Table of Contents
SECTION1-GENERAL
1Scope
2Normativereferences
2.1IdenticalRecommendations/International
Standards
2.2PairedRecommendations/InternationalStandards
equivalentintechnicalcontent
2.3Otherreferences
3Definitions
3.1CommunicationDefinitions
3.2Basicdirectorydefinitions
3.3Distributedoperationdefinitions
3.4Replicationdefinitions
4Abbreviations
5Conventions
SECTION2-OVERVIEWOFTHEDIRECTORYMODELS
6DirectoryModels
6.1Definitions
6.2TheDirectoryanditsUsers
6.3DirectoryandDSAInformationModels
6.4DirectoryAdministrativeAuthorityModel
SECTION3-MODELOFDIRECTORYUSERINFORMATION
7DirectoryInformationBase
7.1Definitions
7.2Objects
7.3DirectoryEntries
7.4TheDirectoryInformationTree(DIT)
8DirectoryEntries
8.1Definitions
8.2OverallStructure
8.3ObjectClasses
8.4AttributeTypes
8.5AttributeValues
8.6AttributeTypeHierarchies
8.7Friendattributes
8.8Contexts
8.9MatchingRules
8.10EntryCollections
8.11Compoundentriesandfamiliesofentries
9Names
9.1Definitions
9.2NamesinGeneral
9.3RelativeDistinguishedNames
9.4NameMatching
9.5Namesreturnedduringoperations
9.6Namesheldasattributevaluesorusedas
parameters
9.7DistinguishedNames
9.8AliasNames
10Hierarchicalgroups
10.1Definitions
10.2Hierarchicalrelationship
10.3Sequentialorderingofahierarchicalgroup
SECTION4-DIRECTORYADMINISTRATIVEMODEL
11DirectoryAdministrativeAuthoritymodel
11.1Definitions
11.2Overview
11.3Policy
11.4Specificadministrativeauthorities
11.5Administrativeareasandadministrativepoints
11.6DITDomainpolicies
11.7DMDpolicies
SECTION5-MODELOFDIRECTORYADMINISTRATIVEANDOPERATIONAL
INFORMATION
12ModelofDirectoryAdministrativeandOperational
Information
12.1Definitions
12.2Overview
12.3Subtrees
12.4Operationalattributes
12.5Entries
12.6Subentries
12.7Informationmodelforcollectiveattributes
12.8Informationmodelforcontextdefaults
SECTION6-THEDIRECTORYSCHEMA
13DirectorySchema
13.1Definitions
13.2Overview
13.3Objectclassdefinition
13.4Attributetypedefinition
13.5Matchingruledefinition
13.6Relaxationsandtightenings
13.7DITstructuredefinition
13.8DITcontentruledefinition
13.9Contexttypedefinition
13.10DITContextUsedefinition
13.11Friendsdefinition
14DirectorySystemSchema
14.1Overview
14.2Systemschemasupportingtheadministrativeand
operationalinformationmodel
14.3Systemschemasupportingtheadministrativemodel
14.4Systemschemasupportinggeneraladministrative
andoperationalrequirements
14.5Systemschemasupportingaccesscontrol
14.6Systemschemasupportingthecollectiveattribute
model
14.7Systemschemasupportingcontextassertion
defaults
14.8Systemschemasupportingtheservice
administrationmodel
14.9Systemschemasupportinghierarchicalgroups
14.10Maintenanceofsystemschema
14.11Systemschemaforfirst-levelsubordinates
15Directoryschemaadministration
15.1Overview
15.2Policyobjects
15.3Policyparameters
15.4Policyprocedures
15.5Subschemamodificationprocedures
15.6Entryadditionandmodificationprocedures
15.7Subschemapolicyattributes
SECTION7-DIRECTORYSERVICEADMINISTRATION
16ServiceAdministrationModel
16.1Definitions
16.2Service-type/user-classmodel
16.3Servicespecificadministrativeareas
16.4Introductiontosearch-rules
16.5Subfilters
16.6Filterrequirements
16.7Attributeinformationselectionbasedon
search-rules
16.8Accesscontrolaspectsofsearch-rules
16.9Contextsaspectsofsearch-rules
16.10Search-rulespecification
16.11Matchingrestrictiondefinition
16.12Search-validationfunction
SECTION8-SECURITY
17Securitymodel
17.1Definitions
17.2Securitypolicies
17.3ProtectionofDirectoryoperations
18BasicAccessControl
18.1Scopeandapplication
18.2BasicAccessControlmodel
18.3Accesscontroladministrativeareas
