Professional Documents
Culture Documents
2:1996
ISO/IEC 9594-2:1995
Information technology —
Open Systems Interconnection—
The Directory
Part 2: Models
AS/NZS 4019.2:1996
Information technology —
Open Systems Interconnection—
The Directory
Part 2: Models
STANDARDS AUSTRALIA
1 The Crescent,
Homebush NSW 2140 Australia
STANDARDS NEW ZEALAND
Level 10, Standards House,
155 The Terrace,
Wellington 6001 New Zealand
ISBN 0 7337 0420 4
ii
PREFACE
This Standard was prepared by the Joint Standards Australia/Standards New Zealand Committee IT/1
on Information Systems— Interconnection. It is identical with and has been reproduced from
ISO/IEC 9594-2:1995, Information technology— Open Systems Interconnection— The Directory: Models.
This edition will be concurrent with AS 4019.2 — 1992, Information technology— Open Systems
Interconnection—The Directory, Part 2: Models.
The objective of this Standard is to provide users of information technology with a definition, in an
abstract way, of the externally visible service provided by the Directory.
This Standard is one of a series of Open Systems Interconnection (OSI) Standards which are currently
under development. Since OSI Standards are developmental, there may be some minor difficulties
encountered in their implementation. For this reason, Standards Australia will be providing, through
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
the OSI Help Desk, a service to coordinate and disseminate information concerning difficulties which
are identified in using this Standard.
This edition technically revises and enhances AS 4019.2. Implementation may still claim conformance
to AS 4019.2. However, at some point, AS 4019 will no longer be supported. It is recommended that
implementation conform to AS/NZS 4019:1996 as soon as possible.
This Standard is Part 2 of AS/NZS 4019, Information technology— Open Systems Interconnection—
The Directory, which is published in Parts as follows:
Part 1: Overview of concepts, models and services
Part 2: Models (this Standard)
Part 3: Abstract service definition
Part 4: Procedures for distributed operation
Part 5: Protocol specifications
Part 6: Selected attribute types
Part 7: Selected object classes
Part 8: Authentication framework
Part 9: Replication
Users of this Standard are advised by Standards Australia and Standards New Zealand, under
arrangements made with ISO and IEC, as well as certain other Standards organizations, that the number
of this Standard is not reproduced on each page; its identity is shown only on the cover and title pages.
For the purpose of this Standard, the source text should be modified as follows:
(a) Terminology The words ‘this Australian/New Zealand Standard’ should replace the words ‘this
International Standard’ wherever they appear.
(b) Decimal marker Substitute a full point for a comma where it appears as a decimal marker.
(c) References The references to international Standards should be replaced by references, where
appropriate, to the following Australian or Joint Australian/New Zealand Standards:
Reference to International Standard Australian or Joint
or other publication Australian/New Zealand Standard
ISO AS
7498 Information processing systems — 2777 Information processing systems —
Open Systems Interconnection— Open Systems Interconnection —
Basic Reference Model Basic reference model
7498-2 Part 2: Security Architecture 2777.2 Part 2: Security Architecture
iii
ISO/IEC AS/NZS
8824 Information technology— —
Abstract Syntax Notation One (ASN.1)
8824-1 Part 1: Specification of basic notation —
8824-2 Part 2: Information object —
specification
8824-3 Part 3: Constraint specification —
8824-4 Part 4: Parameterization of ASN.1 —
specifications
9594 Information technology— 4019 Information technology —
Open Systems Interconnection — Open Systems Interconnection —
The Directory: The Directory:
9594-1 Part 1: Overview of concepts, models 4019.1 Part 1: Overview of concepts, models
and services and services
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
9594-3 Part 3: Abstract service definition 4019.3 Part 3: Abstract service definition
9594-4 Part 4: Procedures for distributed 4019.4 Part 4: Procedures for distributed
operation operation
9594-5 Part 5: Protocol specifications 4019.5 Part 5: Protocol specifications
9594-6 Part 6: Selected attribute types 4019.6 Part 6: Selected attribute types
9594-7 Part 7: Selected object classes 4019.7 Part 7: Selected object classes
9594-8 Part 8: Authentication framework 4019.8 Part 8: Authentication framework
9594-9 Part 9: Replication 4019.9 Part 9: Replication
CONTENTS
Page
SECTION 1 — GENERAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Normative references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1 Identical Recommendations International Standards . . . . . . . . . . . . . . . . . . . . 2
2.2 Paired Recommendations International Standards equivalent in technical content 2
3 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 OSI Reference Model Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.2 Basic directory definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.3 Distributed operation definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
viii
NOTES
1
SECTION 1 — GENERAL
1 Scope
The models defined in this Recommendation International Standard provide a conceptual and terminological
framework for the other ITU-T X.500 Series Recommendations parts of ISO/IEC 9594 which define various
aspects of the Directory.
The functional and administrative authority models define ways in which the Directory can be distributed, both
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
functionally and administratively. Generic DSA and DSA information models and an Operational Framework are
also provided to support Directory distribution.
The generic Directory Information Models describe the logical structure of the DIB from the perspective of
Directory and Administrative Users. In these models, the fact that the Directory is distributed, rather than
centralized, is not visible.
This Recommendation International Standard provides a specialization of the generic Directory Information
Models to support Directory Schema administration.
The other ITU-T Recommendations in the X.500 Series parts of ISO/IEC 9594 make use of the concepts
defined in this Recommendation International Standard to define specializations of the generic information and
DSA models to provide specific information, DSA and operational models supporting particular directory
capabilities (e.g. Replication):
a) the service provided by the Directory is described (in ITU-T Rec. X.511 ISO/IEC 9594-3) in
terms of the concepts of the information framework: this allows the service provided to be somewhat
independent of the physical distribution of the DIB;
b) the distributed operation of the Directory is specified (in ITU-T Rec. X.518 ISO/IEC 9594-4)
so as to provide that service, and therefore maintain that logical information structure, given that the
DIB is in fact highly distributed;
c) replication capabilities offered by the component parts of the Directory to improve overall
Directory performance are specified (in ITU-T Rec. X.525 ISO/IEC 9594-9).
The security model establishes a framework for the specification of access control mechanisms. It provides a
mechanism for identifying the access control scheme in effect in a particular portion of the DIT, and it defines
two flexible, specific access control schemes which are suitable for a wide variety of applications and styles of
use. The security model is concerned solely with control of access to the Directory information, not control of
access to the DSA application-entity holding the information.
DSA models establish a framework for the specification of the operation of the components of the Directory.
Specifically:
a) the Directory functional model describes how the Directory is manifested as a set of one or more
components, each being a DSA;
b) the Directory distribution model describes the principals according to which the DIB entries and
entry-copies may be distributed among DSAs;
c) the DSA information model describes the structure of the Directory user and operational
information held in a DSA;
d) the DSA operational framework describes the means by which the definition of specific forms of
cooperation between DSAs to achieve particular objectives (e.g. shadowing) is structured.
COPYRIGHT
This is a free preview. Purchase the entire publication at the link below: