CONTENTS

SECTION 1 GENERAL     
 1     Scope 
 2     Normative references       
        2.1     Identical Recommendations | International Standards          
        2.2     Paired Recommendations | International Standards equivalent in technical content    
        2.3     Other references    
 3     Definitions  
        3.1     Communication definitions  
        3.2     Basic Directory definitions  
        3.3     Distributed operation definitions     
        3.4     Replication definitions        
 4     Abbreviations   
 5     Conventions     
SECTION 2 OVERVIEW OF THE DIRECTORY MODELS     
 6     Directory Models
        6.1     Definitions 
        6.2     The Directory and its users 
        6.3     Directory and DSA Information Models     
        6.4     Directory Administrative Authority Model  
SECTION 3 MODEL OF DIRECTORY USER INFORMATION     
 7     Directory Information Base          
        7.1     Definitions 
        7.2     Objects  
        7.3     Directory entries    
        7.4     Directory Information Tree (DIT)   
 8     Directory entries  
        8.1     Definitions 
        8.2     Overall structure    
        8.3     Object classes       
        8.4     Attribute Types      
        8.5     Attribute Values     
        8.6     Attribute Type Hierarchies 
        8.7     Friend attributes     
        8.8     Contexts 
        8.9     Matching rules       
       8.10     Entry collections   
       8.11     Compound entries and families of entries   
 9     Names
        9.1     Definitions 
        9.2     Names in general   
        9.3     Relative Distinguished Names         
        9.4     Name matching      
        9.5     Names returned during operations  
        9.6     Names held as attribute values or used as parameters         
        9.7     Distinguished Names          
        9.8     Alias Names          
10     Hierarchical groups         
       10.1     Definitions
       10.2     Hierarchical relationship    
       10.3     Sequential ordering of a hierarchical group 
SECTION 4 DIRECTORY ADMINISTRATIVE MODEL     
11     Directory Administrative Authority model
       11.1     Definitions
       11.2     Overview 
       11.3     Policy    
       11.4     Specific administrative authorities  
       11.5     Administrative areas and administrative points        
       11.6     DIT Domain policies         
       11.7     DMD policies       
SECTION 5 MODEL OF DIRECTORY ADMINISTRATIVE AND OPERATIONAL INFORMATION     
12     Model of Directory Administrative and Operational Information   
       12.1     Definitions
       12.2     Overview 
       12.3     Subtrees
       12.4     Operational attributes        
       12.5     Entries   
       12.6     Subentries
       12.7     Information model for collective attributes  
       12.8     Information model for context defaults       
SECTION 6 THE DIRECTORY SCHEMA     
13     Directory Schema           
       13.1     Definitions
       13.2     Overview 
       13.3     Object class definition       
       13.4     Attribute type definition     
       13.5     Matching rule definition     
       13.6     Relaxations and tightenings
       13.7     DIT structure definition     
       13.8     DIT content rule definition 
       13.9     Context type definition      
      13.10     DIT Context Use definition          
      13.11     Friends definition 
14     Directory System Schema           
       14.1     Overview 
       14.2     System schema supporting the administrative and operational information model     
       14.3     System schema supporting the administrative model           
       14.4     System schema supporting general administrative and operational requirements      
       14.5     System schema supporting access control  
       14.6     System schema supporting the collective attribute model    
       14.7     System schema supporting context assertion defaults         
       14.8     System schema supporting the service administration model           
       14.9     System schema supporting hierarchical groups       
      14.10     Maintenance of system schema    
      14.11     System schema for first-level subordinates
15     Directory schema administration  
       15.1     Overview 
       15.2     Policy objects       
       15.3     Policy parameters 
       15.4     Policy procedures 
       15.5     Subschema modification procedures          
       15.6     Entry addition and modification procedures           
       15.7     Subschema policy attributes          
      Page
SECTION 7 DIRECTORY SERVICE ADMINISTRATION     

