Reference number of working document: ISO/IEC JTC1 SC32 WG2N0727

Date: 2004-11-11

Reference number of document: ISO/IEC WD1 19773-12
[Release Sequence #1]

Committee identification: ISO/IEC JTC1 SC32 WG2

SC32 Secretariat: US

Information technology— Metadata Modules (MM) —
Part12: Data structure for entity-person-group (EPG) security credentials data

Document type: International standard

Document subtype: if applicable

Document stage: (20) Preparatory

Document language: E

Warning

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.

ISO/IEC WD119773-12 [Release Sequence #1]

Copyright notice

This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards development process is permitted without prior permission from ISO, neither this document nor any extract from it may be reproduced, stored or transmitted in any form for any other purpose without prior written permission from ISO.

Requests for permission to reproduce this document for the purpose of selling it should be addressed as shown below or to ISO’s member body in the country of the requester:

ISO copyright office

Case postale 56

CH-1211 Geneva 20

Tel. +41 22 749 01 11

Fax +41 22 749 09 47

E-mail

Web

Reproduction for sales purposes may be subject to royalty payments or a licensing agreement.

Violators may be prosecuted.

ContentsPage

Foreword

Introduction

1Scope

2Normative references

3Terms and definitions

4Functional capabilities

5Conceptual model and object model

5.1General

5.2security_credentials_data

5.3event_localized_security_credentials_data

5.4security_credential_element

6Computational semantics and datatypes

6.1General

6.2security_credentials_data

6.3event_localized_security_credentials_data

6.4security_credential_element

7Bindings

8Conformance

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IECDirectives, Part2.

The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75% of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/IEC1977312 was prepared by Technical Committee ISO/IEC JTC1, Information Technology, Subcommittee SC32, Data Management and Interchange.

ISO/IEC19773 consists of the following parts, under the general title Information technology— Metadata Modules (MM):

Part01: Framework

Part02: Data structure for reference-or-literal (reflit)

Part03: Data structure for internationalized/localized multivalue/multidata

Part04: Data structure for internationalized/localized multistring/multitext

Part05: Data structure for designation-kind-value (DKV) tuple

Part06: Data structure for unstructured array of designation-kind-value (DKV) tuples

Part07: Data structure and syntax for selections of designation-kind-value (DKV) tuples

Part08: Data structure for UPU postal data

Part09: Data structure for ITU-T E.164 phone number data

Part10: Data structure for who-what-where-when-why-how (W5H) event data

Part11: Data structure for entity-person-group (EPG) contact data

Part12: Data structure for entity-person-group (EPG) security credentials data

Part13: Data structure for entity-person-group (EPG) relationships and grouping data

Part14: Profile of global and local references

Part15: Data structure for profile of spatiotemporal data

Part16: Data structure for workflow data

Part17: Data structure for references to workflow data

Part18: Data structure for datatypes and object classifiers

Part19: Profile of document descriptive data based upon ISO 15836 Dublin Core metadata

Part20:Data structure for concept description

Part21: Profile of concept system based upon ISO/IEC 13250 topic maps

Part22: Profile of terminological data based upon ISO 12620 terminological data categories

Part23: Data structure for digitally signed elements

Partxx: xxx

Introduction

The ISO/IEC 19773 series of standards specify small modules of data that be used or reused in applications. These modules are intended to harmonize with current and future versions of the ISO/IEC 11179 series that specifies metadata registries.

Part 12 is the data structure, a container, that contains security credentials. Specific security methods and techniques are not defined in this International Standard, but are specified elsewhere.

© ISO2004– All rights reserved / 1

ISO/IEC WD119773-12 [Release Sequence #1]

Information technology— Metadata Modules (MM) —
Part12: Data structure for entity-person-group (EPG) security credentials data

Editor's Note: Each part of 19773 is marked with a common sequence number ("[Release Sequence #N]") to indicate they are synchronized and harmonized among themselves. The mark "[Release Sequence #N]" does not imply that there are a complete set of N-1 prior drafts.

1Scope

This Part provides the description of the data structure for security credentials data. This International Standard does not define specific security methods, but specifies a container structure for storing credentials and parameters with security methods (e.g., access control and authentication mechanisms).

2Normative references

The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC2832-04:1999, Information technology — Vocabulary — Part 4: Organization of data

ISO/IEC11404:—[1], Information technology — General Purpose Datatypes (GPD)

ISO/IEC19773-01:—[2], Information technology — Metadata Modules (MM) — Part 01: Framework

ISO/IEC19773-03:—[3], Information technology — Metadata Modules (MM) — Part 03: Data structure for internationalized/localized multivalue/multidata

ISO/IEC19773-04:—[4], Information technology — Metadata Modules (MM) — Part 04: Data structure for internationalized/localized multistring/multitext

ISO/IEC19773-10:—[5], Information technology — Metadata Modules (MM) — Part 10: Data structure for who-what-where-when-why-how (W5H) event data

ISO/IEC20944-02:—[6], Information technology — Metadata Interoperability and Bindings (MDIB) — Part 02: Common vocabulary

ISO/IEC20944-03:—[7], Information technology — Metadata Interoperability and Bindings (MDIB) — Part 03: Common provisions for conformance

3Terms and definitions

For the purposes of this document, the following terms, abbreviations, and definitions apply.

3.1

authentication

string consisting solely of characters [ISO/IEC 2382-08:1998]

3.2

character string

string consisting solely of characters [ISO/IEC 2382-04:1999]

3.3

characterstring

ISO/IEC 11404 datatype for representing character strings [ISO/IEC 19773-02]

NOTEThe ISO/IEC 11404 characterstring datatype takes the parameter repertoire that indicates the logical set of characters. Typically, characterstring(iso-10646-1) is be used to portably store text data, i.e., its value will be preserved across all implementations of the datatype.

