SECTION 1
– GENERAL
1
Scope
2
Normative references
2.1
Identical
Recommendations | International Standards
2.2
Paired Recommendations |
International Standards equivalent in technical content
2.3
Other references
3
Definitions
3.1
Communication
Definitions
3.2
Basic directory
definitions
3.3
Distributed operation
definitions
3.4
Replication definitions
4
Abbreviations
5
Conventions
SECTION 2 – OVERVIEW OF THE DIRECTORY MODELS
6
Directory Models
6.1
Definitions
6.2
The Directory and its
users
6.3
Directory and DSA
Information Models
6.4
Directory Administrative
Authority Model
SECTION 3 – MODEL OF DIRECTORY USER INFORMATION
7
Directory Information
Base
7.1
Definitions
7.2
Objects
7.3
Directory entries
7.4
The Directory
Information Tree (DIT)
8
Directory entries
8.1
Definitions
8.2
Overall structure
8.3
Object
classes
8.4
Attribute
Types
8.5
Attribute
Values
8.6
Attribute
Type Hierarchies
8.7
Friend attributes
8.8
Contexts
8.9
Matching rules
8.10
Entry collections
8.11
Compound entries and
families of entries
9
Names
9.1
Definitions
9.2
Names in general
9.3
Relative Distinguished
Names
9.4
Name matching
9.5
Names returned during
operations
9.6
Names held as attribute
values or used as parameters
9.7
Distinguished Names
9.8
Alias Names
10
Hierarchical groups
10.1
Definitions
10.2
Hierarchical
relationship
10.3
Sequential ordering of a
hierarchical group
SECTION 4 – DIRECTORY ADMINISTRATIVE MODEL
11
Directory Administrative
Authority model
11.1
Definitions
11.2
Overview
11.3
Policy
11.4
Specific administrative
authorities
11.5
Administrative areas and
administrative points
11.6
DIT
Domain policies
11.7
DMD
policies
SECTION 5 – MODEL OF DIRECTORY ADMINISTRATIVE AND OPERATIONAL
INFORMATION
12
Model of Directory
Administrative and Operational Information
12.1
Definitions
12.2
Overview
12.3
Subtrees
12.4
Operational attributes
12.5
Entries
12.6
Subentries
12.7
Information model for
collective attributes
12.8
Information model for
context defaults
SECTION 6 – THE DIRECTORY SCHEMA
13
Directory Schema
13.1
Definitions
13.2
Overview
13.3
Object class definition
13.4
Attribute type
definition
13.5
Matching rule definition
13.6
Relaxations and
tightenings
13.7
DIT structure definition
13.8
DIT content rule
definition
13.9
Context type definition
13.10
DIT Context Use
definition
13.11
Friends definition
14
Directory System Schema
14.1
Overview
14.2
System schema supporting
the administrative and operational information model
14.3
System schema supporting
the administrative model
14.4
System schema supporting
general administrative and operational requirements
14.5
System schema supporting
access control
14.6
System schema supporting
the collective attribute model
14.7
System schema supporting
context assertion defaults
14.8
System schema supporting
the service administration model
14.9
System schema supporting
hierarchical groups
14.10
Maintenance of system
schema
14.11
System schema for
first-level subordinates
15
Directory schema
administration
15.1
Overview
15.2
Policy objects
15.3
Policy parameters
15.4
Policy procedures
15.5
Subschema modification
procedures
15.6
Entry addition and
modification procedures
15.7
Subschema policy
attributes
SECTION 7 – DIRECTORY SERVICE ADMINISTRATION
16
Service Administration
Model
16.1
Definitions
16.2
Service-type/user-class
model
16.3
Service-specific
administrative areas
16.4
Introduction to
search-rules
16.5
Subfilters
16.6
Filter requirements
16.7
Attribute information
selection based on search-rules
16.8
Access control aspects
of search-rules
16.9
Contexts aspects of
search-rules
16.10
Search-rule
specification
16.11
Matching restriction
definition
16.12
Search-validation
function
SECTION 8 – SECURITY
17
Security model
17.1
Definitions
17.2
Security policies
