CAN/CSA-ISO/IEC 10164-9-97 (R2010)

This National Standard of Canada is equivalent to International Standard ISO/IEC 10164-9:1995. 1 Scope The specifications contained herein are applicable to the provision of access control for applications that use OSI management services and protocols. The Recommendation | International Standard - establishes user requirements for the provision of access control for applications that use OSI management services and protocols; - interprets and applies the general model of access control defined in ITU-T Rec. X.812 | ISO/IEC 10181-3 for use with management applications that use OSI management services and protocols; - defines procedures for the imposition of access control rules in conjunction with the use of OSI management services and protocols; - defines managed object classes and attribute types that a) represent some of the access control information that may be used in the provision of access control and b) are only for use when the management of the access control information is to be achieved using systems management; - specifies the protocol that is necessary to exchange the access control information defined in this Recommendation | International Standard, when the exchange is achieved using OSI systems management; - specifies conformance requirements for open systems that claim to support access control for applications that use OSI management services and protocols; - specifies conformance requirements for open systems that claim to support the management of the access control information defined in this Recommendation | International Standard. The access control information identified by this Recommendation | International Standard may be used in support of access control schemes based on access control lists, capabilities, security labels, and contextual constraints. This Recommendation | International Standard does not - define an access control policy for applications that use OSi management services and protocols; - defie security (or management) domains in which an access control policy may be imposed; - define how the components of an access control function be implemented, nor where those components be located; - specify the form of any access control information that is temporarily or permanently stored in an open system; - specify any access control mechanisms, nor mandate the use of any particular access control mechanisms; - mandate that access control information be managed, and if it is to be managed, that management be achieved using OSI systems management; - describe how communicating management application entities act to make access control decisions on behalf of, or for the benefit of any third party; - specify any conformance requirement for the access control parameter defined in this Recommendation | International Standard.