550 lines
18 KiB
Groff
550 lines
18 KiB
Groff
AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1)
|
|
attributeCertificateDefinitions(32) 7}
|
|
DEFINITIONS IMPLICIT TAGS ::=
|
|
BEGIN
|
|
|
|
-- EXPORTS ALL
|
|
|
|
IMPORTS
|
|
|
|
basicAccessControl, id-at, id-ce, id-mr, informationFramework,
|
|
authenticationFramework, selectedAttributeTypes, id-oc, certificateExtensions
|
|
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 7}
|
|
|
|
ATTRIBUTE, Attribute{}, AttributeType, MATCHING-RULE, Name, OBJECT-CLASS,
|
|
RelativeDistinguishedName, SupportedAttributes, top
|
|
FROM InformationFramework informationFramework
|
|
|
|
AttributeTypeAndValue
|
|
FROM BasicAccessControl basicAccessControl
|
|
|
|
AlgorithmIdentifier, Certificate, CertificateList, CertificateSerialNumber,
|
|
EXTENSION, Extensions, InfoSyntax, PolicySyntax, SIGNED{}, SupportedAlgorithms
|
|
FROM AuthenticationFramework authenticationFramework
|
|
|
|
TimeSpecification, UnboundedDirectoryString, UniqueIdentifier
|
|
FROM SelectedAttributeTypes selectedAttributeTypes
|
|
|
|
certificateListExactMatch, GeneralName, GeneralNames, NameConstraintsSyntax
|
|
FROM CertificateExtensions certificateExtensions
|
|
|
|
UserNotice
|
|
FROM PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1)
|
|
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)};
|
|
|
|
-- Unless explicitly noted otherwise, there is no significance to the ordering
|
|
-- of components of a SEQUENCE OF construct in this Specification.
|
|
|
|
-- attribute certificate constructs
|
|
|
|
AttributeCertificate ::= SIGNED{AttributeCertificateInfo}
|
|
|
|
AttributeCertificateInfo ::= SEQUENCE {
|
|
version AttCertVersion, -- version is v2
|
|
holder Holder,
|
|
issuer AttCertIssuer,
|
|
signature AlgorithmIdentifier{{SupportedAlgorithms}},
|
|
serialNumber CertificateSerialNumber,
|
|
attrCertValidityPeriod AttCertValidityPeriod,
|
|
attributes SEQUENCE OF Attribute{{SupportedAttributes}},
|
|
issuerUniqueID UniqueIdentifier OPTIONAL,
|
|
...,
|
|
extensions Extensions OPTIONAL }
|
|
|
|
AttCertVersion ::= INTEGER {v2(1)}
|
|
|
|
Holder ::= SEQUENCE {
|
|
baseCertificateID [0] IssuerSerial OPTIONAL,
|
|
entityName [1] GeneralNames OPTIONAL,
|
|
objectDigestInfo [2] ObjectDigestInfo OPTIONAL }
|
|
(WITH COMPONENTS {..., baseCertificateID PRESENT } |
|
|
WITH COMPONENTS {..., entityName PRESENT } |
|
|
WITH COMPONENTS {..., objectDigestInfo PRESENT } )
|
|
|
|
IssuerSerial ::= SEQUENCE {
|
|
issuer GeneralNames,
|
|
serial CertificateSerialNumber,
|
|
issuerUID UniqueIdentifier OPTIONAL,
|
|
... }
|
|
|
|
ObjectDigestInfo ::= SEQUENCE {
|
|
digestedObjectType ENUMERATED {
|
|
publicKey (0),
|
|
publicKeyCert (1),
|
|
otherObjectTypes (2)},
|
|
otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
|
|
digestAlgorithm AlgorithmIdentifier{{SupportedAlgorithms}},
|
|
objectDigest BIT STRING,
|
|
... }
|
|
|
|
AttCertIssuer ::= [0] SEQUENCE {
|
|
issuerName GeneralNames OPTIONAL,
|
|
baseCertificateID [0] IssuerSerial OPTIONAL,
|
|
objectDigestInfo [1] ObjectDigestInfo OPTIONAL,
|
|
... }
|
|
(WITH COMPONENTS {..., issuerName PRESENT } |
|
|
