Information technology — Open systems interconnection — Part 4: The Directory: Procedures for distributed operation

This document specifies the behaviour of DSAs taking part in a distributed directory consisting of multiple Directory systems agents (DSAs) and/or LDAP servers with at least one DSA. The allowed behaviour has been designed to ensure a consistent service given a wide distribution of the DIB across a distributed directory. Only the behaviour of DSAs taking part in a distributed directory is specified. The behaviour of LDAP servers are specified in relevant LDAP specifications. There are no special requirements on an LDAP server beyond those given by the LDAP specifications. The Directory is not intended to be a general purpose database system, although it may be built on such systems. It is assumed that there is a considerably higher frequency of queries than of updates.

Technologies de l'information — Interconnexion de systèmes ouverts (OSI) — Partie 4: Titre manque

General Information

Status
Published
Publication Date
30-Nov-2020
Current Stage
6060 - International Standard published
Start Date
30-Nov-2020
Due Date
19-Dec-2022
Completion Date
01-Dec-2020
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 9594-4:2020 - Information technology -- Open systems interconnection
English language
125 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC PRF 9594-4:Version 24-okt-2020 - Information technology -- Open systems interconnection
English language
125 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 9594-4
Ninth edition
2020-11
Information technology — Open
systems interconnection —
Part 4:
The Directory: Procedures for
distributed operation
Reference number
ISO/IEC 9594-4:2020(E)
©
ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC 9594-4:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 9594-4:2020(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of document should be noted (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details
of any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC list of patent
declarations received (see http://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT),
see www.iso.org/iso/foreword.html.
This document was prepared by ITU-T as ITU-T X.518 (10/2019) and drafted in accordance with
its editorial rules, in collaboration with Joint Technical Committee ISO/IEC JTC 1, Information
technology, Subcommittee SC 6, Telecommunications and information exchange between systems.
This ninth edition cancels and replaces the eighth edition (ISO/IEC 9594-4:2017), which has been
technically revised.
A list of all parts in the ISO/IEC 9594 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body.
A complete listing of these bodies can be found at www.iso.org/members.html.
© ISO/IEC 2020 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 9594-4:2020 (E)
CONTENTS
Page
1 Scope . 1
2 References . 1
2.1 Normative references . 1
2.2 Non-normative reference . 2
3 Definitions . 2
3.1 Basic Directory definitions . 2
3.2 Directory model definitions . 2
3.3 DSA information model definitions . 2
3.4 Abstract service definitions . 3
3.5 Protocol definitions . 3
3.6 Directory replication definitions . 3
3.7 Distributed operation definitions . 3
4 Abbreviations . 5
5 Conventions . 5
6 Overview . 6
7 Distributed Directory system model . 7
8 DSA interactions model . 8
8.1 Decomposition of a request . 8
8.2 Uni-chaining . 8
8.3 Multi-chaining . 9
8.4 Referral . 10
8.5 Mode determination . 11
9 Overview of DSA abstract service . 12
10 Information types . 12
10.1 Introduction . 12
10.2 Information types defined elsewhere . 12
10.3 Chaining arguments . 13
10.4 Chaining results . 15
10.5 Operation progress . 16
10.6 Trace information . 17
10.7 Reference type . 17
10.8 Access point information . 17
10.9 DIT bridge knowledge. . 18
10.10 Exclusions . 19
10.11 Continuation reference . 19
11 Bind and Unbind . 20
11.1 DSA Bind . 20
11.2 DSA Unbind . 21
12 Chained operations . 21
12.1 Chained operations . 22
12.2 Chained Abandon operation . 22
12.3 Chained operations and protocol version . 23
13 Chained errors . 23
13.1 Introduction . 23
13.2 DSA referral . 23
14 Introduction . 24
14.1 Scope and limits . 24
14.2 Conformance . 24
14.3 Conceptual model . 24
14.4 Individual and cooperative operation of DSAs . 24
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) v