16     Service Administration Model     
       16.1     Definitions
       16.2     Service-type/user-class model       
       16.3     Service-specific administrative areas          
       16.4     Introduction to search-rules           
       16.5     Subfilters  
       16.6     Filter requirements
       16.7     Attribute information selection based on search-rules         
       16.8     Access control aspects of search-rules      
       16.9     Contexts aspects of search-rules   
      16.10     Search-rule specification  
      16.11     Matching restriction definition       
      16.12     Search-validation function
SECTION 8  SECURITY     
17     Security model 
       17.1     Definitions
       17.2     Security policies    
       17.3     Protection of Directory operations 
18     Basic Access Control     
       18.1     Scope and application       
       18.2     Basic Access Control model         
       18.3     Access control administrative areas           
       18.4     Representation of Access Control Information       
       18.5     ACI operational attributes 
       18.6     Protecting the ACI
       18.7     Access control and Directory operations   
       18.8     Access Control Decision Function 
       18.9     Simplified Access Control 
19     Rule-based Access Control        
       19.1     Scope and application       
       19.2     Rule-based Access Control model
       19.3     Access control administrative areas           
       19.4     Security Label      
       19.5     Clearance 
       19.6     Access Control and Directory operations  
       19.7     Access Control Decision Function 
       19.8     Use of Rule-based and Basic Access Control        
20     Data Integrity in Storage 
       20.1     Introduction          
       20.2     Protection of an Entry or Selected Attribute Types
       20.3     Context for Protection of a Single Attribute Value  
SECTION 9 DSA MODELS     
21     DSA Models   
       21.1     Definitions
       21.2     Directory Functional Model          
       21.3     Directory Distribution Model         
SECTION 10 DSA INFORMATION MODEL     
22     Knowledge      
       22.1     Definitions
       22.2     Introduction          
       22.3     Knowledge References     
       22.4     Minimum Knowledge        
       22.5     First Level DSAs  
23     Basic Elements of the DSA Information Model    
       23.1     Definitions
       23.2     Introduction          
       23.3     DSA Specific Entries and their Names      
       23.4     Basic Elements     
24     Representation of DSA Information         
       24.1     Representation of Directory User and Operational Information       
       24.2     Representation of Knowledge References 
       24.3     Representation of Names and Naming Contexts    
SECTION 11 DSA OPERATIONAL FRAMEWORK     
25     Overview  
       25.1     Definitions
       25.2     Introduction          
26     Operational bindings       
       26.1     General 
       26.2     Application of the operational framework  
       26.3     States of cooperation        
27     Operational binding specification and management           
       27.1     Operational binding type specification        
       27.2     Operational binding management   
       27.3     Operational binding specification templates
28     Operations for operational binding management   
       28.1     Application-context definition        
       28.2     Establish Operational Binding operation     
       28.3     Modify Operational Binding operation       
       28.4     Terminate Operational Binding operation   
       28.5     Operational Binding Error 
       28.6     Operational Binding Management Bind and Unbind           
Annex A Object identifier usage     
Annex B Information Framework in ASN.1     
Annex C SubSchema Administration Schema in ASN.1     
Annex D Service Administration in ASN.1     
Annex E Basic Access Control in ASN.1     
Annex F DSA Operational Attribute Types in ASN.1     
Annex G Operational Binding Management in ASN.1     
Annex H Enhanced security     
Annex I The Mathematics of Trees     
Annex J Name Design Criteria     
      Page
Annex K Examples of various aspects of schema     

        K.1     Example of an attribute hierarchy   
        K.2     Example of a subtree specification 
        K.3     Schema specification         
        K.4     DIT content rules  
        K.5     DIT context use    
Annex L Overview of basic access control permissions     
        L.1     Introduction           
        L.2     Permissions required for operations
        L.3     Permissions affecting error 
        L.4     Entry level permissions       
        L.5     Entry level permissions       
Annex M Examples of access control     
        M.1     Introduction         
        M.2     Design principles for Basic Access Control           
        M.3     Introduction to example    
        M.4     Policy affecting the definition of specific and inner areas     
        M.5     Policy affecting the definition of DACDs   
        M.6     Policy expressed in prescriptiveACI attributes       
        M.7     Policy expressed in subentryACI attributes           
        M.8     Policy expressed in entryACI attributes     
        M.9     ACDF examples  
       M.10     Rule-based Access Control         
Annex N DSE type combinations     
Annex O Modelling of knowledge     
Annex P Names held as attribute values or used as parameters     
Annex Q Subfilters     
Annex R Compound entry name patterns and their use     
Annex S Naming concepts and considerations     
        S.1     History tells us   
        S.2     A new look at name resolution       
Annex T Alphabetical index of definitions     
Annex U Amendments and corrigenda