ISO/IEC 9594-8:2014

ISO/IEC 9594 has been produced to facilitate the interconnection of information processing systems to provide directory services. A set of such systems, together with the directory information that they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals and distribution lists.

ISO/IEC 9594-8:2014 defines a framework for public-key certificates. This framework includes the specification of data objects used to represent the certificates themselves, as well as revocation notices for issued certificates that should no longer be trusted. The public-key certificate framework defined in ISO/IEC 9594-8:2014, while it defines some critical components of a public-key infrastructure (PKI), it does not define a PKI in its entirety. However, it provides the foundation upon which full PKIs and their specifications would be built.

Similarly, ISO/IEC 9594-8:2014 defines a framework for attribute certificates. That framework includes the specification of data objects used to represent the certificates themselves, as well as revocation notices for issued certificates that should no longer be trusted. The attribute certificate framework defined in ISO/IEC 9594-8:2014, while it defines some critical components of a Privilege Management Infrastructure (PMI), it does not define a PMI in its entirety. However, it provides the foundation upon which full PMIs and their specifications would be built.

Information objects for holding PKI and PMI objects in the Directory and for comparing presented values with stored values are also defined.

ISO/IEC 9594-8:2014 also defines a framework for the provision of authentication services by the Directory to its users.