🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS ISO/IEC 9594-2:2017

BS ISO/IEC 9594-2:2017

$215.11

Information technology. Open Systems Interconnection. The Directory – Models

Published By Publication Date Number of Pages
BSI 2017 264
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

PDF Catalog

PDF Pages PDF Title
2 National foreword
15 1 Scope
16 2 References
2.1 Normative references
2.1.1 Identical Recommendations | International Standards
2.1.2 Paired Recommendations | International Standards equivalent in technical content
2.1.3 Other references
17 2.2 Non-normative references
3 Definitions
3.1 Communication definitions
3.2 Basic Directory definitions
3.3 Distributed operation definitions
3.4 Replication definitions
18 4 Abbreviations
19 5 Conventions
20 6 Directory Models
6.1 Definitions
6.2 The Directory and its users
21 6.3 Directory and DSA Information Models
6.3.1 Generic Models
6.3.2 Specific information models
22 6.4 Directory Administrative Authority Model
23 7 Directory Information Base
7.1 Definitions
24 7.2 Objects
7.3 Directory entries
7.4 Directory Information Tree (DIT)
25 8 Directory entries
8.1 Definitions
27 8.2 Overall structure
28 8.3 Object classes
8.3.1 Abstract object class
29 8.3.2 Structural object class
8.3.3 Auxiliary object class
8.3.4 Object class definition and the first edition of this Directory Specification
30 8.4 Attribute types
8.5 Attribute values
8.6 Attribute type hierarchies
31 8.7 Friend attributes
8.8 Contexts
32 8.9 Matching rules
8.9.1 Overview
33 8.9.2 Attribute value assertion
8.9.2.1 Evaluation of an AVA
8.9.2.2 Use of assertedContexts or context assertion defaults
34 8.9.2.3 Evaluation of assertedContexts
8.9.2.4 Evaluation of a ContextAssertion
8.9.3 Attribute Type Assertions
8.9.3.1 Evaluation of an attribute type assertion
8.9.3.2 Use of assertedContexts or context assertion defaults
8.9.4 Built-in matching rule assertions
35 8.9.5 Matching rule requirements
8.9.6 Object Identifier and Distinguished Name equality matching rules
36 8.10 Entry collections
8.10.1 Overview
8.10.2 Collective attributes
8.11 Compound entries and families of entries
37 9 Names
9.1 Definitions
38 9.2 Names in general
9.3 Relative distinguished name
39 9.4 Name matching
9.5 Distinguished names
40 9.6 Alias names
10 Hierarchical groups
10.1 Definitions
41 10.2 Hierarchical relationship
42 10.3 Sequential ordering of a hierarchical group
43 11 Directory Administrative Authority model
11.1 Definitions
11.2 Overview
44 11.3 Policy
11.4 Specific administrative authorities
45 11.5 Administrative areas and administrative points
11.5.1 Autonomous administrative areas
11.5.2 Specific administrative areas
46 11.5.3 Inner administrative areas
11.5.4 Administrative points
47 11.5.5 Administrative entries
11.6 DIT Domain policies
11.7 DMD policies
49 12 Model of Directory Administrative and Operational Information
12.1 Definitions
12.2 Overview
50 12.3 Subtrees
12.3.1 Overview
12.3.2 Subtree specification
51 12.3.3 Base
12.3.4 Chop Specification
52 12.3.4.1 Specific Exclusions
12.3.4.2 Minimum and Maximum
12.3.5 Specification Filter
12.4 Operational attributes
53 12.5 Entries
12.5.1 Overview
12.5.2 Access to operational attributes
12.6 Subentries
12.6.1 Overview
54 12.6.2 Subentry RDN attribute
12.6.3 Subtree Specification attribute
12.6.4 Use of Object Class attribute
12.6.5 Other subentry attributes
12.7 Information model for collective attributes
55 12.8 Information model for context defaults
56 13 Directory Schema
13.1 Definitions
13.2 Overview
58 13.3 Object class definition
13.3.1 Subclassing
13.3.2 Object class attribute
59 13.3.3 Object class specification
60 13.4 Attribute type definition
13.4.1 Operational attributes
13.4.2 Attribute hierarchies
61 13.4.3 Friend attributes
13.4.4 Collective attributes
13.4.5 Derived attributes
13.4.6 Attribute syntax
