1
Scope
2
Normative references
2.1
Identical Recommendations | International Standards
2.2
Paired Recommendations | International Standards equivalent in technical
content
2.3
Recommendations
2.4
Other references
3
Definitions
3.1
OSI Reference Model security architecture definitions
3.2
Baseline identity management terms and definitions
3.3
Directory model definitions
3.4
Access control framework definitions
3.5
Public-key and attribute certificate definitions
4
Abbreviations
5
Conventions
6
Frameworks overview
6.1
Digital signatures
6.2
Formal definitions for public-key cryptography
6.3
Distinguished encoding of Basic Encoding Rules
6.4
Applying distinguished encoding
7
Public-keys and public-key certificates
7.1
Introduction
7.2
Public-key certificate
7.3
Public-key certificate extensions
7.4
Types of public-key certificates
7.5
Trust anchor
7.6
Entity relationship
7.7
Certification path
7.8
Generation of key pairs
7.9
Public-key certificate creation
7.10
Certificate revocation list
7.11
Repudiation of a digital signing
8
Public-key certificate and CRL extensions
8.1
Policy handling
8.2
Key and policy information extensions
8.3
Subject and issuer information extensions
8.4
Certification path constraint extensions
8.5
Basic CRL extensions
8.6
CRL distribution points and delta-CRL extensions
9
Delta CRL relationship to base
10
Certification path processing procedure
10.1
Path processing inputs
10.2
Path processing outputs
10.3
Path processing variables
10.4
Initialization step
10.5
Certificate processing
11
PKI directory schema
11.1
PKI directory object classes and name forms
11.2
PKI directory attributes
11.3
PKI directory matching rules
11.4 PKI
directory syntax definitions
12 Attribute
Certificates
12.1 Attribute
certificate structure
12.2 Attribute
certification paths
13
Attribute Authority, SOA and Certification Authority relationship
13.1
Privilege in attribute certificates
13.2
Privilege in public-key certificates
14 PMI models
14.1 General model
14.2 Control model
14.3
Delegation model
14.4
Group assignment model
14.5
Roles model
14.6
Recognition of Authority Model
14.7
XML privilege information attribute
14.8
Permission attribute and matching rule
15
Privilege management certificate extensions
15.1
Basic privilege management extensions
15.2
Privilege revocation extensions
15.3
Source of Authority extensions
15.4
Role extensions
15.5
Delegation extensions
15.6
Recognition of Authority Extensions
16
Privilege path processing procedure
16.1
Basic processing procedure
16.2
Role processing procedure
16.3
Delegation processing procedure
17
PMI directory schema
17.1
PMI directory object classes
17.2
PMI Directory attributes
17.3
PMI general directory matching rules
18
Directory authentication
18.1
Simple authentication procedure
18.2
Password policy
18.3
Strong Authentication
19
Access control
20
Protection of Directory operations
Annex A – Public-Key and Attribute Certificate Frameworks
Annex B – Reference definition of algorithm object identifiers
Annex C – CRL generation and processing rules
C.1
Introduction
C.2
Determine parameters for CRLs
C.3
Determine CRLs required
C.4
Obtain CRLs
C.5
Process CRLs
Annex D – Examples of delta CRL issuance
Annex E – Privilege policy and privilege attribute definition
examples
E.1 Introduction
E.2 Sample
syntaxes
E.3
Privilege attribute example
Annex F – An introduction to public key cryptography2)
Annex G – Examples of use of certification path constraints
Page
G.1
Example 1: Use of basic constraints
G.2
Example 2: Use of policy mapping and policy constraints
G.3
Use of Name Constraints Extension
Annex H – Guidance on determining for which policies a certification
path is valid
H.1
Certification path valid for a user-specified policy required
H.2
Certification path valid for any policy required
H.3
Certification path valid regardless of policy
H.4
Certification path valid for a user-specific policy desired, but not
required
Annex I – Key usage certificate extension issues
Annex J – External ASN.1 modules
Annex K – Use of Protected Passwords for Bind operations
Annex L – Examples of password hashing algorithms
L.1
Null Hashing method
L.2
MD5 method
L.3
SHA-1 method
Annex M – Alphabetical list of information item definitions
Annex N – Amendments and corrigenda