ISO/IEC 9594-10:2008

INTERNATIONAL ISO/IEC
STANDARD 9594-10
Fourth edition
2008-12-15


Information technology — Open Systems
Interconnection — The Directory: Use of
systems management for administration
of the Directory
Technologies de l'information — Interconnexion de systèmes ouverts
(OSI) — L'annuaire: Utilisation de la gestion-systèmes pour
l'administration de l'annuaire




Reference number
ISO/IEC 9594-10:2008(E)
©
ISO/IEC 2008

---------------------- Page: 1 ----------------------
ISO/IEC 9594-10:2008(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published by ISO in 2009
Published in Switzerland

ii © ISO/IEC 2008 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 9594-10:2008(E)
CONTENTS
Page

Foreword .    iv
Introduction .    v
SECTION 1 – GENERAL. 1
1 Scope. 1
2 Normative references . 1

2.1 Identical Recommendations | International Standards. 2
2.2 Paired Recommendations | International Standards equivalent in technical content. 2

3 Definitions . 2

3.1 Communication Model definitions. 2
3.2 Management Framework definitions. 3
3.3 System Management Overview definitions. 3
3.4 Management Information Model definitions. 3
3.5 Directory Model definitions . 3
3.6 Distributed Operation definitions . 4
4 Abbreviations . 4
5 Conventions . 4
SECTION 2 – MANAGEMENT REQUIREMENTS. 6
6 Directory management requirements . 6
6.1 Introduction . 6
6.2 Sources of management requirements . 6
6.3 Analysis of management requirements . 7
SECTION 3 – MANAGEMENT MODELS. 14
7 Directory Management Model. 14
7.1 Introduction . 14
7.2 Directory Management Model components . 14
7.3 Layered Directory Management Model . 14
7.4 Directory Information Model and System Management Information Model. 16
7.5 Directory Service Model. 16
8 Provision of management services . 17
9 Directory Management Information Model. 18
SECTION 4 – MANAGED OBJECTS . 20
10 Directory managed objects . 20
10.1 DSA managed object . 20
10.2 Known DSA managed objects . 28
10.3 Known DUA managed objects. 29
10.4 Upper layer definitions. 29
10.5 DUA managed objects . 29
10.6 Directory Service managed objects. 30
10.7 Directory Management Domain managed objects. 30
Annex A – Managed object definitions. 31
A.1 Management of a DSA. 31
A.2 Management of a Known DSA . 50
A.3 Management of a Known DUA. 51
A.4 Management of association . 52
A.5 Management of a DUA . 53
A.6 Directory Service management . 53
A.7 DMD. 55
A.8 Definition of attributes . 56
A.9 ASN.1 notations . 72
Annex B – Amendments and corrigenda. 79

© ISO/IEC 2008 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 9594-10:2008(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 9594-10:2008 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 6, Telecommunications and information exchange between systems, in collaboration with
ITU-T. The identical text is published as ITU-T Rec. X.530 (11/2008).
This fourth edition cancels and replaces the third edition (ISO/IEC 9594-10:2005), which has been technically
revised.
ISO/IEC 9594 consists of the following parts, under the general title Information technology — Open Systems
Interconnection — The Directory:
⎯ Part 1: Overview of concepts, models and services
⎯ Part 2: Models
⎯ Part 3: Abstract service definition
⎯ Part 4: Procedures for distributed operation
⎯ Part 5: Protocol specifications
⎯ Part 6: Selected attribute types
⎯ Part 7: Selected object classes
⎯ Part 8: Public-key and attribute certificate frameworks
⎯ Part 9: Replication
⎯ Part 10: Use of systems management for administration of the Directory


iv © ISO/IEC 2008 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 9594-10:2008(E)

Introduction
This Recommendation | International Standard, together with other Recommendations | International Standards, has

been produced to facilitate the interconnection of information processing systems to provide Directory services. A set of
such systems, together with the Directory information that they hold, can be viewed as an integrated whole, called the
Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is
typically used to facilitate communication between, with or about objects such as application entities, people, terminals
and distribution lists.
The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of
technical agreement outside of the interconnection standards themselves, the interconnection of information processing
systems:
– from different manufacturers;
– under different managements;
– of different levels of complexity; and
– of different ages.
The purpose of Directory management is to assure that needed, accurate Directory information is available to users as
scheduled with the expected response time, integrity, security and level of consistency. Furthermore, systems
management may be accomplished with the minimum burden on processing time and memory on platforms and the
communications system.
The Directory may support open systems applications such as message handling systems, File Transfer, Access and
Management (FTAM) systems, and transaction processing systems. Therefore, the Directory system may be
manageable from an integrated system management platform.
This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be
defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks
may be mandated for use in certain environments through profiles. This sixth edition technically revises and enhances,
but does not replace, the fifth edition of this Recommendation | International Standard. Implementations may still claim
conformance to the fifth edition. However, at some point, the fifth edition will not be supported (i.e., reported defects
will no longer be resolved). It is recommended that implementations conform to this sixth edition as soon as possible.
Annex A, which is an integral part of this Recommendation | International Standard, defines the managed objects used
for Directory System Agent administration.
Annex B, which is not an integral part of this Recommendation | International Standard, lists the amendments and
defect reports that have been incorporated to form this edition of this Recommendation | International Standard.

