KS X ISO IEC 10181-3-2002 Information technology－Open Systems Interconnection－Security frameworks for open systems：Access control framework 《信息技术 开放式系统互连 开放系统的安全框架 入口控制框架》.pdf

1、 KS X ISO/IEC 10181-3 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS ： KS X ISO/IEC 10181-3 : 2002 (2012 ) 2002 11 27 http:/www.kats.go.kr X ISO/IEC 101813：2002 : ( ) ( ) SJ ( ) : (http:/www.standard.go.kr) ： ：2002 11 27 ：2012 12 28 2012-0829 ： ： ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . X ISO/IEC

2、101813：2002 -i- . KS X ISO/IEC 101813：2002 . A() B() OSI C() D() E() F() ACI G() KS X ISO/IEC 10181 “ ” . 1： 2： 3： 4： 5： 6： 7： X ISO/IEC 101813：2002 -ii- . 1 1. 1 2. 2 3. 2 4. 4 5. .4 5.1 4 5.2 5 5.3 .10 5.4 11 5.5 11 6. 11 6.1 12 6.2 12 6.3 13 6.4 13 6.5 .13 6.6 14 6.7 .14 7. 14 7.1 ACI .14 7.2 ACI

3、 14 7.3 16 8. .19 8.1 .19 8.2 ACL 20 8.3 22 8.4 23 8.5 24 9. 25 9.1 .25 9.2 25 9.3 25 9.4 .25 9.5 26 A() 27 B() OSI .29 C() .30 X ISO/IEC 101813：2002 -iii- D() .31 E() 34 F() ACI 35 G() .36 .37 ICS 35.100.01 KS X ISO/IEC ： 101813 ：2002 (2012 ) Information technologyOpen Systems Interconnection Secur

4、ity frameworks for open systems：Access control framework ISO/IEC 101813：1996 Information technologyOpen Systems InterconnectionSecurity frameworks for open systems: Access control framework . 1. , , ODP OSI . , . . ( ) . . , (, ) . , , . , . , , . OSI CCITT Rec. X.800KS X 30022(ISO 74982) . . , . .

5、a) b) c) d) e) f) . . . , . X ISO/IEC 101813：2002 2 . . . a) b) c) d) e) . a, b, c, d, e . b, c, d, e 7. . e 8. . 2. . ( ) . ( ) ( ) . 2.1 KS X 30021：1994, 1： (ITUT Recommendation X.200(1994)ISO/IEC 74981：1994, Information technologyOpen Systems Inter- connection - Basic Reference Model: The Basic M

6、odel,IDT) ITUT Recommendation X.810(1995)ISO/IEC 101811：1996, Information technologyOpen Systems Inter- connectionSecurity frameworks for open systems：Overview. KS X ISO/IEC 101812 ： (ITUT Recommendation X.811(1995)ISO/IEC 101812：1996, Information technologyOpen Systems Inter- connectionSecurity fra

7、meworks for open systems: Authentication framework,IDT) ITUT Recommendation X.880(1994)ISO/IEC 137121：1995, Information technologyRemote Operations： Concepts model and notation. 2.2 CCITT Recommendation X.800(1991), Security Architecture for Open Systems Interconncetion for CCITT applications. KS X

8、30022：1989, 2： (ISO 74982：1989, Information processing systemsOpen Systems Interconnection - Basic Reference ModelPart 2：Security Architecture,MOD) 3. , . 3.1 CCITT Rec. X.800KS X 30022(ISO 74982) . a) b) c) d) X ISO/IEC 101813：2002 3 e) f) g) h) i) j) k) l) m) n) 3.2 ITUT Rec. X. 810ISO/IEC 101811

9、. a) b) c) d) e) f) g) h) 3.3 ITUT Rec. X.200KS X 30021(ISO/IEC 74981) . 3.4 , . 3.4.1 (access control certificate) ACI 3.4.2 (Access Control Decision Information(ADI) ACI ( ) ADF . 3.4.3 (Access Control Decision Function(ADF) , ADI(, , ), 3.4.4 (Access Control Enforcement Function(AEF) ADF 3.4.5 (A

10、ccess Control Information(ACI) , 3.4.6 (access control policy) 3.4.7 (access control policy rules) 3.4.8 (access control token) ACI 3.4.9 (access request) 3.4.10 ： ADI(access request access control decision informa- tion：access request ADI) ACI ADI 3.4.11 ： ACI(access request access control informat

11、ion：access re- quest ACI) ACI X ISO/IEC 101813：2002 4 3.4.12 ： ACI(access request-bound access control infor- mation：access request-bound ACI) ACI 3.4.13 (clearance) ACI 3.4.14 (contextual information) ( , ) 3.4.15 (initiator) ( , ) 3.4.16 ： ADI(initiator access control decision information：initiato

12、r ADI) ACI ADI 3.4.17 ： ACI(initiator access control information：initiator ACI) ACI 3.4.18 ： ACI(initiator-bound access control information ： initiator-bound ACI) ACI 3.4.19 ： ADI(operand access control decision information： operand ADI) ACI ADI 3.4.20 ： ACI(operand access control information：operan

13、d ACI) ACI 3.4.21 ： ACI(operand-bound access control informa- tion：operand-bound ACI) ACI 3.4.22 ADI(retained ADI) ADF ADI 3.4.23 (target) 3.4.24 ： ADI(target access control decision information：target ADI) ACI ADI 3.4.25 ： ACI(target access control information：target ACI) ACI 3.4.26 ： ACI(target-bo

14、und access control information：target-bound ACI) ACI 4. ACI ADI ADF AEF SI SDA 5. 5.1 , . . X ISO/IEC 101813：2002 5 . , ( ) , , , 5.2 . . ( , ) ( , OSI , , , ) . . ACI (, ) ACI ACI ADF ADI ACI (ACI ; ) ADI . (ADF ADI ), ( ) . , . . 5.2.1 , 1 2 . . , ACI, . X ISO/IEC 101813：2002 6 1 2 ADF , (AEF), (A

15、DF), . . , ACI , . . , OSI , . . ADF , AEF . , AEF ADF . , ADF ( ) (ADI) . ADI( ACI ADI) ADI( ACI ADI) ADI( ACI ADI) AEF ADF ADI ADF ADI ADI ADI X ISO/IEC 101813：2002 7 ADF (ADF ) ADI . , , . , ADI, ADF . AEF . , . ADI . , ADI ADF . , . , ADF ADI . , AEF , . , . , , . AEF , ADF . 5.2.2 5.2.2.1 . , .

16、 . . 6. . 5.2.2.2 ACI , ( ) ACI ( ) . . ACI . ACI . ACI . ACI ( ) ACI . ACI ACI ( ). ACI OSI . ACI ADF OSI . ACI 7.2 . OSI ( ), ACI - . 5.2.2.3 ACI , ACI SDA, , ( , ) . ACI . ACI X ISO/IEC 101813：2002 8 ACI . ACI . “ ” . ACI . ACI . ACI , . , ACI ACI, ACI, . , ACI ACI, ACI( ) . , ACI ADF ACI ADI (5.2.2.4 ) . , ACI ACI , ACI . 5.2.2.4 , ACI ACI (, , ) ACI . ACI . . , ACI , . ACI ( , ), ACI . ACI ( ), ACI . , ACI . ACI . SDA, , ACI . SDA ACI . ACI . ACI . ACI . SDA ACI . SDA ACI . ACI . ACI ACI . ACI , , SDA . ACI ACI .