---------------------- Page: 4 ----------------------
ISO/IEC 9594-4:2020 (E)
Page
14.5 Cooperative agreements between DSAs . 25
15 Distributed Directory behaviour . 25
15.1 Cooperative fulfilment of operations . 25
15.2 Phases of operation processing. 25
15.3 Managing Distributed Operations . 26
15.4 Loop handling . 27
15.5 Other considerations for distributed operation . 28
15.6 Authentication of Distributed operations . 29
16 The Operation Dispatcher . 30
16.1 General concepts . 30
16.2 Procedures of the Operation Dispatcher . 35
16.3 Overview of procedures . 36
17 Request Validation procedure . 37
17.1 Introduction . 37
17.2 Procedure parameters . 38
17.3 Procedure definition . 39
18 Name Resolution procedure . 42
18.1 Introduction . 42
18.2 Find DSE procedure parameters . 42
18.3 Procedures . 43
19 Operation evaluation . 52
19.1 Modification procedures . 53
19.2 Single entry interrogation procedure . 60
19.3 Multiple entry interrogation procedure . 60
20 Continuation Reference procedures . 74
20.1 Chaining strategy in the presence of shadowing . 74
20.2 Issuing chained subrequests to a remote DSA or LDAP server . 76
20.3 Procedures' parameters . 76
20.4 Definition of the procedures . 77
20.5 Abandon procedures . 86
20.6 DAP request to LDAP request procedure . 88
20.7 LDAP result to DAP reply procedure . 92
21 Results Merging procedure . 94
22 Procedures for distributed authentication . 96
22.1 Requester authentication . 96
22.2 Results authentication . 97
23 Knowledge administration overview . 98
23.1 Maintenance of knowledge references . 98
23.2 Requesting cross reference . 99
23.3 Knowledge inconsistencies . 100
24 Hierarchical operational bindings . 101
24.1 Operational binding type characteristics . 101
24.2 Operational binding information object Class definition . 103
24.3 DSA procedures for hierarchical operational binding management . 104
24.4 Procedures for operations . 107
24.5 Use of application contexts . 108
25 Non-specific hierarchical operational binding . 108
25.1 Operational binding type characteristics . 108
25.2 Operational binding information object class definition . 109
25.3 DSA procedures for non-specific hierarchical operational binding management . 109
25.4 Procedures for operations . 111
25.5 Use of application contexts . 111
© ISO/IEC 2020 – All rights reserved
vi Rec. ITU-T X.518 (10/2019)

---------------------- Page: 5 ----------------------
ISO/IEC 9594-4:2020 (E)
Page
Annex A – ASN.1 for Distributed Operations . 112
Annex B – Specification of hierarchical and non-specific hierarchical operational binding types. 116
Annex C – Example of distributed name resolution . 118
Annex D – Distributed use of authentication . 120
D.1 Summary . 120
D.2 Distributed protection model . 120
D.3 Signed chained operations . 120
Annex E – Knowledge maintenance example . 122
Annex F – Amendments and corrigenda . 125
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) vii

---------------------- Page: 6 ----------------------
ISO/IEC 9594-4:2020 (E)
Introduction
This Recommendation | International Standard, together with other Recommendations | International Standards, have
been produced to facilitate the interconnection of information processing systems to provide directory services. A set of
such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the
Directory. The information held by the Directory, collectively known as the Directory information base (DIB), is typically
used to facilitate communication between, with or about objects such as application entities, people, terminals and
distribution lists.
The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of
technical agreement outside of the interconnection standards themselves, the interconnection of information processing
systems:
– from different manufacturers;
– under different managements;
– of different levels of complexity; and
– of different ages.
This Recommendation | International Standard specifies the procedures by which the distributed components of the
Directory interwork in order to provide a consistent service to its users.
This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be
defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks may
be mandated for use in certain environments through profiles. This ninth edition technically revises and enhances the
eighth edition of this Recommendation | International Standard.
This nineth edition specifies versions 1 and 2 of the Directory protocols.
Rec. ITU-T X.511 (1993) | ISO/IEC 9594-3 (1995), Rec. ITU-T X.518 (1993) | ISO/IEC 9594-4 (1995) and Rec. ITU-T
X.519 (1993) | ISO/IEC 9594-5 (1995) and their previous edition specified only version 1. Most of the services and
protocols specified in this edition are designed to function under version 1. However, some enhanced services and
protocols, e.g., signed errors, will not function unless all Directory entities involved in the operation have negotiated
version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in
the nine editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility
defined in Rec. ITU-T X.519 | ISO/IEC 9594-5.
Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for
directory distributed operations.
Annex B, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module providing
definitions for hierarchical operational bindings.
Annex C, which is not an integral part of this Recommendation | International Standard, describes an example of
distributed name resolution.
Annex D, which is not an integral part of this Recommendation | International Standard, describes authentication in the
distributed operations environment.
Annex E, which is not an integral part of this Recommendation | International Standard, illustrates knowledge
maintenance.
Annex F, which is not an integral part of this Recommendation | International Standard, lists the amendments and defect
reports that have been incorporated to form this edition of this Recommendation | International Standard.
viii © ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019)

