ECMA 219 : 2ED 96
Current
The latest, up-to-date edition.
AUTHENTICATION AND PRIVILEGE ATTRIBUTE SECURITY APPLICATION WITH RELATED KEY DISTRIBUTION FUNCTIONS - PART 1, 2 AND 3
12-01-2013
Part 1 - Overview and functional model
1 Introduction
1.1 Scope
1.2 Field of application
1.3 Requirements to be satisfied
1.4 Conformance
1.5 Overview and document structure
2 References
2.1 Normative references
2.2 Informative references
3 Definitions and conventions
3.1 Imported definitions
3.2 New definitions
3.3 Conventions
3.4 Acronyms
4 Functional model
4.1 Environment
4.2 Role of the APA-Application
4.3 Functional model of the APA-Application
4.4 Services provided by the APA-Application
4.5 Data elements
4.6 Authentication methods
4.7 Management and recovery of the APA-Application
5 Relationship to other Standards and Technical Report
5.1 Relationship to ECMA TR/46, "Security in Open Systems:
A Security Framework"
5.2 Relationship to Standard ISO 7498-2, "Security
Architecture"
5.3 Relationship to Standard ISO/IEC 10181-2,
"Authentication Framework"
5.4 Relationship to Standard ISO/IEC 9594: 1990 Part 8,
"Directory Authentication Framework"
5.5 Relationship to Standard ISO/IEC 10181-3, "Access
Control Framework"
5.6 Relationship to ISO/IEC 10164, "Standards for Systems
Management"
Annex A (Informative) Changes from the first edition
(December 1994)
Part 2 - Security information objects
1 Introduction
2 Overview
3 GeneralisedCertificate
3.1 Common Contents fields
3.2 Specific Certificate Contents
3.3 Check value
3.4 Certificate Identity
4 Security attributes
5 Authentication Certificate (AUC)
6 Privilege Attribute Certificate (PAC)
7 Protection methods
7.1 "Control/Protection Values" protection method
7.2 "Primary Principal Qualification" protection method
7.3 "Target Qualification" protection method
7.4 "Delegate/Target Qualification" protection method
7.5 "Delegate Qualification" protection method
7.6 "Trace Pointer" protection method
7.7 "Initiator Qualification" protection method
7.8 "Count" protection method
7.9 "Check Back" protection method
7.10 "Nested Chain" protection method
7.11 Combining the methods
8 Generalised User Certificate (GUC)
9 External control values construct
10 Specification of Keying Information
10.1 Configurations Supported
10.2 General Description
10.3 Example walkthroughs of key exchanges
11 DialogueKeyBlock
Annex A (Normative) Use of identities in the APA-Application
Part 3 - Service definitions
1 Introduction
2 APA abstract model
2.1 The APA-Application
3 Specification of bind and unbind operations
3.1 A-bind
3.2 A-unbind
3.3 PA-bind
3.4 PA-unbind
3.5 KD-bind
3.6 KD-unbind
4 Common atomic operations
4.1 Open Security Association (OpenSA)
4.2 DeclareOperationContext
4.3 Get Keying Information (GetKI)
4.4 Process Keying Information (ProcessKI)
4.5 Close Security Association (CloseSA)
4.6 RevokeCertificate
4.7 Abstract errors arising from common operations
5 Authentication Port atomic operations
5.1 Authenticate
5.2 ContinueAuthentication
5.3 ChangePassword
5.4 ContinueChangePassword
5.5 Check Authentication Certificate (CheckAUC)
5.6 ConfirmPresence
5.7 Get Authentication Server Name (GetASName)
5.8 Get Authentication Ticket (GetAT)
5.9 Abstract errors arising from A-Port operations
6 Privilege Attribute Port atomic operations
6.1 Get Access Control Ticket (GetACT)
6.2 Check Privilege Attribute Certificate (CheckPAC)
6.3 Refine Privilege Attribute Certificate (RefinePAC)
6.4 Abstract errors arising from PA-Port operations
7 Key Distribution Port atomic operations
8 Combined operations
8.1 Authentication port combined operations
8.2 Privilege Attribute port combined operations
8.3 Key Distribution port combined operations
Annex A (Informative) Information Model
Annex B (Informative) Authentication Information Types
Annex C (Normative) ASN.1 - Object Identifier Usage
Annex D (Normative) ASN.1 - Object Identifiers
Annex E (Normative) ASN.1 - Abstract Service
Annex F (Informative) ASN.1 - Authentication Methods
Annex G (Informative) Changes from first edition
(December 1994)
Defines three applications: -an Authentication Application, -a Privilege Attributes Application, -a Key Distribution Application.
DocumentType |
Standard
|
PublisherName |
European Computer Manufacturers Association
|
Status |
Current
|
Supersedes |
ASTM E 1985 : 1998 : R2013 | Standard Guide for User Authentication and Authorization (Withdrawn 2017) |
ECMA 235 : 1ED 96 | THE ECMA GSS-API MECHANISM |
EG 201 057 : 1.1.2 | TELECOMMUNICATIONS SECURITY; TRUSTED THIRD PARTIES (TTP); REQUIREMENTS FOR TTP SERVICES |
ASTM E 1985 : 1998 | Standard Guide for User Authentication and Authorization |
ASTM E 1985 : 1998 : R2005 | Standard Guide for User Authentication and Authorization |
ISO/IEC 10181-7:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Security audit and alarms framework |
ISO/IEC 9798-3:1998 | Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques |
ISO/IEC 8825-1:2015 | Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1: |
ISO/IEC 9595:1998 | Information technology Open Systems Interconnection Common management information service |
ISO/IEC 8824:1990 | Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1) |
ISO/IEC 10181-3:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework |
ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
ISO/IEC 9798-2:2008 | Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ECMA 206 : 1ED 93 | ASSOCIATION CONTEXT MANAGEMENT INCLUDING SECURITY CONTEXT MANAGEMENT |
ISO/IEC 10181-2:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.