Part 1 - Overview and functional model
1 Introduction
1.1 Scope
1.2 Field of application
1.3 Requirements to be satisfied
1.4 Conformance
1.5 Overview and document structure
2 References
2.1 Normative references
2.2 Informative references
3 Definitions and conventions
3.1 Imported definitions
3.2 New definitions
3.3 Conventions
3.4 Acronyms
4 Functional model
4.1 Environment
4.2 Role of the APA-Application
4.3 Functional model of the APA-Application
4.4 Services provided by the APA-Application
4.5 Data elements
4.6 Authentication methods
4.7 Management and recovery of the APA-Application
5 Relationship to other Standards and Technical Report
5.1 Relationship to ECMA TR/46, "Security in Open Systems:
A Security Framework"
5.2 Relationship to Standard ISO 7498-2, "Security
Architecture"
5.3 Relationship to Standard ISO/IEC 10181-2,
"Authentication Framework"
5.4 Relationship to Standard ISO/IEC 9594: 1990 Part 8,
"Directory Authentication Framework"
5.5 Relationship to Standard ISO/IEC 10181-3, "Access
Control Framework"
5.6 Relationship to ISO/IEC 10164, "Standards for Systems
Management"
Annex A (Informative) Changes from the first edition
(December 1994)
Part 2 - Security information objects
1 Introduction
2 Overview
3 GeneralisedCertificate
3.1 Common Contents fields
3.2 Specific Certificate Contents
3.3 Check value
3.4 Certificate Identity
4 Security attributes
5 Authentication Certificate (AUC)
6 Privilege Attribute Certificate (PAC)
7 Protection methods
7.1 "Control/Protection Values" protection method
7.2 "Primary Principal Qualification" protection method
7.3 "Target Qualification" protection method
7.4 "Delegate/Target Qualification" protection method
7.5 "Delegate Qualification" protection method
7.6 "Trace Pointer" protection method
7.7 "Initiator Qualification" protection method
7.8 "Count" protection method
7.9 "Check Back" protection method
7.10 "Nested Chain" protection method
7.11 Combining the methods
8 Generalised User Certificate (GUC)
9 External control values construct
10 Specification of Keying Information
10.1 Configurations Supported
10.2 General Description
10.3 Example walkthroughs of key exchanges
11 DialogueKeyBlock
Annex A (Normative) Use of identities in the APA-Application
Part 3 - Service definitions
1 Introduction
2 APA abstract model
2.1 The APA-Application
3 Specification of bind and unbind operations
3.1 A-bind
3.2 A-unbind
3.3 PA-bind
3.4 PA-unbind
3.5 KD-bind
3.6 KD-unbind
4 Common atomic operations
4.1 Open Security Association (OpenSA)
4.2 DeclareOperationContext
4.3 Get Keying Information (GetKI)
4.4 Process Keying Information (ProcessKI)
4.5 Close Security Association (CloseSA)
4.6 RevokeCertificate
4.7 Abstract errors arising from common operations
5 Authentication Port atomic operations
5.1 Authenticate
5.2 ContinueAuthentication
5.3 ChangePassword
5.4 ContinueChangePassword
5.5 Check Authentication Certificate (CheckAUC)
5.6 ConfirmPresence
5.7 Get Authentication Server Name (GetASName)
5.8 Get Authentication Ticket (GetAT)
5.9 Abstract errors arising from A-Port operations
6 Privilege Attribute Port atomic operations
6.1 Get Access Control Ticket (GetACT)
6.2 Check Privilege Attribute Certificate (CheckPAC)
6.3 Refine Privilege Attribute Certificate (RefinePAC)
6.4 Abstract errors arising from PA-Port operations
7 Key Distribution Port atomic operations
8 Combined operations
8.1 Authentication port combined operations
8.2 Privilege Attribute port combined operations
8.3 Key Distribution port combined operations
Annex A (Informative) Information Model
Annex B (Informative) Authentication Information Types
Annex C (Normative) ASN.1 - Object Identifier Usage
Annex D (Normative) ASN.1 - Object Identifiers
Annex E (Normative) ASN.1 - Abstract Service
Annex F (Informative) ASN.1 - Authentication Methods
Annex G (Informative) Changes from first edition
(December 1994)