Table of Contents

 1     Scope          
 2     Normative references             
        2.1     Identical Recommendations | International Standards       
        2.2     Paired Recommendations | International Standards equivalent in technical content 
        2.3     Recommendations        
        2.4     Other references           
 3     Definitions 
        3.1     OSI Reference Model security architecture definitions     
        3.2     Baseline identity management terms and definitions         
        3.3     Directory model definitions      
        3.4     Access control framework definitions    
        3.5     Public-key and attribute certificate definitions    
 4     Abbreviations           
 5     Conventions             
 6     Frameworks overview            
        6.1     Digital signatures          
        6.2     Formal definitions for public-key cryptography  
        6.3     Distinguished encoding of Basic Encoding Rules
        6.4     Applying distinguished encoding            
 7     Public-keys and public-key certificates           
        7.1     Introduction   
        7.2     Public-key certificate  
        7.3     Public-key certificate extensions            
        7.4     Types of public-key certificates              
        7.5     Trust anchor   
        7.6     Entity relationship        
        7.7     Certification path         
        7.8     Generation of key pairs              
        7.9     Public-key certificate creation  
       7.10     Certificate revocation list         
       7.11     Repudiation of a digital signing              
 8     Public-key certificate and CRL extensions      
        8.1     Policy handling             
        8.2     Key and policy information extensions  
        8.3     Subject and issuer information extensions           
        8.4     Certification path constraint extensions 
        8.5     Basic CRL extensions  
        8.6     CRL distribution points and delta-CRL extensions            
 9     Delta CRL relationship to base            
10     Certification path processing procedure         
       10.1     Path processing inputs
       10.2     Path processing outputs            
       10.3     Path processing variables         
       10.4     Initialization step        
       10.5     Certificate processing 
11     PKI directory schema           
       11.1     PKI directory object classes and name forms      
       11.2     PKI directory attributes             
       11.3     PKI directory matching rules   
       11.4     PKI directory syntax definitions            
12     Attribute Certificates            
       12.1     Attribute certificate structure   
       12.2     Attribute certification paths     
13     Attribute Authority, SOA and Certification Authority relationship         
       13.1     Privilege in attribute certificates            
       13.2     Privilege in public-key certificates        
14     PMI models             
       14.1     General model             
       14.2     Control model              
       14.3     Delegation model        
       14.4     Group assignment model          
       14.5     Roles model  
       14.6     Recognition of Authority Model            
       14.7     XML privilege information attribute     
       14.8     Permission attribute and matching rule 
15     Privilege management certificate extensions  
       15.1     Basic privilege management extensions
       15.2     Privilege revocation extensions              
       15.3     Source of Authority extensions              
       15.4     Role extensions           
       15.5     Delegation extensions
       15.6     Recognition of Authority Extensions    
16     Privilege path processing procedure 
       16.1     Basic processing procedure      
       16.2     Role processing procedure       
       16.3     Delegation processing procedure           
17     PMI directory schema           
       17.1     PMI directory object classes    
       17.2     PMI Directory attributes           
       17.3     PMI general directory matching rules    
18     Directory authentication      
       18.1     Simple authentication procedure            
       18.2     Password policy          
       18.3     Strong Authentication
19     Access control        
20     Protection of Directory operations    
Annex A – Public-Key and Attribute Certificate Frameworks    
Annex B – Reference definition of algorithm object identifiers    
Annex C – CRL generation and processing rules    
        C.1     Introduction   
        C.2     Determine parameters for CRLs              
        C.3     Determine CRLs required          
        C.4     Obtain CRLs  
        C.5     Process CRLs 
Annex D – Examples of delta CRL issuance    
Annex E – Privilege policy and privilege attribute definition examples    
        E.1     Introduction   
        E.2     Sample syntaxes           
        E.3     Privilege attribute example        
Annex F – An introduction to public key cryptography2)    
Annex G – Examples of use of certification path constraints    
        G.1     Example 1: Use of basic constraints       
        G.2     Example 2: Use of policy mapping and policy constraints              
        G.3     Use of Name Constraints Extension       
Annex H – Guidance on determining for which policies a certification path is valid    
        H.1     Certification path valid for a user-specified policy required          
        H.2     Certification path valid for any policy required  
        H.3     Certification path valid regardless of policy        
        H.4     Certification path valid for a user-specific policy desired, but not required              
Annex I – Key usage certificate extension issues    
Annex J – External ASN.1 modules    
Annex K – Use of Protected Passwords for Bind operations    
Annex L – Examples of password hashing algorithms    
        L.1     Null Hashing method   
        L.2     MD5 method  
        L.3     SHA-1 method              
Annex M – Alphabetical list of information item definitions    
Annex N – Amendments and corrigenda