---------------------- Page: 7 ----------------------
ISO/IEC 9594-4:2020 (E)
INTERNATIONAL STANDARD ISO/IEC 9594-4
RECOMMENDATION ITU-T X.518
Information technology – Open Systems Interconnection – The Directory:
Procedures for distributed operation
SECTION 1 – GENERAL
1 Scope
This Recommendation | International Standard specifies the behaviour of DSAs taking part in a distributed directory
consisting of multiple Directory systems agents (DSAs) and/or LDAP servers with at least one DSA. The allowed
behaviour has been designed to ensure a consistent service given a wide distribution of the DIB across a distributed
directory. Only the behaviour of DSAs taking part in a distributed directory is specified. The behaviour of LDAP servers
are specified in relevant LDAP specifications. There are no special requirements on an LDAP server beyond those given
by the LDAP specifications.
The Directory is not intended to be a general purpose database system, although it may be built on such systems. It is
assumed that there is a considerably higher frequency of queries than of updates.
2 References
2.1 Normative references
The following Recommendations and International Standards contain provisions which, through reference in this text,
constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated
were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this
Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition
of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid
International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid
ITU-T Recommendations.
2.1.1 Identical Recommendations | International Standards
– Recommendation ITU-T X.500 (2019 | ISO/IEC 9594-1:2020, Information technology – Open Systems
Interconnection – The Directory: Overview of concepts, models and services.
– Recommendation ITU-T X.501 (2019) | ISO/IEC 9594-2:2020, Information technology – Open Systems
Interconnection – The Directory: Models.
– Recommendation ITU-T X.509 (2019) | ISO/IEC 9594-8:2020, Information technology – Open Systems
Interconnection – The Directory: Public-key and attribute certificate frameworks.
– Recommendation ITU-T X.511 (2019) | ISO/IEC 9594-3:2020, Information technology – Open Systems
Interconnection – The Directory: Abstract service definition.
– Recommendation ITU-T X.519 (2019) | ISO/IEC 9594-5:2020, Information technology – Open Systems
Interconnection – The Directory: Protocol specifications.
– Recommendation ITU-T X.520 (2019) | ISO/IEC 9594-6:2020, Information technology – Open Systems
Interconnection – The Directory: Selected attribute types.
– Recommendation ITU-T X.521 (2019) | ISO/IEC 9594-7:2020, Information technology – Open Systems
Interconnection – The Directory: Selected object classes.
– Recommendation ITU-T X.525 (2019) | ISO/IEC 9594-9:2020, Information technology – Open Systems
Interconnection – The Directory: Replication.
– Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Specification of basic notation.
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) 1

---------------------- Page: 8 ----------------------
ISO/IEC 9594-4:2020 (E)
2.1.2 Other references
– Recommendation ITU-T X.681 (2015) | ISO/IEC 8824-2:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Information object specification.
– Recommendation ITU-T X.682 (2015) | ISO/IEC 8824-3:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Constraint specification.
– Recommendation ITU-T X.683 (2015) | ISO/IEC 8824-4:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Parameterization of ASN.1 specifications.
– IETF RFC 4511 (2006), Lightweight Directory Access Protocol (LDAP): The Protocol.
– IETF RFC 4514 (2006), Lightweight Directory Access Protocol (LDAP): String Representation of
Distinguished Names.
2.2 Non-normative reference
– IETF RFC 4510 (2006), Lightweight Directory Access Protocol (LDAP): Technical Specification Road
Map.
3 Definitions
For the purposes of this Recommendation | International Standard, the following definitions apply:
3.1 Basic Directory definitions
The following terms are defined in Rec. ITU-T X.500 | ISO/IEC 9594-1:
a) (the) Directory;
b) Directory Information Base.
3.2 Directory model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) access point;
b) alias;
c) Directory Information Tree ;
d) Directory System Agent (DSA);
e) Directory User Agent (DUA);
f) distinguished name;
g) relative distinguished name.
3.3 DSA information model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) category;
b) commonly usable;
c) context prefix;
d) cross reference;
e) DIB fragment;
f) DSA information tree;
g) DSA-Specific Entry (DSE);
h) DSE type;
i) immediate superior reference;
j) knowledge information;
k) knowledge reference category;
l) knowledge reference type;
© ISO/IEC 2020 – All rights reserved
2 Rec. ITU-T X.51
...

