Information technology — Open systems interconnection — Part 4: The Directory: Procedures for distributed operation

This document specifies the behaviour of DSAs taking part in a distributed directory consisting of multiple Directory systems agents (DSAs) and/or LDAP servers with at least one DSA. The allowed behaviour has been designed to ensure a consistent service given a wide distribution of the DIB across a distributed directory. Only the behaviour of DSAs taking part in a distributed directory is specified. The behaviour of LDAP servers are specified in relevant LDAP specifications. There are no special requirements on an LDAP server beyond those given by the LDAP specifications. The Directory is not intended to be a general purpose database system, although it may be built on such systems. It is assumed that there is a considerably higher frequency of queries than of updates.

Technologies de l'information — Interconnexion de systèmes ouverts (OSI) — Partie 4: Titre manque

General Information

Status
Published
Publication Date
30-Nov-2020
Current Stage
6060 - International Standard published
Start Date
01-Dec-2020
Completion Date
01-Dec-2020
Ref Project

RELATIONS

Buy Standard

Standard
ISO/IEC 9594-4:2020 - Information technology -- Open systems interconnection
English language
125 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC PRF 9594-4:Version 24-okt-2020 - Information technology -- Open systems interconnection
English language
125 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 9594-4
Ninth edition
2020-11
Information technology — Open
systems interconnection —
Part 4:
The Directory: Procedures for
distributed operation
Reference number
ISO/IEC 9594-4:2020(E)
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC 9594-4:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 9594-4:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical activity.

ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of document should be noted (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details

of any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC list of patent

declarations received (see http://patents.iec.ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the World

Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT),
see www.iso.org/iso/foreword.html.

This document was prepared by ITU-T as ITU-T X.518 (10/2019) and drafted in accordance with

its editorial rules, in collaboration with Joint Technical Committee ISO/IEC JTC 1, Information

technology, Subcommittee SC 6, Telecommunications and information exchange between systems.

This ninth edition cancels and replaces the eighth edition (ISO/IEC 9594-4:2017), which has been

technically revised.
A list of all parts in the ISO/IEC 9594 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body.

A complete listing of these bodies can be found at www.iso.org/members.html.
© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 9594-4:2020 (E)
CONTENTS
Page

1 Scope .............................................................................................................................................................. 1

2 References ...................................................................................................................................................... 1

2.1 Normative references .......................................................................................................................... 1

2.2 Non-normative reference ..................................................................................................................... 2

3 Definitions ...................................................................................................................................................... 2

3.1 Basic Directory definitions .................................................................................................................. 2

3.2 Directory model definitions ................................................................................................................ 2

3.3 DSA information model definitions .................................................................................................... 2

3.4 Abstract service definitions ................................................................................................................. 3

3.5 Protocol definitions ............................................................................................................................. 3

3.6 Directory replication definitions ......................................................................................................... 3

3.7 Distributed operation definitions ......................................................................................................... 3

4 Abbreviations ................................................................................................................................................. 5

5 Conventions .................................................................................................................................................... 5

6 Overview ........................................................................................................................................................ 6

7 Distributed Directory system model ............................................................................................................... 7

8 DSA interactions model ................................................................................................................................. 8

8.1 Decomposition of a request ................................................................................................................. 8

8.2 Uni-chaining ........................................................................................................................................ 8

8.3 Multi-chaining ..................................................................................................................................... 9

8.4 Referral ................................................................................................................................................ 10

8.5 Mode determination ............................................................................................................................ 11

9 Overview of DSA abstract service ................................................................................................................. 12

10 Information types ........................................................................................................................................... 12

10.1 Introduction ......................................................................................................................................... 12

10.2 Information types defined elsewhere .................................................................................................. 12

10.3 Chaining arguments ............................................................................................................................ 13

10.4 Chaining results ................................................................................................................................... 15

10.5 Operation progress .............................................................................................................................. 16

10.6 Trace information ................................................................................................................................ 17

10.7 Reference type ..................................................................................................................................... 17

10.8 Access point information .................................................................................................................... 17

10.9 DIT bridge knowledge. ....................................................................................................................... 18

10.10 Exclusions ........................................................................................................................................... 19

10.11 Continuation reference ........................................................................................................................ 19

11 Bind and Unbind ............................................................................................................................................ 20

11.1 DSA Bind ............................................................................................................................................ 20

11.2 DSA Unbind ........................................................................................................................................ 21