© ISO/IEC 2008 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 9594-10:2008 (E)
INTERNATIONAL STANDARD
ITU-T RECOMMENDATION
Information technology – Open Systems Interconnection – The Directory:
Use of systems management for administration of the Directory
SECTION 1 – GENERAL
1 Scope
This Recommendation | International Standard describes the requirements for Directory management, and analyses
these requirements to identify those that may be realized by OSI Systems Management services (and protocols), those
that are realized by Directory services (and protocols), and those that are realized by local means.
Based on the requirements, this Directory Specification defines a model for Directory management that encompasses all
of the requirements.
Management of the Directory is divided into four major segments:
a) management of the DIT Domain: Management of Directory information;
b) management of the operation of a single DSA within a DMD;
c) management of the operation of a single DUA within a DMD; and
d) management of the Directory Management Domain (DMD): Integrated management of the functional
components of the Directory.
This Recommendation | International Standard covers items a), b) and c). Item d), Management of the Directory
Management Domain, is for further study.
Based on the model, this Recommendation | International Standard describes the detailed OSI Systems Management
Managed Objects used to manage Directory System Agents (DSAs) and Directory User Agents (DUAs) within a
Directory Domain, and describes the detailed OSI Systems Management Managed Objects used to manage the
interfaces to DUAs and DSAs in other domains as shown in Figure 1.

Figure 1 – Scope of Directory management
2 Normative references
The following Recommendations and International Standards contain provisions which, through reference in this text,
constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated
were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this
Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent
edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently
valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently
valid ITU-T Recommendations.
 ITU-T Rec. X.530 (11/2008) 1

---------------------- Page: 6 ----------------------
ISO/IEC 9594-10:2008 (E)
2.1 Identical Recommendations | International Standards
– ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994, Information technology – Open Systems
Interconnection – Basic Reference Model: The basic model.
– ITU-T Recommendation X.500 (2008) | ISO/IEC 9594-1:2008, Information technology – Open Systems
Interconnection – The Directory: Overview of concepts, models and services.
– ITU-T Recommendation X.501 (2008) | ISO/IEC 9594-2:2008, Information technology – Open Systems
Interconnection – The Directory: Models.
– ITU-T Recommendation X.509 (2008) | ISO/IEC 9594-8:2008, Information technology – Open Systems
Interconnection – The Directory: Public-key and attribute certificate frameworks.
– ITU-T Recommendation X.511 (2008) | ISO/IEC 9594-3:2008, Information technology – Open Systems
Interconnection – The Directory: Abstract service definition.
– ITU-T Recommendation X.518 (2008) | ISO/IEC 9594-4:2008, Information technology – Open Systems
Interconnection – The Directory: Procedures for distributed operation.
– ITU-T Recommendation X.519 (2008) | ISO/IEC 9594-5:2008, Information technology – Open Systems
Interconnection – The Directory: Protocol specifications.
– ITU-T Recommendation X.520 (2008) | ISO/IEC 9594-6:2008, Information technology – Open Systems
Interconnection – The Directory: Selected attribute types.
– ITU-T Recommendation X.521 (2008) | ISO/IEC 9594-7:2008, Information technology – Open Systems
Interconnection – The Directory: Selected object classes.
– ITU-T Recommendation X.525 (2008) | ISO/IEC 9594-9:2008, Information technology – Open Systems
Interconnection – The Directory: Replication.
– ITU-T Recommendation X.701 (1997) | ISO/IEC 10040:1998, Information technology – Open Systems
Interconnection – Systems management overview.
– ITU-T Recommendation X.710 (1997) | ISO/IEC 9595:1998, Information technology – Open Systems
Interconnection – Common Management Information service.
– ITU-T Recommendation X.711 (1997) | ISO/IEC 9596-1:1998, Information technology – Open Systems
Interconnection – Common Management Information Protocol: Specification.
– CCITT Recommendation X.720 (1992) | ISO/IEC 10165-1:1993, Information technology – Open
Systems Interconnection – Structure of management information: Management information model.
– CCITT Recommendation X.721 (1992) | ISO/IEC 10165-2:1992, Information technology – Open
Systems Interconnection – Structure of management information: Definition of management information.
– CCITT Recommendation X.722 (1992) | ISO/IEC 10165-4:1992, Information technology – Open
Systems Interconnection – Structure of management information: Guidelines for the definition of
managed objects.
– ITU-T Recommendation X.723 (1993) | ISO/IEC 10165-5:1994, Information technology – Open Systems
Interconnection – Structure of management information: Generic management information.
2.2 Paired Recommendations | International Standards equivalent in technical content
– CCITT Recommendation X.700 (1992), Management framework for Open Systems Interconnection
(OSI) for CCITT applications.
ISO/IEC 7498-4:1989, Information processing systems – Open Systems Interconnection – Basic
Reference Model – Part 4: Management framework.
3 Definitions
For the purposes of this Recommendation | International Standard, the following definitions apply.
3.1 Communication Model definitions
The following terms are defined in ITU-T Rec. X.519 | ISO/IEC 9495-5:
a) application-entity;
b) application Layer;
c) application process.
2 ITU-T Rec. X.530 (11/2008)