WITH COMPONENTS {..., baseCertificateID PRESENT } |
|
|
WITH COMPONENTS {..., objectDigestInfo PRESENT } )
|
|
|
|
AttCertValidityPeriod ::= SEQUENCE {
|
|
notBeforeTime GeneralizedTime,
|
|
notAfterTime GeneralizedTime,
|
|
... }
|
|
|
|
AttributeCertificationPath ::= SEQUENCE {
|
|
attributeCertificate AttributeCertificate,
|
|
acPath SEQUENCE OF ACPathData OPTIONAL,
|
|
... }
|
|
|
|
ACPathData ::= SEQUENCE {
|
|
certificate [0] Certificate OPTIONAL,
|
|
attributeCertificate [1] AttributeCertificate OPTIONAL,
|
|
... }
|
|
|
|
PrivilegePolicy ::= OBJECT IDENTIFIER
|
|
|
|
-- privilege attributes
|
|
|
|
role ATTRIBUTE ::= {
|
|
WITH SYNTAX RoleSyntax
|
|
ID id-at-role }
|
|
|
|
RoleSyntax ::= SEQUENCE {
|
|
roleAuthority [0] GeneralNames OPTIONAL,
|
|
roleName [1] GeneralName,
|
|
... }
|
|
|
|
xmlPrivilegeInfo ATTRIBUTE ::= {
|
|
WITH SYNTAX UTF8String --contains XML-encoded privilege information
|
|
ID id-at-xMLPrivilegeInfo }
|
|
|
|
permission ATTRIBUTE ::= {
|
|
WITH SYNTAX DualStringSyntax
|
|
EQUALITY MATCHING RULE dualStringMatch
|
|
ID id-at-permission }
|
|
|
|
DualStringSyntax ::= SEQUENCE {
|
|
operation [0] UnboundedDirectoryString,
|
|
object [1] UnboundedDirectoryString,
|
|
... }
|
|
|
|
dualStringMatch MATCHING-RULE ::= {
|
|
SYNTAX DualStringSyntax
|
|
ID id-mr-dualStringMatch }
|
|
|
|
timeSpecification EXTENSION ::= {
|
|
SYNTAX TimeSpecification
|
|
IDENTIFIED BY id-ce-timeSpecification }
|
|
|
|
timeSpecificationMatch MATCHING-RULE ::= {
|
|
SYNTAX TimeSpecification
|
|
ID id-mr-timeSpecMatch }
|
|
|
|
targetingInformation EXTENSION ::= {
|
|
SYNTAX SEQUENCE SIZE (1..MAX) OF Targets
|
|
IDENTIFIED BY id-ce-targetInformation }
|
|
|
|
Targets ::= SEQUENCE SIZE (1..MAX) OF Target
|
|
|
|
Target ::= CHOICE {
|
|
targetName [0] GeneralName,
|
|
targetGroup [1] GeneralName,
|
|
targetCert [2] TargetCert,
|
|
... }
|
|
|
|
TargetCert ::= SEQUENCE {
|
|
targetCertificate IssuerSerial,
|
|
targetName GeneralName OPTIONAL,
|
|
certDigestInfo ObjectDigestInfo OPTIONAL }
|
|
|
|
userNotice EXTENSION ::= {
|
|
SYNTAX SEQUENCE SIZE (1..MAX) OF UserNotice
|
|
IDENTIFIED BY id-ce-userNotice }
|
|
|
|
acceptablePrivilegePolicies EXTENSION ::= {
|
|
SYNTAX AcceptablePrivilegePoliciesSyntax
|
|
IDENTIFIED BY id-ce-acceptablePrivilegePolicies }
|
|
|
|
AcceptablePrivilegePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PrivilegePolicy
|
|
|
|
singleUse EXTENSION ::= {
|
|
SYNTAX NULL
|
|
IDENTIFIED BY id-ce-singleUse }
|
|
|
|
groupAC EXTENSION ::= {
|
|
SYNTAX NULL
|
|
IDENTIFIED BY id-ce-groupAC }
|
|
|
|
noRevAvail EXTENSION ::= {
|
|
SYNTAX NULL
|
|
IDENTIFIED BY id-ce-noRevAvail }
|
|
|
|
sOAIdentifier EXTENSION ::= {
|
|
SYNTAX NULL
|
|
IDENTIFIED BY id-ce-sOAIdentifier }
|
|
|
|
sOAIdentifierMatch MATCHING-RULE ::= {
|
|
SYNTAX NULL
|
|
ID id-mr-sOAIdentifierMatch }
|
|
|
|
attributeDescriptor EXTENSION ::= {
|
|
SYNTAX AttributeDescriptorSyntax
|
|
IDENTIFIED BY {id-ce-attributeDescriptor} }
|
|
|
|
AttributeDescriptorSyntax ::= SEQUENCE {
|
|
identifier AttributeIdentifier,
|
|
attributeSyntax OCTET STRING(SIZE (1..MAX)),
|
|
name [0] AttributeName OPTIONAL,
