ДСТУ ISO/IEC 9594-8:2014 Информационные технологии. Взаимосвязь открытых систем. Каталог. Часть 8. Основные положения по сертификации открытых ключей и атрибутов (ISO/IEC 9594-8:2014, IDT)

ПІДТВЕРДЖУВАЛЬНЕ ПОВІДОМЛЕННЯ

МІНІСТЕРСТВО ЕКОНОМІЧНОГО РОЗВИТКУ І ТОРГІВЛІ УКРАЇНИ

Наказ від 30.12.2014 № 1493

ISO/IEC 9594-8:2014

Information technology — Open Systems Interconnection — The Directory — Part 8: Public-key and
attribute certificate frameworks

прийнято як національний стандарт
методом «підтвердження» за позначенням

ДСТУ ISO/IEC 9594-8:2014
(ISO/IEC 9594-8:2014, IDT)

Інформаційні технології. Взаємозв'язок відкритих систем. Каталог. Частина 8. Основні положення
щодо сертифікації відкритих ключів та атрибутів

З наданням чинності від 2016–01–01

Відповідає офіційному тексту

З питань придбання офіційного видання звертайтесь
до національного органу стандартизації
(ДП «УкрНДНЦ» http://uas.org.ua)

CONTENTS

1 Scope

2 Normative references

2.1 Identical Recommendations | International Standards

2.2 Paired Recommendations | International Standards equivalent in technical content

2.3 Recommendations

2.4 Other references

3 Definitions

3.1 OSI Reference Model security architecture definitions

3.2 Baseline identity management terms and definitions

3.3 Directory model definitions

3.4 Access control framework definitions

3.5 Public-key and attribute certificate definitions

4 Abbreviations

5 Conventions

6 Frameworks overview

6.1 Digital signatures

6.2 Formal definitions for public-key cryptography

6.3 Distinguished encoding of Basic Encoding Rules

6.4 Applying distinguished encoding

7 Public-keys and public-key certificates

7.1 Introduction

7.2 Public-key certificate

7.3 Public-key certificate extensions

7.4 Types of public-key certificates

7.5 Trust anchor

7.6 Entity relationship

7.7 Certification path

7.8 Generation of key pairs

7.9 Public-key certificate creation

7.10 Certificate revocation list

7.11 Repudiation of a digital signing

8 Public-key certificate and CRL extensions

8.1 Policy handling

8.2 Key and policy information extensions

8.3 Subject and issuer information extensions

8.4 Certification path constraint extensions

8.5 Basic CRL extensions

8.6 CRL distribution points and delta-CRL extensions

9 Delta CRL relationship to base

10 Certification path processing procedure

10.1 Path processing inputs

10.2 Path processing outputs

10.3 Path processing variables

10.4 Initialization step

10.5 Certificate processing

11 PKI directory schema

11.1 PKI directory object classes and name forms

11.2 PKI directory attributes

11.3 PKI directory matching rules

11.4 PKI directory syntax definitions

12 Attribute Certificates

12.1 Attribute certificate structure

12.2 Attribute certification paths

13 Attribute Authority, SOA and Certification Authority relationship

13.1 Privilege in attribute certificates

13.2 Privilege in public-key certificates

14 PMI models

14.1 General model

14.2 Control model

14.3 Delegation model

14.4 Group assignment model

14.5 Roles model

14.6 Recognition of Authority Model

14.7 XML privilege information attribute

14.8 Permission attribute and matching rule

15 Privilege management certificate extensions

15.1 Basic privilege management extensions

15.2 Privilege revocation extensions

15.3 Source of Authority extensions

15.4 Role extensions

15.5 Delegation extensions

15.6 Recognition of Authority Extensions

16 Privilege path processing procedure

16.1 Basic processing procedure

16.2 Role processing procedure

16.3 Delegation processing procedure

17 PMI directory schema

17.1 PMI directory object classes

17.2 PMI Directory attributes

17.3 PMI general directory matching rules

18 Directory authentication

18.1 Simple authentication procedure

18.2 Password policy

18.3 Strong Authentication

19 Access control

20 Protection of Directory operations

Annex A – Public-Key and Attribute Certificate Frameworks

Annex B – Reference definition of algorithm object identifiers

Annex C – CRL generation and processing rules

Annex D – Examples of delta CRL issuance

Annex E – Privilege policy and privilege attribute definition examples

Annex F – An introduction to public key cryptography 2)

Annex G – Examples of use of certification path constraints

Annex H – Guidance on determining for which policies a certification path is valid

Annex I – Key usage certificate extension issues

Annex J – External ASN.1 modules

Annex K – Use of Protected Passwords for Bind operations

Annex L – Examples of password hashing algorithms

Annex M – Alphabetical list of information item definitions

Annex N – Amendments and corrigenda