SECTION 1
� GENERAL
1 Scope
2 Normative
references
2.1
Identical Recommendations | International
Standards
2.2
Paired Recommendations | International Standards
equivalent in technical content
2.3
Other references
3 Definitions
3.1
Communication definitions
3.2
Basic Directory definitions
3.3
Distributed operation
definitions
3.4
Replication definitions
4 Abbreviations
5 Conventions
SECTION 2 � OVERVIEW OF THE DIRECTORY MODELS
6 Directory
Models
6.1
Definitions
6.2
The Directory and its users
6.3
Directory and DSA Information
Models
6.4
Directory Administrative Authority Model
SECTION 3 � MODEL OF DIRECTORY USER
INFORMATION
7 Directory
Information Base
7.1
Definitions
7.2
Objects
7.3
Directory entries
7.4
Directory Information Tree (DIT)
8 Directory
entries
8.1
Definitions
8.2
Overall structure
8.3
Object classes
8.4
Attribute Types
8.5
Attribute Values
8.6
Attribute Type Hierarchies
8.7 Friend
attributes
8.8
Contexts
8.9
Matching rules
8.10
Entry collections
8.11
Compound entries and families of
entries
9 Names
9.1
Definitions
9.2
Names in general
9.3
Relative Distinguished
Names
9.4
Name matching
9.5
Names returned during operations
9.6
Names held as attribute values or used as
parameters
9.7
Distinguished
Names
9.8
Alias
Names
10 Hierarchical
groups
10.1
Definitions
10.2
Hierarchical relationship
10.3
Sequential ordering of a hierarchical group
SECTION 4 � DIRECTORY ADMINISTRATIVE MODEL
11 Directory
Administrative Authority model
11.1
Definitions
11.2
Overview
11.3
Policy
11.4
Specific administrative authorities
11.5
Administrative areas and administrative
points
11.6
DIT Domain policies
11.7 DMD
policies
SECTION 5 � MODEL OF DIRECTORY ADMINISTRATIVE AND
OPERATIONAL INFORMATION
12 Model of
Directory Administrative and Operational Information
12.1
Definitions
12.2
Overview
12.3
Subtrees
12.4
Operational
attributes
12.5
Entries
12.6
Subentries
12.7
Information model for collective attributes
12.8
Information model for context
defaults
SECTION 6 � THE DIRECTORY SCHEMA
13 Directory
Schema
13.1
Definitions
13.2
Overview
13.3
Object class
definition
13.4
Attribute type definition
13.5
Matching rule definition
13.6
Relaxations and tightenings
13.7
DIT structure definition
13.8
DIT content rule definition
13.9
Context type
definition
13.10
DIT Context Use
definition
13.11
Friends definition
14 Directory
System Schema
14.1
Overview
14.2
System schema supporting the administrative and
operational information model
14.3
System schema supporting the administrative
model
14.4
System schema supporting general administrative and
operational requirements
14.5
System schema supporting access control
14.6
System schema supporting the collective attribute
model
14.7
System schema supporting context assertion
defaults
14.8
System schema supporting the service administration
model
14.9
System schema supporting hierarchical
groups
14.10
Maintenance of system schema
14.11
System schema for first-level subordinates
15 Directory
schema administration
15.1
Overview
15.2
Policy objects
15.3
Policy parameters
15.4
Policy procedures
15.5
Subschema modification
procedures
15.6
Entry addition and modification
procedures
15.7
Subschema policy
attributes
Page
SECTION 7 � DIRECTORY SERVICE ADMINISTRATION
16 Service
Administration Model
16.1
Definitions
16.2
Service-type/user-class
model
16.3
Service-specific administrative
areas
16.4
Introduction to
search-rules
16.5
Subfilters
16.6
Filter requirements
16.7
Attribute information selection based on
search-rules
16.8
Access control aspects of
search-rules
16.9
Contexts aspects of search-rules
16.10
Search-rule specification
16.11
Matching restriction
definition
16.12
Search-validation function
SECTION 8 � SECURITY
17 Security
model
17.1
Definitions
17.2
Security policies