|
|
description [1] AttributeDescription OPTIONAL,
|
|
dominationRule PrivilegePolicyIdentifier,
|
|
... }
|
|
|
|
AttributeIdentifier ::= ATTRIBUTE.&id({AttributeIDs})
|
|
|
|
AttributeIDs ATTRIBUTE ::= {...}
|
|
|
|
AttributeName ::= UTF8String(SIZE (1..MAX))
|
|
|
|
AttributeDescription ::= UTF8String(SIZE (1..MAX))
|
|
|
|
PrivilegePolicyIdentifier ::= SEQUENCE {
|
|
privilegePolicy PrivilegePolicy,
|
|
privPolSyntax InfoSyntax,
|
|
... }
|
|
|
|
attDescriptor MATCHING-RULE ::= {
|
|
SYNTAX AttributeDescriptorSyntax
|
|
ID id-mr-attDescriptorMatch }
|
|
|
|
roleSpecCertIdentifier EXTENSION ::= {
|
|
SYNTAX RoleSpecCertIdentifierSyntax
|
|
IDENTIFIED BY {id-ce-roleSpecCertIdentifier} }
|
|
|
|
RoleSpecCertIdentifierSyntax ::=
|
|
SEQUENCE SIZE (1..MAX) OF RoleSpecCertIdentifier
|
|
|
|
RoleSpecCertIdentifier ::= SEQUENCE {
|
|
roleName [0] GeneralName,
|
|
roleCertIssuer [1] GeneralName,
|
|
roleCertSerialNumber [2] CertificateSerialNumber OPTIONAL,
|
|
roleCertLocator [3] GeneralNames OPTIONAL,
|
|
... }
|
|
|
|
roleSpecCertIdMatch MATCHING-RULE ::= {
|
|
SYNTAX RoleSpecCertIdentifierSyntax
|
|
ID id-mr-roleSpecCertIdMatch }
|
|
|
|
basicAttConstraints EXTENSION ::= {
|
|
SYNTAX BasicAttConstraintsSyntax
|
|
IDENTIFIED BY {id-ce-basicAttConstraints} }
|
|
|
|
BasicAttConstraintsSyntax ::= SEQUENCE {
|
|
authority BOOLEAN DEFAULT FALSE,
|
|
pathLenConstraint INTEGER(0..MAX) OPTIONAL,
|
|
... }
|
|
|
|
basicAttConstraintsMatch MATCHING-RULE ::= {
|
|
SYNTAX BasicAttConstraintsSyntax
|
|
ID id-mr-basicAttConstraintsMatch }
|
|
|
|
delegatedNameConstraints EXTENSION ::= {
|
|
SYNTAX NameConstraintsSyntax
|
|
IDENTIFIED BY id-ce-delegatedNameConstraints }
|
|
|
|
delegatedNameConstraintsMatch MATCHING-RULE ::= {
|
|
SYNTAX NameConstraintsSyntax
|
|
ID id-mr-delegatedNameConstraintsMatch }
|
|
|
|
acceptableCertPolicies EXTENSION ::= {
|
|
SYNTAX AcceptableCertPoliciesSyntax
|
|
IDENTIFIED BY id-ce-acceptableCertPolicies }
|
|
|
|
AcceptableCertPoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId
|
|
|
|
CertPolicyId ::= OBJECT IDENTIFIER
|
|
|
|
acceptableCertPoliciesMatch MATCHING-RULE ::= {
|
|
SYNTAX AcceptableCertPoliciesSyntax
|
|
ID id-mr-acceptableCertPoliciesMatch }
|
|
|
|
authorityAttributeIdentifier EXTENSION ::= {
|
|
SYNTAX AuthorityAttributeIdentifierSyntax
|
|
IDENTIFIED BY {id-ce-authorityAttributeIdentifier} }
|
|
|
|
AuthorityAttributeIdentifierSyntax ::= SEQUENCE SIZE (1..MAX) OF AuthAttId
|
|
|
|
AuthAttId ::= IssuerSerial
|
|
|
|
authAttIdMatch MATCHING-RULE ::= {
|
|
SYNTAX AuthorityAttributeIdentifierSyntax
|
|
ID id-mr-authAttIdMatch }
|
|
|
|
indirectIssuer EXTENSION ::= {
|
|
SYNTAX NULL
|
|
IDENTIFIED BY id-ce-indirectIssuer }
|
|
|
|
issuedOnBehalfOf EXTENSION ::= {
|
|
SYNTAX GeneralName
|
|
IDENTIFIED BY id-ce-issuedOnBehalfOf }
|
|
|
|
noAssertion EXTENSION ::= {
|
|
SYNTAX NULL
|
|
IDENTIFIED BY id-ce-noAssertion }
|
|
|
|
allowedAttributeAssignments EXTENSION ::= {
|
|
SYNTAX AllowedAttributeAssignments
|
|
IDENTIFIED BY id-ce-allowedAttAss }
|
|
|
|
AllowedAttributeAssignments ::= SET OF SEQUENCE {
|
|
attributes [0] SET OF CHOICE {
