1

Scope

The specifications contained herein are applicable to the provision of access control for applications that use OSI management services and protocols.

This Recommendation / International Standard - establishes user requirements for the provision of access control for applications that use OSI management services and protocols; - interprets and applies the general model of access control defined in ITU-T Rec. X.812 / ISO/IEC 10181-3 for use with management applications that use OSI management services and protocols; - defines procedures for the imposition of access control rules in conjunction with the use of OSI management services and protocols; - defines managed object classes and attribute types that

(a) represent some of the access control information that may be used in the provision of access control; and (b) are only for use when the management of the access control information is to be achieved using systems management;

- specifies the protocol that is necessary to exchange the access control information defined in this Recommendation / International Standard, when the exchange is achieved using OSI sy stems management; - specifies conformance requirements for open systems that claim to support access control for applications that use OSI management services and protocols; - specifies conformance requirements for open systems that claim to support the management of the access control information defined in this Recommendation / International Standard.

The access control information identified by this Recommendation / International Standard may be used in support of access control schemes based on access control lists, capabilities, security labels, and contextual constraints.

This Recommendation / International Standard does not - define an access control policy for applications that use OSI management services and protocols; - define security (or management) domains in which an access control policy may be imposed; - define how the components of an access control function be implemented, nor where those components be located; - specify the form of any access control information that is temporarily or permanently stored in an open system; - specify any access control mechanisms, nor mandate the use of any particular access control mechanism; - mandate that access control information be managed, and if it is to be managed, that management be achieved using OSI systems mana gement; - describe how communicating management application entities act to make access control decisions on behalf of, or for the benefit of any third party; - specify any conformance requirement for the access control parameter defined in this Recommendation / International Standard.