CONTENTS - ITU-T Rec. X.518 (08/2005) Information technology � Open Systems Interconnection � The Directory: Procedures for distributed operation

�1�� Scope�
�2�� Normative references��
�� 2.1�� Identical Recommendations | International Standards��
�� 2.2�� Other references��
�3�� Definitions��
�� 3.1�� Communication Model Definitions��
�� 3.2�� Basic Directory Definitions�
�� 3.3�� Directory Model Definitions��
�� 3.4�� DSA Information Model definitions
�� 3.5�� Abstract Service definitions
�� 3.6�� Directory replication definitions��
�� 3.7�� Distributed operation definitions��
�4�� Abbreviations��
�5�� Conventions��
�6�� Overview��
�7�� Distributed Directory System Model��
�8�� DSA Interactions Model��
�� 8.1�� Decomposition of a request
�� 8.1.1�� NSSR decomposition��
�� 8.1.2�� Request decomposition��
�� 8.2�� Uni-chaining��
�� 8.3�� Multi-chaining��
�� 8.3.1�� Parallel multi-chaining��
�� 8.3.2�� Sequential multi-chaining��
�� 8.4�� Referral��
�� 8.5�� Mode determination��
�9�� Overview of DSA Abstract Service��
10�� Information types
�� 10.1�� Introduction��
�� 10.2�� Information types defined elsewhere��
�� 10.3�� Chaining Arguments��
�� 10.4�� Chaining Results��
�� 10.5�� Operation Progress��
�� 10.6�� Trace Information�
�� 10.7�� Reference Type��
�� 10.8�� Access point information��
�� 10.9�� DIT Bridge knowledge��
�� 10.10�� Exclusions��
�� 10.11�� Continuation Reference��
11�� Bind and Unbind�
�� 11.1�� DSA Bind
�� 11.2�� DSA Unbind��
12�� Chained operations��
�� 12.1�� Chained operations��
�� 12.2�� Chained Abandon operation��
�� 12.3�� Chained operations and protocol version��
13�� Chained errors�
�� 13.1�� Introduction��
� ��13.2�� DSA Referral��
14�� Introduction��
�� 14.1�� Scope and Limits��
�� 14.2�� Conformance��
�� 14.2.1�� Interaction involving a first edition DSA��
�� 14.3�� Conceptual model�
�� 14.4�� Individual and cooperative operation of DSAs��
�� 14.5�� Cooperative agreements between DSAs��
15�� Distributed Directory behaviour��
�� 15.1�� Cooperative fulfilment of operations��
�� 15.2�� Phases of operation processing��
�� 15.2.1�� Name Resolution phase��
�� 15.2.2�� Evaluation phase�
�� 15.2.3�� Results Merging phase��
�� 15.3�� Managing Distributed Operations��
�� 15.3.1�� Request decomposition��
�� 15.3.2�� DSA as Request Responder��
�� 15.3.3�� Completion of Operations��
�� 15.4�� Loop handling��
�� 15.4.1�� Loop detection��
�� 15.4.2�� Loop avoidance��
�� 15.5�� Other considerations for distributed operation��
�� 15.5.1�� Service controls��
�� 15.5.2�� Extensions��
�� 15.5.3�� Alias dereferencing��
�� 15.5.4�� Resolving context-variant names��
�� 15.5.5�� Paged results��
� ��15.6�� Authentication of Distributed Operations��
16�� The Operation Dispatcher��
�� 16.1�� General Concepts�
�� 16.1.1�� Procedures��
�� 16.1.2�� Use of common data structures��
�� 16.1.3�� Errors��
�� 16.1.4�� Asynchronous events��
�� 16.2�� Procedures of the Operation Dispatcher��
�� 16.3�� Overview of procedures��
�� 16.3.1�� Request Validation procedure��
�� 16.3.2�� Abandon procedure��
�� 16.3.3�� Find DSE procedure��
�� 16.3.4�� Single entry interrogation procedure��
�� 16.3.5�� Modification procedures�
�� 16.3.6�� Multiple entry interrogation procedures��
�� 16.3.7�� Name Resolution Continuation Reference procedure��
�� 16.3.8�� List and Search Continuation Reference procedure��
�� 16.3.9�� Result Merging procedure��
17�� Request Validation procedure��
�� 17.1�� Introduction��
�� 17.2�� Procedure parameters��
�� 17.2.1�� Arguments��
�� 17.2.2�� Results��
�� 17.3�� Procedure definition��
�� 17.3.1�� Abandon processing��
�� 17.3.2�� Security checks��
�� 17.3.3�� Input preparation
�� 17.3.4�� Validity assertion
�� 17.3.5�� Loop detection��
�� 17.3.6�� Unable or unwilling to perform��
�� 17.3.7�� Output processing��
18�� Name Resolution procedure��
�� 18.1�� Introduction��
�� 18.2�� Find DSE procedure parameters��
�� 18.2.1�� Arguments��
�� 18.2.2�� Results��
�� 18.2.3�� Errors��
�� 18.2.4�� Global variables��
�� 18.2.5�� Local and shared variables��
�� 18.3�� Procedures��
�� 18.3.1�� Find DSE procedure��
�� 18.3.2�� Target Not Found sub-procedure��
�� 18.3.3�� Target Found sub-procedure��
�� 18.3.4�� Check Suitability procedure��
19�� Operation evaluation��
�� 19.1�� Modification procedure��
�� 19.1.1�� Add Entry Operation��
�� 19.1.2�� Remove Entry Operation
�� 19.1.3�� Modify Entry Operation��
�� 19.1.4�� Modify DN operation��
�� 19.1.5�� Modify operations and Non-Specific Subordinate References��
�� 19.2�� Single entry interrogation procedure��
�� 19.3�� Multiple entry interrogation procedure��
�� 19.3.1�� List procedures��
�� 19.3.2�� Search procedures��
20�� Continuation Reference procedures��
�� 20.1�� Chaining strategy in the presence of shadowing��
�� 20.1.1�� Master only strategy��
�� 20.1.2�� Parallel strategy��
�� 20.1.3�� Sequential strategy��
�� 20.2�� Issuing chained subrequests to a remote DSA��
�� 20.3�� Procedures' parameters��
�� 20.3.1�� Arguments��
�� 20.3.2�� Results��
�� 20.3.3�� Errors��
�� 20.4�� Definition of the procedures��
�� 20.4.1�� Name Resolution Continuation Reference procedure��
�� 20.4.2�� List Continuation Reference procedure��
�� 20.4.3�� Search Continuation Reference procedure��
�� 20.4.4�� APInfo procedure��
�� 20.5�� Abandon procedure��
21�� Results Merging procedure��
22�� Procedures for distributed authentication�
�� 22.1�� Originator authentication��
�� 22.1.1�� Identity-based authentication��
�� 22.1.2�� Signature-based originator authentication�
�� 22.2�� Results authentication��
23�� Knowledge administration overview��
�� 23.1�� Maintenance of knowledge references��
�� 23.1.1�� Maintenance of consumer knowledge by supplier and master DSAs��
�� 23.1.2�� Maintenance of subordinate and immediate superior knowledge in master DSAs��
� ��23.1.3�� Maintenance of subordinate and immediate superior knowledge in consumer DSAs��
�� 23.2�� Requesting cross reference
�� 23.3�� Knowledge inconsistencies
�� 23.3.1�� Detection of knowledge inconsistencies��
�� 23.3.2�� Reporting of knowledge inconsistencies��
�� 23.3.3�� Treatment of inconsistent knowledge references��
�� 23.4�� Knowledge references and contexts��
24�� Hierarchical operational bindings�
�� 24.1��Operational binding type characteristics��
�� 24.1.1�� Symmetry and roles��
�� 24.1.2�� Agreement��
�� 24.1.3�� Initiator��
�� 24.1.4�� Establishment parameters
�� 24.1.5� ��Modification parameters�
�� 24.1.6�� Termination parameters��
�� 24.1.7�� Type identification��
�� 24.2�� Operational binding information object Class definition��
�� 24.3�� DSA procedures for hierarchical operational binding management��
�� 24.3.1�� Establishment procedure�
�� 24.3.2�� Modification procedure��
�� 24.3.3�� Termination procedure��
�� 24.4�� Procedures for operations�
�� 24.5�� Use of application contexts��
25�� Non-specific hierarchical operational binding��
�� 25.1�� Operational binding type characteristics��
�� 25.1.1�� Symmetry and roles��
�� 25.1.2�� Agreement��
�� 25.1.3�� Initiator��
�� 25.1.4�� Establishment parameters
�� 25.1.5�� Modification parameters�
�� 25.1.6�� Termination parameters��
�� 25.1.7�� Type identification��
�� 25.2�� Operational binding information object class definition��
�� 25.3�� DSA procedures for non-specific hierarchical operational binding management��
�� 25.3.1�� Establishment procedure�
�� 25.3.2�� Modification procedure��
�� 25.3.3�� Termination procedure��
�� 25.4�� Procedures for operations�
�� 25.5�� Use of application contexts��
Annex A � ASN.1 for Distributed Operations��
Annex B � Example of distributed name resolution��
Annex C � Distributed use of authentication��
�� C.1�� Summary��
�� C.2�� Distributed protection model��
�� C.2.1�� Quality of protection��
�� C.3�� Signed chained operations�
�� C.3.1�� Chained signed arguments
�� C.3.2�� Chained signed results��
�� C.3.3�� Merging of Signed List or Search Results��
�� C.3.4�� Multi-chaining Request��
�� C.4�� Encrypted chained operations��
�� C.4.1�� Point-to-point (DUA->DSA or DSA->DSA) encryption on request��
�� C.4.2�� Point-to-point (DUA<-DSA or DSA<-DSA) encryption on result
�� C.4.3�� End-to-end encryption on DAP Result and point-to-point encryption on DSP Chaining Result��
�� C.4.4�� Merging of List/Search Results (merging with re-encryption by DSA 1)��
�� C.4.5�� Merging-not-allowed for List/Search Results��
�� C.4.6�� Multi-chaining a DAP Request using an Encryption-Key (net-key)
�� C.5�� Signed and encrypted distributed operations��
�� C.5.1�� End-to-end signatures, with point-to-point encryption��
�� C.5.2�� End-to-End Signature and Encryption on DAP Result, Point-to-Point Signature and Encryption on DSP��
�� C.5.3�� End-to-End Signature on DAP, Point-to-Point Encryption on DSP and DAP Result��
Annex D � Specification of hierarchical and non-specific hierarchical� perational binding types��
Annex E � Knowledge maintenance example��
Annex F � Amendments and corrigenda��