12 Chained operations ......................................................................................................................................... 21

12.1 Chained operations .............................................................................................................................. 22

12.2 Chained Abandon operation ................................................................................................................ 22

12.3 Chained operations and protocol version ............................................................................................ 23

13 Chained errors ................................................................................................................................................ 23

13.1 Introduction ......................................................................................................................................... 23

13.2 DSA referral ........................................................................................................................................ 23

14 Introduction .................................................................................................................................................... 24

14.1 Scope and limits .................................................................................................................................. 24

14.2 Conformance ....................................................................................................................................... 24

14.3 Conceptual model ................................................................................................................................ 24

14.4 Individual and cooperative operation of DSAs ................................................................................... 24

© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) v
---------------------- Page: 4 ----------------------
ISO/IEC 9594-4:2020 (E)
Page

14.5 Cooperative agreements between DSAs ............................................................................................. 25

15 Distributed Directory behaviour ..................................................................................................................... 25

15.1 Cooperative fulfilment of operations .................................................................................................. 25

15.2 Phases of operation processing............................................................................................................ 25

15.3 Managing Distributed Operations ....................................................................................................... 26

15.4 Loop handling ..................................................................................................................................... 27

15.5 Other considerations for distributed operation .................................................................................... 28

15.6 Authentication of Distributed operations ............................................................................................ 29

16 The Operation Dispatcher ............................................................................................................................... 30

16.1 General concepts ................................................................................................................................. 30

16.2 Procedures of the Operation Dispatcher .............................................................................................. 35

16.3 Overview of procedures ...................................................................................................................... 36

17 Request Validation procedure ........................................................................................................................ 37

17.1 Introduction ......................................................................................................................................... 37

17.2 Procedure parameters .......................................................................................................................... 38

17.3 Procedure definition ............................................................................................................................ 39

18 Name Resolution procedure ........................................................................................................................... 42

18.1 Introduction ......................................................................................................................................... 42

18.2 Find DSE procedure parameters .......................................................................................................... 42

18.3 Procedures ........................................................................................................................................... 43

19 Operation evaluation ...................................................................................................................................... 52

19.1 Modification procedures ..................................................................................................................... 53

19.2 Single entry interrogation procedure ................................................................................................... 60

19.3 Multiple entry interrogation procedure ............................................................................................... 60

20 Continuation Reference procedures ................................................................................................................ 74

20.1 Chaining strategy in the presence of shadowing ................................................................................. 74

20.2 Issuing chained subrequests to a remote DSA or LDAP server .......................................................... 76

20.3 Procedures' parameters ........................................................................................................................ 76

20.4 Definition of the procedures ................................................................................................................ 77

20.5 Abandon procedures ............................................................................................................................ 86

20.6 DAP request to LDAP request procedure ........................................................................................... 88

20.7 LDAP result to DAP reply procedure ................................................................................................. 92

21 Results Merging procedure ............................................................................................................................. 94

22 Procedures for distributed authentication ....................................................................................................... 96

22.1 Requester authentication ..................................................................................................................... 96

22.2 Results authentication ......................................................................................................................... 97

23 Knowledge administration overview .............................................................................................................. 98

23.1 Maintenance of knowledge references ................................................................................................ 98

23.2 Requesting cross reference .................................................................................................................. 99

23.3 Knowledge inconsistencies ................................................................................................................. 100

24 Hierarchical operational bindings ................................................................................................................... 101

24.1 Operational binding type characteristics ............................................................................................. 101

24.2 Operational binding information object Class definition .................................................................... 103

24.3 DSA procedures for hierarchical operational binding management .................................................... 104

24.4 Procedures for operations .................................................................................................................... 107

24.5 Use of application contexts ................................................................................................................. 108

25 Non-specific hierarchical operational binding ................................................................................................ 108

25.1 Operational binding type characteristics ............................................................................................. 108

25.2 Operational binding information object class definition ..................................................................... 109

25.3 DSA procedures for non-specific hierarchical operational binding management ............................... 109

25.4 Procedures for operations .................................................................................................................... 111

25.5 Use of application contexts ................................................................................................................. 111

© ISO/IEC 2020 – All rights reserved
vi Rec. ITU-T X.518 (10/2019)
---------------------- Page: 5 ----------------------
ISO/IEC 9594-4:2020 (E)
Page

Annex A – ASN.1 for Distributed Operations ........................................................................................................... 112

Annex B – Specification of hierarchical and non-specific hierarchical operational binding types........................... 116