INTERNATIONAL ISO/IEC
STANDARD 9594-4
Ninth edition
Information technology — Open
systems interconnection —
Part 4:
The Directory: Procedures for
distributed operation
PROOF/ÉPREUVE
Reference number
ISO/IEC 9594-4:2020(E)
© ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC 9594-4:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 9594-4:2020(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of document should be noted (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details
of any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC list of patent
declarations received (see http://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT),
see www.iso.org/iso/foreword.html.
This document was prepared by ITU-T as ITU-T X.518 (10/2019) and drafted in accordance with its
editorial rules. It was adopted by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 6, Telecommunications and information exchange between systems.
A list of all parts in the ISO/IEC 9594 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

© ISO/IEC 2020 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 9594-4:2020 (E)
CONTENTS
Page
1 Scope . 1
2 References . 1
2.1 Normative references . 1
2.2 Non-normative reference . 2
3 Definitions . 2
3.1 Basic Directory definitions . 2
3.2 Directory model definitions . 2
3.3 DSA information model definitions . 2
3.4 Abstract service definitions . 3
3.5 Protocol definitions . 3
3.6 Directory replication definitions . 3
3.7 Distributed operation definitions . 3
4 Abbreviations . 5
5 Conventions . 5
6 Overview . 6
7 Distributed Directory system model . 7
8 DSA interactions model . 8
8.1 Decomposition of a request . 8
8.2 Uni-chaining . 8
8.3 Multi-chaining . 9
8.4 Referral . 10
8.5 Mode determination . 11
9 Overview of DSA abstract service . 12
10 Information types . 12
10.1 Introduction . 12
10.2 Information types defined elsewhere . 12
10.3 Chaining arguments . 13
10.4 Chaining results . 15
10.5 Operation progress . 16
10.6 Trace information . 17
10.7 Reference type . 17
10.8 Access point information . 17
10.9 DIT bridge knowledge. . 18
10.10 Exclusions . 19
10.11 Continuation reference . 19
11 Bind and Unbind . 20
11.1 DSA Bind . 20
11.2 DSA Unbind . 21
12 Chained operations . 21
12.1 Chained operations . 22
12.2 Chained Abandon operation . 22
12.3 Chained operations and protocol version . 23
13 Chained errors . 23
13.1 Introduction . 23
13.2 DSA referral . 23
14 Introduction . 24
14.1 Scope and limits . 24
14.2 Conformance . 24
14.3 Conceptual model . 24
14.4 Individual and cooperative operation of DSAs . 24
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) v

