1
Scope
2
Normative
references
2.1
Identical
Recommendations | International Standards
2.2
Other
references
3
Definitions
3.1
Communication
Model Definitions
3.2
Basic
Directory Definitions
3.3
Directory
Model Definitions
3.4
DSA
Information Model definitions
3.5
Abstract
Service definitions
3.6
Directory
replication definitions
3.7
Distributed
operation definitions
4
Abbreviations
5
Conventions
6
Overview
7
Distributed
Directory System Model
8
DSA
Interactions Model
8.1
Decomposition
of a request
8.1.1 NSSR decomposition
8.1.2 Request decomposition
8.2
Uni-chaining
8.3 Multi-chaining
8.3.1 Parallel multi-chaining
8.3.2 Sequential multi-chaining
8.4
Referral
8.5 Mode determination
9
Overview
of DSA Abstract Service
10 Information types
10.1
Introduction
10.2
Information
types defined elsewhere
10.3
Chaining
Arguments
10.4
Chaining
Results
10.5
Operation
Progress
10.6
Trace
Information
10.7
Reference
Type
10.8
Access
point information
10.9
DIT Bridge knowledge
10.10
Exclusions
10.11 Continuation Reference
11 Bind and Unbind
11.1
DSA
Bind
11.2
DSA
Unbind
12 Chained operations
12.1
Chained
operations
12.2
Chained
Abandon operation
12.3
Chained
operations and protocol version
13 Chained errors
13.1
Introduction
13.2
DSA
Referral
14 Introduction
14.1
Scope
and Limits
14.2
Conformance
14.2.1 Interaction involving a first edition DSA
14.3
Conceptual
model
14.4
Individual
and cooperative operation of DSAs
14.5
Cooperative
agreements between DSAs
15 Distributed Directory behaviour
15.1
Cooperative
fulfilment of operations
15.2
Phases
of operation processing
15.2.1 Name Resolution phase
15.2.2 Evaluation phase
15.2.3 Results Merging phase
15.3
Managing
Distributed Operations
15.3.1 Request decomposition
15.3.2 DSA as Request Responder
15.3.3 Completion of Operations
15.4
Loop
handling
15.4.1 Loop detection
15.4.2 Loop avoidance
15.5
Other
considerations for distributed operation
15.5.1 Service controls
15.5.2 Extensions
15.5.3 Alias dereferencing
15.5.4 Resolving context-variant names
15.5.5 Paged results
15.6
Authentication
of Distributed Operations
16 The Operation Dispatcher
16.1
General
Concepts
16.1.1 Procedures
16.1.2 Use of common data structures
16.1.3 Errors
16.1.4 Asynchronous events
16.2
Procedures
of the Operation Dispatcher
16.3
Overview
of procedures
16.3.1 Request Validation procedure
16.3.2 Abandon procedure
16.3.3 Find DSE procedure
16.3.4 Single entry interrogation procedure
16.3.5 Modification procedures
16.3.6 Multiple entry interrogation procedures
16.3.7
Name
Resolution Continuation Reference procedure
16.3.8 List and Search Continuation Reference procedure
16.3.9 Result Merging procedure
17 Request Validation procedure
17.1
Introduction
17.2
Procedure
parameters
17.2.1 Arguments
17.2.2 Results
17.3
Procedure
definition
17.3.1 Abandon processing
17.3.2 Security checks
17.3.3 Input preparation
17.3.4 Validity assertion
17.3.5 Loop detection
17.3.6 Unable or unwilling to perform
17.3.7 Output processing
18 Name Resolution procedure
18.1
Introduction
18.2
Find
DSE procedure parameters
18.2.1 Arguments
18.2.2 Results
18.2.3 Errors
18.2.4 Global variables
18.2.5 Local and shared variables
18.3
Procedures
18.3.1 Find DSE procedure
18.3.2 Target Not Found sub-procedure
18.3.3 Target Found sub-procedure
18.3.4 Check Suitability procedure
19 Operation evaluation
19.1
Modification
procedure
19.1.1 Add Entry Operation
19.1.2 Remove Entry Operation
19.1.3
Modify
Entry Operation
19.1.4 Modify DN operation
19.1.5 Modify operations and Non-Specific Subordinate
References
19.2
Single
entry interrogation procedure
19.3
Multiple
entry interrogation procedure
19.3.1 List procedures
19.3.2 Search procedures
20 Continuation Reference procedures