Annex C – Example of distributed name resolution .................................................................................................. 118

Annex D – Distributed use of authentication ............................................................................................................. 120

D.1 Summary ............................................................................................................................................. 120

D.2 Distributed protection model ............................................................................................................... 120

D.3 Signed chained operations ................................................................................................................... 120

Annex E – Knowledge maintenance example ........................................................................................................... 122

Annex F – Amendments and corrigenda ................................................................................................................... 125

© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) vii
---------------------- Page: 6 ----------------------
ISO/IEC 9594-4:2020 (E)
Introduction

This Recommendation | International Standard, together with other Recommendations | International Standards, have

been produced to facilitate the interconnection of information processing systems to provide directory services. A set of

such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the

Directory. The information held by the Directory, collectively known as the Directory information base (DIB), is typically

used to facilitate communication between, with or about objects such as application entities, people, terminals and

distribution lists.

The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of

technical agreement outside of the interconnection standards themselves, the interconnection of information processing

systems:
– from different manufacturers;
– under different managements;
– of different levels of complexity; and
– of different ages.

This Recommendation | International Standard specifies the procedures by which the distributed components of the

Directory interwork in order to provide a consistent service to its users.

This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be

defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks may

be mandated for use in certain environments through profiles. This ninth edition technically revises and enhances the

eighth edition of this Recommendation | International Standard.
This nineth edition specifies versions 1 and 2 of the Directory protocols.

Rec. ITU-T X.511 (1993) | ISO/IEC 9594-3 (1995), Rec. ITU-T X.518 (1993) | ISO/IEC 9594-4 (1995) and Rec. ITU-T

X.519 (1993) | ISO/IEC 9594-5 (1995) and their previous edition specified only version 1. Most of the services and

protocols specified in this edition are designed to function under version 1. However, some enhanced services and

protocols, e.g., signed errors, will not function unless all Directory entities involved in the operation have negotiated

version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in

the nine editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility

defined in Rec. ITU-T X.519 | ISO/IEC 9594-5.

Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for

directory distributed operations.

Annex B, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module providing

definitions for hierarchical operational bindings.

Annex C, which is not an integral part of this Recommendation | International Standard, describes an example of

distributed name resolution.

Annex D, which is not an integral part of this Recommendation | International Standard, describes authentication in the

distributed operations environment.

Annex E, which is not an integral part of this Recommendation | International Standard, illustrates knowledge

maintenance.

Annex F, which is not an integral part of this Recommendation | International Standard, lists the amendments and defect

reports that have been incorporated to form this edition of this Recommendation | International Standard.

viii © ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019)
---------------------- Page: 7 ----------------------
ISO/IEC 9594-4:2020 (E)
INTERNATIONAL STANDARD ISO/IEC 9594-4
RECOMMENDATION ITU-T X.518
Information technology – Open Systems Interconnection – The Directory:
Procedures for distributed operation
SECTION 1 – GENERAL
1 Scope

This Recommendation | International Standard specifies the behaviour of DSAs taking part in a distributed directory

consisting of multiple Directory systems agents (DSAs) and/or LDAP servers with at least one DSA. The allowed

behaviour has been designed to ensure a consistent service given a wide distribution of the DIB across a distributed

directory. Only the behaviour of DSAs taking part in a distributed directory is specified. The behaviour of LDAP servers

are specified in relevant LDAP specifications. There are no special requirements on an LDAP server beyond those given

by the LDAP specifications.

The Directory is not intended to be a general purpose database system, although it may be built on such systems. It is

assumed that there is a considerably higher frequency of queries than of updates.

2 References
2.1 Normative references

The following Recommendations and International Standards contain provisions which, through reference in this text,

constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated

were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this

Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition

of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid

International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid

ITU-T Recommendations.
2.1.1 Identical Recommendations | International Standards

– Recommendation ITU-T X.500 (2019 | ISO/IEC 9594-1:2020, Information technology – Open Systems

Interconnection – The Directory: Overview of concepts, models and services.

– Recommendation ITU-T X.501 (2019) | ISO/IEC 9594-2:2020, Information technology – Open Systems

Interconnection – The Directory: Models.

– Recommendation ITU-T X.509 (2019) | ISO/IEC 9594-8:2020, Information technology – Open Systems

Interconnection – The Directory: Public-key and attribute certificate frameworks.