17.3
Protection of Directory operations
18 Basic
Access Control
18.1
Scope and
application
18.2
Basic Access Control
model
18.3
Access control administrative
areas
18.4
Representation of Access Control
Information
18.5
ACI operational attributes
18.6
Protecting the ACI
18.7
Access control and Directory
operations
18.8
Access Control Decision Function
18.9
Simplified Access Control
19 Rule-based
Access Control
19.1
Scope and
application
19.2
Rule-based Access Control model
19.3
Access control administrative
areas
19.4
Security Label
19.5
Clearance
19.6
Access Control and Directory operations
19.7
Access Control Decision Function
19.8
Use of Rule-based and Basic Access
Control
20 Data
Integrity in Storage
20.1
Introduction
20.2
Protection of an Entry or Selected Attribute Types
20.3
Context for Protection of a Single Attribute
Value
SECTION 9 � DSA MODELS
21 DSA Models
21.1
Definitions
21.2
Directory Functional
Model
21.3
Directory Distribution
Model
SECTION 10 � DSA INFORMATION MODEL
22 Knowledge
22.1
Definitions
22.2
Introduction
22.3
Knowledge References
22.4
Minimum
Knowledge
22.5
First Level DSAs
23 Basic
Elements of the DSA Information Model
23.1
Definitions
23.2
Introduction
23.3
DSA Specific Entries and their
Names
23.4
Basic Elements
24 Representation
of DSA Information
24.1
Representation of Directory User and Operational
Information
24.2
Representation of Knowledge References
24.3
Representation of Names and Naming
Contexts
SECTION 11 � DSA OPERATIONAL FRAMEWORK
25 Overview
25.1
Definitions
25.2
Introduction
26 Operational
bindings
26.1
General
26.2
Application of the operational framework
26.3
States of
cooperation
27 Operational
binding specification and
management
27.1
Operational binding type
specification
27.2
Operational binding management
27.3
Operational binding specification templates
28 Operations
for operational binding management
28.1
Application-context
definition
28.2
Establish Operational Binding
operation
28.3
Modify Operational Binding
operation
28.4
Terminate Operational Binding
operation
28.5
Operational Binding Error
28.6
Operational Binding Management Bind and
Unbind
Annex A � Object identifier usage
Annex B � Information Framework in
ASN.1
Annex C � SubSchema Administration Schema in
ASN.1
Annex D � Service Administration in ASN.1
Annex E � Basic Access Control in ASN.1
Annex F � DSA Operational Attribute Types in
ASN.1
Annex G � Operational Binding Management in
ASN.1
Annex H � Enhanced security
Annex I � The Mathematics of Trees
Annex J � Name Design Criteria
Page
Annex K � Examples of various aspects of schema
K.1
Example of an attribute hierarchy
K.2
Example of a subtree specification
K.3
Schema
specification
K.4
DIT content rules
K.5
DIT context use
Annex L � Overview of basic access control
permissions
L.1
Introduction
L.2
Permissions required for operations
L.3
Permissions affecting error
L.4
Entry level permissions
L.5
Entry level
permissions
Annex M � Examples of access control
M.1
Introduction
M.2
Design principles for Basic Access
Control
M.3
Introduction to example
M.4
Policy affecting the definition of specific and inner
areas
M.5
Policy affecting the definition of
DACDs
M.6
Policy expressed in prescriptiveACI
attributes
M.7
Policy expressed in subentryACI
attributes
M.8
Policy expressed in entryACI
attributes
M.9
ACDF examples
M.10
Rule-based Access
Control
Annex N � DSE type combinations
Annex O � Modelling of knowledge
Annex P � Names held as attribute values or used as
parameters
Annex Q � Subfilters
Annex R � Compound entry name patterns and their
use
Annex S � Naming concepts and considerations
S.1
History tells us �
S.2
A new look at name
resolution
Annex T � Alphabetical index of definitions
Annex U � Amendments and corrigenda