---------------------- Page: 4 ----------------------
ISO/IEC 9594-4:2020 (E)
Page
14.5 Cooperative agreements between DSAs . 25
15 Distributed Directory behaviour . 25
15.1 Cooperative fulfilment of operations . 25
15.2 Phases of operation processing. 25
15.3 Managing Distributed Operations . 26
15.4 Loop handling . 27
15.5 Other considerations for distributed operation . 28
15.6 Authentication of Distributed operations . 29
16 The Operation Dispatcher . 30
16.1 General concepts . 30
16.2 Procedures of the Operation Dispatcher . 35
16.3 Overview of procedures . 36
17 Request Validation procedure . 37
17.1 Introduction . 37
17.2 Procedure parameters . 38
17.3 Procedure definition . 39
18 Name Resolution procedure . 42
18.1 Introduction . 42
18.2 Find DSE procedure parameters . 42
18.3 Procedures . 43
19 Operation evaluation . 52
19.1 Modification procedures . 53
19.2 Single entry interrogation procedure . 60
19.3 Multiple entry interrogation procedure . 60
20 Continuation Reference procedures . 74
20.1 Chaining strategy in the presence of shadowing . 74
20.2 Issuing chained subrequests to a remote DSA or LDAP server . 76
20.3 Procedures' parameters . 76
20.4 Definition of the procedures . 77
20.5 Abandon procedures . 86
20.6 DAP request to LDAP request procedure . 88
20.7 LDAP result to DAP reply procedure . 92
21 Results Merging procedure . 94
22 Procedures for distributed authentication . 96
22.1 Requester authentication . 96
22.2 Results authentication . 97
23 Knowledge administration overview . 98
23.1 Maintenance of knowledge references . 98
23.2 Requesting cross reference . 99
23.3 Knowledge inconsistencies . 100
24 Hierarchical operational bindings . 101
24.1 Operational binding type characteristics . 101
24.2 Operational binding information object Class definition . 103
24.3 DSA procedures for hierarchical operational binding management . 104
24.4 Procedures for operations . 107
24.5 Use of application contexts . 108
25 Non-specific hierarchical operational binding . 108
25.1 Operational binding type characteristics . 108
25.2 Operational binding information object class definition . 109
25.3 DSA procedures for non-specific hierarchical operational binding management . 109
25.4 Procedures for operations . 111
25.5 Use of application contexts . 111
© ISO/IEC 2020 – All rights reserved
vi Rec. ITU-T X.518 (10/2019)

---------------------- Page: 5 ----------------------
ISO/IEC 9594-4:2020 (E)
Page
Annex A – ASN.1 for Distributed Operations . 112
Annex B – Specification of hierarchical and non-specific hierarchical operational binding types. 116
Annex C – Example of distributed name resolution . 118
Annex D – Distributed use of authentication . 120
D.1 Summary . 120
D.2 Distributed protection model . 120
D.3 Signed chained operations . 120
Annex E – Knowledge maintenance example . 122
Annex F – Amendments and corrigenda . 125
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) vii

---------------------- Page: 6 ----------------------
ISO/IEC 9594-4:2020 (E)
Introduction
This Recommendation | International Standard, together with other Recommendations | International Standards, have
been produced to facilitate the interconnection of information processing systems to provide directory services. A set of
such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the
Directory. The information held by the Directory, collectively known as the Directory information base (DIB), is typically
used to facilitate communication between, with or about objects such as application entities, people, terminals and
distribution lists.
The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of
technical agreement outside of the interconnection standards themselves, the interconnection of information processing
systems:
– from different manufacturers;
– under different managements;
– of different levels of complexity; and
– of different ages.
This Recommendation | International Standard specifies the procedures by which the distributed components of the
Directory interwork in order to provide a consistent service to its users.
This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be
defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks may
be mandated for use in certain environments through profiles. This ninth edition technically revises and enhances the
eighth edition of this Recommendation | International Standard.
This nineth edition specifies versions 1 and 2 of the Directory protocols.
Rec. ITU-T X.511 (1993) | ISO/IEC 9594-3 (1995), Rec. ITU-T X.518 (1993) | ISO/IEC 9594-4 (1995) and Rec. ITU-T
X.519 (1993) | ISO/IEC 9594-5 (1995) and their previous edition specified only version 1. Most of the services and
protocols specified in this edition are designed to function under version 1. However, some enhanced services and
protocols, e.g., signed errors, will not function unless all Directory entities involved in the operation have negotiated
version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in
the nine editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility
defined in Rec. ITU-T X.519 | ISO/IEC 9594-5.
Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for
directory distributed operations.
Annex B, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module providing
definitions for hierarchical operational bindings.
Annex C, which is not an integral part of this Recommendation | International Standard, describes an example of
distributed name resolution.
Annex D, which is not an integral part of this Recommendation | International Standard, describes authentication in the
distributed operations environment.
Annex E, which is not an integral part of this Recommendation | International Standard, illustrates knowledge
maintenance.
Annex F, which is not an integral part of this Recommendation | International Standard, lists the amendments and defect
reports that have been incorporated to form this edition of this Recommendation | International Standard.
viii © ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019)

