BS ISO/IEC 9594-2:2014

$215.11

Information technology. Open Systems Interconnection. The Directory – Models

Published By	Publication Date	Number of Pages
BSI	2014	258

Guaranteed Safe Checkout

Categories: 35.100.70 - Application layer, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

PDF Catalog

PDF Pages	PDF Title
3	ITU-T Rec. X.501 (10/2012) – Information technology – Open Systems Interconnection – The Directory: Models
5	Summary History
6	Blank Page
7	CONTENTS
12	Introduction
15	1 Scope
16	2 Normative references 2.1 Identical Recommendations \| International Standards 2.2 Paired Recommendations \| International Standards equivalent in technical content
17	2.3 Other references 3 Definitions 3.1 Communication definitions 3.2 Basic Directory definitions 3.3 Distributed operation definitions 3.4 Replication definitions
18	4 Abbreviations
19	5 Conventions
20	6 Directory Models 6.1 Definitions 6.2 The Directory and its users
21	6.3 Directory and DSA Information Models 6.4 Directory Administrative Authority Model
23	7 Directory Information Base 7.1 Definitions
24	7.2 Objects 7.3 Directory entries 7.4 Directory Information Tree (DIT)
25	8 Directory entries 8.1 Definitions
27	8.2 Overall structure
28	8.3 Object classes
30	8.4 Attribute types 8.5 Attribute values 8.6 Attribute type hierarchies
31	8.7 Friend attributes 8.8 Contexts
32	8.9 Matching rules
35	8.10 Entry collections
36	8.11 Compound entries and families of entries
37	9 Names 9.1 Definitions 9.2 Names in general 9.3 Relative distinguished name
38	9.4 Name matching 9.5 Distinguished names
39	9.6 Alias names 10 Hierarchical groups 10.1 Definitions
40	10.2 Hierarchical relationship
41	10.3 Sequential ordering of a hierarchical group
42	11 Directory Administrative Authority model 11.1 Definitions 11.2 Overview
43	11.3 Policy 11.4 Specific administrative authorities
44	11.5 Administrative areas and administrative points
46	11.7 DMD policies
48	12 Model of Directory Administrative and Operational Information 12.1 Definitions 12.2 Overview
49	12.3 Subtrees
51	12.4 Operational attributes
52	12.5 Entries 12.6 Subentries
53	12.7 Information model for collective attributes
54	12.8 Information model for context defaults
55	13 Directory Schema 13.1 Definitions 13.2 Overview
57	13.3 Object class definition
59	13.4 Attribute type definition
62	13.5 Matching rule definition
64	13.6 Relaxation and tightening
70	13.7 DIT structure definition
73	13.8 DIT content rule definition
74	13.9 Context type definition
76	13.10 DIT Context Use definition 13.11 Friends definition
77	13.12 Syntax definitions 14 Directory System Schema 14.1 Overview
78	14.2 System schema supporting the administrative and operational information model 14.3 System schema supporting the administrative model
79	14.4 System schema supporting general administrative and operational requirements
81	14.5 System schema supporting access control 14.6 System schema supporting the collective attribute model
82	14.7 System schema supporting context assertion defaults 14.8 System schema supporting the service administration model
83	14.9 System schema supporting password administration
84	14.10 System schema supporting hierarchical groups 14.11 Maintenance of system schema
85	14.12 System schema for first-level subordinates 15 Directory schema administration 15.1 Overview 15.2 Policy objects
86	15.3 Policy parameters 15.4 Policy procedures 15.5 Subschema modification procedures
87	15.6 Entry addition and modification procedures 15.7 Subschema policy attributes
94	16 Service Administration Model 16.1 Definitions 16.2 Service-type/user-class model
95	16.3 Service-specific administrative areas
96	16.4 Introduction to search-rules 16.5 Subfilters
97	16.6 Filter requirements 16.7 Attribute information selection based on search-rules
98	16.8 Access control aspects of search-rules 16.9 Contexts aspects of search-rules 16.10 Search-rule specification
106	16.11 Matching restriction definition 16.12 Search-validation function
108	17 Security model 17.1 Definitions 17.2 Security policies
109	17.3 Protection of Directory operations
110	18 Basic Access Control 18.1 Scope and application 18.2 Basic Access Control model
112	18.3 Access control administrative areas
115	18.4 Representation of Access Control Information
120	18.5 ACI operational attributes
121	18.6 Protecting the ACI 18.7 Access control and Directory operations 18.8 Access Control Decision Function
123	18.9 Simplified Access Control 19 Rule-based Access Control 19.1 Scope and application
