a) User identityThe user identity results from the identification procedure (see Recommendation Z.317) and uniquelyidentifies the user to the system.In the identification procedure usually the identity of the individual
30、 user is used.b) Terminal identityThe terminal identity is the identity of the I/O device as known to the system, via its hardware or logicalconnection.c) Time intervalThe access control may depend on the time when the input is entered and/or executed.d) Command classA command class can be either a
31、single command code (see Recommendation Z.315) or an identifiable setof command codes.8 Fascicle X.7 - Rec. Z.331e) System identitySystem identity is the identity of the system or an application in which the command is allowed to beperformed. In a centralized support system, individual systems conne
32、cted to it may have their own accesscontrol. Alternatively, centralized control may be used based on the identity of the system addressed.f) Command parametersAccess control may depend on a parameter (see Recommendation Z.315) or a combination of parameters.The control may be based on either the par
33、ameter name or the parameter name and its values.If a parameter is considered, it may be desirable to limit such use to major objects in the system relevant tospecific O the system is supposed to record the data and check their correctness; the operator is supposed to input all needed data; the comp
34、lexity of the job may be high depending on the amount of the data to be input; the frequency of the job is low.I.5.2.2 To delete a specific authority the purpose of the job is to delete all the data related to the specific authority; the system is supposed to delete the data related to the authority
35、, the operator is supposed to input the identity of the authority to be deleted; the complexity of the job is low; the frequency of the job is low.I.5.2.3 To interrogate the authority information the purpose of the job is to retrieve authority information; the system is supposed to output the reques
36、ted information on the selected device;Fascicle X.7 - Rec. Z.331 9 the operator is supposed to input the identity of the access control attributes; the complexity of the job is low; the frequency of the job is low.I.5.2.4 To activate/deactivate an authority the purpose of the job is to activate/deac
37、tive a specific authority previously created/changed; this job maybe implied in the creation/changing job; the system is supposed to activate/deactivate the authority; the operator is supposed to input the date and the time for the activation/deactivation and the identity of theauthority; the comple
38、xity of the job may be medium; the frequency of the job is low.I.6 Guidelines for the list of MML Functions and associated information structure diagramsI.6.1 IntroductionThis section contains guidelines for the list of MML functions and associated structure diagrams related to theaccess control adm
39、inistration model defined in 3 of this Recommendation.I.6.2 List of MML functionsThis list contains possible MML functions for the Access Control Administration.This list is not mandatory nor complete; it may vary according to administration needs, telecommunicationnetwork levels, regulatory needs, etc.I.6.2.1 Creation create authorityI.6.2.2 Changing change authorityI.6.2.3 Deletion delete authorityI.6.2.4 Interrogation interrogate authorityI.6.2.5 Activation/deactivate activate/deactivate authorityI.6.3 Information structure diagrams(To be developed.)