– Recommendation ITU-T X.511 (2019) | ISO/IEC 9594-3:2020, Information technology – Open Systems

Interconnection – The Directory: Abstract service definition.

– Recommendation ITU-T X.519 (2019) | ISO/IEC 9594-5:2020, Information technology – Open Systems

Interconnection – The Directory: Protocol specifications.

– Recommendation ITU-T X.520 (2019) | ISO/IEC 9594-6:2020, Information technology – Open Systems

Interconnection – The Directory: Selected attribute types.

– Recommendation ITU-T X.521 (2019) | ISO/IEC 9594-7:2020, Information technology – Open Systems

Interconnection – The Directory: Selected object classes.

– Recommendation ITU-T X.525 (2019) | ISO/IEC 9594-9:2020, Information technology – Open Systems

Interconnection – The Directory: Replication.

– Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Specification of basic notation.
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) 1
---------------------- Page: 8 ----------------------
ISO/IEC 9594-4:2020 (E)
2.1.2 Other references

– Recommendation ITU-T X.681 (2015) | ISO/IEC 8824-2:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Information object specification.

– Recommendation ITU-T X.682 (2015) | ISO/IEC 8824-3:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Constraint specification.

– Recommendation ITU-T X.683 (2015) | ISO/IEC 8824-4:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Parameterization of ASN.1 specifications.

– IETF RFC 4511 (2006), Lightweight Directory Access Protocol (LDAP): The Protocol.

– IETF RFC 4514 (2006), Lightweight Directory Access Protocol (LDAP): String Representation of

Distinguished Names.
2.2 Non-normative reference

– IETF RFC 4510 (2006), Lightweight Directory Access Protocol (LDAP): Technical Specification Road

Map.
3 Definitions

For the purposes of this Recommendation | International Standard, the following definitions apply:

3.1 Basic Directory definitions
The following terms are defined in Rec. ITU-T X.500 | ISO/IEC 9594-1:
a) (the) Directory;
b) Directory Information Base.
3.2 Directory model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) access point;
b) alias;
c) Directory Information Tree ;
d) Directory System Agent (DSA);
e) Directory User Agent (DUA);
f) distinguished name;
g) relative distinguished name.
3.3 DSA information model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) category;
b) commonly usable;
c) context prefix;
d) cross reference;
e) DIB fragment;
f) DSA information tree;
g) DSA-Specific Entry (DSE);
h) DSE type;
i) immediate superior reference;
j) knowledge information;
k) knowledge reference category;
l) knowledge reference type;
© ISO/IEC 2020 – All rights reserved
2 Rec. ITU-T X.51
...

INTERNATIONAL ISO/IEC
STANDARD 9594-4
Ninth edition
Information technology — Open
systems interconnection —
Part 4:
The Directory: Procedures for
distributed operation
PROOF/ÉPREUVE
Reference number
ISO/IEC 9594-4:2020(E)
© ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC 9594-4:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 9594-4:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical activity.

ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of document should be noted (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details

of any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC list of patent

declarations received (see http://patents.iec.ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the World

Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT),
see www.iso.org/iso/foreword.html.

This document was prepared by ITU-T as ITU-T X.518 (10/2019) and drafted in accordance with its

editorial rules. It was adopted by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 6, Telecommunications and information exchange between systems.
A list of all parts in the ISO/IEC 9594 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 9594-4:2020 (E)
CONTENTS
Page

1 Scope .............................................................................................................................................................. 1

2 References ...................................................................................................................................................... 1

2.1 Normative references .......................................................................................................................... 1

2.2 Non-normative reference ..................................................................................................................... 2

3 Definitions ...................................................................................................................................................... 2

3.1 Basic Directory definitions .................................................................................................................. 2

3.2 Directory model definitions ................................................................................................................ 2

3.3 DSA information model definitions .................................................................................................... 2

3.4 Abstract service definitions ................................................................................................................. 3

3.5 Protocol definitions ............................................................................................................................. 3

3.6 Directory replication definitions ......................................................................................................... 3

3.7 Distributed operation definitions ......................................................................................................... 3

4 Abbreviations ................................................................................................................................................. 5

5 Conventions .................................................................................................................................................... 5

6 Overview ........................................................................................................................................................ 6

7 Distributed Directory system model ............................................................................................................... 7

8 DSA interactions model ................................................................................................................................. 8

8.1 Decomposition of a request ................................................................................................................. 8

8.2 Uni-chaining ........................................................................................................................................ 8