13.4.7 Matching rules
62 13.4.8 Attribute definition
64 13.5 Matching rule definition
13.5.1 Overview
13.5.2 Matching rule definition
66 13.6 Relaxation and tightening
13.6.1 Matching rule substitution
67 13.6.2 Mapping-based matching
72 13.7 DIT structure definition
13.7.1 Overview
13.7.2 Name form definition
73 13.7.3 Name form specification
13.7.4 Structural object class of an entry
13.7.5 DIT structure rule definition
74 13.7.6 DIT structure rule specification
75 13.8 DIT content rule definition
13.8.1 Overview
13.8.2 DIT content rule specification
76 13.9 Context type definition
13.9.1 Context value matching
13.9.2 Context definition
77 13.10 DIT Context Use definition
13.10.1 Overview
78 13.10.2 DIT Context Use specification
13.11 Friends definition
79 13.12 Syntax definitions
14 Directory System Schema
14.1 Overview
80 14.2 System schema supporting the administrative and operational information model
14.2.1 Subentry object class
14.2.2 Subentry name form
14.2.3 Subtree Specification operational attribute
14.3 System schema supporting the administrative model
81 14.4 System schema supporting general administrative and operational requirements
14.4.1 Timestamps
82 14.4.2 Entry Modifier operational attributes
14.4.3 Subentry identification operational attributes
83 14.4.4 Has Subordinates operational attribute
14.5 System schema supporting access control
84 14.6 System schema supporting the collective attribute model
14.7 System schema supporting context assertion defaults
14.8 System schema supporting the service administration model
85 14.9 System schema supporting password administration
14.9.1 Definition of an history attribute from the password attribute, the history matching rule and an object identifier
86 14.9.2 Definition of a recently expired password attribute from the password attribute and an object identifier
14.9.3 Definition of a password history matching rule from the password attribute and an object identifier
14.10 System schema supporting hierarchical groups
87 14.11 Maintenance of system schema
14.12 System schema for first-level subordinates
15 Directory schema administration
15.1 Overview
88 15.2 Policy objects
15.3 Policy parameters
89 15.4 Policy procedures
15.5 Subschema modification procedures
15.6 Entry addition and modification procedures
90 15.7 Subschema policy attributes
15.7.1 DIT Structure Rules operational attribute
15.7.2 DIT Content Rules operational attribute
91 15.7.3 Matching Rules operational attribute
15.7.4 Attribute Types operational attribute
92 15.7.5 Object Classes operational attribute
15.7.6 Name Forms operational attribute
93 15.7.7 Matching Rule Use operational attribute
15.7.8 Structural Object Class operational attribute type
94 15.7.9 Governing Structure Rule operational attribute
15.7.10 ContextTypes operational attribute
15.7.11 DIT Context Use operational attribute
95 15.7.12 Friends operational attribute
96 16 Service Administration Model
16.1 Definitions
16.2 Service-type/user-class model
97 16.3 Service-specific administrative areas
98 16.4 Introduction to search-rules
16.5 Subfilters
99 16.6 Filter requirements
16.7 Attribute information selection based on search-rules
100 16.8 Access control aspects of search-rules
16.9 Contexts aspects of search-rules
16.10 Search-rule specification
102 16.10.1 Search-rule identification components
16.10.2 Request-attribute-profiles
104 16.10.3 Attribute combinations
16.10.4 Attributes in the result
105 16.10.5 Service and search controls
16.10.6 Family specifications
16.10.7 Control of relaxation
106 16.10.8 Additional control component
107 16.10.9 Miscellaneous components
16.10.10 ASN.1 information object classes
108 16.11 Matching restriction definition
109 16.12 Search-validation function
110 17 Security model
17.1 Definitions
17.2 Security policies
17.2.1 Authentication procedures and mechanisms
