WPCL 2BJ|x H   X  6p&6p& I  Hh   c4 P  Fascicle VIII.8 Rec. X.519 PAGE1 ~  HH   c4 P PAGE14 Fascicle VIII.8 Rec. X.519 ~ Hh Hp P X`h!(# X  Ё c4 P  The drawings contained in this Recommendation have been done in AUTOCAD  Recommendation X.519 (B c4 P THE DIRECTORY PROTOCOL SPECIFICATIONS    HH ЁЍ)Recomendation X.519 and ISO 95945, The Directory Protocol Specifications, were developed in close collaboration and are technically aligned )  c4 P   H(N c4 P  (Melbourne, 1988) (RCONTENTS 0 Introduction 1 Scope 2 References 3 Definitions  3.1pOSI Reference Model Definitions  3.2pBasic Directory Definitions  3.3pDistributed Operation Definitions 4 Abbreviations 5 Conventions 6 Protocol Overview  6.1pDirectory Protocol Model  6.2pDirectory Access Protocol  6.3pDirectory System Protocol  6.4pUse of Underlying Services 7 Directory Protocol Abstract Syntax  7.1pAbstract Syntaxes  7.2pDirectory Application Service Elements  7.3pDirectory Application Contexts  7.4pErrors 8 Mapping onto Used Services  8.1pMapping onto ACSE  8.2pMapping onto ROSE 9 Conformance  9.1pConformance by DUAs  9.2pConformance by DSAs Annex A ĩ DAP in ASN.1 Annex B ĩ DSP in ASN.1 Annex C ĩ Reference Definition of Protocol Object Identifiers HP X`h!(#Ђ 0X Introduction  H Hp P X`h!(#Ё0.1  This document, together with the others of the series, has been produced to facilitate the interconnection of information processing systems to provide directory services. The set of all such systems, together with the directory information which they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals, and distribution lists.  H 0.2  The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems:   pfrom different manufacturers;   punder different managements;   pof different levels of complexity; and   pof different ages.  Hx 0.3  This Recommendation specifies the application service elements and application contexts for two protocols the Directory Access Protocol (DAP) and the Directory System Protocol (DSP). The DAP provides for access to the Directory to retrieve or modify Directory information. The DSP provides for the chaining of requests to retrieve or modify Directory information to other parts of the distributed Directory System where the information may be held. HP X`h!(#Ђ 1X Scope Hp P X`h!(#Ё This Recommendation specifies the Directory Access Protocol and the Directory System Protocol, fulfilling the abstract services specified in RecommendationsX.511 andX.518. HP X`h!(#Ђ 2X References  H Hp P X`h!(#ЁRecommendation X.200  Open Systems Interconnection Basic Reference Model  H Recommendation X.208  Open Systems Interconnection Specification of Abstract Syntax Notation (ASN.1)  H Recommendation X.209  Open Systems Interconnection Specification of Basic Encoding rules for Abstract Syntax *//`4499>>hCNotation One (ASN.1) Recommendation X.500  The Directory Overview of Concepts, Models and Services Recommendation X.501  The Directory Information Framework Recommendation X.511  The Directory Abstract Service Definition  H Recommendation X.518  The Directory Procedures for Distributed Operation Recommendation X.520  The Directory Selected Attribute Types Recommendation X.521  The Directory Selected Object Classes Recommendation X.219  Remote Operations Model, Notation and Service Definition Recommendation X.229  Remote Operations Protocol Specification  H Recommendation X.217  Open Systems Interconnection Association Control: Service Definition  H Recommendation X.227  Open Systems Interconnection Association Control: Protocol Specification  H Recommendation X.216  Open Systems Interconnection Presentation Layer Service Definition. HP X`h!(#Ђ 3X Definitions  H Hp P X`h!(#Ё The definitions contained in this paragraph make use of the abbreviations defined in 4. HP X`h!(#3.1h  OSI Reference Model definitions Hp P X`h!(# This Recommendation is based on the concepts developed in RecommendationX.200 and makes use of the following terms defined therein:   a)papplicationserviceelement;   b)papplicationprotocolcontrolinformation;   c)papplicationcontroldataunit;   d)papplicationcontext;   e)papplicationentity;   f)pabstractsyntax.  