8.3 Multi-chaining ..................................................................................................................................... 9

8.4 Referral ................................................................................................................................................ 10

8.5 Mode determination ............................................................................................................................ 11

9 Overview of DSA abstract service ................................................................................................................. 12

10 Information types ........................................................................................................................................... 12

10.1 Introduction ......................................................................................................................................... 12

10.2 Information types defined elsewhere .................................................................................................. 12

10.3 Chaining arguments ............................................................................................................................ 13

10.4 Chaining results ................................................................................................................................... 15

10.5 Operation progress .............................................................................................................................. 16

10.6 Trace information ................................................................................................................................ 17

10.7 Reference type ..................................................................................................................................... 17

10.8 Access point information .................................................................................................................... 17

10.9 DIT bridge knowledge. ....................................................................................................................... 18

10.10 Exclusions ........................................................................................................................................... 19

10.11 Continuation reference ........................................................................................................................ 19

11 Bind and Unbind ............................................................................................................................................ 20

11.1 DSA Bind ............................................................................................................................................ 20

11.2 DSA Unbind ........................................................................................................................................ 21

12 Chained operations ......................................................................................................................................... 21

12.1 Chained operations .............................................................................................................................. 22

12.2 Chained Abandon operation ................................................................................................................ 22

12.3 Chained operations and protocol version ............................................................................................ 23

13 Chained errors ................................................................................................................................................ 23

13.1 Introduction ......................................................................................................................................... 23

13.2 DSA referral ........................................................................................................................................ 23

14 Introduction .................................................................................................................................................... 24

14.1 Scope and limits .................................................................................................................................. 24

14.2 Conformance ....................................................................................................................................... 24

14.3 Conceptual model ................................................................................................................................ 24

14.4 Individual and cooperative operation of DSAs ................................................................................... 24

© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) v
---------------------- Page: 4 ----------------------
ISO/IEC 9594-4:2020 (E)
Page

14.5 Cooperative agreements between DSAs ............................................................................................. 25

15 Distributed Directory behaviour ..................................................................................................................... 25

15.1 Cooperative fulfilment of operations .................................................................................................. 25

15.2 Phases of operation processing............................................................................................................ 25

15.3 Managing Distributed Operations ....................................................................................................... 26

15.4 Loop handling ..................................................................................................................................... 27

15.5 Other considerations for distributed operation .................................................................................... 28

15.6 Authentication of Distributed operations ............................................................................................ 29

16 The Operation Dispatcher ............................................................................................................................... 30

16.1 General concepts ................................................................................................................................. 30

16.2 Procedures of the Operation Dispatcher .............................................................................................. 35

16.3 Overview of procedures ...................................................................................................................... 36

17 Request Validation procedure ........................................................................................................................ 37

17.1 Introduction ......................................................................................................................................... 37

17.2 Procedure parameters .......................................................................................................................... 38

17.3 Procedure definition ............................................................................................................................ 39

18 Name Resolution procedure ........................................................................................................................... 42

18.1 Introduction ......................................................................................................................................... 42

18.2 Find DSE procedure parameters .......................................................................................................... 42

18.3 Procedures ........................................................................................................................................... 43

19 Operation evaluation ...................................................................................................................................... 52

19.1 Modification procedures ..................................................................................................................... 53

19.2 Single entry interrogation procedure ................................................................................................... 60

19.3 Multiple entry interrogation procedure ............................................................................................... 60

20 Continuation Reference procedures ................................................................................................................ 74

20.1 Chaining strategy in the presence of shadowing ................................................................................. 74

20.2 Issuing chained subrequests to a remote DSA or LDAP server .......................................................... 76

20.3 Procedures' parameters ........................................................................................................................ 76

20.4 Definition of the procedures ................................................................................................................ 77

20.5 Abandon procedures ............................................................................................................................ 86

20.6 DAP request to LDAP request procedure ........................................................................................... 88

20.7 LDAP result to DAP reply procedure ................................................................................................. 92

21 Results Merging procedure ............................................................................................................................. 94

22 Procedures for distributed authentication ....................................................................................................... 96

22.1 Requester authentication ..................................................................................................................... 96

22.2 Results authentication ......................................................................................................................... 97

23 Knowledge administration overview .............................................................................................................. 98

23.1 Maintenance of knowledge references ................................................................................................ 98

23.2 Requesting cross reference .................................................................................................................. 99