---------------------- Page: 7 ----------------------
ISO/IEC 9594-10:2008 (E)
3.2 Management Framework definitions
The following terms are defined in CCITT Rec. X.700 | ISO/IEC 7498-4:
a) management information base;
b) managed object.
3.3 System Management Overview definitions
The following terms are defined in ITU-T Rec. X.701 | ISO/IEC 10040:
a) agent;
b) manager;
c) notification;
d) managed object class.
3.4 Management Information Model definitions
The following terms are defined in CCITT Rec. X.720 | ISO/IEC 10165-1:
a) behaviour;
b) conditional package;
c) inheritance;
d) naming tree;
e) package;
f) subclass;
g) superclass.
3.5 Directory Model definitions
The following terms are defined in ITU-T Rec. X.501 | ISO/IEC 9594-2:
a) access control;
b) Administration Directory Management Domain;
c) alias;
d) attribute;
e) attribute type;
f) attribute value;
g) authentication;
h) Directory Information Tree;
i) Directory Management Domain;
j) Directory System Agent;
k) DSA-Specific Entry;
l) Directory User Agent (DUA);
m) distinguished name;
n) entry;
o) name;
p) object (of interest);
q) Private Directory Management Domain;
r) relative distinguished name;
s) root;
t) schema;
u) security policy;
v) subordinate object;
 ITU-T Rec. X.530 (11/2008) 3

---------------------- Page: 8 ----------------------
ISO/IEC 9594-10:2008 (E)
w) superior entry;
x) superior object;
y) tree;
z) (Directory) user.
3.6 Distributed Operation definitions
The following terms are defined in ITU-T Rec. X.518 | ISO/IEC 9594-4:
a) hierarchical operational binding;
b) non-specific hierarchical operational binding.
4 Abbreviations
For the purposes of this Recommendation | International Standard, the following abbreviations apply:
ADDMD Administration Directory Management Domain
CMIP Common Management Information Protocol
DAP Directory Access Protocol
DIB  Directory Information Base
DISP Directory Information Shadowing Protocol
DIT  Directory Information Tree
DMD Directory Management Domain
DOP Directory Operational Binding Management Protocol
DSA Directory System Agent
DSE  DSA-Specific Entry
DSP  Directory System Protocol
DUA Directory User Agent
HOB Hierarchical Operational Binding
MIB  Management Information Base
NHOB Non-specific Hierarchical Operational Binding
NSAP Network Service Access Point
NSSR Non-specific Subordinate Reference
OSI  Open Systems Interconnection
PRDMD Private Directory Management Domain
RDN Relative Distinguished Name
TMN Telecommunications Management Network
5 Conventions
The term "Directory Specification" (as in "this Directory Specification") shall be taken to mean
ITU-T Rec. X.530 | ISO/IEC 9594-10. The term "Directory Specifications" shall be taken to mean the X.500-series
Recommendations and all parts of ISO/IEC 9594.
This Directory Specification uses the term first edition systems to refer to systems conforming to the first edition of the
Directory Specifications, i.e., the 1988 edition of the series of CCITT X.500 Recommendations and the
ISO/IEC 9594:1990 edition.
This Directory Specification uses the term second edition systems to refer to systems conforming to the second edition
of the Directory Specifications, i.e., the 1993 edition of the series of ITU-T X.500 Recommendations and the
ISO/IEC 9594:1995 edition.
This Directory Specification uses the term third edition systems to refer to systems conforming to the third edition of the
Directory Specifications, i.e., the 1997 edition of the series of ITU-T X.500 Recommendations and the
ISO/IEC 9594:1998 edition.
4 ITU-T Rec. X.530 (11/2008)