|
|
attributeType [0] AttributeType,
|
|
attributeTypeandValues [1] Attribute{{SupportedAttributes}},
|
|
... },
|
|
holderDomain [1] GeneralName,
|
|
... }
|
|
|
|
attributeMappings EXTENSION ::= {
|
|
SYNTAX AttributeMappings
|
|
IDENTIFIED BY id-ce-attributeMappings }
|
|
|
|
AttributeMappings ::= SET OF CHOICE {
|
|
typeMappings [0] SEQUENCE {
|
|
local [0] AttributeType,
|
|
remote [1] AttributeType,
|
|
... },
|
|
typeValueMappings [1] SEQUENCE {
|
|
local [0] AttributeTypeAndValue,
|
|
remote [1] AttributeTypeAndValue,
|
|
... } }
|
|
|
|
holderNameConstraints EXTENSION ::= {
|
|
SYNTAX HolderNameConstraintsSyntax
|
|
IDENTIFIED BY id-ce-holderNameConstraints }
|
|
|
|
HolderNameConstraintsSyntax ::= SEQUENCE {
|
|
permittedSubtrees [0] GeneralSubtrees,
|
|
excludedSubtrees [1] GeneralSubtrees OPTIONAL,
|
|
... }
|
|
|
|
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
|
|
|
|
GeneralSubtree ::= SEQUENCE {
|
|
base GeneralName,
|
|
minimum [0] BaseDistance DEFAULT 0,
|
|
maximum [1] BaseDistance OPTIONAL,
|
|
... }
|
|
|
|
BaseDistance ::= INTEGER(0..MAX)
|
|
|
|
-- PMI object classes
|
|
|
|
pmiUser OBJECT-CLASS ::= {
|
|
SUBCLASS OF {top}
|
|
KIND auxiliary
|
|
MAY CONTAIN {attributeCertificateAttribute}
|
|
ID id-oc-pmiUser }
|
|
|
|
pmiAA OBJECT-CLASS ::= { -- a PMI AA
|
|
SUBCLASS OF {top}
|
|
KIND auxiliary
|
|
MAY CONTAIN {aACertificate |
|
|
attributeCertificateRevocationList |
|
|
attributeAuthorityRevocationList}
|
|
ID id-oc-pmiAA }
|
|
|
|
pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
|
|
SUBCLASS OF {top}
|
|
KIND auxiliary
|
|
MAY CONTAIN {attributeCertificateRevocationList |
|
|
attributeAuthorityRevocationList |
|
|
attributeDescriptorCertificate}
|
|
ID id-oc-pmiSOA }
|
|
|
|
attCertCRLDistributionPt OBJECT-CLASS ::= {
|
|
SUBCLASS OF {top}
|
|
KIND auxiliary
|
|
MAY CONTAIN {attributeCertificateRevocationList |
|
|
attributeAuthorityRevocationList}
|
|
ID id-oc-attCertCRLDistributionPts }
|
|
|
|
pmiDelegationPath OBJECT-CLASS ::= {
|
|
SUBCLASS OF {top}
|
|
KIND auxiliary
|
|
MAY CONTAIN {delegationPath}
|
|
ID id-oc-pmiDelegationPath }
|
|
|
|
privilegePolicy OBJECT-CLASS ::= {
|
|
SUBCLASS OF {top}
|
|
KIND auxiliary
|
|
MAY CONTAIN {privPolicy}
|
|
ID id-oc-privilegePolicy }
|
|
|
|
protectedPrivilegePolicy OBJECT-CLASS ::= {
|
|
SUBCLASS OF {top}
|
|
KIND auxiliary
|
|
MAY CONTAIN {protPrivPolicy}
|
|
ID id-oc-protectedPrivilegePolicy }
|
|
|
|
-- PMI directory attributes
|
|
|
|
attributeCertificateAttribute ATTRIBUTE ::= {
|
|
WITH SYNTAX AttributeCertificate
|
|
EQUALITY MATCHING RULE attributeCertificateExactMatch
|
|
ID id-at-attributeCertificate }
|
|
|
|
aACertificate ATTRIBUTE ::= {
|
|
WITH SYNTAX AttributeCertificate
|
|
EQUALITY MATCHING RULE attributeCertificateExactMatch
|
|
ID id-at-aACertificate }
|
|
|
|
attributeDescriptorCertificate ATTRIBUTE ::= {
|
|
WITH SYNTAX AttributeCertificate
|
|
EQUALITY MATCHING RULE attributeCertificateExactMatch
|
|
ID id-at-attributeDescriptorCertificate }
|
|
|
|
attributeCertificateRevocationList ATTRIBUTE ::= {
|
|
WITH SYNTAX CertificateList
|
|
EQUALITY MATCHING RULE certificateListExactMatch