HH HP X`h!(#3.2h  Basic Directory definitions  H Hp P X`h!(# This Recommendation makes use of the following terms defined in Recommendation X.501:   a)pthe Directory;   b)p(Directory) user;   c)pDirectory System Agent (DSA);   d)pDirectory User Agent (DUA).  HH HP X`h!(#3.3h  Distributed Operation definitions  H Hp P X`h!(# This Recommendation makes use of the following terms defined in Recommendation X.518:   a)pchaining;   b)preferral.  HH HP X`h!(#Ђ 4X Abbreviations  _(ƌHp P X`h!(#Ё The following abbreviations are used in this Recommendation:   ACp Application Context   ACSE Association Control Service Element   AEp Application Entity   APCI Application Protocol Control Information   APDU Application Protocol Data Unit   ASEp Application Service Element   DAPpDirectory Access Protocol   DSApDirectory System Agent   DSPp Directory System Protocol   DUApDirectory User Agent   ROSE Remote Operations Service Element. HP X`h!(#Ђ 5X Conventions Hp P X`h!(#Ё The Recommendation makes use of the following conventions:  H   a)pthe abstract syntax definitions in 7 are defined using the abstract syntax notation defined in Recommendation X.208;  H   b)pthe remote operation macros (ROnotation), and the applicationserviceelement and applicationcontext macros are defined in Recommendation X.219;  H   c)pthe words of defined terms and the names and values of service parameters and protocol fields, unless they are proper names, begin with a lowercase letter and are linked by a hyphen thus: definedterm. Proper names begin with an upper case letter and are not linked by a hyphen thus: Proper Name.  HH HP X`h!(#Ђ 6X Protocol Overview 6.1h  Directory Protocol Model  H Hp P X`h!(# Recommendation X.511 defines the abstract service between a DUA and the Directory to support a user accessing Directory services. The Directory is further modelled as being represented by a DSA which supports the particular access point concerned. Recommendation X.518 defines the interactions between a pair of DSAs within the Directory to support user requests which are chained. These concepts are illustrated in Figure1/X.519. K c4 P FIGURE 1/X.519 T070465088  c4 P   When a DUA is in a different open system from a DSA with which it is interacting, these interactions are supported by the Directory Access Protocol (DAP), which is an OSI application layer protocol. Similarly, when a pair of DSAs which are interacting are in different open systems, the interactions are supported by the Directory System Protocol (DSP), which is also in the application layer.  H  Both the DAP and the DSP are protocols to provide communication between a pair of application processes. In the OSI environment this is represented as communication between a pair of application entities (AEs) using the presentation service. The function of an AE is provided by a set of applicationserviceelements (ASEs). The interaction between AEs is described in terms of their use of the services provided by the ASEs. The two ASEs common to both of the directory protocols are summarized in this paragraph.  H  The Remote Operations Service Element (ROSE) supports the request/reply paradigm of the abstract operation that occurs at the ports in the abstract model. The Directory ASEs provide the mapping function of the abstractsyntax notation of the directory abstractservice onto the services provided by the ROSE.  H  The Association Control Service Element (ACSE) supports the establishment and release of an applicationassociation between a pair of AEs. Associations between a DUA and a DSA may be established only by the DUA. Only the initiator of an established association can release it. HP X`h!(#6.2h  Directory Access Protocol Hp P X`h!(# The Directory Access Protocol (DAP) is used to realise the Directory Abstract Service. It comprises three directory specific ASEs in addition to ROSE and ACSE. These are: readASE, searchASE, and modifyASE. They correspond to the readPort, searchPort, and modifyPort of the abstract service. The directoryAccessAC application context identifies the combination of: readASE, searchASE, and modifyASE, aCSE, rOSE. HP X`h!