---------------------- Page: 9 ----------------------
ISO/IEC 9594-10:2008 (E)
This Directory Specification uses the term fourth edition systems to refer to systems conforming to the fourth edition of
the Directory Specifications, i.e., the 2001 editions of ITU-T X.500, X.501, X.511, X.518, X.519, X.520, X.521, X.525,
and X.530, the 2000 edition of ITU-T X.509, and parts 1-10 of the ISO/IEC 9594:2001 edition.
This Directory Specification uses the term fifth edition systems to refer to systems conforming to the fifth edition of the
Directory Specifications, i.e., the 2005 edition of the series of ITU-T X.500 Recommendations and the
ISO/IEC 9594:2005 edition.
This Directory Specification uses the term sixth edition systems to refer to systems conforming to the sixth edition of the
Directory Specifications, i.e., the 2008 edition of the series of ITU-T X.500 Recommendations and the
ISO/IEC 9594:2008 edition.
This Directory Specification presents ASN.1 notation and Managed Object Definitions in the bold Helvetica, 9 point
typeface. When ASN.1 types and values or Managed Object Definitions are referenced in normal text, they are
differentiated from normal text by presenting them in the bold Helvetica, 9-point typeface. Access control permissions
are presented in italicized Helvetica.

 ITU-T Rec. X.530 (11/2008) 5

---------------------- Page: 10 ----------------------
ISO/IEC 9594-10:2008 (E)
SECTION 2 – MANAGEMENT REQUIREMENTS
6 Directory management requirements
The collection and processing of management information is an overhead set against the primary objective of the
Directory. Consequently, it is essential to ensure that all activities involved in acquiring management information are
useful, valid and present the minimum overhead to the natural processes of Directory components.
In order to derive the required management information and associated actions, it is necessary to analyse the various
entities which both provide the Directory service and also interact with it so that the relevant management needs are
identified. Furthermore, the Directory will operate in conjunction with other networks and services. The
1)
Telecommunications Management Network (TMN) is designed to provide a framework for management across
differing networks and services. Hence, the management features of Directory components are aligned with the
expectations of TMN.
6.1 Introduction
This Section analyses the environment in which a Directory will operate and isolates the management requirements.
The management requirements are defined by analysis of the activities of roles concerned with using, operating and
owning a Directory service. The motivation for the selection of these roles has been influenced by the functional
hierarchy view of management, defined within the TMN. This takes a broad view of an organization offering Directory
services and encompasses the need for low-level component management, the customer-oriented requirements of
offering services and the effects of the business objectives of the owners of Directory systems.
6.2 Sources of management requirements
6.2.1 Service agreement
6.2.1.1 Directory customer service agreement
A Directory service agreement is a set of terms and conditions governing the provision of the Directory services and
establishing the contractual relationship between the Directory customer and a Directory service provider. A service
agreement may cover a number of items relating to the expected operation of the Directory, such as accessible Directory
information (including maintenance of indirect data links such as seeAlso attributes and groupOfName entries),
allowed operations on accessible Directory information, quality of service operation, conditions for settlement for usage
of the service, and availability of the service and access points.
Of these items, some are directly embodied by Directory components and management activities (for example,
detecting aliases that point to non-existent distinguished names). Conversely, some service agreement items (for
example, settlement) are indirectly embodied by Directory components in that a management process uses a record of
Directory component activity as a basis for fulfilling the service agreement.
Associated with a service agreement there are a number of roles such as:
– Directory user;
– Directory customer;
– Directory service manager;
– Directory system manager/administrator (see 6.2.2); and
– Directory business manager (see 6.2.3 and 6.3.5).
A Directory customer, acting on behalf of Directory users, enters into an agreement with the Directory management
organization which determines an agreed service to be presented to users. The Directory customer may represent any
arbitrary group of users, the structure and content of which are not restricted by the Directory management organization.
A Directory user is a consumer of Directory services. Actions of Directory users stimulate the Directory components to
produce management information in order that the Directory service manager may ascertain whether the Directory is
operating within the bounds of the Directory user's service agreement.
____________________
1)
ITU-T Rec. M.3010, Principles for a telecommunications management network.
6 ITU-T Rec. X.530 (11/2008)

---------------------- Page: 11 ----------------------
ISO/IEC 9594-10:2008 (E)
A Directory service manager is responsible for ensuring that a service agreement is implemented and maintained. The
Directory service manager functions may encompass a number of areas such as:
– registration (e.g., of Directory users, Directory customers);
– configuration changes (e.g., enabling or disabling DSAs);
– assistance (e.g., help desk, technical support);
– service configuration changes (e.g., changes to service characteristics);
– quality of service monitoring and reporting; and
– accounting, billing and settlement.
6.2.1.2 Peer service provider service agreement
In order to fu
...