1、 International Telecommunication Union ITU-T X.519TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2008) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology Open Systems Interconnection The Directory: Protocol specifications ITU-T Recommendation X.519
2、 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199 OPEN
3、 SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed Obj
4、ects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X.630
5、X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Information X.72
6、0X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AN
7、D NETWORK SECURITY X.1000X.1099 SECURE APPLICATIONS AND SERVICES X.1100X.1199 CYBERSPACE SECURITY X.1200X.1299SECURE APPLICATIONS AND SERVICES X.1300X.1399 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. X.519 (11/2008) i INTERNATIONAL STANDARD ISO/IEC 9594-5 ITU-T
8、 RECOMMENDATION X.519 Information technology Open Systems Interconnection The Directory: Protocol specifications Summary ITU-T Recommendation X.519 | ISO/IEC 9594-5 specifies the Directory Access Protocol, the Directory System Protocol, the Directory Information Shadowing Protocol and the Directory
9、Operational Binding Management Protocol fulfilling the abstract services specified in ITU-T Recommendation X.501 | ISO/IEC 9594-2, ITU-T Recommendation X.511 | ISO/IEC 9594-3, ITU-T Recommendation X.518 | ISO/IEC 9594-4 and ITU-T Recommendation X.525 | ISO/IEC 9594-9. It includes specifications for
10、supporting underlying protocols to reduce the dependency on external specifications. Source ITU-T Recommendation X.519 was approved on 13 November 2008 by ITU-T Study Group 17 (2009-2012) under ITU-T Recommendation A.8 procedure. An identical text is also published as ISO/IEC 9594-5. ii ITU-T Rec. X
11、.519 (11/2008) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is respo
12、nsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the I
13、TU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborati
14、ve basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain man
15、datory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. Th
16、e use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU take
17、s no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual proper
18、ty, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved.
19、No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. X.519 (11/2008) iiiCONTENTS Page 1 Scope . 1 2 References 1 2.1 Normative references. 1 2.2 Non-normative references. 2 3 Definitions 2 3.1 Basic Directory definitions 3 3.
20、2 Distributed Operation Definitions. 3 3.3 Protocol specification definitions . 3 4 Abbreviations 4 5 Conventions 4 6 Common protocol specification. 5 6.1 Directory associations and operations 5 6.2 Specification for Directory operations . 5 6.3 Directory protocol overview 7 6.4 Operation codes 8 6.
21、5 Error codes 8 6.6 Abstract syntaxes 9 7 Directory protocols using the OSI stack 9 7.1 OSI-PDUs . 9 7.2 Directory PDU structure. 9 7.3 Session PDUs. 10 7.4 OSI addressing . 10 7.5 Procedure and sequencing. 10 7.6 Directory PDU specifications 11 8 Directory protocol mapping onto OSI services . 24 8.
22、1 Abstract syntaxes and transfer syntaxes . 24 8.2 Application-contexts 25 8.3 Session Layer specification . 26 8.4 Use of transport service 32 8.5 OSI Transport Layer on top of TCP 33 9 IDM protocol. 47 9.1 IDM-PDUs 47 9.2 Sequencing requirements 49 9.3 Protocols . 49 9.4 Reject reasons 50 9.5 Abor
23、t reasons . 50 9.6 Mapping onto TCP/IP 51 9.7 Addressing. 51 9.8 Use of TLS 51 10 Directory protocol mapping onto the IDM protocol . 52 10.1 DAP-IP protocol . 52 10.2 DSP-IP protocol 52 10.3 DISP-IP protocol 52 10.4 DOP-IP protocol . 53 11 Protocol stack coexistence 53 11.1 Coexistence between OSI a
24、nd IDM stacks . 53 11.2 Coexistence in the presence of LDAP . 53 11.3 Defining network addresses for Internet Protocol, Version 4 support. 53 11.4 Definition of NSAP like address for long addressing information . 54 ITU-T Rec. X.519 (11/2008) iv Page 12 Versions and the rules for extensibility . 55
25、12.1 DUA to DSA 55 12.2 DSA to DSA 56 12.3 Rules of extensibility for NSAP addresses 57 12.4 Rules of extensibility for object classes . 57 12.5 Rules of extensibility for user attribute types 57 13 Conformance . 57 13.1 Conformance by DUAs 57 13.2 Conformance by DSAs. 58 13.3 Conformance by a shado
26、w supplier 62 13.4 Conformance by a shadow consumer 62 Annex A Common protocol specifications in ASN.1 64 Annex B OSI Protocol in ASN.1 66 Annex C Directory OSI Protocols in ASN.1 72 Annex D IDM Protocol in ASN.1 . 75 Annex E Directory IDM Protocols in ASN.1. 78 Annex F Directory operational binding
27、 types 80 Annex G Amendments and corrigenda. 81 ITU-T Rec. X.519 (11/2008) vIntroduction This Recommendation | International Standard, together with the other Recommendations | International Standards, has been produced to facilitate the interconnection of information processing systems to provide d
28、irectory services. A set of such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communicati
29、on between, with or about objects such as application entities, people, terminals and distribution lists. The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the inte