(#6.3h  Directory System Protocol  H Hp P X`h!(# The Directory System Protocol (DSP) is used to realise the functionality of distributed operation described in RecommendationX.518. It comprises three directory specific ASEs in addition to ROSE and ACSE. These are: chainedReadASE , chainedSearchASE , and chainedModifyASE . They correspond to the chainedReadPort, chainedSearchPort , and chainedModifyPort of the abstract service. The directorySystemAC application context identifies the combination of: chainedReadASE , chainedSearchASE , and chainedModifyASE , aCSE , rOSE . HP X`h!(#6.4h  Use of Underlying Services  H Hp P X`h!(# The DAP and DSP protocols make use of underlying services as described below. HP X`h!(# H6.4.1 Use of ROSE services Hp P X`h!(# The Remote Operations Service Element (ROSE) is defined in RecommendationX.219.  The ROSE supports the request/reply paradigm of remote operations.  H  The Directory ASEs are users of the ROINVOKE, RORESULT, ROERROR, ROREJECTU and ROREJECTP services of the ROSE.  H  The remote operations of the DAP and the DSP are Class 2 (asynchronous) operations. Note that as the DUA is a consumer of the DAP it may choose to operate in a synchronous manner.  DAP uses Association Class 1. This means that the DSA cannot invoke operations on the DUA. DSP uses Association Class 3. This means that the responding DSA can invoke operations on the initiating DSA and vice versa. HP X`h!(# H6.4.2 Use of ACSE services Hp P X`h!(# The Association Control Service Element (ACSE) is defined in RecommendationX.217.  The ACSE provides for the control (establishment, release, abort) of applicationassociations between AEs.  H  The Directory Bind and Directory Unbind (or DSA Bind and DSA Unbind) are the sole users of the AASSOCIATE and ARELEASE services of the ACSE in normal mode. The applicationprocess is the user of the AABORT and APABORT services of the ACSE. HP X`h!(# H6.4.3 Use of the Presentation Service Hp P X`h!(# The presentationservice is defined in Recommendation X.216.  The Presentation Layer coordinates the representation (syntax) of the Application Layer semantics that are to be exchanged.  H  In normal mode, a different presentationcontext is used for each abstractsyntax included in the applicationcontext.  H  The ACSE is the sole user of the PCONNECT, PRELEASE, PUABORT and PPABORT services of the presentationservice.  The ROSE is a user of the PDATA service of the presentationservice. HP X`h!(# H6.4.4 Use of Lower Layer Services  H Hp P X`h!(# The sessionservice is defined in Recommendation X.215. The Session Layer structures the dialogue of the flow of information between the endsystems.  H  The Kernel and Duplex functional units of the sessionservice are used by the Presentation Layer.  H  The transportservice is defined in RecommendationX.214. The Transport Layer provides for the endtoend transparent transfer of data over the underlying network connection.  H  The choice of the class of transportservice used by the Session Layer depends on the requirements for multiplexing and error recovery. Support  H for Transport Class 0 (nonmultiplexing) is mandatory. Transport Expedited Service is not used.  H  Support for other classes is optional. A multiplexing class may be used to multiplex the DAP or DSP and other protocols over the same network connection. An error recovery class may be chosen over a network connection with an unacceptable residual error rate.  An underlying network supporting the OSI networkservice defined in RecommendationX.213 is assumed.  A networkaddress is as defined in Recommendation X.121, - RecommendationsE.163/E.164, or Recommendation X.200 (OSI NSAPaddress). HP X`h!(#Ђ 7X Directory Protocol Abstract Syntax 7.1h  Abstract Syntaxes  H Hp P X`h!