AS 4019.

8—1992
ISO/IEC 9594-8:1990

Australian Standard
This is a free 6 page sample. Access the full version at http://infostore.saiglobal.com.

Information technology—
Open Systems Interconnection—
The Directory

Part 8: Authentication framework

 This Australian Standard was prepared by Committee IT/1, Information Systems—
Interconnection. It was approved on behalf of the Council of Standards Australia on
2 March 1992 and published on 16 April 1992.

The following interests are represented on Committee IT/1:

AUSSAT
Australian Association of Permanent Building Societies
Australian Bankers’ Association
This is a free 6 page sample. Access the full version at http://infostore.saiglobal.com.

Australian Bureau of Statistics

Australian Committee of Directors and Principals
Australian Computer Society
Australian Computer Users Association
Australian Information Industry Association
Australian Telecommunications Users Group
Australian Vice Chancellors Committee
Confederation of Australian Industry
CSIRO—Institute of Information and Communication Technologies
Department of Defence
Department of Industry, Technology and Commerce
Information Exchange Steering Committee
Life Insurance Federation of Australia
OTC
Standards Association of New Zealand
Telecom Australia

Review of Australian Standards. To keep abreast of progress in industry, Australian Standards are subject
to periodic review and are kept up to date by the issue of amendments or new editi ons as necessary. It is
important therefore that Standards users ensure that they are in possession of the latest edit ion, and any
amendments thereto.
Full details of all Australi an Standards and related publi cati ons wil l be found in the Standards Australia
Catalogue of Publications; this informati on is supplemented each month by the magazine ‘The Australi an
Standard’, which subscribing members receive, and which gives detail s of new publications, new edit ions
and amendments, and of withdrawn Standards.
Suggesti ons for improvements to Australian Standards, addressed to the head offi ce of Standards Australi a,
are welcomed. Notif ication of any inaccuracy or ambiguit y found in an Australi an Standard should be made
without delay in order that the matter may be investigated and appropriate action taken.
 AS 4019.8—1992

Australian Standard
This is a free 6 page sample. Access the full version at http://infostore.saiglobal.com.

Information technology—
Open Systems Interconnection—
The Directory

Part 8: Authentication framework

First publi shed as AS 4019.8—1992.

PUBLISHED BY STANDARDS AUSTRALIA

(STANDARDS ASSOCIATION OF AUSTRALIA)
1 THE CRESCENT, HOMEBUSH, NSW 2140
ISBN 0 7262 7434 8
 2

PREFACE
This Standard was prepared by the Standards Australia Committee on Information Systems—
Interconnection. It is identical with and has been reproduced from ISO/IEC 9594-8:1990, Information
technology—Open Systems Interconnection—The Directory—Part 8: Authentication framework.
Technical Corrigendum 1 is found at the end of this Standard. Text affected by this Corrigendum is
marked by a marginal bar.
The Standard is one of a series of Open Systems Interconnection (OSI) Standards which are currently
under development. Since OSI Standards are developmental, there may be some minor difficulties
encountered in their implementation. For this reason, Standards Australia will be providing, through
the OSI Help Desk, a service to coordinate and disseminate information concerning difficulties which
are identified in using this Standard.
Under arrangements made between Standards Australia and the international Standards bodies, ISO
and IEC, as well as certain other Standards organizations, users of this Australian Standard are advised
of the following:
(a) Copyright is vested in Standards Australia.
This is a free 6 page sample. Access the full version at http://infostore.saiglobal.com.

