CAN/CSA-ISO/IEC 10164-9-97 (R2015)

1 Scope
2 Normative references
3 Definitions
4 Symbols and abbreviations
5 Conventions
6 Requirements
7 Interpretation of the Access Control Model
8 Generic definitions
9 Service definition
10 Functional units
11 Protocol
12 Relationship with other functions
13 Conformance
Annex A - Definition of management information
Annex B - MCS proforma
Annex C - MICS proforma
Annex D - MOCS proforma
Annex E - MRCS proforma
Annex F - MIDS proforma
Annex G - CMIP Access Control Parameter
Annex H - Relationship to ITU-T Rec. X.812 - ISO/IEC
          10181-3: Security Frameworks in Open Systems -
          Access Control

Technical corrigenda #1, 2 and 3 to this standard are available. Scope The specifications contained herein are applicable to the provision of access control for applications that use OSI management services and protocols. This Recommendation | International Standard establishes user requirements for the provision of access control for applications that use OSI management services and protocols interprets and applies the general model of access control defined in ITU-T Rec. X.812 | ISO/IEC 10181-3 for use with management applications that use OSI management services and protocols defines procedures for the imposition of access control rules in conjunction with the use of OSI management services and protocols defines managed object classes and attribute types that (a) represent some of the access control information that may be used in the provision of access control; and (b) are only for use when the management of the access control information is to be achieved using systems management specifies the protocol that is necessary to exchange the access control information defined in this Recommendation | International Standard, when the exchange is achieved using OSI systems management; specifies conformance requirements for open systems that claim to support access control for applications that use OSI management services and protocols; specifies conformance requirements for open systems that claim to support the management of the access control information defined in this Recommendation | International Standard. The access control information identified by this Recommendation | International Standard may be used in support of access control schemes based on access control lists, capabilities, security labels, and contextual constraints. This Recommendation | International Standard does not define an access control policy for applications that use OSI management services and protocols define security (or management) domains in which an access control policy may be imposed define how the components of an access control function be implemented, nor where those components be located specify the form of any access control information that is temporarily or permanently stored in an open system specify any access control mechanisms, nor mandate the use of any particular access control mechanism mandate that access control information be managed, and if it is to be managed, that management be achieved using OSI systems management describe how communicating management application entities act to make access control decisions on behalf of, or for the benefit of any third party specify any conformance requirement for the access control parameter defined in this Recommendation | International Standard.

Technical corrigenda #1, 2 and 3 to this standard are available. Scope The specifications contained herein are applicable to the provision of access control for applications that use OSI management services and protocols. This Recommendation | International Standard establishes user requirements for the provision of access control for applications that use OSI management services and protocols interprets and applies the general model of access control defined in ITU-T Rec. X.812 | ISO/IEC 10181-3 for use with management applications that use OSI management services and protocols defines procedures for the imposition of access control rules in conjunction with the use of OSI management services and protocols defines managed object classes and attribute types that (a) represent some of the access control information that may be used in the provision of access control; and (b) are only for use when the management of the access control information is to be achieved using systems management specifies the protocol that is necessary to exchange the access control information defined in this Recommendation | International Standard, when the exchange is achieved using OSI systems management; specifies conformance requirements for open systems that claim to support access control for applications that use OSI management services and protocols; specifies conformance requirements for open systems that claim to support the management of the access control information defined in this Recommendation | International Standard. The access control information identified by this Recommendation | International Standard may be used in support of access control schemes based on access control lists, capabilities, security labels, and contextual constraints. This Recommendation | International Standard does not define an access control policy for applications that use OSI management services and protocols define security (or management) domains in which an access control policy may be imposed define how the components of an access control function be implemented, nor where those components be located specify the form of any access control information that is temporarily or permanently stored in an open system specify any access control mechanisms, nor mandate the use of any particular access control mechanism mandate that access control information be managed, and if it is to be managed, that management be achieved using OSI systems management describe how communicating management application entities act to make access control decisions on behalf of, or for the benefit of any third party specify any conformance requirement for the access control parameter defined in this Recommendation | International Standard.