You are on page 1of 12

AS/NZS 4019.

2:1996
ISO/IEC 9594-2:1995

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

Australian/New Zealand Standard


Information technology Open Systems Interconnection The Directory Part 2: Models

AS/NZS 4019.2:1996 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee IT/1, Information Systems Interconnection. It was approved on behalf of the Council of Standards Australia on 13 February 1996 and on behalf of the Council of Standards New Zealand on 3 May 1996. It was published on 5 May 1996.

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

The following interests are represented on Committee IT/1: Australian Bankers Association Australian Bureau of Statistics Australian Computer Society Australian Computer Users Association Australian Information Industry Association Australian Vice Chancellors Committee Department of Defence, Australia Department of Industry, Science and Technology, Australia Government Computing Service, New Zealand Information Exchange Steering Committee, Australia Institute of Information and Communication Technologies, CSIRO, Australia Telstra, Australia Telecom, New Zealand

Review of Standards. To keep abreast of progress in industry, Joint Australian/ New Zealand Standards are subject to periodic review and are kept up to date by the issue of amendments or new editions as necessary. It is important therefore that Standards users ensure that they are in possession of the latest edition, and any amendments thereto. Full details of all Joint Standards and related publications will be found in the Standards Australia and Standards New Zealand Catalogue of Publications; this information is supplemented each month by the magazines The Australian Standard and Standards New Zealand, which subscribing members receive, and which give details of new publications, new editions and amendments, and of withdrawn Standards. Suggestions for improvements to Joint Standards, addressed to the head office of either Standards Australia or Standards New Zealand, are welcomed. Notification of any inaccuracy or ambiguity found in a Joint Australian/New Zealand Standard should be made without delay in order that the matter may be investigated and appropriate action taken.

AS/NZS 4019.2:1996

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

Australian/New Zealand Standard


Information technology Open Systems Interconnection The Directory Part 2: Models

PUBLISHED JOINTLY BY: STANDARDS AUSTRALIA 1 The Crescent, Homebush NSW 2140 Australia STANDARDS NEW ZEALAND Level 10, Standards House, 155 The Terrace, Wellington 6001 New Zealand
ISBN 0 7337 0420 4

ii

PREFACE
This Standard was prepared by the Joint Standards Australia/Standards New Zealand Committee IT/1 on Information Systems Interconnection. It is identical with and has been reproduced from ISO/IEC 9594-2:1995, Information technology Open Systems Interconnection The Directory: Models. This edition will be concurrent with AS 4019.2 1992, Information technology Open Systems InterconnectionThe Directory, Part 2: Models. The objective of this Standard is to provide users of information technology with a definition, in an abstract way, of the externally visible service provided by the Directory. This Standard is one of a series of Open Systems Interconnection (OSI) Standards which are currently under development. Since OSI Standards are developmental, there may be some minor difficulties encountered in their implementation. For this reason, Standards Australia will be providing, through the OSI Help Desk, a service to coordinate and disseminate information concerning difficulties which are identified in using this Standard. This edition technically revises and enhances AS 4019.2. Implementation may still claim conformance to AS 4019.2. However, at some point, AS 4019 will no longer be supported. It is recommended that implementation conform to AS/NZS 4019:1996 as soon as possible. This Standard is Part 2 of AS/NZS 4019, Information technology Open Systems Interconnection The Directory, which is published in Parts as follows: Part Part Part Part Part Part Part Part Part 1: 2: 3: 4: 5: 6: 7: 8: 9: Overview of concepts, models and services Models (this Standard) Abstract service definition Procedures for distributed operation Protocol specifications Selected attribute types Selected object classes Authentication framework Replication

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

Users of this Standard are advised by Standards Australia and Standards New Zealand, under arrangements made with ISO and IEC, as well as certain other Standards organizations, that the number of this Standard is not reproduced on each page; its identity is shown only on the cover and title pages. For the purpose of this Standard, the source text should be modified as follows: (a) Terminology The words this Australian/New Zealand Standard should replace the words this International Standard wherever they appear. (b) Decimal marker Substitute a full point for a comma where it appears as a decimal marker. (c) References The references to international Standards should be replaced by references, where appropriate, to the following Australian or Joint Australian/New Zealand Standards: Reference to International Standard or other publication ISO 7498 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture Australian or Joint Australian/New Zealand Standard AS 2777 Information processing systems Open Systems Interconnection Basic reference model Part 2: Security Architecture