20.1
Chaining
strategy in the presence of shadowing
20.1.1 Master only strategy
20.1.2 Parallel strategy
20.1.3 Sequential strategy
20.2
Issuing
chained subrequests to a remote DSA
20.3
Procedures'
parameters
20.3.1 Arguments
20.3.2 Results
20.3.3 Errors
20.4
Definition
of the procedures
20.4.1 Name Resolution Continuation Reference procedure
20.4.2 List Continuation Reference procedure
20.4.3 Search Continuation Reference procedure
20.4.4 APInfo procedure
20.5
Abandon
procedure
21 Results Merging procedure
22 Procedures for distributed authentication
22.1
Originator
authentication
22.1.1 Identity-based authentication
22.1.2 Signature-based originator authentication
22.2
Results
authentication
23 Knowledge administration overview
23.1
Maintenance
of knowledge references
23.1.1 Maintenance of consumer knowledge by supplier and
master DSAs
23.1.2 Maintenance of subordinate and immediate superior
knowledge in master DSAs
23.1.3 Maintenance of subordinate and immediate superior
knowledge in consumer DSAs
23.2
Requesting
cross reference
23.3
Knowledge
inconsistencies
23.3.1 Detection of knowledge inconsistencies
23.3.2 Reporting of knowledge inconsistencies
23.3.3 Treatment of inconsistent knowledge references
23.4
Knowledge
references and contexts
24 Hierarchical operational bindings
24.1 Operational binding type characteristics
24.1.1 Symmetry and roles
24.1.2 Agreement
24.1.3 Initiator
24.1.4 Establishment parameters
24.1.5 Modification parameters
24.1.6 Termination parameters
24.1.7 Type identification
24.2
Operational
binding information object Class definition
24.3
DSA
procedures for hierarchical operational binding management
24.3.1 Establishment procedure
24.3.2 Modification procedure
24.3.3 Termination procedure
24.4
Procedures
for operations
24.5
Use
of application contexts
25 Non-specific hierarchical operational binding
25.1
Operational
binding type characteristics
25.1.1 Symmetry and roles
25.1.2 Agreement
25.1.3 Initiator
25.1.4 Establishment parameters
25.1.5 Modification parameters
25.1.6 Termination parameters
25.1.7 Type identification
25.2
Operational
binding information object class definition
25.3
DSA
procedures for non-specific hierarchical operational binding management
25.3.1 Establishment procedure
25.3.2 Modification procedure
25.3.3
Termination
procedure
25.4
Procedures
for operations
25.5
Use
of application contexts
Annex A –
ASN.1 for Distributed Operations
Annex B –
Example of distributed name resolution
Annex C –
Distributed use of authentication
C.1
Summary
C.2
Distributed
protection model
C.2.1 Quality of protection
C.3
Signed
chained operations
C.3.1 Chained signed arguments
C.3.2 Chained signed results
C.3.3 Merging of Signed List or Search Results
C.3.4 Multi-chaining Request
C.4
Encrypted
chained operations
C.4.1 Point-to-point (DUA->DSA or DSA->DSA) encryption
on request
C.4.2 Point-to-point (DUA<-DSA or DSA<-DSA) encryption
on result
C.4.3 End-to-end encryption on DAP Result and point-to-point
encryption on DSP Chaining Result
C.4.4
Merging
of List/Search Results (merging with re-encryption by DSA 1)
C.4.5 Merging-not-allowed for List/Search Results
C.4.6 Multi-chaining a DAP Request using an Encryption-Key
(net-key)
C.5
Signed
and encrypted distributed operations
C.5.1 End-to-end signatures, with point-to-point encryption
C.5.2 End-to-End Signature and Encryption on DAP Result,
Point-to-Point Signature and Encryption on DSP
C.5.3 End-to-End Signature on DAP, Point-to-Point Encryption
on DSP and DAP Result
Annex D –
Specification of hierarchical and non-specific hierarchical perational binding types
Annex E –
Knowledge maintenance example
Annex F –
Amendments and corrigenda