17.2.2 Access control scheme
111 17.3 Protection of Directory operations
112 18 Basic Access Control
18.1 Scope and application
18.2 Basic Access Control model
18.2.1 Protected items
18.2.2 Access control permissions and their scope
113 18.2.3 Permission categories for entry access
114 18.2.4 Permission categories for attribute and attribute value access
115 18.3 Access control administrative areas
18.3.1 Access control areas and Directory Access Control Domains
18.3.2 Associating controls with administrative areas
117 18.4 Representation of Access Control Information
18.4.1 ASN.1 for Access Control Information
119 18.4.2 Description of ACIItem Parameters
18.4.2.1 Identification Tag
18.4.2.2 Precedence
18.4.2.3 Authentication Level
120 18.4.2.4 itemFirst and userFirst Parameters
122 18.4.2.5 Determining group membership
18.5 ACI operational attributes
18.5.1 Prescriptive access control information
18.5.2 Entry access control information
123 18.5.3 Subentry ACI
18.6 Protecting the ACI
18.7 Access control and Directory operations
124 18.8 Access Control Decision Function
18.8.1 Inputs and outputs
18.8.2 Tuples
18.8.3 Discarding non-relevant tuples
125 18.8.4 Selecting highest precedence, most specific tuples
18.9 Simplified Access Control
18.9.1 Introduction
18.9.2 Definition of Simplified Access Control functionality
19 Rule-based Access Control
19.1 Scope and application
126 19.2 Rule-based Access Control model
127 19.3 Access control administrative areas
19.4 Security Label
19.4.1 Introduction
19.4.2 Administration of Security Labels
19.4.3 Labelled Attribute Values
128 19.5 Clearance
129 19.6 Access Control and Directory operations
19.7 Access Control Decision Function
19.8 Use of Rule-based and Basic Access Control
130 20 Data Integrity in Storage
20.1 Introduction
20.2 Protection of an Entry or Selected Attribute Types
131 20.3 Context for Protection of a Single Attribute Value
133 21 DSA Models
21.1 Definitions
21.2 Directory Functional Model
134 21.3 Directory Distribution Model
136 22 Knowledge
22.1 Definitions
22.2 Introduction
137 22.3 Knowledge References
22.3.1 Knowledge Categories
22.3.2 Knowledge Reference Types
138 22.3.2.1 Superior References
22.3.2.2 Immediate Superior References
22.3.2.3 Subordinate References
22.3.2.4 Non-Specific Subordinate References
139 22.3.2.5 Cross References
22.3.2.6 Supplier References
22.3.2.7 Consumer References
22.4 Minimum Knowledge
22.4.1 Superior Knowledge
22.4.2 Subordinate Knowledge
140 22.4.3 Supplier Knowledge
22.4.4 Consumer Knowledge
22.5 First Level DSAs
22.6 Knowledge references to LDAP servers
23 Basic Elements of the DSA Information Model
23.1 Definitions
141 23.2 Introduction
23.3 DSA Specific Entries and their Names
143 23.4 Basic Elements
23.4.1 DSA Operational Attributes
23.4.2 DSE Types
144 24 Representation of DSA Information
24.1 Representation of Directory User and Operational Information
145 24.1.1 Object Entry
24.1.2 Alias Entry
24.1.3 Administrative Point
24.1.4 Subentry
24.1.5 Family member
24.2 Representation of Knowledge References
24.2.1 Knowledge Attribute Types
146 24.2.1.1 My Access Point
24.2.1.2 Superior Knowledge
24.2.1.3 Specific Knowledge
147 24.2.1.4 Non-Specific Knowledge
24.2.1.5 Supplier Knowledge
148 24.2.1.6 Consumer Knowledge
149 24.2.1.7 Secondary Shadow Knowledge
24.2.1.8 DIT Bridge Knowledge
24.2.1.9 Matching Rules
150 24.2.1.9.1 Access Point Match
24.2.1.9.2 Master And Shadow Access Points Match
24.2.1.9.3 Supplier or Consumer Information Match
24.2.1.9.4 Suppliers and Consumers Match
24.2.2 Knowledge Reference Types
151 24.2.2.1 Self Reference
24.2.2.2 Superior Reference
24.2.2.3 Immediate Superior Reference
24.2.2.4 Subordinate Reference
24.2.2.5 Non-Specific Subordinate Reference
152 24.2.2.6 Cross Reference
24.2.2.7 Supplier Reference
24.2.2.8 Consumer Reference