---------------------- Page: 7 ----------------------
ISO/IEC 9594-4:2020 (E)
INTERNATIONAL STANDARD ISO/IEC 9594-4
RECOMMENDATION ITU-T X.518
Information technology – Open Systems Interconnection – The Directory:
Procedures for distributed operation
SECTION 1 – GENERAL
1 Scope
This Recommendation | International Standard specifies the behaviour of DSAs taking part in a distributed directory
consisting of multiple Directory systems agents (DSAs) and/or LDAP servers with at least one DSA. The allowed
behaviour has been designed to ensure a consistent service given a wide distribution of the DIB across a distributed
directory. Only the behaviour of DSAs taking part in a distributed directory is specified. The behaviour of LDAP servers
are specified in relevant LDAP specifications. There are no special requirements on an LDAP server beyond those given
by the LDAP specifications.
The Directory is not intended to be a general purpose database system, although it may be built on such systems. It is
assumed that there is a considerably higher frequency of queries than of updates.
2 References
2.1 Normative references
The following Recommendations and International Standards contain provisions which, through reference in this text,
constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated
were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this
Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition
of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid
International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid
ITU-T Recommendations.
2.1.1 Identical Recommendations | International Standards
– Recommendation ITU-T X.500 (2019 | ISO/IEC 9594-1:2020, Information technology – Open Systems
Interconnection – The Directory: Overview of concepts, models and services.
– Recommendation ITU-T X.501 (2019) | ISO/IEC 9594-2:2020, Information technology – Open Systems
Interconnection – The Directory: Models.
– Recommendation ITU-T X.509 (2019) | ISO/IEC 9594-8:2020, Information technology – Open Systems
Interconnection – The Directory: Public-key and attribute certificate frameworks.
– Recommendation ITU-T X.511 (2019) | ISO/IEC 9594-3:2020, Information technology – Open Systems
Interconnection – The Directory: Abstract service definition.
– Recommendation ITU-T X.519 (2019) | ISO/IEC 9594-5:2020, Information technology – Open Systems
Interconnection – The Directory: Protocol specifications.
– Recommendation ITU-T X.520 (2019) | ISO/IEC 9594-6:2020, Information technology – Open Systems
Interconnection – The Directory: Selected attribute types.
– Recommendation ITU-T X.521 (2019) | ISO/IEC 9594-7:2020, Information technology – Open Systems
Interconnection – The Directory: Selected object classes.
– Recommendation ITU-T X.525 (2019) | ISO/IEC 9594-9:2020, Information technology – Open Systems
Interconnection – The Directory: Replication.
– Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Specification of basic notation.
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) 1

---------------------- Page: 8 ----------------------
ISO/IEC 9594-4:2020 (E)
2.1.2 Other references
– Recommendation ITU-T X.681 (2015) | ISO/IEC 8824-2:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Information object specification.
– Recommendation ITU-T X.682 (2015) | ISO/IEC 8824-3:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Constraint specification.
– Recommendation ITU-T X.683 (2015) | ISO/IEC 8824-4:2015, Information technology – Abstract Syntax
Notation One (ASN.1): Parameterization of ASN.1 specifications.
– IETF RFC 4511 (2006), Lightweight Directory Access Protocol (LDAP): The Protocol.
– IETF RFC 4514 (2006), Lightweight Directory Access Protocol (LDAP): String Representation of
Distinguished Names.
2.2 Non-normative reference
– IETF RFC 4510 (2006), Lightweight Directory Access Protocol (LDAP): Technical Specification Road
Map.
3 Definitions
For the purposes of this Recommendation | International Standard, the following definitions apply:
3.1 Basic Directory definitions
The following terms are defined in Rec. ITU-T X.500 | ISO/IEC 9594-1:
a) (the) Directory;
b) Directory Information Base.
3.2 Directory model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) access point;
b) alias;
c) Directory Information Tree ;
d) Directory System Agent (DSA);
e) Directory User Agent (DUA);
f) distinguished name;
g) relative distinguished name.
3.3 DSA information model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) category;
b) commonly usable;
c) context prefix;
d) cross reference;
e) DIB fragment;
f) DSA information tree;
g) DSA-Specific Entry (DSE);
h) DSE type;
i) immediate superior reference;
j) knowledge information;
k) knowledge reference category;
l) knowledge reference type;
© ISO/IEC 2020 – All rights reserved
2 Rec. ITU-T X.518 (10/2019)

---------------------- Page: 9 ----------------------
ISO/IEC 9594-4:2020 (E)
m)
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.