CONTENTS

SECTION 1 GENERAL     
 
1     Scope 
 2     Normative references       
        2.1     Identical Recommendations | International Standards          
        2.2     Paired Recommendations | International Standards equivalent in technical content    
        2.3     Other references    
 3     Definitions  
        3.1     OSI Reference Model security architecture definitions        
        3.2     Directory model definitions 
        3.3     Access control framework definitions         
        3.4     Definitions 
 4     Abbreviations   
 5     Conventions     
 6     Frameworks overview     
        6.1     Digital signatures    
SECTION 2 PUBLIC-KEY CERTIFICATE FRAMEWORK     
 7     Public-keys and public-key certificates     
        7.1     Generation of key pairs      
        7.2     Public-key certificate creation        
        7.3     Certificate Validity 
        7.4     Repudiation of a digital signing        
 8     Public-key certificate and CRL extensions
        8.1     Policy handling       
        8.2     Key and policy information extensions        
        8.3     Subject and issuer information extensions   
        8.4     Certification path constraint extensions       
        8.5     Basic CRL extensions        
        8.6     CRL distribution points and delta-CRL extensions  
 9     Delta CRL relationship to base     
10     Certification path processing procedure   
       10.1     Path processing inputs       
       10.2     Path processing outputs    
       10.3     Path processing variables  
       10.4     Initialization step   
       10.5     Certificate processing        
11     PKI directory schema     
       11.1     PKI directory object classes and name forms        
       11.2     PKI directory attributes    
       11.3     PKI directory matching rules         
SECTION 3 ATTRIBUTE CERTIFICATE FRAMEWORK     
12     Attribute Certificates       
       12.1     Attribute certificate structure         
       12.2     Attribute certificate paths  
13     Attribute Authority, SOA and Certification Authority relationship 
       13.1     Privilege in attribute certificates      
       13.2     Privilege in public-key certificates  
14     PMI models    
       14.1     General model      
       14.2     Control model      
       14.3     Delegation model  
       14.4     Group assignment model   
       14.5     Roles model         
       14.6     Recognition of Authority Model    
       14.7     XML privilege information attribute           
       14.8     Permission attribute and matching rule       
15     Privilege management certificate extensions          
       15.1     Basic privilege management extensions      
       15.2     Privilege revocation extensions      
       15.3     Source of Authority extensions      
       15.4     Role extensions     
       15.5     Delegation extensions        
       15.6     Recognition of Authority Extensions          
16     Privilege path processing procedure        
       16.1     Basic processing procedure          
       16.2     Role processing procedure
       16.3     Delegation processing procedure   
17     PMI directory schema    
       17.1     PMI directory object classes         
       17.2     PMI Directory attributes   
       17.3     PMI general directory matching rules         
18     Directory authentication  
       18.1     Simple authentication procedure    
       18.2     Strong Authentication        
19     Access control 
20     Protection of Directory operations           
Annex A Public-Key and Attribute Certificate Frameworks     
Annex B CRL generation and processing rules     
        B.1     Introduction          
        B.2     Determine parameters for CRLs    
        B.3     Determine CRLs required  
        B.4     Obtain CRLs        
        B.5     Process CRLs       
Annex C Examples of delta CRL issuance     
Annex D Privilege policy and privilege attribute definition examples     
        D.1     Introduction          
        D.2     Sample syntaxes   
        D.3     Privilege attribute example 
Annex E An introduction to public key cryptography     
Annex F Reference definition of algorithm object identifiers     
Annex G Examples of use of certification path constraints     
        G.1     Example 1: Use of basic constraints           
        G.2     Example 2: Use of policy mapping and policy constraints   
        G.3     Use of Name Constraints Extension           
Annex H Guidance on determining for which policies a certification path is valid     
        H.1     Certification path valid for a user-specified policy required 
        H.2     Certification path valid for any policy required        
        H.3     Certification path valid regardless of policy
        H.4     Certification path valid for a user-specific policy desired, but not required   
Annex I Key usage certificate extension issues     
Annex J External ASN.1 modules     
Annex K Use of Protected Passwords for Bind operations     
      Page
Annex L Alphabetical list of information item definitions     

Annex M Amendments and corrigenda