SECTION 1 �
GENERAL
1 Scope
2 Normative
references
2.1
Identical Recommendations | International
Standards
2.2
Paired Recommendations | International Standards
equivalent in technical content
2.3
Other references
3 Definitions
3.1
OSI Reference Model security architecture
definitions
3.2
Directory model definitions
3.3
Access control framework
definitions
3.4
Definitions
4 Abbreviations
5 Conventions
6 Frameworks
overview
6.1
Digital signatures
SECTION 2 � PUBLIC-KEY CERTIFICATE FRAMEWORK
7 Public-keys
and public-key certificates
7.1
Generation of key
pairs
7.2
Public-key certificate
creation
7.3
Certificate Validity
7.4
Repudiation of a digital
signing
8 Public-key
certificate and CRL extensions
8.1
Policy
handling
8.2
Key and policy information
extensions
8.3
Subject and issuer information
extensions
8.4
Certification path constraint
extensions
8.5
Basic CRL
extensions
8.6
CRL distribution points and delta-CRL
extensions
9 Delta
CRL relationship to base
10 Certification
path processing procedure
10.1
Path processing
inputs
10.2
Path processing outputs
10.3
Path processing variables
10.4
Initialization step
10.5
Certificate
processing
11 PKI
directory schema
11.1
PKI directory object classes and name
forms
11.2
PKI directory attributes
11.3
PKI directory matching
rules
SECTION 3 � ATTRIBUTE CERTIFICATE FRAMEWORK
12 Attribute
Certificates
12.1 Attribute
certificate structure
12.2
Attribute certificate paths
13 Attribute
Authority, SOA and Certification Authority relationship
13.1
Privilege in attribute
certificates
13.2
Privilege in public-key certificates
14 PMI models
14.1 General
model
14.2 Control
model
14.3
Delegation model
14.4
Group assignment model
14.5
Roles
model
14.6
Recognition of Authority Model
14.7
XML privilege information
attribute
14.8
Permission attribute and matching
rule
15 Privilege
management certificate
extensions
15.1
Basic privilege management
extensions
15.2
Privilege revocation
extensions
15.3
Source of Authority
extensions
15.4
Role extensions
15.5
Delegation
extensions
15.6
Recognition of Authority
Extensions
16 Privilege path processing
procedure
16.1 Basic
processing
procedure
16.2 Role
processing procedure
16.3
Delegation processing procedure
17 PMI
directory schema
17.1
PMI directory object
classes
17.2
PMI Directory attributes
17.3
PMI general directory matching
rules
18 Directory
authentication
18.1
Simple authentication procedure
18.2
Strong
Authentication
19 Access
control
20 Protection
of Directory
operations
Annex A � Public-Key and Attribute Certificate
Frameworks
Annex B � CRL generation and processing
rules
B.1
Introduction
B.2
Determine parameters for CRLs
B.3
Determine CRLs required
B.4
Obtain
CRLs
B.5
Process CRLs
Annex C � Examples of delta CRL issuance
Annex D � Privilege policy and privilege attribute definition
examples
D.1
Introduction
D.2 Sample
syntaxes
D.3
Privilege attribute example
Annex E � An introduction to public key
cryptography
Annex F � Reference definition of algorithm object
identifiers
Annex G � Examples of use of certification path
constraints
G.1
Example 1: Use of basic
constraints
G.2
Example 2: Use of policy mapping and policy
constraints
G.3
Use of Name Constraints
Extension
Annex H � Guidance on determining for which policies a
certification path is valid
H.1
Certification path valid for a user-specified policy
required
H.2
Certification path valid for any policy
required
H.3
Certification path valid regardless of policy
H.4
Certification path valid for a user-specific policy
desired, but not required
Annex I � Key usage certificate extension
issues
Annex J � External ASN.1 modules
Annex K � Use of Protected Passwords for Bind
operations
Page
Annex L � Alphabetical list of information item definitions
Annex M � Amendments and corrigenda