ISO IEC 9594-8-2020 amd1-2025 PDF

Full title and description

ISO/IEC 9594-8:2020/Amd 1:2025 — Information technology — Open systems interconnection — Part 8: The Directory: Public-key and attribute certificate frameworks — Amendment 1: Miscellaneous enhancements. This amendment makes targeted, backward‑compatible enhancements and clarifications to the public‑key and attribute certificate framework defined in ISO/IEC 9594‑8:2020.

Abstract

This amendment updates ISO/IEC 9594‑8:2020 by introducing miscellaneous enhancements to the directory-based frameworks for public‑key certificates and attribute certificates. It clarifies and refines data formats, revocation handling and directory schema guidance used for PKI (public‑key infrastructure) and PMI (privilege management infrastructure), and includes small editorial and technical corrections intended to improve interoperability and implementability of the existing standard.

General information

• Status: Published
• Publication date: May 2025
• Publisher: ISO/IEC (Joint publication by the International Organization for Standardization and the International Electrotechnical Commission) — technical work via ISO/IEC JTC 1/SC 6
• ICS / categories: 35.100.70 (Application layer)
• Edition / version: Edition 9 — ISO/IEC 9594‑8:2020 with Amendment 1 (2025)
• Number of pages: 5 (amendment document)

Scope

This amendment applies to ISO/IEC 9594‑8:2020 and provides a set of miscellaneous enhancements and clarifications to the Directory frameworks that define public‑key certificates, certificate revocation lists (CRLs), attribute certificates and attribute certificate revocation lists (ACRLs). The changes are intended to refine ASN.1/representation details, directory schema guidance and revocation/validation mechanisms so implementers of directory‑based PKI/PMI solutions can achieve better interoperability with existing X.500/Directory and X.509 ecosystems.

Key topics and requirements

• Clarifications to public‑key certificate and attribute certificate data structures and encoding expectations.
• Refinements to revocation handling and revocation list formats (CRL/ACRL) and related directory storage guidance.
• Minor updates to directory schema components (object classes, attribute types, matching rules) used to store PKI/PMI objects.
• Corrections and small editorial fixes to ASN.1 modules and associated identifiers to reduce ambiguity for implementers.
• Improved guidance on extensibility mechanisms and use of extensions in certificates and revocation constructs.
• Interoperability and conformance notes to aid implementers of certificate authorities (CAs), attribute authorities and directory servers.

Typical use and users

Implemented by certificate authority and attribute authority vendors, directory and identity management product developers, security architects, systems integrators, and organizations deploying PKI/PMI solutions. Typical uses include certificate issuance and lifecycle management, directory publication of certificate and revocation data, integration of directory services with authentication and authorization systems, and ensuring consistent storage and retrieval of certificate‑related data in X.500/LDAP directory deployments.

Related standards

Key related documents and families include the broader ISO/IEC 9594 (X.500) series, the ITU‑T X.509 Recommendation (public‑key and attribute certificate frameworks), and relevant Internet standards for PKI such as RFC 5280 (profile for X.509 certificates) and RFC 5755 (attribute certificates profile). Implementers should consult the other parts of the 9594 series for directory models, protocols and schema details when integrating certificate frameworks into directory services.

Keywords

X.509, public‑key certificate, attribute certificate, PKI, PMI, CRL, ACRL, directory services, X.500, ASN.1, certificate revocation, directory schema, interoperability.

FAQ

Q: What is this standard?

A: It is Amendment 1 (2025) to ISO/IEC 9594‑8:2020, the part of the X.500/Directory series that defines public‑key and attribute certificate frameworks (commonly associated with X.509 certificate formats).

Q: What does it cover?

A: The amendment provides miscellaneous enhancements and clarifications to the 2020 edition's frameworks for public‑key certificates, attribute certificates, and their revocation mechanisms, plus related directory schema and ASN.1 representation guidance to improve interoperability.

Q: Who typically uses it?

A: Certificate authority and attribute authority vendors, directory server and identity management product developers, security architects and engineers, and any organization that publishes or consumes certificate and revocation data from directory services.

Q: Is it current or superseded?

A: The amendment was published in May 2025 and updates ISO/IEC 9594‑8:2020 (the 2020 edition). The base standard (ISO/IEC 9594‑8:2020, published November 2020) remains the normative edition; this amendment is a current published update to that edition.

Q: Is it part of a series?

A: Yes — it is Part 8 of the ISO/IEC 9594 series (the X.500/Directory family). Implementers should also consider other parts of the 9594 series and the ITU‑T X.500/X.509 recommendations for full context.

Q: What are the key keywords?

A: X.509, public‑key certificate, attribute certificate, PKI, PMI, CRL, ACRL, directory, X.500, ASN.1, certificate revocation.