(# The Directory ASEs specified in 7.2.1, 7.2.3 and 7.2.5 share a single abstract syntax, id as-directory - AccessAS . Those specified in 7.2.2, 7.2.4 and 7.2.6 also share a single abstract syntax id-as-directorySystemAS . In each case, this defines applicationprotocolcontrolinformation (APCI) which, when used in conjunction with the ROSE, defines a set of APDUs. The Directory APDUs are defined by the abstractsyntax of the Directory ASEs and ROSE. These plus the abstractsyntax of ACSE form the complete definition of APDUs used during a Directory association.  The ACSE abstractsyntax idasacse is needed to establish the associations.  H  These abstract syntaxes shall (as a minimum) be encoded according to the ASN.1 Basic Encoding Rules. HP X`h!(#7.2h  Directory Application Service Elements  H Hp P X`h!(# This paragraph specifies the ASEs which are used as "building blocks" in the construction of the various Directory application contexts in 7.3.  Note ĩ These ASEs are used for the construction of the application contexts defined in this Recommendation. They are not intended to allow for claims of conformance to individual, or other combinations of, ASEs. HP X`h!(# H7.2.1 Read ASE  H Hp P X`h!(# The readASE supports the abstractoperations of the readPort , namely Read, Compare, and Abandon , as defined in RecommendationX.511.   readASE  hpAPPLICATIONSERVICEELEMENT  hph pCONSUMER INVOKES  hph  {read, compare, abandon}  hp::= idasereadASE   read  ReadX%::=1   compareP  Compare"X%::=2   abandonP  Abandon"X%::=3  HH HP X`h!(# H7.2.2 Chained Read ASE  H Hp P X`h!(# The chainedReadASE supports the abstractoperation of the ChainedReadPort, i.e. ChainedRead, ChainedCompare and ChainedAbandon , as defined in RecommendationX.518.   chainedReadASE  hpAPPLICATIONSERVICEELEMENT  hph pOPERATIONS {  hph  chainedRead,  hph  chainedCompare  hph  chainedAbandon}  hp::= idasechainedReadASE   chainedRead  X%ChainedRead0`449::=1   chainedCompare ChainedCompare.`4::=2   chainedAbandon ChainedAbandon.`4::=3  HH HP X`h!(# H7.2.3 Search ASE  H Hp P X`h!(# The searchASE supports the abstractoperations of the SearchPort, namely List and Search, as defined in RecommendationX.511.   searchASE  hpAPPLICATIONSERVICEELEMENT  hph pCONSUMER INVOKES { list, search}  hp::= idasesearchASE}   list  ListX%%**/::=4   search Search ::=5  HH HP X`h!(# H7.2.4 Chained Search ASE Hp P X`h!(# The chainedSearchASE supports the abstractoperations of the ChainedSearchPort, namely ChainedList and ChainedSearch, as defined in RecommendationX.518. chainedSearchASE  hpAPPLICATIONSERVICEELEMENT  hph pOPERATIONS {  hph  chainedList, chainedSearch}  hp::= idasechainedSearchASE  chainedList  X%ChainedList0`449::=4  chainedSearch X%ChainedSearch2`449::=5 HP X`h!(# H7.2.5 Modify ASE  H Hp P X`h!(# The modifyASE supports the abstractoperations of the ModifyPort , namely AddEntry , RemoveEntry , ModifyEntry , and ModifyRDN , as defined in RecommendationX.511.   modifyASE  hpAPPLICATIONSERVICEELEMENT  hph pCONSUMER INVOKES  hph  {addEntry, removeEntry,  hph  modifyEntry, modifyRDN}  hp::= idasemodifyASE   addEntry  AddEntry(*::=6   removeEntry  RemoveEntry+/::=7   modifyEntry  ModifyEntry+/::=8   modifyRDN  ModifyRDN)/::=9  HH HP X`h!(# H7.2.6 Chained Modify ASE Hp P X`h!(# The chainedModifyASE supports the abstractoperations of the ChainedModifyPort , namely ChainedAddEntry , ChainedRemoveEntry , ChainedModifyEntry and ChainedModifyRDN , as defined in RecommendationX.518.   chainedModifyASE  hpAPPLICATIONSERVICEELEMENT  hph pOPERATIONS  hph  {chainedAddEntry,  hph   chainedRemoveEntry,  hph   chainedModifyEntry,  hph   chainedModifyRDN}  hp::= idasechainedModifyASE   chainedAddEntry ChainedAddEntry/`4::= 6   chainedRemoveEntryX%ChainedRemoveEntry79::= 7   chainedModifyEntryX%ChainedModifyEntry79::= 8   chainedModifyRDN ChainedModifyRDN0`4::= 9 HP X`h!(#7.3h  Directory Application Contexts  H7.3.1 Directory Access Application Context  H Hp P X`h!(# The directoryAccessAC allows the DUA to access the operations of the following ASEs: readASE , searchASE , modifyASE .   