SECTION 1 –
GENERAL
1 Scope
2 Normative
references
2.1 Identical Recommendations |
International Standards
2.2 Paired Recommendations |
International Standards equivalent in technical content
3 Definitions
3.1 OSI Reference Model Definitions
3.2 Basic directory definitions
3.3 Distributed operation definitions
3.4 Replication definitions
4 Abbreviations
5 Conventions
SECTION 2 –
OVERVIEW OF THE
DIRECTORY MODELS
6 Directory Models
6.1 Definitions
6.2 The Directory and its Users
6.3 Directory and DSA Information
Models
6.4 Directory Administrative Authority
Model
SECTION 3 –
MODEL OF DIRECTORY
USER INFORMATION
7 Directory
Information Base
7.1 Definitions
7.2 Objects
7.3 Directory Entries
7.4 The Directory Information Tree
(DIT)
8 Directory Entries
8.1 Definitions
8.2 Overall Structure
8.3 Object Classes
8.4 Attribute Types
8.5 Attribute Values
8.6 Attribute Type Hierarchies
8.7 Contexts
8.8 Matching Rules
8.9 Entry Collections
8.10 Compound entries and families of
entries
9 Names
9.1 Definitions
9.2 Names in General
9.3 Relative Distinguished Names
9.4 Name Matching
9.5 Names returned during operations
9.6 Names held as attribute values or
used as parameters
9.7 Distinguished Names
9.8 Alias Names
10 Hierarchical groups
10.1 Definitions
10.2 Hierarchical relationship
SECTION 4 – DIRECTORY ADMINISTRATIVE MODEL
11 Directory Administrative Authority model
11.1 Definitions
11.2 Overview
11.3 Policy
11.4 Specific administrative
authorities
11.5 Administrative areas and administrative
points
11.6 DIT Domain policies
11.7 DMD policies
SECTION 5 –
MODEL OF DIRECTORY
ADMINISTRATIVE AND OPERATIONAL
INFORMATION
12 Model of Directory Administrative and Operational Information
12.1 Definitions
12.2 Overview
12.3 Subtrees
12.4 Operational attributes
12.5 Entries
12.6 Subentries
12.7 Information model for collective
attributes
12.8 Information model for context
defaults
SECTION 6 –
THE DIRECTORY SCHEMA
13 Directory Schema
13.1 Definitions
13.2 Overview
13.3 Object class definition
13.4 Attribute type definition
13.5 Matching rule definition
13.6 Relaxations and tightenings
13.7 DIT structure definition
13.8 DIT content rule definition
13.9 Context type definition
13.10 DIT Context Use definition
14 Directory System Schema
14.1 Overview
14.2 System schema supporting the administrative
and operational information model
14.3 System schema supporting the
administrative model
14.4 System schema supporting general
administrative and operational requirements
14.5 System schema supporting access control
14.6 System schema supporting the
collective attribute model
14.7 System schema supporting context
assertion defaults
14.8 System schema supporting the
service administration model
14.9 System schema supporting
hierarchical groups
14.10 Maintenance of system schema
14.11 System schema for first-level
subordinates
15 Directory schema administration
15.1 Overview
15.2 Policy objects
15.3 Policy parameters
15.4 Policy procedures
15.5 Subschema modification procedures
15.6 Entry addition and modification
procedures
15.7 Subschema policy attributes
SECTION 7 –
DIRECTORY SERVICE ADMINISTRATION
16 Service Administration Model
16.1 Definitions
16.2 Service-type/user-class model
16.3 Service specific administrative
areas
16.4 Introduction to search-rules
16.5 Subfilters
16.6 Filter requirements
16.7 Attribute information selection
based on search-rules
16.8 Access control aspects of
search-rules
16.9 Contexts aspects of search-rules
16.10 Search-rule specification
16.11 Matching restriction definition
16.12 Search-validation function
SECTION
8 – SECURITY
17 Security model
17.1 Definitions
17.2 Security policies
17.3 Protection of Directory operations
18 Basic Access Control
18.1 Scope and application
18.2 Basic Access Control model
18.3 Access control administrative
areas
18.4 Representation of Access Control
Information
18.5 The ACI operational attributes
18.6 Protecting the ACI
18.7 Access control and Directory
operations
18.8 Access Control Decision Function
18.9 Simplified Access Control
19 Rule-based Access Control
19.1 Scope and application
19.2 Rule-based Access Control model
19.3 Access control administrative
areas
19.4 Security Label
19.5 Clearance
19.6 Access Control and Directory
operations
19.7 Access Control Decision Function
19.8 Use of Rule-based and Basic Access
Control
20 Cryptographic Protection in Storage
20.1 Data Integrity in Storage
20.2 Confidentiality of stored data
SECTION 9
– DSA MODELS
21 DSA Models
21.1 Definitions
21.2 Directory Functional Model
21.3 Directory Distribution Model
SECTION 10
– DSA INFORMATION MODEL
22 Knowledge
22.1 Definitions
22.2 Introduction
22.3 Knowledge References
22.4 Minimum Knowledge
22.5 First Level DSAs
23 Basic Elements of the DSA Information Model
23.1 Definitions
23.2 Introduction
23.3 DSA-Specific Entries and their
Names
23.4 Basic Elements
24 Representation of DSA Information
24.1 Representation of Directory User
and Operational Information
24.2 Representation of Knowledge
References
24.3 Representation of Names and Naming
Contexts
SECTION 11 – DSA OPERATIONAL FRAMEWORK
25 Overview
25.1 Definitions
25.2 Introduction
26 Operational bindings
26.1 General
26.2 Application of the operational
framework
26.3 States of cooperation
27 Operational binding specification and management
27.1 Operational binding type
specification
27.2 Operational binding management
27.3 Operational binding specification
templates
28 Operations for operational binding management
28.1 Application-context definition
28.2 Establish Operational Binding
operation
28.3 Modify Operational Binding
operation
28.4 Terminate Operational Binding
operation
28.5 Operational Binding Error
28.6 Operational Binding Management
Bind and Unbind
Annex A – Object identifier usage
Annex B – Information Framework in ASN.1
Annex C – SubSchema Administration Schema in ASN.1
Annex D – Service Administration in ASN.1
Annex E – Basic Access Control in ASN.1
Annex F – DSA Operational Attribute Types in ASN.1
Annex G – Operational Binding Management in ASN.1
Annex H – Enhanced security
Annex I – The Mathematics of Trees
Annex J – Name Design Criteria
Annex K – Examples of various aspects of schema
K.1 Example of an Attribute Hierarchy
K.2 Example of a Subtree Specification
K.3 Schema Specification
K.4 DIT content rules
K.5 DIT context use
Annex L – Overview of Basic Access Control Permissions
L.1 Introduction
L.2 Permissions required for
operations
L.3 Permissions affecting error
L.4 Entry level permissions
L.5 Entry level permissions
Annex M – Examples of Access Control
M.1 Introduction
M.2 Design principles for Basic Access
Control
M.3 Introduction to example
M.4 Policy affecting the definition of
specific and inner areas
M.5 Policy affecting the definition of
DACDs
M.6 Policy expressed in
prescriptiveACI attributes
M.7 Policy expressed in subentryACI
attributes
M.8 Policy expressed in entryACI
attributes
M.9 ACDF examples
M.10 Rule-based Access Control
Annex N – DSE Type Combinations
Annex O – Modelling of knowledge
Annex P – Names held as attribute values or used as
parameters
Annex Q – Subfilters
Annex R – Compound entry name patterns and their use
Annex S – Alphabetical index of definitions
Annex T – Amendments and corrigenda