SECTION 1 – GENERAL
1 Scope
2
Normative references
2.1 Identical Recommendations | International Standards
2.2 Paired Recommendations | International Standards equivalent in
technical content
3
Definitions
3.1 OSI Reference Model Definitions
3.2 Basic directory definitions
3.3 Distributed operation definitions
3.4 Replication definitions
4
Abbreviations
5
Conventions
SECTION 2 – OVERVIEW OF THE DIRECTORY MODELS
6
Directory Models
6.1 Definitions
6.2 The Directory and its Users
6.3 Directory and DSA Information Models
6.4 Directory Administrative Authority Model
SECTION 3 – MODEL OF DIRECTORY
USER INFORMATION
7
Directory Information Base
7.1 Definitions
7.2 Objects
7.3 Directory Entries
7.4 The Directory Information Tree (DIT)
8
Directory Entries
8.1 Definitions
8.2 Overall Structure
8.3 Object Classes
8.4 Attribute Types
8.5 Attribute Values
8.6 Attribute Type Hierarchies
8.7 Contexts
8.8 Matching Rules
8.9 Entry Collections
9
Names
9.1 Definitions
9.2 Names in General
9.3 Relative Distinguished Names
9.4 Name Matching
9.5 Names returned during operations
9.6 Names held as attribute values or used as parameters
9.7 Distinguished Names
9.8 Alias Names
SECTION 4 – DIRECTORY
ADMINISTRATIVE MODEL
10 Directory Administrative
Authority model
10.1 Definitions
10.2 Overview
10.3 Policy
10.4 Specific administrative authorities
10.5 Administrative areas and administrative points
10.6 DIT Domain policies
10.7 DMD policies
SECTION 5 – MODEL OF DIRECTORY
ADMINISTRATIVE AND OPERATIONAL
INFORMATION 28
11 Model of Directory Administrative
and Operational Information
11.1 Definitions
11.2 Overview
11.3 Subtrees
11.4 Operational attributes
11.5 Entries
11.6 Subentries
11.7 Information model for collective attributes
11.8 Information model for context defaults
SECTION 6 – THE DIRECTORY SCHEMA
12 Directory Schema
12.1 Definitions
12.2 Overview
12.3 Object class definition
12.4 Attribute type
definition
12.5 Matching rule definition
12.6 DIT structure definition
12.7 DIT content rule definition
12.8 Context type definition
12.9 DIT Context Use definition
13 Directory System Schema
13.1 Overview
13.2 System schema supporting the administrative and operational
information model
13.3 System schema supporting the administrative model
13.4 System schema supporting general administrative and
operational requirements
13.5 System schema supporting access control
13.6 System schema supporting the collective attribute model
13.7 System schema supporting context assertion defaults
13.8 Maintenance of system schema
13.9 System schema for first-level subordinates
14 Directory schema administration
14.1 Overview
14.2 Policy objects
14.3 Policy parameters
14.4 Policy procedures
14.5 Subschema
modification procedures
14.6 Entry addition and modification procedures
14.7 Subschema policy attributes
SECTION 7 – SECURITY
15 Security model
15.1 Definitions
15.2 Security policies
15.3 Protection of Directory
operations
16 Basic Access Control
16.1 Scope and application
16.2 Basic Access Control model
16.3 Access control administrative areas
16.4 Representation of Access Control Information
16.5 The ACI operational attributes
16.6 Protecting the ACI
16.7 Access control and Directory operations
16.8 Access Control Decision Function
16.9 Simplified Access Control
17 Rule-based Access Control
17.1 Scope and application
17.2 Rule-based Access Control model
17.3 Access control administrative areas
17.4 Security Label
17.5 Clearance
17.6 Access Control and Directory operations
17.7 Access Control Decision Function
17.8 Use of Rule-based and Basic Access Control
18 Cryptographic Protection in
Storage
18.1 Data Integrity in Storage
18.2 Confidentiality of stored data
SECTION 8
– DSA MODELS
19 DSA
Models
19.1 Definitions
19.2 Directory Functional Model
19.3 Directory Distribution Model
SECTION 9 – DSA INFORMATION MODEL
20 Knowledge
20.1 Definitions
20.2 Introduction
20.3 Knowledge References
20.4 Minimum Knowledge
20.5 First Level DSAs
21 Basic Elements of the DSA
Information Model
21.1 Definitions
21.2 Introduction
21.3 DSA-Specific Entries and their Names
21.4 Basic Elements
22 Representation of DSA Information
22.1 Representation of Directory User and Operational Information
22.2 Representation of Knowledge References
22.3 Representation of Names and Naming Contexts
SECTION 10 – DSA OPERATIONAL FRAMEWORK
23 Overview
23.1 Definitions
23.2 Introduction
24 Operational bindings
24.1 General
24.2 Application of the operational framework
24.3 States of cooperation
25 Operational binding specification
and management
25.1 Operational binding type specification
25.2 Operational binding management
25.3 Operational binding specification templates
26 Operations for operational
binding management
26.1 Application-context definition
26.2 Establish Operational Binding operation
26.3 Modify Operational Binding operation
26.4 Terminate Operational Binding operation
26.5 Operational Binding Error
26.6 Operational Binding Management Bind and Unbind
Annex A – Object identifier usage
Annex B – Information Framework in ASN.1
Annex C – SubSchema Administration Schema in ASN.1
Annex D – Basic Access Control in ASN.1
Annex E – DSA Operational Attribute Types in ASN.1
Annex F – Operational Binding Management in ASN.1
Annex G – The Mathematics of Trees
Annex H – Name Design Criteria
Annex I – Examples of various aspects of schema
I.1 Example of an Attribute
Hierarchy
I.2 Example of a Subtree Specification
I.3 Schema Specification
I.4 DIT content rules
I.5 DIT context use
Annex J – Overview of Basic Access Control Permissions
J.1 Introduction
Annex K – Examples of Access Control
K.1 Introduction
K.2 Design principles for Basic Access Control
K.3 Introduction to example
K.4 Policy affecting the definition of specific and inner areas
K.5 Policy affecting the definition of DACDs
K.6 Policy expressed in prescriptiveACI attributes
K.7 Policy expressed in subentryACI attributes
K.8 Policy expressed in entryACI attributes
K.9 ACDF examples
K.10 Rule-based Access Control
Annex L – DSE Type Combinations
Annex M – Modelling of knowledge
Annex N – Alphabetical index of definitions
Annex O – Names held as attribute values or used as parameters
Annex P – Enhanced security
Annex Q – Amendments and corrigenda