(b) The number of this Standard is not reproduced on each page; its identity is shown only on the
cover and title pages.
For the purpose of this Australian Standard, the ISO/IEC text should be modified as follows:
(i) Terminology The words ‘Australian Standard’ should replace the words ‘International Standard’
wherever they appear.
(ii) References The references to International Standards should be replaced by references to
Australian Standards as follows:
Reference to International Australian Standard
Standard
or other publication
ISO/IEC AS
7498 Information Processing Systems—Open 2777 Information processing systems—Open
Systems Interconnection—Basic Refer- Systems Interconnection—Basic refer-
ence Model ence model
7498-2 Part 2: Security Architecture 2777.2 Part 2: Security architecture
ISO
8824 Information Technology—Open Systems 3625 Information technology—Open Systems
Int erconnect i on— S peci fi cati ons of Int erconnection—Specifi cati on of
Abstract Syntax Notation One (ASN.1) Abstract Syntax Notation One (ASN.1)
8825 Information Technology—Open Systems 3626 Information technology—Open Systems
Interconnection—Specification of Basic Interconnection—Specification of basic
Encoding rules for Abstract Syntax encoding for Abstract Syntax Notation
Notation One (ASN.1) One (ASN.1)
10021 Information Technology—Text Com- — Information technology—Text com-
munication—Message Oriented Inter- munication—Message oriented text
change System (MOTIS) interchange systems
10021-3 Part 3: Abstract Service Definition — Part 3: Abstract service definition
Conventions conventions

 Copyri ght STANDARDS AUSTRALIA

Users of Standards are reminded that copyri ght subsists in all Standards Australi a publications and soft ware. Except where the
Copyri ght Act allows and except where provided for below no publications or soft ware produced by Standards Australi a may be
reproduced, stored in a retri eval system in any form or tr ansmit ted by any means without pri or permission in wri ti ng fr om
Standards Australi a. Permission may be conditi onal on an appropri ate royalty payment. Requests for permission and informati on on
commercial soft ware royalti es should be dir ected to the head off ice of Standards Australi a.
Standards Austr alia will permit up to 10 percent of the technical content pages of a Standard to be copied for use
exclusively in-house by purchasers of the Standard without payment of a royalty or advice to Standards Austr alia.
Standards Australi a wil l also permit the inclusion of it s copyri ght material in computer software programs for no royalty
payment provided such programs are used exclusively in-house by the creators of the programs.
Care should be taken to ensure that materi al used is from the curr ent editi on of the Standard and that it is updated whenever the
Standard is amended or revised. The number and date of the Standard should therefore be clearly identif ied.
The use of material in pri nt form or in computer soft ware programs to be used commercially, with or wit hout payment, or in
commercial contracts is subject to the payment of a royalty. This policy may be vari ed by Standards Austr alia at any ti me.
 3

CONTENTS
Page

SECTION 1: GENERAL 4
1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Normative references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Definitions .. .. . .. ... . ... .. . .. .. .. . .. ... . ... . .. ... ... .. . .. .. 5
4 Notation and Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
SECTION 2: SIMPLE AUTHENTICATION 6
5 Simple Authentication Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
SECTION 3: STRONG AUTHENTICATION
This is a free 6 page sample. Access the full version at http://infostore.saiglobal.com.