17.3
Protection of Directory
operations
18
Basic Access Control
18.1
Scope and application
18.2
Basic Access Control
model
18.3
Access control
administrative areas
18.4
Representation of Access
Control Information
18.5
The ACI operational
attributes
18.6
Protecting the ACI
18.7
Access control and
Directory operations
18.8
Access Control Decision
Function
18.9
Simplified Access
Control
19
Rule-based Access
Control
19.1
Scope and application
19.2
Rule-based Access
Control model
19.3
Access control
administrative areas
19.4
Security Label
19.5
Clearance
19.6
Access Control and
Directory operations
19.7
Access Control Decision
Function
19.8
Use of Rule-based and
Basic Access Control
20
Data Integrity in
Storage
20.1
Introduction
20.2
Protection of an Entry
or Selected Attribute Types
20.3
Context for Protection
of a Single Attribute Value
SECTION
9 – DSA MODELS
21
DSA
Models
21.1
Definitions
21.2
Directory Functional
Model
21.3
Directory Distribution
Model
SECTION 10 – DSA INFORMATION MODEL
22
Knowledge
22.1
Definitions
22.2
Introduction
22.3
Knowledge References
22.4
Minimum Knowledge
22.5
First Level DSAs
23
Basic Elements of the
DSA Information Model
23.1
Definitions
23.2
Introduction
23.3
DSA-Specific Entries and
their Names
23.4
Basic Elements
24
Representation of DSA
Information
24.1
Representation of
Directory User and Operational Information
24.2
Representation of
Knowledge References
24.3
Representation of Names
and Naming Contexts
SECTION 11 – DSA OPERATIONAL FRAMEWORK
25
Overview
25.1
Definitions
25.2
Introduction
26
Operational bindings
26.1
General
26.2
Application of the
operational framework
26.3
States of cooperation
27
Operational binding
specification and management
27.1
Operational binding type specification
27.2
Operational binding
management
27.3
Operational binding
specification templates
28
Operations for
operational binding management
28.1
Application-context
definition
28.2
Establish Operational
Binding operation
28.3
Modify Operational
Binding operation
28.4
Terminate Operational
Binding operation
28.5
Operational Binding
Error
28.6
Operational Binding
Management Bind and Unbind
Annex
A – Object identifier usage
Annex B – Information
Framework in ASN.1
Annex C – SubSchema
Administration Schema in ASN.1
Annex D – Service
Administration in ASN.1
Annex E – Basic Access
Control in ASN.1
Annex F – DSA
Operational Attribute Types in ASN.1
Annex G – Operational
Binding Management in ASN.1
Annex H – Enhanced
security
Annex I – The
Mathematics of Trees
Annex J – Name Design
Criteria
Annex K – Examples of
various aspects of schema
K.1
Example of an attribute
hierarchy
K.2
Example of a subtree
specification
K.3
Schema specification
K.4
DIT content rules
K.5
DIT context use
Annex L –
Overview of basic access control permissions
L.1
Introduction
L.2
Permissions required for
operations
L.3
Permissions affecting
error
L.4
Entry level permissions
L.5
Entry level permissions
Annex M – Examples of
access control
M.1
Introduction
M.2
Design principles for
Basic Access Control
M.3
Introduction to example
M.4
Policy affecting the
definition of specific and inner areas
M.5
Policy affecting the
definition of DACDs
M.6
Policy expressed in
prescriptiveACI attributes
M.7
Policy expressed in
subentryACI attributes
M.8
Policy expressed in
entryACI attributes
M.9
ACDF examples
M.10
Rule-based Access
Control
Annex N – DSE type
combinations
Annex O – Modelling of
knowledge
Annex P – Names held as
attribute values or used as parameters
Annex Q –
Subfilters
Annex R – Compound entry
name patterns and their use
Annex S – Naming
concepts and considerations
S.1
History tells us …
S.2
A new look at name
resolution
Annex T – Alphabetical
index of definitions
Annex U – Amendments and
corrigenda