7498-2

2777.2

iii
ISO/IEC 8824 Information technology Abstract Syntax Notation One (ASN.1) 8824-1 Part 1: Specification of basic notation 8824-2 Part 2: Information object specification 8824-3 Part 3: Constraint specification 8824-4 Part 4: Parameterization of ASN.1 specifications 9594 Information technology Open Systems Interconnection The Directory: Part 1: Overview of concepts, models and services Part 3: Abstract service definition Part 4: Procedures for distributed operation Part 5: Protocol specifications Part 6: Selected attribute types Part 7: Selected object classes Part 8: Authentication framework Part 9: Replication AS/NZS 4019 Information technology Open Systems Interconnection The Directory: Part 1: Overview of concepts, models and services Part 3: Abstract service definition Part 4: Procedures for distributed operation Part 5: Protocol specifications Part 6: Selected attribute types Part 7: Selected object classes Part 8: Authentication framework Part 9: Replication

9594-1
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

4019.1 4019.3 4019.4 4019.5 4019.6 4019.7 4019.8 4019.9

9594-3 9594-4 9594-5 9594-6 9594-7 9594-8 9594-9

Copyright

STANDARDS AUSTRALIA/ STANDARDS NEW ZEALAND

Users of Standards are reminded that copyright subsists in all Standards Australia and Standards New Zealand publications and software. Except where the Copyright Act allows and except where provided for below no publications or software produced by Standards Australia or Standards New Zealand may be reproduced, stored in a retrieval system in any form or transmitted by any means without prior permission in writing from Standards Australia or Standards New Zealand. Permission may be conditional on an appropriate royalty payment. Australian requests for permission and information on commercial software royalties should be directed to the head office of Standards Australia. New Zealand requests should be directed to Standards New Zealand. Up to 10 percent of the technical content pages of a Standard may be copied for use exclusively in-house by purchasers of the Standard without payment of a royalty or advice to Standards Australia or Standards New Zealand. Inclusion of copyright material in computer software programs is also permitted without royalty payment provided such programs are used exclusively in-house by the creators of the programs. Care should be taken to ensure that material used is from the current edition of the Standard and that it is updated whenever the Standard is amended or revised. The number and date of the Standard should therefore be clearly identified. The use of material in print form or in computer software programs to be used commercially, with or without payment, or in commercial contracts is subject to the payment of a royalty. This policy may be varied by Standards Australia or Standards New Zealand at any time.

iv CONTENTS
Page
SECTION 1 GENERAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Normative references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.1 Identical Recommendations International Standards . . . . . . . . . . . . . . . . . . . . 2.2 Paired Recommendations International Standards equivalent in technical content 3 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 OSI Reference Model Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Basic directory definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Distributed operation definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Replication definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SECTION 2 OVERVIEW OF THE DIRECTORY MODELS . . . . . . . . . . . . . . . . . . . . . . . 6 Directory Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 The Directory and its Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3 Directory and DSA Information Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4 Directory Administrative Authority Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . SECTION 3 MODEL OF DIRECTORY USER INFORMATION . . . . . . . . . . . . . . . . . . . . 7 Directory Information Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3 Directory Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4 The Directory Information Tree (DIT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 2 2 2 3 3 3 3 3 4 4 5 5 5 5 6 7 8 8 8 8 9 9

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

Originated in Australi a as AS 4019.2 1992. Jointl y revised and designated AS/NZS 4019.2:1996.

v
Page
8 Directory Entries . . . . . . . . . . . . . . . . 8.1 Definitions . . . . . . . . . . . . . . . 8.2 Overall Structure . . . . . . . . . . . 8.3 Object Classes . . . . . . . . . . . . 8.4 Attribute Types . . . . . . . . . . . . 8.5 Attribute Values . . . . . . . . . . . 8.6 Attribute Type Hierarchies . . . . 8.7 Matching Rules . . . . . . . . . . . . 8.8 Entry Collections . . . . . . . . . . . Names . . . . . . . . . . . . . . . . . . . . . . . . 9.1 Definitions . . . . . . . . . . . . . . . 9.2 Names in General . . . . . . . . . . 9.3 Relative Distinguished Names . . 9.4 Distinguished Names . . . . . . . . 9.5 Alias Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .... . ..... .... . ... .. ... .. .... . . ... . ... .. .. . .. .. ... ..... ..... ... .. .. ... . .... . . . . . . . . . . . . . . . ... ... ... .. . .. . ... ... .. . ... .. . ... ... ... . .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... ... ... ... ... ... ... ... ... ... ... ... . .. ... ... . .. ... ... ... ... ... . .. ... ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. . . . . .. .. . . .. .. .. .. . . .. .. .. .. .... . ... ... . .. .. .. .. ... . .... .. .. .... .. .. . ... .... .... .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . 10 10 11 11 13 13 14 14 16 17 17 17 18 18 19 19 19 19 20 20 21 21 24 24 25 25 25 25 26 28 29 29 31 31 31 31 32 33 35 38 39 41

