ITU X.812:1995

ITU X.812:1995 Information Technology - Open Systems Interconnection - Security Frameworks For Open Systems: Access Control Framework Defines a general framework for the provision of access control services, it does not specify particular mechanisms to support these access control services nor the details of security management prot

More details

More info

1Scope
2Normativereferences
2.1IdenticalRecommendations/International
Standards
2.2PairedRecommendations/International
Standardsequivalentintechnicalcontent
3Definitions
4Abbreviations
5Generaldiscussionofaccesscontrol
5.1Goalofaccesscontrol
5.2Basicaspectsofaccesscontrol
5.2.1Performingaccesscontrolfunctions
5.2.2Otheraccesscontrolactivities
5.2.3ACIforwarding
5.3Distributionofaccesscontrolcomponents
5.3.1Incomingaccesscontrol
5.3.2Outgoingaccesscontrol
5.3.3Interposedaccesscontrol
5.4Distributionofaccesscontrolcomponentsacross
multiplesecuritydomains
5.5Threatstoaccesscontrol
6Accesscontrolpolicies
6.1Accesscontrolpolicyexpression
6.1.1Accesscontrolpolicycategories
6.1.2Groupsandroles
6.1.3Securitylabels
6.1.4Multipleinitiatoraccesscontrolpolicies
6.2Policymanagement
6.2.1Fixedpolicies
6.2.2Administratively-imposedpolicies
6.2.3User-selectedpolicies
6.3Granularityandcontainment
6.4Inheritancerules
6.5Precedenceamongaccesscontrolpolicyrules
6.6Defaultaccesscontrolpolicyrules
6.7Policymappingthroughcooperatingsecurity
domains
7Accesscontrolinformationandfacilities
7.1ACI
7.1.1InitiatorACI
7.1.2TargetACI
7.1.3AccessrequestACI
7.1.4OperandACI
7.1.5Contextualinformation
7.1.6Initiator-boundACI
7.1.7Target-boundACI
7.1.8Accessrequest-boundACI
7.2ProtectionofACI
7.2.1Accesscontrolcertificates
7.2.2Accesscontroltokens
7.3Accesscontrolfacilities
7.3.1Managementrelatedfacilities
7.3.2Operationrelatedfacilities
8Classificationofaccesscontrolmechanisms
8.1Introduction
8.2ACLscheme
8.2.1Basicfeatures
8.2.2ACI
8.2.3Supportingmechanisms
8.2.4Variationsofthisscheme
8.3Capabilityscheme
8.3.1Basicfeatures
8.3.2ACI
8.3.3Supportingmechanism
8.3.4Variationofthisscheme-Capabilities
withoutspecificoperations
8.4Labelbasedscheme
8.4.1Basicfeatures
8.4.2ACI
8.4.3Supportingmechanisms
8.4.4Labeledchannelsastargets
8.5Contextbasedscheme
8.5.1Basicfeatures
8.5.2ACI
8.5.3Supportingmechanisms
8.5.4Variationsofthisscheme
9Interactionwithothersecurityservicesandmechanisms
9.1Authentication
9.2Dataintegrity
9.3Dataconfidentiality
9.4Audit
9.5Otheraccess-relatedservices
AnnexA-Exchangeofaccesscontrolcertificatesamong
components
A.1Introduction
A.2Forwardingaccesscontrolcertificates
A.3Forwardingmultipleaccesscontrolcertificates
A.3.1Example
A.3.2Generalization
A.3.3Simplifications
AnnexB-AccesscontrolintheOSIreferencemodel
B.1General
B.2UseofaccesscontrolwithintheOSIlayers
B.2.1Useofaccesscontrolatthenetworklayer
B.2.2Useofaccesscontrolatthetransport
layer
B.2.3Useofaccesscontrolattheapplication
layer
AnnexC-Non-uniquenessofaccesscontrolidentities
AnnexD-Distributionofaccesscontrolcomponents
D.1Aspectsconsidered
D.2AECandADClocations
D.3Interactionsamongaccesscontrolcomponents
AnnexE-Rule-basedversusidentity-basedpolicies
AnnexF-AmechanismtosupportACIforwardingthroughan
initiator
AnnexG-Accesscontrolsecurityserviceoutline

Abstract

Defines a general framework for the provision of access control services, it does not specify particular mechanisms to support these access control services nor the details of security management protocols and services.

Categories

ITU X.812:1995

Table of Contents

Abstract

Contact us