8
6 Basis of Strong Authentication .. .. . .. ... . ... .. . .. .. .. . .. ... . ... . . 8
7 Obtaining a User’s Public Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
8 Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
9 Strong Authentication Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
10 Management of Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Annex A — Security Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Annex B — An Introduction to Public Key Cryptography . . . . . . . . . . . . . . . . . . . . . 20
Annex C — The RSA Public Key Cryptosystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Annex D — Hash Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Annex E — Threats Protected Against by the Strong Authentication Method . . . . . . . . 24
Annex F — Data Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Annex G — Authentication Framework in ASN. 1 . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Annex H — Reference Definition of Algorithm Object Identifiers . . . . . . . . . . . . . . . 29
 AUSTRALIAN STANDARD
Information technology—Open Systems
Interconnection—The Directory
Part 8:
Authentication framework
SECTION 1: GENERAL
1 Scope
1.1 This part of ISO/IEC 9594:
· specifies the form of authentication information held
This is a free 6 page sample. Access the full version at http://infostore.saiglobal.com.
by the Directory;
· describes how authentication information may be
obtained from the Directory;
· states the assumptions made about how
authentication information is formed and placed in
the Directory;
· defines three ways in which applications may use
this authentication information to perform
authentication and describes how other security
services may be supported by authentication.
1.2 This part of ISO/IEC 9594 describes two levels of
authentication: simple authentication, using a password as
a verification of claimed identity; and strong authentication,
involving credentials formed using cryptographic
techniques. While simple authentication offers some limited
protection against unauthorized access, only strong
authentication should be used as the basis for providing
secure services. It is not intended to establish this as a
general framework for authentication, but it can be of
general use for applications which consider these techniques
adequate.
1.3 Authentication (and other security services) can only
be provided within the context of a defined security policy.
It is a matter for users of an application to define their own
security policy which may be constrained by the services
provided by a standard.
1.4 It is a matter for standards defining applications which
use the authentication framework to specify the protocol
exchanges which need to be performed in order to achieve
authentication based upon the authentication information
obtained from the Directory. The protocol used by
applications to obtain credentials from the Directory is the
Directory Access Protocol (DAP), specified in
ISO/IEC 9594-5.
1.5 The strong authentication method specified in this
part of ISO/IEC 9594 is based upon public-key
cryptosystems. It is a major advantage of such systems that
user certificates may be held within the Directory as
attributes, and may be freely communicated within the
Directory System and obtained by users of the Directory in
COPYRIGHT
4
the same manner as other Directory information. The user
certificates are assumed to be formed by ‘off-line’ means,
and placed in the Directory by their creator. The generation
of user certificates is performed by some offline
Certification Authority which is completely separate from
the DSAs in the Directory. In particular, no special
requirements are placed upon Directory providers to store
or communicate user certificates in a secure manner.
A brief introduction to public-key cryptography can be
found in annex B.
1.6 In general, the authentication framework is not
dependent on the use of a particular cryptographic
algorithm, provided it has the properties described in 6.1.
Potentially a number of different algorithms may be used.
However, two users wishing to authenticate shall support
the same cryptographic algorithm for authentication to be
performed correctly. Thus, within the context of a set of
related applications, the choice of a single algorithm will
serve to maximize the community of users able to
authenticate and communicate securely. One example of a
public key cryptographic algorithm can be found in
Annex C.
1.7 Similarly, two users wishing to authenticate shall
support the same hash function (see 3.3f) (used in forming
credentials and authentication tokens). Again, in principle,
a number of alternative hash functions could be used, at the
cost of narrowing the communities of users able to
authenticate. A brief introduction to hash functions together
with one example hash function can be found in annex D.
2 Normative references
The following standards contain provisions which, through
reference in this text, constitute provisions of this part of
ISO/IEC 9594. At the time of publication, the editions
indicated were valid. All standards are subject to revision,
and parties to agreements based on this part of
ISO/IEC 9594 are encouraged to investigate the possibility
of applying the most recent editions of the standards listed
below. Members of IEC and ISO maintain registers of
currently valid International Standards.
7498-2: 1987, Information Processing Systems —
Open Systems Interconnection—
 This is a free preview. Purchase the entire publication at the link below:

AS 4019.8-1992, Information technology - Open

Systems Interconnection - The Directory
Authentication framework
This is a free 6 page sample. Access the full version at http://infostore.saiglobal.com.

Looking for additional Standards? Visit SAI Global Infostore

Subscribe to our Free Newsletters about Australian Standards® in Legislation; ISO, IEC, BSI and more
Do you need to Manage Standards Collections Online?
Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation
Do you want to know when a Standard has changed?
Want to become an SAI Global Standards Sales Affiliate?

Learn about other SAI Global Services:

LOGICOM Military Parts and Supplier Database

Metals Infobase Database of Metal Grades, Standards and Manufacturers
Materials Infobase Database of Materials, Standards and Suppliers
Database of European Law, CELEX and Court Decisions

Need to speak with a Customer Service Representative - Contact Us