24.3 Representation of Names and Naming Contexts
24.3.1 Names and Glue DSEs
24.3.2 Naming Contexts
153 24.3.3 Example
154 25 Overview
25.1 Definitions
25.2 Introduction
26 Operational bindings
26.1 General
155 26.2 Application of the operational framework
156 26.2.1 Two DSAs
26.2.2 The agreement
26.2.3 Operations
26.2.4 Management of the agreement
26.3 States of cooperation
157 27 Operational binding specification and management
27.1 Operational binding type specification
158 27.2 Operational binding management
159 27.3 Operational binding specification templates
27.3.1 Operational binding information object class
160 27.3.2 Operational binding cooperation information object class
27.3.3 Operational binding role information object class
161 28 Operations for operational binding management
28.1 Application-context definition
28.2 Establish Operational Binding operation
28.2.1 Establish Operational Binding syntax
162 28.2.2 Establish Operational Binding arguments
164 28.2.3 Establish Operational Binding results
28.3 Modify Operational Binding operation
28.3.1 Modify Operational Binding syntax
165 28.3.2 Modify Operational Binding argument
166 28.3.3 Modify Operational Binding results
28.4 Terminate Operational Binding operation
28.4.1 Terminate Operational Binding syntax
167 28.4.2 Terminate Operational Binding argument
28.4.3 Terminate Operational Binding result
28.5 Operational Binding Error
169 28.6 Operational Binding Management Bind and Unbind
28.6.1 DSA Operational Binding Management Bind
28.6.2 DSA Operational Binding Management Unbind
170 29 Overview
29.1 Definitions
29.2 Introduction
30 LDAP interworking model
30.1 LDAP interworking scenarios
171 30.2 Overview of bound DSA handling LDAP operations
30.3 General LDAP requestor characteristics
172 30.4 LDAP extension mechanisms
30.4.1 General
30.4.2 LDAP controls
30.4.3 LDAP extended operations
30.4.4 LDAP extended features
31 LDAP specific system schema
31.1 Operational Attribute types from IETF RFC 4512
31.1.1 Introduction
173 31.1.2 Naming contexts
31.1.3 Alternative server
31.1.4 Supported extension
31.1.5 Supported control
31.1.6 Supported SASL Mechanisms
31.1.7 Supported LDAP version
174 31.1.8 Supported features
31.1.9 LDAP Syntaxes
220 L.1 Example of an attribute hierarchy
L.2 Example of a subtree specification
221 L.3 Schema specification
L.3.1 Object classes and name forms
L.3.2 DIT structure rules
222 L.4 DIT content rules
223 L.5 DIT context use
224 M.1 Introduction
M.2 Permissions required for operations
225 M.3 Permissions affecting error
M.4 Entry level permissions
226 M.5 Entry level permissions
227 N.1 Introduction
N.2 Design principles for Basic Access Control
228 N.3 Introduction to example
229 N.4 Policy affecting the definition of specific and inner areas
230 N.5 Policy affecting the definition of Directory Access Control Domains (DACDs)
232 N.5.1 Administrative area associated with each DACD
233 N.6 Policy expressed in prescriptiveACI attributes
N.6.1 prescriptiveACI for DACD-1
236 N.6.2 prescriptiveACI for DACD-2
N.6.3 prescriptiveACI for DACD-3
237 N.6.4 prescriptiveACI for DACD-4
N.6.5 prescriptiveACI for DACD-5
238 N.7 Policy expressed in subentryACI attributes
N.7.1 subentryACI in the administrative entry for ACSA-1
N.7.2 subentryACI in the administrative entry for ACIA-1
239 N.8 Policy expressed in entryACI attributes
N.9 ACDF examples
N.9.1 Public access read
240 N.9.2 Public access search
N.9.2.1 Check each entry in the search scope for proper entry permission
241 N.9.2.2 Check for satisfaction of Filter
N.10 Rule-based access control
252 S.1 History tells us …
S.1.1 Original concepts that are still valid
S.1.2 Original concepts that are no longer valid
S.2 A new look at name resolution
253 S.2.1 The explicit knowledge model
256 S.2.2 Name resolution with implicit knowledge

Related products

BS ISO/IEC 9594-2:2017
$215.11