BS ISO/IEC 10181-3:1996

1 Scope
2 Normative references
    2.1 Identical Recommendations/International
         Standards
    2.2 Paired Recommendations/International Standards
         equivalent in technical content
3 Definitions
4 Abbreviations
5 General discussion of access control
    5.1 Goal of access control
         5.2.1 Performing access control functions
         5.2.2 Other access control activities
         5.2.3 ACI forwarding
    5.3 Distribution of access control components
         5.3.1 Incoming access control
         5.3.2 Outgoing access control
         5.3.3 Interposed access control
    5.4 Distribution of access control components
         across multiple security domains
    5.5 Threats to access control
6 Access control policies
    6.1 Access control policy expression
         6.1.1 Access control policy categories
         6.1.2 Groups and roles
         6.1.3 Security labels
         6.1.4 Multiple initiator access control policies
    6.2 Policy management
         6.2.1 Fixed policies
         6.2.2 Administratively-imposed policies
         6.2.3 Under-selected policies
    6.3 Granularity and containment
    6.4 Inheritance rules
    6.5 Precedence among access control policy rules
    6.6 Default access control policy rules
    6.7 Policy mapping through cooperating security
         domains
7 Access control information and facilities
    7.1 ACI
         7.1.1 Initiator ACI
         7.1.2 Target ACI
         7.1.3 Access request ACI
         7.1.4 Operand ACI
         7.1.5 Contextual information
         7.1.6 Initiator-bound ACI
         7.1.7 Target-bound ACI
         7.1.8 Access request-bound ACI
    7.2 Protection of ACI
         7.2.1 Access control certificates
         7.2.2 Access control tokens
    7.3 Access control facilities
         7.3.1 Management related facilities
         7.3.2 Operation related facilities
8 Classification of access control mechanisms
    8.1 Introduction
    8.2 ACL scheme
         8.2.1 Basic features
         8.2.2 ACI
         8.2.3 Supporting mechanisms
         8.2.4 Variations of this scheme
    8.3 Capability scheme
         8.3.1 Basic features
         8.3.2 ACI
         8.3.3 Supporting mechanisms
         8.3.4 Variations of this scheme - Capabilities
                without specific operations
    8.4 Label based scheme
         8.4.1 Basic features
         8.4.2 ACI
         8.4.3 Supporting mechanisms
         8.4.4 Labeled channels as targets
    8.5 Context based scheme
         8.5.1 Basic features
         8.5.2 ACI
         8.5.3 Supporting mechanisms
         8.5.4 Variations of this scheme
9 Interaction with other security services and
    mechanisms
    9.1 Authentication
    9.2 Data integrity
    9.3 Data confidentiality
    9.4 Audit
    9.5 Other access-related services
Annex A - Exchange of access control certificates among
          components
      A.1 Introduction
      A.2 Forwarding access control certificates
      A.3 Forwarding multiple access control certificates
          A.3.1 Example
          A.3.2 Generalization
          A.3.3 Simplifications
Annex B - Access control in the OSI reference model
      B.1 General
      B.2 Use of access control within the OSI layers
          B.2.1 Use of access control at the network
                 layer
          B.2.2 Use of access control at the transport
                 layer
          B,2,3 Use of access control at the application
                 layer
Annex C - Non-uniqueness of access control identities
Annex D - Distribution of access control components
      D.1 Aspects considered
      D.2 AEC and ADC locations
      D.3 Interactions among access control components
Annex E - Rule-based versus identity-based policies
Annex F - A Mechanism to support ACI forwarding through an
          initiator
Annex G - Access control security service outline

Describes the application of security services in an Open Systems environment, including Database, Distributed Applications, ODP and OSI. Defines means of provision of protection for systems and objects within systems, together with the interactions between systems. Does not cover methods for construction of systems or mechanisms.

The Security Frameworks are intended to address the application of security services in an Open Systems environment, where the term Open Systems is taken to include areas such as Database, Distributed Applications, ODP and OSI. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Frameworks are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data elements and sequences of operations (but not protocol elements) that are used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems. In the case of Access Control, accesses may either be to a system (i.e. to an entity that is the communicating part of a system) or within a system. The information items that need to be presented to obtain the access, as well as the sequence of operations to request the access and for notification of the results of the access, are considered to be within the scope of the Security Frameworks. However, any information items and operations that are dependent solely on a particular application and that are strictly concerned with local access within a system are considered to be outside the scope of the Security Frameworks. Many applications have requirements for security to protect against threats to resources, including information, resulting from the interconnection of Open Systems. Some commonly known threats, together with the security services and mechanisms that can be used to protect against them, in an OSI environment, are described in CCITT Rec. X.800 | ISO7498-2. The process of determining which uses of resources within an Open System environment are permitted and, where appropriate, preventing unauthorized access is called access control. This Recommendation | International Standard defines a general framework for the provision of access control services. This Security Framework: defines the basic concepts for access control; demonstrates the manner in which the basic concepts of access control can be specialized to support some commonly recognized access control services and mechanisms; defines these services and corresponding access control mechanisms; identifies functional requirements for protocols to support these access control services and mechanisms; identifies management requirements to support these access control services and mechanisms; addresses the interaction of access control services and mechanisms with other security services and mechanisms. As with other security services, access control can be provided only within the context of a defined security policy for a particular application. The definition of access control policies is outside the scope of this Recommendation | International Standard, however, some characteristics of access control policies are discussed. It is not a matter for this Recommendation | International Standard to specify details of the protocol exchanges which may need to be performed in order to provide access control services. This Recommendation | International Standard does not specify particular mechanisms to support these access control services nor the details of security management services and protocols. A number of different types of standard can use this framework including: standards that incorporate the concept of access control; standards that specify abstract services that include access control; standards that specify uses of an access control service; standards that specify the means of providing access control within an Open System environment; and standards that specify access control mechanisms. Such standards can use this framework as follows: standard typesa, b, c, d, and e can use the terminology of this framework; standard typesb, c, d, and e can use the facilities defined in clause7 of this framework; and standard typee can be based upon the classes of mechanism defined in clause8.