CONTENTS - Recommandation X.812

�1�� Scope
�2�� Normative references
�� 2.1�� Identical Recommendations | International Standards
�� 2.2�� Paired Recommendations | International Standards equivalent in technical content
�3�� Definitions
�4�� Abbreviations
�5�� General discussion of access control
�� 5.1�� Goal of access control
�� 5.2�� Basic aspects of access control
�� 5.2.1�� Performing access control functions
�� 5.2.2�� Other access control activities
�� 5.2.3�� ACI forwarding
�� 5.3�� Distribution of access control components
�� 5.3.1�� Incoming access control
�� 5.3.2�� Outgoing access control
�� 5.3.3�� Interposed access control
�� 5.4�� Distribution of access control components across multiple security domains
�� 5.5�� Threats to access control
�6�� Access control policies
�� 6.1�� Access control policy expression
�� 6.1.1�� Access control policy categories
�� 6.1.2�� Groups and roles
�� 6.1.3�� Security labels
�� 6.1.4�� Multiple initiator access control policies
�� 6.2�� Policy management
�� 6.2.1�� Fixed policies
�� 6.2.2�� Administratively-imposed policies
�� 6.2.3�� User-selected policies
�� 6.3�� Granularity and containment
�� 6.4�� Inheritance rules
�� 6.5�� Precedence among access control policy rules
�� 6.6�� Default access control policy rules
�� 6.7�� Policy mapping through cooperating security domains
�7�� Access control information and facilities
�� 7.1�� ACI�
�� 7.1.1�� Initiator ACI
�� 7.1.2�� Target ACI
�� 7.1.3�� Access request ACI
�� 7.1.4�� Operand ACI
�� 7.1.5�� Contextual information
�� 7.1.6�� Initiator-bound ACI
�� 7.1.7�� Target-bound ACI
�� 7.1.8�� Access request-bound ACI
�� 7.2�� Protection of ACI
�� 7.2.1�� Access control certificates
�� 7.2.2�� Access control tokens
�� 7.3�� Access control facilities
�� 7.3.1�� Management related facilities
�� 7.3.2�� Operation related facilities

�8�� Classification of access control mechanisms
�� 8.1�� Introduction
�� 8.2�� ACL scheme
�� 8.2.1�� Basic features
�� 8.2.2 ��ACI
�� 8.2.3�� Supporting mechanisms
�� 8.2.4�� Variations of this scheme
�� 8.3�� Capability scheme
�� 8.3.1�� Basic features
�� 8.3.2�� ACI
�� 8.3.3�� Supporting mechanisms
�� 8.3.4�� Variation of this scheme � Capabilities without specific operations
�� 8.4�� Label based scheme
�� 8.4.1�� Basic features
�� 8.4.2�� ACI
�� 8.4.3�� Supporting mechanisms
�� 8.4.4�� Labeled channels as targets
�� 8.5�� Context based scheme
�� 8.5.1�� Basic features
�� 8.5.2�� ACI
�� 8.5.3�� Supporting mechanisms
�� 8.5.4�� Variations of this scheme
�9�� Interaction with other security services and mechanisms
�� 9.1�� Authentication
�� 9.2�� Data integrity
�� 9.3�� Data confidentiality
�� 9.4�� Audit
�� 9.5�� Other access-related services
Annex� A � Exchange of access control certificates among components
�� A.1�� Introduction
�� A.2�� Forwarding access control certificates
�� A.3�� Forwarding multiple access control certificates
�� A.3.1�� Example��
�� A.3.2�� Generalization
�� A.3.3�� Simplifications
Annex� B � Access control in the OSI reference model
�� B.1�� General
�� B.2�� Use of access control within the OSI layers
�� B.2.1�� Use of access control at the network layer
�� B.2.2�� Use of access control at the transport layer
�� B.2.3�� Use of access control at the application layer
Annex� C � Non-uniqueness of access control identities
Annex� D � Distribution of access control components
�� D.1�� Aspects considered
�� D.2�� AEC and ADC locations
�� D.3�� Interactions among access control components
Annex� E � Rule-based versus identity-based policies
Annex� F � A mechanism to support ACI forwarding through an initiator
Annex� G � Access control security service outline