1 Scope
2
Normative references
2.1 Identical Recommendations | International Standards
2.2 Paired Recommendations | International Standards equivalent in
technical content
3
Definitions
4
Abbreviations
5
General discussion of access control
5.1 Goal of access control
5.2 Basic aspects of access control
5.2.1 Performing access control functions
5.2.2 Other access control activities
5.2.3
ACI forwarding
5.3 Distribution of access control components
5.3.1 Incoming access control
5.3.2 Outgoing access control
5.3.3 Interposed access control
5.4 Distribution of access control components across multiple
security domains
5.5 Threats to access control
6
Access control policies
6.1 Access control policy expression
6.1.1 Access control policy categories
6.1.2 Groups and roles
6.1.3 Security labels
6.1.4 Multiple initiator access control
policies
6.2 Policy management
6.2.1 Fixed policies
6.2.2 Administratively-imposed policies
6.2.3 User-selected policies
6.3 Granularity and containment
6.4 Inheritance rules
6.5 Precedence among access control policy rules
6.6 Default access
control policy rules
6.7 Policy mapping through cooperating security domains
7
Access control information and facilities
7.1 ACI
7.1.1 Initiator ACI
7.1.2 Target ACI
7.1.3 Access request ACI
7.1.4 Operand ACI
7.1.5 Contextual information
7.1.6 Initiator-bound ACI
7.1.7 Target-bound ACI
7.1.8 Access
request-bound ACI
7.2 Protection of ACI
7.2.1 Access control certificates
7.2.2 Access control tokens
7.3 Access control facilities
7.3.1 Management related facilities
7.3.2 Operation related facilities
8
Classification of access control mechanisms
8.1 Introduction
8.2 ACL scheme
8.2.1 Basic features
8.2.2 ACI
8.2.3 Supporting mechanisms
8.2.4 Variations of this scheme
8.3 Capability scheme
8.3.1 Basic features
8.3.2 ACI
8.3.3 Supporting mechanisms
8.3.4 Variation of this scheme – Capabilities
without specific operations
8.4 Label based scheme
8.4.1 Basic features
8.4.2 ACI
8.4.3 Supporting mechanisms
8.4.4 Labeled channels as targets
8.5 Context based scheme
8.5.1 Basic features
8.5.2 ACI
8.5.3 Supporting mechanisms
8.5.4 Variations of this scheme
9
Interaction with other security services and mechanisms
9.1 Authentication
9.2 Data integrity
9.3 Data confidentiality
9.4 Audit
9.5 Other access-related services
Annex A – Exchange of access control
certificates among components
A.1 Introduction
A.2 Forwarding access control certificates
A.3 Forwarding multiple access control certificates
A.3.1 Example
A.3.2 Generalization
A.3.3 Simplifications
Annex B – Access control in the OSI
reference model
B.1 General
B.2 Use of access control within the OSI layers
B.2.1 Use of access control at the network
layer
B.2.2 Use of access control at the transport
layer
B.2.3 Use of access control at the application
layer
Annex C – Non-uniqueness of access
control identities
Annex D – Distribution of access
control components
D.1 Aspects considered
D.2 AEC and ADC locations
D.3 Interactions among access control components
Annex E – Rule-based versus
identity-based policies
Annex F – A mechanism to support ACI
forwarding through an initiator
Annex G – Access control security
service outline