directoryAccessAC  hpAPPLICATIONCONTEXT  hph pAPPLICATION SERVICE ELEMENTS  hph  {aCSE}  hph pBIND DirectoryBind  hph pUNBIND DirectoryUnbind  hph pREMOTE OPERATIONS {rOSE}  hph pINITIATOR CONSUMER OF {  hph  readASE,  hph  searchASE,  hph  modifyASE}  hph pABSTRACT SYNTAXES {  hph  idasacse,  hph  idasdirectoryAccessAS}  hp::= idacdirectoryAccessAC  HH HP X`h!(# H7.3.2 Directory System Application Context  H Hp P X`h!(# The directorySystemAC allows DSAs to communicate for the purpose of chaining operations.   directorySystemAC  hpAPPLICATIONCONTEXT  hph pAPPLICATION SERVICE ELEMENTS  hph  {aCSE}  hph pBIND DSABind  hph pUNBIND DSAUnbind  hph pREMOTE OPERATIONS {rOSE}  hph pOPERATIONS OF  hph  {chainedReadASE,  hph  chainedSearchASE,  hph  chainedModifyASE}  hph pABSTRACT SYNTAXES {  hph  idasacse,  hph  idasdirectorySystemAS}   ::=p idacdirectorySystemAC  HH HP X`h!(#7.4h  Errors  H Hp P X`h!(# Corresponding to each abstracterror defined in the Abstract Service is an error value which may be conveyed by the protocol. The assignments follow:   abandoned  X%Abandoned.`4::= 5   attributeError X%AttributeError39::= 1   nameError  X%NameError.`4::= 2   referral  X%%*Referral2`4::= 4   securityError X%SecurityError2`4::= 6   serviceError  X%ServiceError1`4::= 3   updateError  X%UpdateError0`4::= 8   dSAReferral  X%DSAReferral0`4::= 9   abandonFailed X%AbandonFailed2`4::= 7  HH HP X`h!(#Ђ8X Mapping onto Used Services  H Hp P X`h!(#Ё This paragraph defines the mapping of the DAP and DSP onto the used services. HP X`h!(#8.1h  Mapping onto ACSE  H Hp P X`h!(# This paragraph defines the mapping of the abstractbind (DirectoryBind or DSABind) and abstractunbind (DirectoryUnbind or DSAUnbind) services onto the services of the ACSE. The ACSE is defined in Recommendation X.217. HP X`h!(# H8.1.1 Abstractbind onto AASSOCIATE  H Hp P X`h!(# The abstractbind service is mapped onto the AASSOCIATE service of the ACSE. The use of the parameters of the AASSOCIATE service is qualified in the following subparagraphs. HP X`h!(#HH8.1.1.1Mode  H Hp P X`h!(# This parameter shall be supplied by the initiator of the association in the AASSOCIATE request primitive, and shall have the value "normal mode". HP X`h!(#HH8.1.1.2Application Context Name Hp P X`h!(# The initiator of the association shall propose either the directoryAccessAC or the directorySystemAC applicationcontext. HP X`h!(#HH8.1.1.3User information  H Hp P X`h!(# The mapping of the bindoperation of the abstractbind service onto the User Information parameters of the AASSOCIATE request primitive is defined in RecommendationX.219. HP X`h!(#HH8.1.1.4Presentation Context Definition List  H Hp P X`h!(# The initiator of the association shall supply the Presentation Context Definition List in the AASSOCIATE request primitive which shall contain the ACSE abstractsyntax (idasacse) and either the DAP abstractsyntax ( id-as - directoryAccessAS ) or the DSP abstractsyntax ( idas directorySystemAS ). HP X`h!(#HH8.1.1.5Quality of service  H Hp P X`h!(# This parameter shall be supplied by the initiator of the association in the AASSOCIATE request primitive, and by the responder of the association in the AASSOCIATE response primitive. The parameters "Extended Control" and "Optimized Dialogue Transfer" shall be set to "feature not desired". The remaining parameters shall be such that default values are used. HP X`h!(#HH8.1.1.6Session requirements  H Hp P X`h!(# This parameter shall be set by the initiator of the association in the AASSOCIATE request primitive, and by the responder of the association in the  H AASSOCIATE response primitive. The parameter shall be set to specify the following functional units: -Ԍ  a)pKernel;   b)pDuplex.  HH HP X`h!(#HH8.1.1.7Application Entity Title and Presentation Address  H Hp P X`h!(# These parameters shall be supplied by the initiator and the responder of the association (Application Entity Title is optionally supplied). For a  H DUA establishing an association for an initial request, these parameters are obtained from locally held information.  