23.3 Knowledge inconsistencies ................................................................................................................. 100

24 Hierarchical operational bindings ................................................................................................................... 101

24.1 Operational binding type characteristics ............................................................................................. 101

24.2 Operational binding information object Class definition .................................................................... 103

24.3 DSA procedures for hierarchical operational binding management .................................................... 104

24.4 Procedures for operations .................................................................................................................... 107

24.5 Use of application contexts ................................................................................................................. 108

25 Non-specific hierarchical operational binding ................................................................................................ 108

25.1 Operational binding type characteristics ............................................................................................. 108

25.2 Operational binding information object class definition ..................................................................... 109

25.3 DSA procedures for non-specific hierarchical operational binding management ............................... 109

25.4 Procedures for operations .................................................................................................................... 111

25.5 Use of application contexts ................................................................................................................. 111

© ISO/IEC 2020 – All rights reserved
vi Rec. ITU-T X.518 (10/2019)
---------------------- Page: 5 ----------------------
ISO/IEC 9594-4:2020 (E)
Page

Annex A – ASN.1 for Distributed Operations ........................................................................................................... 112

Annex B – Specification of hierarchical and non-specific hierarchical operational binding types........................... 116

Annex C – Example of distributed name resolution .................................................................................................. 118

Annex D – Distributed use of authentication ............................................................................................................. 120

D.1 Summary ............................................................................................................................................. 120

D.2 Distributed protection model ............................................................................................................... 120

D.3 Signed chained operations ................................................................................................................... 120

Annex E – Knowledge maintenance example ........................................................................................................... 122

Annex F – Amendments and corrigenda ................................................................................................................... 125

© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) vii
---------------------- Page: 6 ----------------------
ISO/IEC 9594-4:2020 (E)
Introduction

This Recommendation | International Standard, together with other Recommendations | International Standards, have

been produced to facilitate the interconnection of information processing systems to provide directory services. A set of

such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the

Directory. The information held by the Directory, collectively known as the Directory information base (DIB), is typically

used to facilitate communication between, with or about objects such as application entities, people, terminals and

distribution lists.

The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of

technical agreement outside of the interconnection standards themselves, the interconnection of information processing

systems:
– from different manufacturers;
– under different managements;
– of different levels of complexity; and
– of different ages.

This Recommendation | International Standard specifies the procedures by which the distributed components of the

Directory interwork in order to provide a consistent service to its users.

This Recommendation | International Standard provides the foundation frameworks upon which industry profiles can be

defined by other standards groups and industry forums. Many of the features defined as optional in these frameworks may

be mandated for use in certain environments through profiles. This ninth edition technically revises and enhances the

eighth edition of this Recommendation | International Standard.
This nineth edition specifies versions 1 and 2 of the Directory protocols.

Rec. ITU-T X.511 (1993) | ISO/IEC 9594-3 (1995), Rec. ITU-T X.518 (1993) | ISO/IEC 9594-4 (1995) and Rec. ITU-T

X.519 (1993) | ISO/IEC 9594-5 (1995) and their previous edition specified only version 1. Most of the services and

protocols specified in this edition are designed to function under version 1. However, some enhanced services and

protocols, e.g., signed errors, will not function unless all Directory entities involved in the operation have negotiated

version 2. Whichever version has been negotiated, differences between the services and between the protocols defined in

the nine editions, except for those specifically assigned to version 2, are accommodated using the rules of extensibility

defined in Rec. ITU-T X.519 | ISO/IEC 9594-5.

Annex A, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module for

directory distributed operations.

Annex B, which is an integral part of this Recommendation | International Standard, provides the ASN.1 module providing

definitions for hierarchical operational bindings.

Annex C, which is not an integral part of this Recommendation | International Standard, describes an example of

distributed name resolution.

Annex D, which is not an integral part of this Recommendation | International Standard, describes authentication in the

distributed operations environment.

Annex E, which is not an integral part of this Recommendation | International Standard, illustrates knowledge

maintenance.