9
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

SECTION 4 DIRECTORY ADMINISTRATIVE MODEL 10 Directory Administrative Authority model . . . . . . . . . 10.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 10.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 10.3 Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.4 Specific administrative authorities . . . . . . . . . 10.5 Administrative areas and administrative points 10.6 DIT Domain policies . . . . . . . . . . . . . . . . . . 10.7 DMD policies . . . . . . . . . . . . . . . . . . . . . . .

.. . . .. .. .. . . .. .. ..

.. . . .. .. .. . . .. .. ..

... ... . .. ... .. . ... ... ... ...

.. .. .. . . . . .. .. .. ..

... .. . .... .. ... . .... ... .. ..... ... .. ... .. .. .. .

SECTION 5 MODEL OF DIRECTORY ADMINISTIVE AND OPERTIONAL INFORMATION 11 Model of Directory Administrative and Operational Information . . . . . . . . . . . . . . . . . 11.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.3 Subtrees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.4 Operational attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.5 Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.6 Subentries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.7 Information model for collective attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . SECTION 6 THE DIRECTORY SCHEMA 12 Directory Schema . . . . . . . . . . . . . . . . 12.1 Definitions . . . . . . . . . . . . . . . 12.2 Overview . . . . . . . . . . . . . . . . 12.3 Object class definition . . . . . . . 12.4 Attribute type definition . . . . . . 12.5 Matching rule definition . . . . . . 12.6 DIT structure definition . . . . . . 12.7 DIT content rule definition . . . . .... .... . ... .... .. .. ... . .... ... . .. .. . . . . . . . . . . . . . . . . . . ... ... ... ... ... ... .. . ... . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. . . .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . .

vi
Page
13 Directory System Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.2 System schema supporting the administrative and operational information model 13.3 System schema supporting the administrative model . . . . . . . . . . . . . . . . . . . . 13.4 System schema supporting general administrative and operational requirements . 13.5 System schema supporting access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.6 System schema supporting the collective attribute model . . . . . . . . . . . . . . . . . 13.7 Maintenance of system schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Directory schema administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.2 Policy objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.3 Policy parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.4 Policy procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.5 Subschema modification procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.6 Entry addition and modification procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 14.7 Subschema policy attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .... .... .... .... .... .. .. . ... . ... .. .. ... . .... ... . .... .... . . . . . . . . . . . . ... ... ... ... . .. .. .. .. .. .. .. .. . . . . . . . .. .. .. .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... ... ... ... ... ... ... ... . .. .. . ... ... ... ... .. .. .. .. . . .. . . .. .. .. . . .. . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. .. .. . . . . .. . . . . . . . . . . . . ... .. . . .. ... ... ... ... ... ... ... ... ... ... ... .. .. .. .. .. .. . . .. .. .. .. .. .. .. .. .. . . .. .. . . . . . . . . . . . . . . . . . .. .. . ... .. .. ... .... . .. .. . .... . ..... ..... ... .. ..... ..... ..... ..... ..... .. .. .. .. .. . . . . . . . .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 42 43 44 44 45 45 45 46 46 46 46 47 47 47 48 51 51 51 52 53 53 53 56 58 62 63 63 63 64 65 65 65 65 66 68 68 68 68 69 71 72

