ISO/IEC 9594-8:2020 信息技术 开放系统互连 目录 第8部分：目录：公钥和属性证书框架

标准编号：ISO/IEC 9594-8:2020

中文名称：信息技术 开放系统互连 目录 第8部分：目录：公钥和属性证书框架

英文名称：Information technology — Open systems interconnection — Part 8: The Directory: Public-key and attribute certificate frameworks

发布日期：2020-11

标准范围

本文档通过提供一组框架来解决身份验证和其他安全服务领域中的一些安全需求，在此基础上提供完整的服务。具体而言，本推荐性国际标准定义了以下框架:-公钥证书；和-属性证书。本推荐国际标准中定义的公钥证书框架规定了公钥基础设施(PKI)的信息对象和数据类型，包括公钥证书、证书撤销列表(CRL)、信任代理以及授权和验证列表(AVL)。属性证书框架指定权限管理基础架构(PMI)的信息对象和数据类型，包括属性证书和属性证书撤销列表(ACRL)。该推荐性国际标准还提供了颁发、管理、使用和撤销证书的框架。为证书类型和所有撤销列表方案定义的格式中都包含了可扩展性机制。该推荐国际标准还包括一组扩展，预期其在PKI和PMI的许多应用中通常是有用的。用于在目录中存储PKI和PMI信息的模式组件（包括对象类、属性类型和匹配规则）包括在本推荐国际标准中。该推荐国际标准规定了强身份验证的框架，涉及使用加密技术形成的凭证。它并不打算将其建立为用于身份验证的通用框架，但是它可以用于认为这些技术足够的应用程序。身份验证（和其他安全服务）只能在已定义的安全策略的上下文中提供。应用程序的用户需要定义他们自己的安全策略。

This document addresses some of the security requirements in the areas of authentication and other security services through the provision of a set of frameworks upon which full services can be based. Specifically, this Recommendation | International Standard defines frameworks for:
- public-key certificates; and
- attribute certificates.
The public-key certificate framework defined in this Recommendation | International Standard specifies the information objects and data types for a public-key infrastructure (PKI), including public-key certificates, certificate revocation lists (CRLs), trust broker and authorization and validation lists (AVLs). The attribute certificate framework specifies the information objects and data types for a privilege management infrastructure (PMI), including attribute certificates, and attribute certificate revocation lists (ACRLs). This Recommendation | International Standard also provides the framework for issuing, managing, using and revoking certificates. An extensibility mechanism is included in the defined formats for both certificate types and for all revocation list schemes. This Recommendation | International Standard also includes a set of extensions, which is expected to be generally useful across a number of applications of PKI and PMI. The schema components (including object classes, attribute types and matching rules) for storing PKI and PMI information in a directory, are included in this Recommendation | International Standard.
This Recommendation | International Standard specifies the framework for strong authentication, involving credentials formed using cryptographic techniques. It is not intended to establish this as a general framework for authentication, but it can be of general use for applications which consider these techniques adequate.
Authentication (and other security services) can only be provided within the context of a defined security policy. It is a matter for users of an application to define their own security policy.

标准预览图