18.4RepresentationofAccessControlInformation
18.5TheACIoperationalattributes
18.6ProtectingtheACI
18.7AccesscontrolandDirectoryoperations
18.8AccessControlDecisionFunction
18.9SimplifiedAccessControl
19Rule-basedAccessControl
19.1Scopeandapplication
19.2Rule-basedAccessControlmodel
19.3Accesscontroladministrativeareas
19.4SecurityLabel
19.5Clearance
19.6AccessControlandDirectoryoperations
19.7AccessControlDecisionFunction
19.8UseofRule-basedandBasicAccessControl
20DataIntegrityinStorage
20.1Introduction
20.2ProtectionofanEntryorSelectedAttributeTypes
20.3ContextforProtectionofaSingleAttributeValue
SECTION9-DSAMODELS
21DSAModels
21.1Definitions
21.2DirectoryFunctionalModel
21.3DirectoryDistributionModel
SECTION10-DSAINFORMATIONMODEL
22Knowledge
22.1Definitions
22.2Introduction
22.3KnowledgeReferences
22.4MinimumKnowledge
22.5FirstLevelDSAs
23BasicElementsoftheDSAInformationModel
23.1Definitions
23.2Introduction
23.3DSA-SpecificEntriesandtheirNames
23.4BasicElements
24RepresentationofDSAInformation
24.1RepresentationofDirectoryUserandOperational
Information
24.2RepresentationofKnowledgeReferences
24.3RepresentationofNamesandNamingContexts
SECTION11-DSAOPERATIONALFRAMEWORK
25Overview
25.1Definitions
25.2Introduction
26Operationalbindings
26.1General
26.2Applicationoftheoperationalframework
26.3Statesofcooperation
27Operationalbindingspecificationandmanagement
27.1Operationalbindingtypespecification
27.2Operationalbindingmanagement
27.3Operationalbindingspecificationtemplates
28Operationsforoperationalbindingmanagement
28.1Application-contextdefinition
28.2EstablishOperationalBindingoperation
28.3ModifyOperationalBindingoperation
28.4TerminateOperationalBindingoperation
28.5OperationalBindingError
28.6OperationalBindingManagementBindandUnbind
AnnexA-Objectidentifierusage
AnnexB-InformationFrameworkinASN.1
AnnexC-SubSchemaAdministrationSchemainASN.1
AnnexD-ServiceAdministrationinASN.1
AnnexE-BasicAccessControlinASN.1
AnnexF-DSAOperationalAttributeTypesinASN.1
AnnexG-OperationalBindingManagementinASN.1
AnnexH-Enhancedsecurity
AnnexI-TheMathematicsofTrees
AnnexJ-NameDesignCriteria
AnnexK-Examplesofvariousaspectsofschema
K.1Exampleofanattributehierarchy
K.2Exampleofasubtreespecification
K.3Schemaspecification
K.4DITcontentrules
K.5DITcontextuse
AnnexL-OverviewofBasicAccessControlPermissions
L.1Introduction
L.2Permissionsrequiredforoperations
L.3Permissionsaffectingerror
L.4Entrylevelpermissions
L.5Entrylevelpermissions
AnnexM-ExamplesofAccessControl
M.1Introduction
M.2DesignprinciplesforBasicAccessControl
M.3Introductiontoexample
M.4Policyaffectingthedefinitionofspecificand
innerareas
M.5PolicyaffectingthedefinitionofDACDs
M.6PolicyexpressedinprescriptiveACIattributes
M.7PolicyexpressedinsubentryACIattributes
M.8PolicyexpressedinentryACIattributes
M.9ACDFexamples
M.10Rule-basedAccessControl
AnnexN-DSETypeCombinations
AnnexO-Modellingofknowledge
AnnexP-Namesheldasattributevaluesorusedas
parameters
AnnexQ-Subfilters
AnnexR-Compoundentrynamepatternsandtheiruse
AnnexS-Namingconceptsandconsiderations
S.1Historytellsus...
S.2Anewlookatnameresolution
AnnexT-Alphabeticalindexofdefinitions
AnnexU-Amendmentsandcorrigenda Abstract
Covers a number of different models for the Directory as a framework for the other Recommendations in the X.500-series. The models are the overall (functional) model, the administrative authority model, generic Directory Information models providing Directory information, generic Directory Systems Agent (DSA) and DSA information models, and Operational Framework and a security model.
