ДСТУ ISO/IEC 9594-2:2015 Інформаційні технології. Взаємозв’язок відкритих систем. Директорія. Частина 2. Моделі (ISO/IEC 9594-2:2014, IDT)

ДСТУ ISO/IEC 9594-2:2015
(ISO/IEC 9594-2:2014, IDT)

Інформаційні технології. Взаємозв’язок відкритих систем.
Директорія. Частина 2. Моделі

 
   
 
 
     
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

1 Scope

2 Normative references

2.1 Identical Recommendations | International Standards

2.2 Paired Recommendations | International Standards equivalent in technical content

2.3 Other references

3 Definitions

3.1 Communication definitions

3.2 Basic Directory definitions

3.3 Distributed operation definitions

3.4 Replication definitions

4 Abbreviations

5 Conventions

6 Directory Models

6.1 Definitions

6.2 The Directory and its users

6.3 Directory and DSA Information Models

6.4 Directory Administrative Authority Model

7 Directory Information Base

7.1 Definitions

7.2 Objects

7.3 Directory entries

7.4 Directory Information Tree (DIT)

8 Directory entries

8.1 Definitions

8.2 Overall structure

8.3 Object classes

8.4 Attribute types

8.5 Attribute values

8.6 Attribute type hierarchies

8.7 Friend attributes

8.8 Contexts

8.9 Matching rules

8.10 Entry collections

8.11 Compound entries and families of entries

9 Names

9.1 Definitions

9.2 Names in general

9.3 Relative distinguished name

9.4 Name matching

9.5 Distinguished names

9.6 Alias names

10 Hierarchical groups

10.1 Definitions

10.2 Hierarchical relationship

10.3 Sequential ordering of a hierarchical group

11 Directory Administrative Authority model

11.1 Definitions

11.2 Overview

11.3 Policy

11.4 Specific administrative authorities

11.5 Administrative areas and administrative points

11.6 DIT Domain policies

11.7 DMD policies

12 Model of Directory Administrative and Operational Information

12.1 Definitions

12.2 Overview

12.3 Subtrees

12.4 Operational attributes

12.5 Entries

12.6 Subentries

12.7 Information model for collective attributes

12.8 Information model for context defaults

13 Directory Schema

13.1 Definitions

13.2 Overview

13.3 Object class definition

13.4 Attribute type definition

13.5 Matching rule definition

13.6 Relaxation and tightening

13.7 DIT structure definition

13.8 DIT content rule definition

13.9 Context type definition

13.10 DIT Context Use definition

13.11 Friends definition

13.12 Syntax definitions

14 Directory System Schema

14.1 Overview

14.2 System schema supporting the administrative and operational information model

14.3 System schema supporting the administrative model

14.4 System schema supporting general administrative and operational requirements

14.5 System schema supporting access control

14.6 System schema supporting the collective attribute model

14.7 System schema supporting context assertion defaults

14.8 System schema supporting the service administration model

14.9 System schema supporting password administration

14.10 System schema supporting hierarchical groups

14.11 Maintenance of system schema

14.12 System schema for first-level subordinates

15 Directory schema administration

15.1 Overview

15.2 Policy objects

15.3 Policy parameters

15.4 Policy procedures

15.5 Subschema modification procedures

15.6 Entry addition and modification procedures

15.7 Subschema policy attributes

16 Service Administration Model

16.1 Definitions

16.2 Service-type/user-class model

16.3 Service-specific administrative areas

16.4 Introduction to search-rules

16.5 Subfilters

16.6 Filter requirements

16.7 Attribute information selection based on search-rules

16.8 Access control aspects of search-rules

16.9 Contexts aspects of search-rules

16.10 Search-rule specification

16.11 Matching restriction definition

16.12 Search-validation function

17 Security model

17.1 Definitions

17.2 Security policies

17.3 Protection of Directory operations

18 Basic Access Control

18.1 Scope and application

18.2 Basic Access Control model

18.3 Access control administrative areas

18.4 Representation of Access Control Information

18.5 ACI operational attributes

18.6 Protecting the ACI

18.7 Access control and Directory operations

18.8 Access Control Decision Function

18.9 Simplified Access Control

19 Rule-based Access Control

19.1 Scope and application

19.2 Rule-based Access Control model

19.3 Access control administrative areas

19.4 Security Label

19.5 Clearance

19.6 Access Control and Directory operations

19.7 Access Control Decision Function

19.8 Use of Rule-based and Basic Access Control

20 Data Integrity in Storage

20.1 Introduction

20.2 Protection of an Entry or Selected Attribute Types

20.3 Context for Protection of a Single Attribute Value

21 DSA Models

21.1 Definitions

21.2 Directory Functional Model

21.3 Directory Distribution Model

22 Knowledge

22.1 Definitions

22.2 Introduction

22.3 Knowledge References

22.4 Minimum Knowledge

22.5 First Level DSAs

22.6 Knowledge references to LDAP servers

23 Basic Elements of the DSA Information Model

23.1 Definitions

23.2 Introduction

23.3 DSA Specific Entries and their Names

23.4 Basic Elements

24 Representation of DSA Information

24.1 Representation of Directory User and Operational Information

24.2 Representation of Knowledge References

24.3 Representation of Names and Naming Contexts

25 Overview

25.1 Definitions

25.2 Introduction

26 Operational bindings

26.1 General

26.2 Application of the operational framework

26.3 States of cooperation

27 Operational binding specification and management

27.1 Operational binding type specification

27.2 Operational binding management

27.3 Operational binding specification templates

28 Operations for operational binding management

28.1 Application-context definition

28.2 Establish Operational Binding operation

28.3 Modify Operational Binding operation

28.4 Terminate Operational Binding operation

28.5 Operational Binding Error

28.6 Operational Binding Management Bind and Unbind

29 Overview

29.1 Definitions

29.2 Introduction

30 LDAP interworking model

30.1 LDAP interworking scenarios

30.2 Overview of bound DSA handling LDAP operations

30.3 General LDAP requestor characteristics

30.4 LDAP extension mechanisms

31 LDAP specific system schema

31.1 Operational Attribute types from IETF RFC 4512

Annex A – Object identifier usage

Annex B – Information framework in ASN.1

Annex C – Subschema administration in ASN.1

Annex D – Service administration in ASN.1

Annex E – Basic Access Control in ASN.1

Annex F – DSA operational attribute types in ASN.1

Annex G – Operational binding management in ASN.1

Annex H – Enhanced security in ASN.1

Annex I – LDAP system schema

Annex J – The mathematics of trees

Annex K – Name design criteria

Annex L – Examples of various aspects of schema

Annex M – Overview of basic access control permissions

Annex N – Examples of access control

Annex O – DSE type combinations

Annex P – Modelling of knowledge

Annex Q – Subfilters

Annex R – Compound entry name patterns and their use

Annex S – Naming concepts and considerations

Annex T – Alphabetical index of definitions

Annex U – Amendments and corrigenda