【英文标准名称】:Informationtechnology-Opensystemsinterconnection-Thedirectory-Authenticationframework
【原文标准名称】:信息技术.开放式系统互连.人名地址录.鉴定框架
【标准号】:BSISO/IEC9594-8-1995
【标准状态】:作废
【国别】:英国
【发布日期】:1997-02-15
【实施或试行日期】:1997-02-15
【发布单位】:英国标准学会(GB-BSI)
【起草单位】:BSI
【标准类型】:()
【标准水平】:()
【中文主题词】:应用层(开放系统互连);验证;信息交流;计算机网络;数据传送;数据传输;开放系统互连;数据存储保护;情报系统;密码;人名地址录;数据处理;识别方法
【英文主题词】:Applicationlayer;Authentication;Communicationservice;Dataprocessing;Directories;Informationinterchange;Informationtechnology;Networkinterconnection;Opensystemsinterconnection;OSI
【摘要】:ThisRecommendation|InternationalStandard:-specifiestheformofauthenticationinformationheldbytheDirectory;-describeshowauthenticationinformationmaybeobtainedfromtheDirectory;-statestheassumptionsmadeabouthowauthenticationinformationisformedandplacedintheDirectory;-definesthreewaysinwhichapplicationsmayusethisauthenticationinformationtoperformauthenticationanddescribeshowothersecurityservicesmaybesupportedbyauthentication.ThisRecommendation|InternationalStandarddescribestwolevelsofauthentication:simpleauthentication,usingapasswordasaverificationofclaimedidentity;andstrongauthentication,involvingcredentialsformedusingcryptographictechniques.Whilesimpleauthenticationofferssomelimitedprotectionagainstunauthorizedaccess,onlystrongauthenticationshouldbeusedasthebasisforprovidingsecureservices.Itisnotintendedtoestablishthisasageneralframeworkforauthentication,butitcanbeofgeneraluseforapplicationswhichconsiderthesetechniquesadequate.Authentication(andothersecurityservices)canonlybeprovidedwithinthecontextofadefinedsecuritypolicy.Itisamatterforusersofanapplicationtodefinetheirownsecuritypolicywhichmaybeconstrainedbytheservicesprovidedbyastandard.ItisamatterforstandardsdefiningapplicationswhichusetheauthenticationframeworktospecifytheprotocolexchangeswhichneedtobeperformedinordertoachieveauthenticationbasedupontheauthenticationinformationobtainedfromtheDirectory.TheprotocolusedbyapplicationstoobtaincredentialsfromtheDirectoryistheDirectoryAccessProtocol(DAP),specifiedinITU-TRecommendationX.519|ISO/IEC9594-5.ThestrongauthenticationmethodspecifiedinthisRecommendation|InternationalStandardisbaseduponpublic-keycryptosystems.ItisamajoradvantageofsuchsystemsthatusercertificatesmaybeheldwithintheDirectoryasattributes,andmaybefreelycommunicatedwithintheDirectorySystemandobtainedbyusersoftheDirectoryinthesamemannerasotherDirectoryinformation.Theusercertificatesareassumedtobeformedby"off-line"means,andplacedintheDirectorybytheircreator.Thegenerationofusercertificatesisperformedbysomeoff-lineCertificationAuthoritywhichiscompletelyseparatefromtheDSAsintheDirectory.Inparticular,nospecialrequirementsareplaceduponDirectoryproviderstostoreorcommunicateusercertificatesinasecuremanner.Abriefintroductiontopublic-keycryptographycanbefoundinAnnexC.Ingeneral,theauthenticationframeworkisnotdependentontheuseofaparticularcryptographicalgorithm,providedithasthepropertiesdescribedin7.1.Potentiallyanumberofdifferentalgorithmsmaybeused.However,twouserswishingtoauthenticateshallsupportthesamecryptographicalgorithmforauthenticationtobeperformedcorrectly.Thus,withinthecontextofasetofrelatedapplications,thechoiceofasinglealgorithmwillserveto.maximizethecommunityofusersabletoauthenticateandcommunicatesecurely.OneexampleofapublickeycryptographicalgorithmcanbefoundinAnnexD.Similarly,twouserswishingtoauthenticateshallsupportthesamehashfunction[see3.3f)](usedinformingcredentialsandauthenticationtokens).Again,inprinciple,anumberofalternativehashfunctionscouldbeused,atthecostofnarrowingthecommunitiesofusersabletoauthenticate.AbriefintroductiontohashfunctionscanbefoundinAnnexE.
【中国标准分类号】:L79
【国际标准分类号】:35_100_01;35_100_70
【页数】:44P.;A4
【正文语种】:英语