H  For a DUA (or DSA) establishing an association with a DSA to which it has been referred, these parameters are obtained from the AccessPoint value of  H a ContinuationReference. For a DSA establishing an association, this parameter is obtained from its Knowledge Information, i.e. an external reference. HP X`h!(# H8.1.2 Abstractunbind onto ARELEASE  H Hp P X`h!(# The abstractunbind service is mapped onto the ARELEASE service of the ACSE. The use of the parameters of the ARELEASE service is qualified in the following subparagraph. HP X`h!(#HH8.1.2.1Result Hp P X`h!(# This parameter shall have the value "affirmative". HP X`h!(# H8.1.3 Use of AABORT and APABORT services  H Hp P X`h!(# The applicationprocess is the user of the AABORT and APABORT services of the ACSE. HP X`h!(#8.2h  Mapping onto ROSE  H Hp P X`h!(# The Directory ASE services are mapped onto the ROINVOKE, RORESULT, ROERROR, RO-REJECT-Uand ROREJECTP services of the ROSE. The mapping of the abstractsyntax notation of the Directory ASEs onto the ROSE services is as defined in Recommendation X.219. HP X`h!(#Ђ 9X Conformance Hp P X`h!(#Ё This paragraph defines the requirements for conformance to this Recommendation. HP X`h!(#9.1h  Conformance by DUAs  H Hp P X`h!(# A DUA implementation claiming conformance to this Recommendation shall satisfy the requirements specified in 9.1.1 to 9.1.3. HP X`h!(# H9.1.1 Statement requirements Hp P X`h!(# The following shall be stated:  H   a)pthe operations of the directoryAccessAC applicationcontext that the DUA is capable of invoking for which conformance is claimed; and  H   b)pthe securitylevel(s) for which conformance is claimed (none, simple, strong).  HH HP X`h!(# H9.1.2 Static requirements Hp P X`h!(# A DUA shall:  H   a)phave the capability of supporting the directoryAccessAC applicationcontext as defined by its abstract syntax in 7.  HH HP X`h!(# H9.1.3 Dynamic requirements Hp P X`h!(# A DUA shall:   a)pconform to the mapping onto used services defined in 8. HP X`h!(#9.2h  Conformance by DSAs  H Hp P X`h!(# A DSA implementation claiming conformance to this Recommendation shall satisfy the requirements specified in 9.2.1 to 9.2.3. HP X`h!(# H9.2.1 Statement requirements Hp P X`h!(# The following shall be stated:  Hh   a)pthe applicationcontexts for which conformance is claimed: directoryAccessAC, directorySystemAC, or both. If a DSA is such that knowledge of it has been disseminated causing knowledge references to the DSA to be held by other DSA(s) outside of its own DMD, then it shall claim conformance to the directorySystemAC;  H  Note ĩ An application context shall not be divided, except as stated herein: in particular, conformance may not be claimed to particular ports or operations.  H   b)pwhether or not the DSA is capable of acting as a firstlevel DSA, as defined in Recommendation X.518;  H   c)pif conformance is claimed to the directorySystemAC applicationcontext, whether or not the chained mode of operation is supported, as defined in RecommendationX.518;  H   d)pthe securitylevel(s) for which conformance is claimed (none, simple, strong);  H   e)pthe selected attribute types defined in RecommendationX.520 and any other attribute types, for which conformance is claimed; and  H   f)pthe selected object classes defined in RecommendationX.521 and any other object classes, for which conformance is claimed.  HH HP X`h!(# H9.2.2 Static requirements Hp P X`h!(# A DSA shall:  H   a)phave the capability of supporting the applicationcontexts for which conformance is claimed as defined by their abstract syntax in 7;  H   b)phave the capability of supporting the information framework defined by its abstract syntax in RecommendationX.501;   c)pconform to the minimal knowledge requirements defined in RecommendationX.518;  H   d)pif conformance is claimed as a firstlevel DSA, conform to the requirements for support of the root context, as defined in RecommendationX.518;  H   e)phave the capability of supporting the attribute types for which conformance is claimed as defined by their abstract syntaxes; and  H   f)phave the capability of supporting the object classes for which conformance is claimed, as defined by their abstract syntaxes.  