14

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

SECTION 7 SECURITY . . . . . . . . . . . . . . . . . . . . . . . 15 Security model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 15.2 Security policies . . . . . . . . . . . . . . . . . . . . . 16 Basic Access Control . . . . . . . . . . . . . . . . . . . . . . . 16.1 Scope and application . . . . . . . . . . . . . . . . . 16.2 Basic Access Control model . . . . . . . . . . . . . 16.3 Access control administrative areas . . . . . . . . 16.4 Representation of Access Control Information 16.5 The ACI operational attributes . . . . . . . . . . . 16.6 Protecting the ACI . . . . . . . . . . . . . . . . . . . . 16.7 Access control and Directory operations . . . . 16.8 Access Control Decision Function . . . . . . . . . 16.9 Simplified Access Control . . . . . . . . . . . . . . SECTION 8 DSA MODELS . . . . . . . . . 17 DSA Models . . . . . . . . . . . . . . . . . 17.1 Definitions . . . . . . . . . . . . . 17.2 Directory Functional Model . 17.3 Directory Distribution Model . . . . . . . . . . .. .. . . . . .. ... . .... .... . ... .. .. . . . . . . . . . . . . . . . . . . .

... . .... .... . ... .. .. . . . . . . . . . . . . . . . . .. .. .. .. .. ..

.. .. .. .. .. . . . . . . . . . . . . . .

SECTION 9 DSA INFORMATION MODEL 18 Knowledge . . . . . . . . . . . . . . . . . . . . . 18.1 Definitions . . . . . . . . . . . . . . . . 18.2 Introduction . . . . . . . . . . . . . . . 18.3 Knowledge References . . . . . . . . 18.4 Minimum Knowledge . . . . . . . . . 18.5 First Level DSAs . . . . . . . . . . . .

.... .... .... . ... .... .. .. .. . .

... . .. ... . .. .. . . .. ...

.. .. . . .. .. .. ..

.. .. .. .. .. .. ..

vii
Page
19 Basic Elements of the DSA Information Model . . . . . . . . . . . . . . . . 19.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19.2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19.3 DSA-Specific Entries and their Names . . . . . . . . . . . . . . . . . 19.4 Basic Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Representation of DSA Information . . . . . . . . . . . . . . . . . . . . . . . . 20.1 Representation of Directory User and Operational Information 20.2 Representation of Knowledge References . . . . . . . . . . . . . . . 20.3 Representation of Names and Naming Contexts . . . . . . . . . . ... . ... . .... .... . ... .... ... . .... . ... .. .. .... . ... ... . .. .. .. .. .. .. .. .. .... ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. . . .. .. . . .. .. .. .. .. .. .. . . . . . . . . . . . . . . . .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . ... . .. . .. ... ... . .. ... ... .. . . .. .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..... . .... .. ... ..... .. .. . ..... . .. .. ..... ... .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... ... ... . .. ... .. . ... . .. ... ... ... ... ... ... ... ... ... ... ... . .. ... ... ... ... ... ... . .. ... ... ... .. . ... .. . ... . . . . . . . . . . . . . . . . . . . 72 72 72 73 74 75 76 76 82 83 83 83 84 84 84 85 86 87 87 88 89 91 91 91 93 94 95 96

20

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

SECTION 10 DSA OPERATIONAL FRAMEWORK . . . . . . 21 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Operational bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.2 Application of the operational framework . . . . . . 22.3 States of cooperation . . . . . . . . . . . . . . . . . . . . . 23 Operational binding specification and management . . . . . 23.1 Operational binding type specification . . . . . . . . . 23.2 Operational binding management . . . . . . . . . . . . 23.3 Operational binding specification templates . . . . . 24 Operations for operational binding management . . . . . . . . 24.1 Application-context definifion . . . . . . . . . . . . . . 24.2 Establish Operational Binding operation . . . . . . . 24.3 Modify Operational Binding operation . . . . . . . . . 24.4 Terminate Operational Binding operation . . . . . . . 24.5 Operational Binding Error . . . . . . . . . . . . . . . . . 24.6 Operational Binding Management Bind and Unbind Annex Annex Annex Annex Annex Annex Annex Annex Annex Annex Annex Annex Annex Annex Annex A Object identifier usage . . . . . . . . . . . . . . . . . . . B Information Framework in ASN.1 . . . . . . . . . . . C SubSchema Administration Schema in ASN.1 . . . D Basic Access Control in ASN.1 . . . . . . . . . . . . . E DSA Operational Attribute Types in ASN.1 . . . . F Operational Binding Management in ASN.1 . . . . G The Mathematics of Trees . . . . . . . . . . . . . . . . H Name Design Criteria . . . . . . . . . . . . . . . . . . . I Examples of various aspects of schema . . . . . . . . J Overview of Basic Access Control Permissions . . K Example of Basic Access Control . . . . . . . . . . . L DSE Type Combinations . . . . . . . . . . . . . . . . . . M Modelling of knowledge . . . . . . . . . . . . . . . . . N Alphabetical index of definitions . . . . . . . . . . . . O Amendments and corrigenda . . . . . . . . . . . . . . .

