ISO IEC ISP 15125-7-1998 PDF

Full title and description

Information technology — International Standardized Profiles ADYnn — OSI Directory — Part 7: ADY43 — DSA to DSA Authentication. This International Standardized Profile specifies authentication mechanisms and related operational requirements for Directory System Agents (DSAs) communicating with other DSAs in the OSI Directory environment (ADY43).

Abstract

Part 7 (ADY43) of ISO/IEC ISP 15125 defines profiles and procedures for DSA-to-DSA authentication within the OSI Directory framework. It covers conformance rules, authentication procedures (including two-way authentication and strong authentication during bind), handling of random numbers, use of Distinguished Encoding Rules (DER), certificate handling, signed operations and merging of signed results, access-control identity issues, and relevant error handling. The document includes normative annexes such as a Profiles Requirements List and an informative annex on commonly used algorithms.

General information

• Status: Withdrawn.
• Publication date: November 1998 (Edition 1, published 1998-11; implementation dates shown by national bodies vary).
• Publisher: International Organization for Standardization (ISO) / IEC (joint technical committee ISO/IEC JTC 1).
• ICS / categories: 35.100.05 (Multilayer applications / Directory and distributed applications).
• Edition / version: Edition 1 (1998).
• Number of pages: 46 pages (printed edition).

Scope

This part of ISO/IEC ISP 15125 describes standardized profiles for DSA-to-DSA authentication in the OSI Directory family (ADY43). It positions the authentication profiles within the overall ISP 15125 taxonomy for Directory usage, specifies conformance and static requirements, and defines procedural details required to achieve interoperable DSA authentication (including protected and unprotected authentication modes, certificate use, signed operations and merging of signed results). The scope is limited to authentication and related operational profiles for inter‑DSA exchanges, not being a general directory data schema standard.

Key topics and requirements

• Two-way and strong authentication procedures between DSAs (including bind-time authentication profiles).
• Requirements for random-number generation and use in authentication exchanges.
• Use of Distinguished Encoding Rules (DER) and ASN.1 encodings where required.
• Definitions of simple unprotected, simple protected, and strong authentication modes for DSA interactions.
• Signed Directory Service Protocol (DSP) and DISP operations, signed-results merging rules, and error‑handling expectations.
• Certificate handling rules and access-control identity considerations for distributed directory operations.
• Conformance criteria and a normative Profiles Requirements List provided as an annex.

Typical use and users

Implementers and vendors of OSI Directory servers (DSAs), integrators building interoperable directory infrastructures using OSI protocols, security architects specifying inter-DSA authentication, test laboratories producing PICS/PAS for directory conformance, and standards librarians referencing historical OSI directory profiles. Although the OSI Directory family is now largely of historical or niche interest in many deployments, the standard remains relevant for legacy OSI/X.500 Directory implementations and formal conformance/testing activities.

Related standards

Part of the ISO/IEC ISP 15125 ADYnn series (other parts include ADY11–ADY71 covering DUA/DSA support, authentication roles, access control and shadowing). It also relates to X.500 / ISO/IEC 9594 Directory standards and to ASN.1/DER encoding standards (ISO/IEC 8825 series), and to related ROSE/ROSE-based shadowing and remote-operations standards referenced in the document. See the ISP 15125 part list and normative references for cross-references.

Keywords

DSA-to-DSA authentication, ADY43, ISP 15125-7, OSI Directory, X.500, Directory Service Agent, authentication profiles, ASN.1, DER, certificates, signed DSP/DISP operations, access-control identity.

FAQ

Q: What is this standard?

A: ISO/IEC ISP 15125-7:1998 (ADY43) is an International Standardized Profile that specifies DSA-to-DSA authentication profiles and related operational requirements within the OSI Directory (X.500) family.

Q: What does it cover?

A: It covers conformance requirements and procedures for inter‑DSA authentication, including two-way and strong authentication methods, handling of random numbers and DER encodings, signed operations, certificate usage, error handling, and annexed profile requirement lists.

Q: Who typically uses it?

A: Directory server (DSA) implementers and vendors, integrators of OSI/X.500 directories, security architects for directory environments, and test labs concerned with conformance to ISP 15125 profiles.

Q: Is it current or superseded?

A: The standard is listed by ISO as Withdrawn (Edition 1, 1998). National and vendor catalogues show withdrawal/retirement dates in practice (for example some national bodies list withdrawal from 19 May 2009 while vendor catalogues show other administrative withdrawal dates). For authoritative lifecycle status consult ISO and your national standards body.

Q: Is it part of a series?

A: Yes — ISO/IEC ISP 15125 is a multi‑part International Standardized Profile series for ADYnn (OSI Directory). Part 7 is ADY43; other parts cover DUA support, DSA support, authentication roles, access control and shadowing (ADY11, ADY12, ADY21, ADY22, ADY41, ADY42, ADY44, ADY45, ADY51–ADY71, etc.).

Q: What are the key keywords?

A: DSA, DAP, ADY43, ISP 15125-7, OSI Directory, authentication, ASN.1, DER, certificates, signed operations, access control.