HH HP X`h!(# H9.2.3 Dynamic requirements Hp P X`h!(# A DSA shall:  H   a)pconform to the mapping onto used services defined in 8 of this Recommendation;  H   b)pconform to the procedures for distributed operation of the Directory related to referrals, as defined in RecommendationX.518;  H   c)pif conformance is claimed to the directoryAccessAC applicationcontext, conform to the procedures of RecommendationX.518 as they relate to the referral mode of the DAP;  H   d)pif conformance is claimed to the directorySystemAC applicationcontext, conform to the referral mode of interaction, as defined in RecommendationX.518;  H   e)pif conformance is claimed to the chained mode of interaction, conform to the chained mode of interaction, as defined in RecommendationX.518.  H  Note ĩ Only in this case is it necessary for a DSA to be capable of invoking operations using the directorySystemAC.  HH Ђ8O c4 P ANNEX A 8F c4 P (to Recommendation X.519) 8L DAP in ASN.1  This Annex is part of the Recommendation.  H  This Annex includes all of the ASN.1 type and value definitions contained in this Recommendation in the form of the ASN.1 module, DirectoryAccessProtocol.  H   DirectoryAccessProtocol {jointisoccitt ds(5) modules(1) dap(11)}   DEFINITIONS ::=   BEGIN   EXPORTS  hpdirectoryAccessAC, readASE, searchASE, modifyASE;   IMPORTS  hpabstractService  hpFROM  UsefulDefinitions  H  hph  {jointisoccitt ds(5) modules(1) usefulDefinitions(0)}  hpAPPLICATIONSERVICEELEMENT, APPLICATIONCONTEXT, aCSE  hpFROM  RemoteOperationsNotationextension -ƌ H  hph  {jointisoccitt remoteOperations(4) notationextension(2)}  hpidacdirectoryAccessAC, idasereadASE, idasesearchASE,  hpidasemodifyASE, idasdirectoryAccessAS, idasacse  hpFROM  ProtocolObjectIdentifiers  hph  {jointisoccitt ds(5) modules(1)  hph  protocolObjectIdentifiers(4)}  HX  hpDirectoryBind, DirectoryUnbind, Read, Compare, Abandon, List,  H  Search, AddEntry, RemoveEntry, ModifyEntry, ModifyRDN, Abandoned, AbandonFailed, AttributeError, NameError, Referral, SecurityError, ServiceError,  hpUpdateError  hpFROM  DirectoryAbstractService  hph  directoryAbstractService;   Application Contexts   directoryAccessAC  hpAPPLICATIONCONTEXT  hph pAPPLICATION SERVICE ELEMENTS {aCSE}  hph pBIND DirectoryBind  hpUNBIND DirectoryUnbind  hph pREMOTE OPERATIONS {rOSE}  hph INITIATOR CONSUMER OF {readASE, searchASE, modifyASE}  hph pABSTRACT SYNTAXES {  hph idasacse, idasdirectoryAccessAS}  hp ::= idacdirectoryAccessAC   Read ASE   readASE  hpAPPLICATIONSERVICEELEMENT  hph pCONSUMER INVOKES {read, compare, abandon}  hp::= idasereadASE   Search ASE   searchASE  hpAPPLICATIONSERVICEELEMENT  hph pCONSUMER INVOKES {list, search}  hp::= idasesearchASE   Modify ASE   modifyASE  hpAPPLICATIONSERVICEELEMENT  hph pCONSUMER INVOKES  hph  {addEntry, removeEntry,  hph   modifyEntry, modifyRDN}  p::= idasemodifyASE   ĩ Remote Operations   read   X%Read)//`449::=1   compareP   X%Compare,//`4::=2   abandonP   X%Abandon,//`4::=3   list   X%%*List.`4499>::=4   search   X%Search+//`449::=5   addEntry  X%AddEntry-//`4::=6   removeEntry  X%RemoveEntry0`449::=7   modifyEntry  X%ModifyEntry0`449::=8   modifyRDN  X%ModifyRDN.`449::=9   Remote Errors   attributeError X%AttributeError399>::=1   nameError  X%NameError.`449::=2   serviceError  X%ServiceError1`449::=3   referral  X%%*Referral2`449::=4   abandoned  X%Abandoned.`449::=5   securityError X%SecurityError2`449::=6   abandonFailed X%AbandonFailed2`449::=7   updateError  X%UpdateError0`449::=8   END  HH Ђ8O c4 P ANNEX B 8F c4 P (to Recommendation X.519) 8L DSP in ASN.1  This Annex is part of the Recommendation.  H  This Annex includes all of the ASN.1 type and value definitions contained in this Recommendation in the form of the ASN.1 module, DirectorySystemProtocol.  