CAN/CSA-ISO/IEC 9594-2-97 (R2001)
The international community has decided to make this standard available only in
the English language version. It has been adopted as a National Standard of
Canada on this basis.
This National Standard of Canada is equivalent to International Standard
ISO/IEC 9594-2:1995.
1 Scope
The models defined in this Recommendation | International Standard provide a
conceptual and terminological framework for the other ITU-T X.500 Series
Recommendations | parts of ISO/IEC 9594 which define various aspects of the
Directory.
The functional and administrative authority models define ways in which the
Directory can be distributed, both functionally and administratively. Generic
DSA and DSA information models and an Operational Framework are also provided
to support Directory distribution.
The generic Directory Information Models describe the logical structure of the
DIB from the perspective of Directory and Administrative Users. In these
models, the fact that the Directory is distributed, rather than centralized, is
not visible.
This Recommendation | International Standard provides a specialization of the
generic Directory Information Models to support Directory Schema
administration.
The other ITU-T Recommendations in the X.500 Series | parts of ISO/IEC 9594
make use of the concepts defined in this Recommendation | International
Standard to define specializations of the generic information and DSA models to
provide specific information, DSA and operational models supporting particular
directory capabilities (e.g. Replication):
a) the service provided by the Directory is described (in ITU-T Rec.
X.511 | ISO/IEC 9594-3) in terms of the concepts of the information
framework: this allows the service provided to be somewhat
independent of the physical distribution of the DIB;
b) the distributed operation of the Directory is specified (in ITU-t
Rec. X.518 | ISO/IEC 9594-4) so as to provide that service, and
therefore maintain that logical information structure, given that
the DIB is in fact highly distributed;
c) replication capabilities offered by the component parts of the
Directory to improve overall Directory performance are specified (in
ITU-T Rec. X.525 | ISO/IEC 9594-9).
The security model establishes a framework for the specification of access
control mechanisms. It provides a mechanism for identifying the access control
scheme in effect in a particular portion of the DIT, and it defines two
flexible, specific access control schemes which are suitable for a wide variety
of applications and styles of use. The security model is concerned solely with
control of access to the Directory information, not control of access to the
DSA application-entity holding the information.
DSA models establish a framework for the specification of the operation of the
components of the Directory. Specifically:
a) the Directory functional model describes how the Directory is
manifested as a set of one or more components, each being a DSA;
b) the Directory distribution model describes the principals according
to which the DIB entries and entry-copies may be distributed among
DSAs;
c) the DSA information model describes the structure of the Directory
user and operational information held in a DSA;
d) the DSA operational framework describes the means by which the
definition of specific forms of cooperation between DSAs to achieve
particular objectives (e.g. shadowing) is structured.
SDO:
CSA
Language:
English
ICS Codes:
35.100.70
Status:
Withdrawn
Publish date:
1997-02-27
Standard Number:
CAN/CSA-ISO/IEC 9594-2-97 (R2001)