本文件为ISO/IEC 9594的其他ITU-T X.500系列建议部分提供了概念和术语框架，这些部分定义了目录的各个方面。 功能和管理权限模型定义了目录在功能和管理方面的分布方式。还提供了通用目录系统代理（DSA）和DSA信息模型以及操作框架来支持目录分发。 通用目录信息模型从目录和管理用户的角度描述了目录信息库（DIB）的逻辑结构。在这些模型中，目录是分布式的而不是集中式的这一事实是不可见的。 该推荐国际标准提供了通用目录信息模型的专门化，以支持目录模式管理。ISO/IEC 9594的X.500系列部分中的其他ITU-T建议利用本建议国际标准中定义的概念来定义通用信息和DSA模型的专门化，以提供支持特定目录功能（例如，复制）的特定信息、DSA和操作模型: a)根据信息框架的概念(在Rec.ITU-T X.511 ISO/IEC 9594-3中)描述了由目录提供的服务:这允许所提供的服务在某种程度上独立于DIB的物理分布； b)指定目录的分布式操作(在Rec.ITU-T X.518 ISO/IEC 9594-4中)以便提供该服务，并因此保持该逻辑信息结构，假设DIB实际上是高度分布式的；c)指定了由目录的组成部分提供的用于提高总体目录性能的复制能力(在Rec.ITU-T X.525 ISO/IEC 9594-9中)。 安全模型为访问控制机制的规范建立了框架。它提供了一种用于在目录信息树（DIT）的特定部分中识别有效的访问控制方案的机制，并且它定义了三种灵活的、特定的访问控制方案，它们适合于各种各样的应用和使用方式。安全模型还提供了一个使用加密和数字签名等机制保护目录操作的机密性和完整性的框架。这利用了Rec中定义的身份验证框架。ITU-T X.509 ISO/IEC 9594-8以及Rec中定义的通用上层安全工具。ITU-T X.830 ISO/IEC 11586-1。 DSA模型为目录组件的操作规范建立了一个框架。具体来说: a)目录功能模型描述了如何将目录表现为一组一个或多个组件，每个组件是DSA； b)目录分布模型描述了DIB条目和条目所依据的主体？副本可以在DSA之间分发； c)DSA信息模型描述目录用户的结构和保存在DSA中的操作信息； d)DSA操作框架描述了构建DSA之间为实现特定目标(例如，阴影)而进行的特定形式合作的定义的手段。

This document provides a conceptual and terminological framework for the other ITU-T X.500-series Recommendations | parts of ISO/IEC 9594 which define various aspects of the Directory.
The functional and administrative authority models define ways in which the Directory can be distributed, both functionally and administratively. Generic Directory System Agent (DSA) and DSA information models and an Operational Framework are also provided to support Directory distribution.
The generic Directory Information Models describe the logical structure of the Directory Information Base (DIB) from the perspective of Directory and Administrative Users. In these models, the fact that the Directory is distributed, rather than centralized, is not visible.
This Recommendation | International Standard provides a specialization of the generic Directory Information Models to support Directory Schema administration.
The other ITU-T Recommendations in the X.500 series | parts of ISO/IEC 9594 make use of the concepts defined in this Recommendation | International Standard to define specializations of the generic information and DSA models to provide specific information, DSA and operational models supporting particular directory capabilities (e.g., Replication):
a) the service provided by the Directory is described (in Rec. ITU-T X.511 | ISO/IEC 9594-3) in terms of the concepts of the information framework: this allows the service provided to be somewhat independent of the physical distribution of the DIB;
b) the distributed operation of the Directory is specified (in Rec. ITU-T X.518 | ISO/IEC 9594-4) so as to provide that service, and therefore maintain that logical information structure, given that the DIB is in fact highly distributed;
c) replication capabilities offered by the component parts of the Directory to improve overall Directory performance are specified (in Rec. ITU-T X.525 | ISO/IEC 9594-9).
The security model establishes a framework for the specification of access control mechanisms. It provides a mechanism for identifying the access control scheme in effect in a particular portion of the Directory Information Tree (DIT), and it defines three flexible, specific access control schemes which are suitable for a wide variety of applications and styles of use. The security model also provides a framework for protecting the confidentiality and integrity of directory operations using mechanisms such as encryption and digital signatures. This makes use of the framework for authentication defined in Rec. ITU-T X.509 | ISO/IEC 9594-8 as well as generic upper layers security tools defined in Rec. ITU-T X.830 | ISO/IEC 11586-1.
DSA models establish a framework for the specification of the operation of the components of the Directory. Specifically:
a) the Directory functional model describes how the Directory is manifested as a set of one or more components, each being a DSA;
b) the Directory distribution model describes the principals according to which the DIB entries and entry？copies may be distributed among DSAs;
c) the DSA information model describes the structure of the Directory user and operational information held in a DSA;
d) the DSA operational framework describes the means by which the definition of specific forms of cooperation between DSAs to achieve particular objectives (e.g., shadowing) is structured.