3.4

metadata module

unit of descriptive data [ISO/IEC 19773-01]

3.5

octet string

string consisting solely of octets [ISO/IEC 19773-02]

3.6

octetstring

ISO/IEC 11404 datatype for representing octet strings [ISO/IEC 19773-02]

NOTEAn octetstring datatype can be used to portably store binary data, i.e., its value will be preserved across all implementations of the datatype.

3.7

reflit

datatype whose value can be accessed directly as a literal value or accessed indirectly via a reference to a value [ISO/IEC 19773-02]

4Functional capabilities

This Clause describes intended capabilities and applications of this Part.

The security_credentials_data data structure contains the elements of security credentials. Multiple set of credentials may be used, depending upon context of use.

EXAMPLE The following is an example is contact data that has two entries: a "business hours" entry (0900 - 1700, Monday - Friday) that describes a phone number (+3311223344) and postal address in France; and an "emergency" entry that contains just a phone number (+3355667788):

person_x_credentials : security_credentials_data =

(

( // credentials for user at "mycompany.com"

( // event data: describes credentials for use at "mycompany.com"

( where_event = ( "domain", 0, "mycompany.com", (), (), (), ), ),

),

( // individual credentials

(

"ssh-public", // kind

"ssh-rsa", // method

( ( (), (), "public key for mycompany.com" ) ), // description

( // public key: value as multidata

( ( (),

data = ( reflit_kind = literal, literal_value =

(

literal_kind = "text",

literal_encoding = "ascii",

literal_bintext = text,

literal_value_as_text = "\

AAAB3NzaC1yc2EAAAABIwAAAIEAuD\

bb6rByKZFxuvLRgtX9f3TR8GY5oT0\

HKMQYdI9sdO/TbSf/+",

) ) ),

),

),

(

"password", // kind

"cleartext", // method

( ( (), (), "login password for mycompany.com" ) ), // description

( // public key: value as multidata

( ( (),

data = ( reflit_kind = literal, literal_value =

(

literal_kind = "text",

literal_encoding = "ascii",

literal_bintext = text,

literal_value_as_text = "swordfish",

) ) ),

),

),

),

5Conceptual model and object model

5.1General

The remainder of this Clause is an object-model description[8] of a security_credentials_data class and related classes. This object model is mapped to binding-independent semantics in Clause 6. The following is the UML object model.


Figure 1: UML presentation of Security Credentials Data

5.2security_credentials_data

The security_credentials_data is comprised of an array of W5H event extents. This class contains the following components.

security_credentials_array : array (0 .. *) event_localized_security_credentials_array: The array of security credentials extents.

5.3event_localized_security_credentials_data

The event_localized_security_credentials_data is comprised of the W5H event data that localizes the security credentials array. This class contains the following components.

event_data : w5h_event_class: The kind of event.[9]

security_credential_array : array (0..*) of security_credential_element: The security credentials.

other_data : multidata: Other data .

5.4security_credential_element

The security_credential_element holds an individual set of security credentials. This class contains the following components.

security_kind : characterstring: This component is this kind of credential.

security_method : characterstring: The security method for this credential.

security_description : multitext: A description of the security kind, method, and credential.

security_component_list : multidata: The data of the credentials itself.

other_data : mutlidata: Other data.

6Computational semantics and datatypes

6.1General

This Clause defines datatypes using ISO/IEC 11404 notation. Provisions embedded in 11404 comments are normative.

EXAMPLE 1The provision "all components optional" written as an 11404 comment means that (normatively) the obligation attribute is "optional" for all data elements contained within the structure.

EXAMPLE 2The provision "all sizes are SPM" written as an 11404 comment means that (normatively) the size values are smallest permitted maximum values

NOTEThroughout this Clause, the abbreviation SPM is used, which means "smallest permissible maximum". The SPM value is intended to give implementers a lower limit on conforming implementations. Applications should not assume that implementations support capabilities beyond the SPM value unless prior arrangements have been made.

6.2security_credentials_data

ISO/IEC 11404 definition

type security_credentials_data = record

(

security_credentials_data_array:

array (0..*) of event_localized_security_credentials_data,

),

Description

See 5.2 for a description of the record and its components.

6.3event_localized_security_credentials_data

ISO/IEC 11404 definition

type event_localized_security_credentials_data = record

(

event_data:

w5h_event_class,

security_credential_array:

array (0..*) of security_credential_element,

),

Description

See 5.3 for a description of the record and its components.

6.4security_credential_element

ISO/IEC 11404 definition

type security_credential_element = record

(

security_kind:

characterstring,

security_method:

characterstring,

security_description:

multitext,

security_component_list:

multidata,

),

Description

See 5.3 for a description of the record and its components.

7Bindings

*** TO BE SUPPLIED ***.

8Conformance

ISO/IEC 20944-03, Clause 4, Conformance, is incorporated by reference.

© ISO2004– All rights reserved / 1

[1]In revision, to be published. See " for the latest draft.

[2]To be published. See " for the latest drafts of the 19773 series.

[3]To be published.

[4]To be published.

[5]To be published.

[6]To be published. See " for the latest drafts of the 20944 series.

[7]To be published.

[8]In this Part, the classes can be considered "plain old data structures". Clause 5 presents the object-model, which is discussed in terms of classes, attributes, and relations. Clause 6 renders maps the object-model into datatypes, components, and subcomponents. While the terms "class" and "datatype" refer to different concepts, in this Part each individual class shares the same concepts with its corresponding datatype.

[9]The w5h_event_class is defined in Part 10.