124	19.2 Rule-based Access Control model 19.3 Access control administrative areas 19.4 Security Label
126	19.5 Clearance 19.6 Access Control and Directory operations
127	19.7 Access Control Decision Function 19.8 Use of Rule-based and Basic Access Control 20 Data Integrity in Storage 20.1 Introduction 20.2 Protection of an Entry or Selected Attribute Types
129	20.3 Context for Protection of a Single Attribute Value
130	21 DSA Models 21.1 Definitions 21.2 Directory Functional Model
131	21.3 Directory Distribution Model
133	22 Knowledge 22.1 Definitions 22.2 Introduction
134	22.3 Knowledge References
136	22.4 Minimum Knowledge 22.5 First Level DSAs
137	22.6 Knowledge references to LDAP servers 23 Basic Elements of the DSA Information Model 23.1 Definitions 23.2 Introduction
138	23.3 DSA Specific Entries and their Names
139	23.4 Basic Elements
141	24 Representation of DSA Information 24.1 Representation of Directory User and Operational Information 24.2 Representation of Knowledge References
148	24.3 Representation of Names and Naming Contexts
150	25 Overview 25.1 Definitions 25.2 Introduction 26 Operational bindings 26.1 General
151	26.2 Application of the operational framework
152	26.3 States of cooperation
153	27 Operational binding specification and management 27.1 Operational binding type specification
154	27.2 Operational binding management 27.3 Operational binding specification templates
156	28 Operations for operational binding management 28.1 Application-context definition
157	28.2 Establish Operational Binding operation
160	28.3 Modify Operational Binding operation
162	28.4 Terminate Operational Binding operation
163	28.5 Operational Binding Error
165	28.6 Operational Binding Management Bind and Unbind
166	29 Overview 29.1 Definitions 29.2 Introduction
167	30 LDAP interworking model 30.1 LDAP interworking scenarios 30.2 Overview of bound DSA handling LDAP operations
168	30.3 General LDAP requestor characteristics 30.4 LDAP extension mechanisms 31 LDAP specific system schema 31.1 Operational Attribute types from IETF RFC 4512
171	Annex A – Object identifier usage
175	Annex B – Information framework in ASN.1
186	Annex C – Subschema administration in ASN.1
191	Annex D – Service administration in ASN.1
195	Annex E – Basic Access Control in ASN.1
198	Annex F – DSA operational attribute types in ASN.1
201	Annex G – Operational binding management in ASN.1
206	Annex H – Enhanced security in ASN.1
209	Annex I – LDAP system schema
211	Annex J – The mathematics of trees
212	Annex K – Name design criteria
214	Annex L – Examples of various aspects of schema L.1 Example of an attribute hierarchy L.2 Example of a subtree specification
215	L.3 Schema specification
216	L.4 DIT content rules
217	L.5 DIT context use
218	Annex M – Overview of basic access control permissions M.1 Introduction M.2 Permissions required for operations
219	M.3 Permissions affecting error M.4 Entry level permissions
220	M.5 Entry level permissions
221	Annex N – Examples of access control N.1 Introduction N.2 Design principles for Basic Access Control
222	N.3 Introduction to example N.4 Policy affecting the definition of specific and inner areas
224	N.5 Policy affecting the definition of Directory Access Control Domains (DACDs)
227	N.6 Policy expressed in prescriptiveACI attributes
231	N.7 Policy expressed in subentryACI attributes
232	N.8 Policy expressed in entryACI attributes
233	N.9 ACDF examples
235	N.10 Rule-based access control
236	Annex O – DSE type combinations
238	Annex P – Modelling of knowledge
242	Annex Q – Subfilters
243	Annex R – Compound entry name patterns and their use
245	Annex S – Naming concepts and considerations S.1 History tells us – S.2 A new look at name resolution
251	Annex T – Alphabetical index of definitions
254	Annex U – Amendments and corrigenda

Additional information

Status	Withdrawn
Title	Information technology. Open Systems Interconnection. The Directory – Models
Publisher	BSI
Committee	IST/6
Pages	258
Publication Date	2014-03-31
Withdrawn Date	2017-07-03
Replaced By	BS ISO/IEC 9594-2:2017
ISBN	978 0 580 84286 3
Standard Number	BS ISO/IEC 9594-2:2014
Identical National Standard Of	ISO/IEC 9594-2:2014
Descriptors	Verification, Computer networks, Data processing, Information exchange, Data storage protection, Errors, Data transfer, Layout, Application layer (OSI), Information systems, Data organization, Open systems interconnection, Data transmission
ICS Codes	35.100.70 - Application layer

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS ISO/IEC 9594-2:2014

PDF Catalog

Related products