H   DirectorySystemProtocol {jointisoccitt ds(5) modules(1) dsp(12)}   DEFINITIONS ::=   BEGIN   EXPORTS  H  hpdirectorySystemAC, chainedReadASE, chainedSearchASE, chainedModifyASE;   IMPORTS  hpdistributedOperations, directoryAbstractService  hpFROM  UsefulDefinitions  H  hph  {jointisoccitt ds(5) modules(1) usefulDefinitions(0)}   APPLICATIONSERVICEELEMENT, APPLICATIONCONTEXT, aCSE  hpFROM  RemoteOperationsNotationextension  H  hph  {jointisoccitt remoteOperations(4) notationextension(2)}  hpidacdirectorySystemAC, idasechainedReadASE,  hpidasechainedSearchASE, idasechainedModifyASE,  hpidasdirectorySystemAS, idasacse;  hpFROM  ProtocolObjectIdentifiers  hph  {jointisoccitt ds(5) modules(1)  hph  protocolObjectIdentifiers(4)}  hpAbandoned, AttributeError, AbandonFailed,  H  hpNameError, DSAReferral, SecurityError, ServiceError, UpdateError  HX  hpFROM  DirectoryAbstractService directoryAbstractService  hpDSABind, DSAUnbind,  hpChainedRead, ChainedCompare, ChainedAbandon,  hpChainedList, ChainedSearch,  hpChainedAddEntry, ChainedRemoveEntry, ChainedModifyEntry,  hpChainedModifyRDN, DSAReferral,  hpFROM  DistributedOperations  hph  distributedOperations;  © Application Contexts   directorySystemAC  hpAPPLICATIONCONTEXT  hph pAPPLICATION SERVICE ELEMENTS {aCSE}  hph pBIND DSABind  hph pUNBIND DSAUnbind  hph pREMOTE OPERATIONS {rOSE}  hph OPERATIONS OF {  H  hph   chainedReadASE, chainedSearchASE, chainedModifyASE}  hpABSTRACT SYNTAXES {  hph  idasacse, idasdirectorySystemAS}  hp::= {idacdirectorySystemAC}  © Chained Read ASE   chainedReadASE  hpAPPLICATIONSERVICEELEMENT  H  hph pOPERATIONS  {chainedRead, chainedCompare, chainedAbandon}   ::=pidasechainedReadASE   Chained Search ASE   chainedSearchASE  hpAPPLICATIONSERVICEELEMENT  hph pOPERATIONS {chainedList, chainedSearch}  hp::= idasechainedSearchASE   Chained Modify ASE   chainedModifyASE  hpAPPLICATIONSERVICEELEMENT  hph pOPERATIONS  hph  {chainedAddEntry, chainedRemoveEntry, -ƌ hph  chainedModifyEntry, chainedModifyRDN}  hp::= idasechainedModifyASE   Remote Operations   chainedRead  X%%*ChainedRead599>>hC::=1   chainedCompare X%ChainedCompare399>::=2   chainedAbandon X%ChainedAbandon399>::=3   chainedlist  X%%*ChainedList599>>hC::=4   chainedSearch X%%*ChainedSearch799>>hC::=5   chainedAddEntry X%ChainedAddEntry499>::=6   chainedRemoveEntryX%%*ChainedRemoveEntry<>>hC::=7   chainedModifyEntryX%%*ChainedModifyEntry<>>hC::=8   chainedModifyRDN X%ChainedModifyRDN599>::=9   Remote Errors  H   attributeError X%%*AttributeError8>>hCC!H::=1   nameError  X%%*NameError399>>hC::=2   serviceError  X%%*ServiceError699>>hC::=3   abandoned  X%%*Abandoned399>>hC::=5   securityError X%%*SecurityError799>>hC::=6   abandonFailed X%%*AbandonFailed799>>hC::=7   updateError  X%%*UpdateError599>>hC::=8   dsaReferral  X%%*DSAReferral599>>hC::=9   END  HH Ђ8O c4 P ANNEX C 8F c4 P (to Recommendation X.519) 89 Reference definition of protocol object identifiers  This Annex is part of the Recommendation.  H  This Annex includes all of the ASN.1 Object Identifiers assigned in this Recommendation in the form of ASN.1 module, ProtocolObjectIdentifiers .   ProtocolObjectIdentifiers {jointisoccitt ds(5) modules(1) protocolObjectIdentifiers(4)}   DEFINITIONS ::=   BEGIN   EXPORTS  H  hpidacdirectoryAccessAC, idacdirectorySystemAC, idasereadASE, idasesearchASE,  hpidasemodifyASE, idasechainedReadASE,  HX  hpidasechainedSearchASE, idasechainedModifyASE, idasacse,  hpidasdirectoryAccessAS, idasdirectorySystemsAS;   IMPORTS  hpidac, idase, idas  hpFROM  UsefulDefinitions  H  hph  {jointisoccitt ds(5) modules(1) usefulDefinitions(0)};   Application Contexts   idacdirectoryAccessAC$*OBJECT IDENTIFIER::={idac 1}   idacdirectorySystemAC$*OBJECT IDENTIFIER::={idac 2}   ASEs   idasereadASE X%%*OBJECT IDENTIFIER::={idase 1}   idasesearchASE X%OBJECT IDENTIFIER::={idase 2}   idasemodifyASE X%OBJECT IDENTIFIER::={idase 3}   idasechainedReadASE"X%%*OBJECT IDENTIFIER::={idase 4}   idasechainedSearchASE$*OBJECT IDENTIFIER::={idase 5}   idasechainedModifyASE$*OBJECT IDENTIFIER::={idase 6}   ASs   idasdirectoryAccessAS$*OBJECT IDENTIFIER::={idas 1}   idasdirectorySystemAS$*OBJECT IDENTIFIER::={idas 2}   idasacse  X%%*OBJECT IDENTIFIER::=  H  hph   X%{jointisoccitt associationcontrol(2) abstractsyntax(1) apdus(0)  hp   X%version1(1)}   END