1
Scope
2 References
3 Definitions
3.1 Terms defined
elsewhere
3.2 Terms defined in
this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Basic concepts and models
6.1 Protection in a
single data protection domain
6.2 Cross data
protection domain
6.3 Service-oriented
model
6.4 The object and
attribute model
6.5 Basic access
control principles
6.6 Relationship to
other access control schemes
6.7 Protocols overview
6.8 Use of CMS
6.9 Public-key
certificate considerations
7 Provision of privilege
information
7.1 Use of attribute
certificates
7.2 Use of public-key
certificates
7.3 The access service
attribute type
7.4 Operations on
objects as a whole
7.5 Operations on
attributes
7.6 Error handling
8 Privilege assertion
protocol
8.1 Overview
8.2 Common request
components
8.3 Accessing a
service
8.4 Read operation
8.5 Compare operation
8.6 Add operation
8.7 Delete operation
8.8 Modify operation
8.9 Rename object
operation
8.10 Error handling
8.11 Information
selection
8.12 Object information
8.13 Defined error
codes
9 Privilege assignment
protocol
9.1 Scope of protocol
9.2 Content types
Annex A – Object identifier allocation for the ITU-T 1080-series
A.1 Top level of
object identifier tree
A.2 Object identifiers
for CMS content types
A.3 Object identifiers
for privilege attribute types
Annex B – Cryptographic message syntax profile
B.1 General
B.2 Use of the
signedData content type
B.3 Use of
envelopedData content type
B.4 Use of the
authenticated-enveloped-data content type
B.5 Attributes
B.6 Cryptographic message syntax error codes
Annex C – Formal specification of the privilege assertion and assignment
protocols
Appendix I – Informal specification for the cryptographic message syntax
profile
Bibliography