ISO/IEC INTERNATIONAL STANDARD 10181-1 First edition 1996-08-01 Information technology -- Open Systems Interconnection - Security frameworks for open systems: Overview Technologies de I'information -- Interconnexion de systemes ouverts (Osl) -- Cadre pour la sécurité dans les systemes ouverts: Présentation IEC (so Reference number ISO/IEC10181-1:1996(E) Not for Resale ISO/IEC 10181-1:1996(E) CONTENTS Page 1 Scope.. 1 2 Normative references 1 2.1 Identical Recommendations I International Standards 1 2.2 Paired Recommendations I International Standards equivalent in technical content 1 3 Definitions....... 2 3.1 BasicReferenceModel definitions 2 3.2 Security architecture definitions 2 3.3 Additional definitions ... 2 Abbreviations. 4 4 5 Notation.. 6 Organization.... 4 6.1 Part 1-Overview ... 4 6.2 4 6.3 Part . - Access contro. ......... 5 6.4 5 Part 4 - Nonrepudiation.................... 6.5 Part 5 . Confidentiality........ 5 6.6 Part . . Integrity....... 6 6.7 Part 7 - Security audit and alarms ... 6 6.8 Key management 6 Common concepts... 6 7.1 Security information ... 7 7.2 Security domain ... 7 7.2.1 Security policy and security policy rules . 7 7.2.2 Security domain authority..... 8 7.2.3 Inter-relationships among security domains 8 7.2.4 Establishment of secure interaction rules... 9 7.2.5 Inter.domain security information transfer............... 9 7.3 Security policy considerations for specific security services.... 9 7.4 Trusted entities.. 9 7.5 Trust.... 10 7.6 Trusted third parties ... 10 Generic security information... 10 8 8.1 Security labels.... 10 8.2 11 8.3 Security certificates......... 11 8.3.1 Introductiontosecuritycertificates. 11 8.3.2 Verification and chaining of security certificates . 12 8.3.3 Revocation of security certificates .. 12 8.3.4 Re-use of security certificates .... 12 8.3.5 Security certificate structure. 12 8.4 Security tokens... 13 ?ISO/IEC1996 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and micro- film, without permission in writing from the publisher. ISO/IEC Copyright Office · Case postale 56 · CH-1211 Geneve 20 · Switzerland Printed in Switzerland CopyrightInternational Organization for Standardization mitted without license from IHS Not for Resale CISO/IEC ISO/IEC 10181-1:1996(E) 9 Generic security facilities... 13 9.1 Management related facilities 13 9.1.1 Install SI... 13 9.1.2 Deinstall SI 13 9.1.3 Change SI... 13 9.1.4 Validate SI 14 9.1.5 Invalidate SI 14 9.1.6 Disable/Re-enable security service 14 9.1.7 Enrol 14 9.1.8 Un-enrol 14 9.1.9 Distribute SI 14 9.1.10 List SI 14 9.2 Operational related facilities ... 14 9.2.1 14 9.2.2 Identify secure interaction rules ... 14 9.2.3 14 9.2.4 Generate SI 14 9.2.5 Verify SI. 15 10 Interactions between security mechanisms . 15 11 Denial of service and availability. 15 12 Other requirements... 16 Annex A - Some examples of protection mechanisms for security certificates.. 17 A.1 Protection using an OSI communications security service .. 17 A.2 Protection using a parameter within the security certificate... 17 A.2.1 The authentication method.... 17 A.2.2 The secret key method ... 17 A.2.3 The public key method..... 18 A.2.4 The one-way function method ... 18 A.3 Protection of the internal and external parameters while in transit.... 18 A.3.1 Transfer of internal parameters to the issuing security authority .. 18 A.3.2 Transfer of external parameters among entities... 18 A.4 Use of security certificates by single entities or by groups of entities. 19 A.5 Linking a security certificate with accesses . 19 AnnexB- Bibliography.. 20 iii Copyright Inte emational Organization for Standardization No reproduction or networking permitted without license from IHS Not for Resale