.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

.... .... . ... .. .. .. .. ... . .... .... . ... .. .. .... . ... .. .. .... .... .. .. .... .... .. .. ... ... ... ... ... ... ... ... ... . .. ... ... ... .. . ...

.. .... ..... . . .. ... ... ... .. ... . .. ... . ..... . .. .... . .. ... .. .. .. ..... . ... ... .... .. .. . .. . . .....

... .. . ... ... ... ... ... ... ... . .. .. . ... ... .. . ...

.. .. .. .. . . . . .. .. .. .. .. .. .. .. ..

. 97 . 99 104 107 110 113 117 118 120 124 127 144 146 151 153

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

viii

NOTES

1 AUSTRALIAN/NEW ZEALAND STANDARD INFORMATION TECHNOLOGY OPEN SYSTEMS INTERCONNECTION THE DIRECTORY: MODELS
SECTION 1 GENERAL 1 Scope

The models defined in this Recommendation International Standard provide a conceptual and terminological framework for the other ITU-T X.500 Series Recommendations parts of ISO/IEC 9594 which define various aspects of the Directory.
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

The functional and administrative authority models define ways in which the Directory can be distributed, both functionally and administratively. Generic DSA and DSA information models and an Operational Framework are also provided to support Directory distribution. The generic Directory Information Models describe the logical structure of the DIB from the perspective of Directory and Administrative Users. In these models, the fact that the Directory is distributed, rather than centralized, is not visible. This Recommendation International Standard provides a specialization of the generic Directory Information Models to support Directory Schema administration. The other ITU-T Recommendations in the X.500 Series parts of ISO/IEC 9594 make use of the concepts defined in this Recommendation International Standard to define specializations of the generic information and DSA models to provide specific information, DSA and operational models supporting particular directory capabilities (e.g. Replication): a) the service provided by the Directory is described (in ITU-T Rec. X.511 ISO/IEC 9594-3) in terms of the concepts of the information framework: this allows the service provided to be somewhat independent of the physical distribution of the DIB; b) the distributed operation of the Directory is specified (in ITU-T Rec. X.518 ISO/IEC 9594-4) so as to provide that service, and therefore maintain that logical information structure, given that the DIB is in fact highly distributed; c) replication capabilities offered by the component parts of the Directory to improve overall Directory performance are specified (in ITU-T Rec. X.525 ISO/IEC 9594-9). The security model establishes a framework for the specification of access control mechanisms. It provides a mechanism for identifying the access control scheme in effect in a particular portion of the DIT, and it defines two flexible, specific access control schemes which are suitable for a wide variety of applications and styles of use. The security model is concerned solely with control of access to the Directory information, not control of access to the DSA application-entity holding the information. DSA models establish a framework for the specification of the operation of the components of the Directory. Specifically: a) the Directory functional model describes how the Directory is manifested as a set of one or more components, each being a DSA; b) the Directory distribution model describes the principals according to which the DIB entries and entry-copies may be distributed among DSAs; c) the DSA information model describes the structure of the Directory user and operational information held in a DSA; d) the DSA operational framework describes the means by which the definition of specific forms of cooperation between DSAs to achieve particular objectives (e.g. shadowing) is structured.

COPYRIGHT

This is a free preview. Purchase the entire publication at the link below:

This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.

AS/NZS 4019.2:1996, Information technology Open Systems Interconnection - The Directory Models

Looking for additional Standards? Visit SAI Global Infostore Subscribe to our Free Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more Do you need to Manage Standards Collections Online? Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation Do you want to know when a Standard has changed? Want to become an SAI Global Standards Sales Affiliate? Learn about other SAI Global Services: LOGICOM Military Parts and Supplier Database Metals Infobase Database of Metal Grades, Standards and Manufacturers Materials Infobase Database of Materials, Standards and Suppliers Database of European Law, CELEX and Court Decisions

Need to speak with a Customer Service Representative - Contact Us