TABLE DES MATIÈRES - ITU-T Rec. X.509 (10/2012) Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks

1     Scope
2     Normative references
        2.1     Identical Recommendations | International Standards
        2.2     Paired Recommendations | International Standards equivalent in technical content
        2.3     Recommendations
        2.4     Other references
3     Definitions
        3.1     OSI Reference Model security architecture definitions
        3.2     Baseline identity management terms and definitions
        3.3     Directory model definitions
        3.4     Access control framework definitions
        3.5     Public-key and attribute certificate definitions
4     Abbreviations
5     Conventions
6     Frameworks overview
        6.1     Digital signatures
        6.2     Formal definitions for public-key cryptography
        6.3     Distinguished encoding of Basic Encoding Rules
        6.4     Applying distinguished encoding
7     Public-keys and public-key certificates
        7.1     Introduction
        7.2     Public-key certificate
        7.3     Public-key certificate extensions
        7.4     Types of public-key certificates
        7.5     Trust anchor
        7.6     Entity relationship
        7.7     Certification path
        7.8     Generation of key pairs
        7.9     Public-key certificate creation
       7.10     Certificate revocation list
       7.11     Repudiation of a digital signing
8     Public-key certificate and CRL extensions
        8.1     Policy handling
        8.2     Key and policy information extensions
        8.3     Subject and issuer information extensions
        8.4     Certification path constraint extensions
        8.5     Basic CRL extensions
        8.6     CRL distribution points and delta-CRL extensions
9     Delta CRL relationship to base
10     Certification path processing procedure
       10.1     Path processing inputs
       10.2     Path processing outputs
       10.3     Path processing variables
       10.4     Initialization step
       10.5     Certificate processing
11     PKI directory schema
       11.1     PKI directory object classes and name forms
       11.2     PKI directory attributes
       11.3     PKI directory matching rules
       11.4     PKI directory syntax definitions
12     Attribute Certificates
       12.1     Attribute certificate structure
       12.2     Attribute certification paths
13     Attribute Authority, SOA and Certification Authority relationship
       13.1     Privilege in attribute certificates
       13.2     Privilege in public-key certificates
14     PMI models
       14.1     General model
       14.2     Control model
       14.3     Delegation model
       14.4     Group assignment model
       14.5     Roles model
       14.6     Recognition of Authority Model
       14.7     XML privilege information attribute
       14.8     Permission attribute and matching rule
15     Privilege management certificate extensions
       15.1     Basic privilege management extensions
       15.2     Privilege revocation extensions
       15.3     Source of Authority extensions
       15.4     Role extensions
       15.5     Delegation extensions
       15.6     Recognition of Authority Extensions
16     Privilege path processing procedure
      16.1     Basic processing procedure
       16.2     Role processing procedure
       16.3     Delegation processing procedure
17     PMI directory schema
       17.1     PMI directory object classes
       17.2     PMI Directory attributes
       17.3     PMI general directory matching rules
18     Directory authentication
       18.1     Simple authentication procedure
       18.2     Password policy
       18.3     Strong Authentication
19     Access control
20     Protection of Directory operations
Annex A – Public-Key and Attribute Certificate Frameworks
Annex B – Reference definition of algorithm object identifiers
Annex C – CRL generation and processing rules
        C.1     Introduction
        C.2     Determine parameters for CRLs
        C.3     Determine CRLs required
        C.4     Obtain CRLs
        C.5     Process CRLs
Annex D – Examples of delta CRL issuance
Annex E – Privilege policy and privilege attribute definition examples
        E.1    Introduction
        E.2     Sample syntaxes
        E.3     Privilege attribute example
Annex F – An introduction to public key cryptography²⁾
Annex G – Examples of use of certification path constraints
      Page
        G.1     Example 1: Use of basic constraints
        G.2     Example 2: Use of policy mapping and policy constraints
        G.3     Use of Name Constraints Extension
Annex H – Guidance on determining for which policies a certification path is valid
        H.1     Certification path valid for a user-specified policy required
        H.2     Certification path valid for any policy required
        H.3     Certification path valid regardless of policy
        H.4     Certification path valid for a user-specific policy desired, but not required
Annex I – Key usage certificate extension issues
Annex J – External ASN.1 modules
Annex K – Use of Protected Passwords for Bind operations
Annex L – Examples of password hashing algorithms
        L.1     Null Hashing method
        L.2     MD5 method
        L.3     SHA-1 method
Annex M – Alphabetical list of information item definitions
Annex N – Amendments and corrigenda

Table of Contents