30、rconnection of information processing systems: from different manufacturers; under different managements; of different levels of complexity; and of different ages. This Recommendation | International Standard specifies the application service elements and application contexts for two protocols the D
31、irectory Access Protocol (DAP) and the Directory System Protocol (DSP). The DAP provides for access to the Directory to retrieve or modify Directory information. The DSP provides for the chaining of requests to retrieve or modify Directory information to other parts of the distributed Directory Syst
32、em where the information may be held. In addition, this Recommendation | International Standard specifies the application service elements and application contexts for the Directory Information Shadowing Protocol (DISP) and the Directory Operational Binding Management Protocol (DOP). The DISP provid
33、es for the shadowing of information held in one DSA to another DSA. The DOP provides for the establishment, modification and termination of bindings between pairs of DSAs for the administration of relationships between the DSAs (such as for shadowing or hierarchical relationships). This Recommendati
34、on | International Standard provides the foundation frameworks upon which industry profiles can be defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks may be mandated for use in certain environments through profiles. This sixth edition
35、technically revises and enhances, but does not replace, the fifth edition of this Recommendation | International Standard. Implementations may still claim conformance to the fifth edition. However, at some point, the fifth edition will not be supported (i.e., reported defects will no longer be resol
36、ved). It is recommended that implementations conform to this sixth edition as soon as possible. This sixth edition specifies versions 1 and 2 of the Directory protocols. The first and second editions specified only version 1. Most of the services and protocols specified in this edition are designed
37、to function under version 1. However some enhanced services and protocols, e.g., signed errors, will not function unless all Directory entities involved in the operation have negotiated version 2. Whichever version has been negotiated, differences between the services and between the protocols defin
38、ed in the six editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility defined in this edition of ITU-T Rec. X.519 | ISO/IEC 9594-5. Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module f
39、or the common specifications for the Directory protocols. Annex B, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the OSI protocol specification. Annex C, which is an integral part of this Recommendation | International Standard, provides the
40、 ASN.1 module for the Directory OSI protocols. Annex D, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for the IDM protocol specification. Annex E, which is an integral part of this Recommendation | International Standard, provides the ASN.1 modu
41、le for the Directory IDM protocols. Annex F, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module which contains all the ASN.1 object identifiers assigned to identify operational binding types in this series of Recommendations | International Standards
42、. Annex G, which is not an integral part of this Recommendation | International Standard, lists the amendments and defect reports that have been incorporated to form this edition of this Recommendation | International Standard. ISO/IEC 9594-5:2008(E) ITU-T Rec. X.519 (11/2008) 1 INTERNATIONAL STANDA
43、RD ITU-T RECOMMENDATION Information technology Open Systems Interconnection The Directory: Protocol specifications 1 Scope This Recommendation | International Standard specifies the Directory Access Protocol, the Directory System Protocol, the Directory Information Shadowing Protocol, and the Direct
44、ory Operational Binding Management Protocol fulfilling the abstract services specified in ITU-T Rec. X.511 | ISO/IEC 9594-3, ITU-T Rec. X.518 | ISO/IEC 9594-4, ITU-T Rec. X.525 | ISO/IEC 9594-9, and ITU-T Rec. X.501 | ISO/IEC 9594-2. 2 References 2.1 Normative references The following Recommendation
45、s and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agre
46、ements based on this Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunicatio
47、n Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1.1 Identical Recommendations | International Standards ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994, Information technology Open Systems Interconnection Basic Reference Model: The basic model
48、. ITU-T Recommendation X.213 (2001) | ISO/IEC 8348:2002, Information technology Open Systems Interconnection Network service definition. ITU-T Recommendation X.214 (1995) | ISO/IEC 8072:1996, Information technology Open Systems Interconnection Transport service definition. ITU-T Recommendation X.500
49、 (2008) | ISO/IEC 9594-1:2008, Information technology Open Systems Interconnection The Directory: Overview of concepts, models and services. ITU-T Recommendation X.501 (2008) | ISO/IEC 9594-2:2008, Information technology Open Systems Interconnection The Directory: Models. ITU-T Recommendation X.509 (2008) | ISO/IEC 9594-8:2008, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.511 (2008) | I