Annex F, which is not an integral part of this Recommendation | International Standard, lists the amendments and defect

reports that have been incorporated to form this edition of this Recommendation | International Standard.

viii © ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019)
---------------------- Page: 7 ----------------------
ISO/IEC 9594-4:2020 (E)
INTERNATIONAL STANDARD ISO/IEC 9594-4
RECOMMENDATION ITU-T X.518
Information technology – Open Systems Interconnection – The Directory:
Procedures for distributed operation
SECTION 1 – GENERAL
1 Scope

This Recommendation | International Standard specifies the behaviour of DSAs taking part in a distributed directory

consisting of multiple Directory systems agents (DSAs) and/or LDAP servers with at least one DSA. The allowed

behaviour has been designed to ensure a consistent service given a wide distribution of the DIB across a distributed

directory. Only the behaviour of DSAs taking part in a distributed directory is specified. The behaviour of LDAP servers

are specified in relevant LDAP specifications. There are no special requirements on an LDAP server beyond those given

by the LDAP specifications.

The Directory is not intended to be a general purpose database system, although it may be built on such systems. It is

assumed that there is a considerably higher frequency of queries than of updates.

2 References
2.1 Normative references

The following Recommendations and International Standards contain provisions which, through reference in this text,

constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated

were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this

Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition

of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid

International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid

ITU-T Recommendations.
2.1.1 Identical Recommendations | International Standards

– Recommendation ITU-T X.500 (2019 | ISO/IEC 9594-1:2020, Information technology – Open Systems

Interconnection – The Directory: Overview of concepts, models and services.

– Recommendation ITU-T X.501 (2019) | ISO/IEC 9594-2:2020, Information technology – Open Systems

Interconnection – The Directory: Models.

– Recommendation ITU-T X.509 (2019) | ISO/IEC 9594-8:2020, Information technology – Open Systems

Interconnection – The Directory: Public-key and attribute certificate frameworks.

– Recommendation ITU-T X.511 (2019) | ISO/IEC 9594-3:2020, Information technology – Open Systems

Interconnection – The Directory: Abstract service definition.

– Recommendation ITU-T X.519 (2019) | ISO/IEC 9594-5:2020, Information technology – Open Systems

Interconnection – The Directory: Protocol specifications.

– Recommendation ITU-T X.520 (2019) | ISO/IEC 9594-6:2020, Information technology – Open Systems

Interconnection – The Directory: Selected attribute types.

– Recommendation ITU-T X.521 (2019) | ISO/IEC 9594-7:2020, Information technology – Open Systems

Interconnection – The Directory: Selected object classes.

– Recommendation ITU-T X.525 (2019) | ISO/IEC 9594-9:2020, Information technology – Open Systems

Interconnection – The Directory: Replication.

– Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Specification of basic notation.
© ISO/IEC 2020 – All rights reserved
Rec. ITU-T X.518 (10/2019) 1
---------------------- Page: 8 ----------------------
ISO/IEC 9594-4:2020 (E)
2.1.2 Other references

– Recommendation ITU-T X.681 (2015) | ISO/IEC 8824-2:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Information object specification.

– Recommendation ITU-T X.682 (2015) | ISO/IEC 8824-3:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Constraint specification.

– Recommendation ITU-T X.683 (2015) | ISO/IEC 8824-4:2015, Information technology – Abstract Syntax

Notation One (ASN.1): Parameterization of ASN.1 specifications.

– IETF RFC 4511 (2006), Lightweight Directory Access Protocol (LDAP): The Protocol.

– IETF RFC 4514 (2006), Lightweight Directory Access Protocol (LDAP): String Representation of

Distinguished Names.
2.2 Non-normative reference

– IETF RFC 4510 (2006), Lightweight Directory Access Protocol (LDAP): Technical Specification Road

Map.
3 Definitions

For the purposes of this Recommendation | International Standard, the following definitions apply:

3.1 Basic Directory definitions
The following terms are defined in Rec. ITU-T X.500 | ISO/IEC 9594-1:
a) (the) Directory;
b) Directory Information Base.
3.2 Directory model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) access point;
b) alias;
c) Directory Information Tree ;
d) Directory System Agent (DSA);
e) Directory User Agent (DUA);
f) distinguished name;
g) relative distinguished name.
3.3 DSA information model definitions
The following terms are defined in Rec. ITU-T X.501 | ISO/IEC 9594-2:
a) category;
b) commonly usable;
c) context prefix;
d) cross reference;
e) DIB fragment;
f) DSA information tree;
g) DSA-Specific Entry (DSE);
h) DSE type;
i) immediate superior reference;
j) knowledge information;
k) knowledge reference category;
l) knowledge reference type;
© ISO/IEC 2020 – All rights reserved
2 Rec. ITU-T X.518 (10/2019)
---------------------- Page: 9 ----------------------
ISO/IEC 9594-4:2020 (E)
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.