|
|
ID id-at-attributeCertificateRevocationList }
|
|
|
|
attributeAuthorityRevocationList ATTRIBUTE ::= {
|
|
WITH SYNTAX CertificateList
|
|
EQUALITY MATCHING RULE certificateListExactMatch
|
|
ID id-at-attributeAuthorityRevocationList }
|
|
|
|
delegationPath ATTRIBUTE ::= {
|
|
WITH SYNTAX AttCertPath
|
|
ID id-at-delegationPath }
|
|
|
|
AttCertPath ::= SEQUENCE OF AttributeCertificate
|
|
|
|
privPolicy ATTRIBUTE ::= {
|
|
WITH SYNTAX PolicySyntax
|
|
ID id-at-privPolicy }
|
|
|
|
protPrivPolicy ATTRIBUTE ::= {
|
|
WITH SYNTAX AttributeCertificate
|
|
EQUALITY MATCHING RULE attributeCertificateExactMatch
|
|
ID id-at-protPrivPolicy }
|
|
|
|
xmlPrivPolicy ATTRIBUTE ::= {
|
|
WITH SYNTAX UTF8String -- XML-encoded privilege policy information
|
|
ID id-at-xmlPrivPolicy }
|
|
|
|
-- Attribute certificate extensions and matching rules
|
|
|
|
attributeCertificateExactMatch MATCHING-RULE ::= {
|
|
SYNTAX AttributeCertificateExactAssertion
|
|
ID id-mr-attributeCertificateExactMatch }
|
|
|
|
AttributeCertificateExactAssertion ::= SEQUENCE {
|
|
serialNumber CertificateSerialNumber,
|
|
issuer AttCertIssuer,
|
|
... }
|
|
|
|
attributeCertificateMatch MATCHING-RULE ::= {
|
|
SYNTAX AttributeCertificateAssertion
|
|
ID id-mr-attributeCertificateMatch }
|
|
|
|
AttributeCertificateAssertion ::= SEQUENCE {
|
|
holder [0] CHOICE {
|
|
baseCertificateID [0] IssuerSerial,
|
|
holderName [1] GeneralNames,
|
|
...} OPTIONAL,
|
|
issuer [1] GeneralNames OPTIONAL,
|
|
attCertValidity [2] GeneralizedTime OPTIONAL,
|
|
attType [3] SET OF AttributeType OPTIONAL,
|
|
... }
|
|
|
|
-- At least one component of the sequence shall be present
|
|
|
|
holderIssuerMatch MATCHING-RULE ::= {
|
|
SYNTAX HolderIssuerAssertion
|
|
ID id-mr-holderIssuerMatch }
|
|
|
|
HolderIssuerAssertion ::= SEQUENCE {
|
|
holder [0] Holder OPTIONAL,
|
|
issuer [1] AttCertIssuer OPTIONAL,
|
|
... }
|
|
|
|
delegationPathMatch MATCHING-RULE ::= {
|
|
SYNTAX DelMatchSyntax
|
|
ID id-mr-delegationPathMatch }
|
|
|
|
DelMatchSyntax ::= SEQUENCE {
|
|
firstIssuer AttCertIssuer,
|
|
lastHolder Holder,
|
|
... }
|
|
|
|
extensionPresenceMatch MATCHING-RULE ::= {
|
|
SYNTAX EXTENSION.&id
|
|
ID id-mr-extensionPresenceMatch }
|
|
|
|
-- object identifier assignments
|
|
|
|
-- object classes
|
|
|
|
id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
|
|
id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
|
|
id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
|
|
id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
|
|
id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
|
|
id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
|
|
id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
|
|
|
|
-- directory attributes
|
|
|
|
id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
|
|
id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
|
|
id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
|
|
id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
|
|
id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
|
|
id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
|
|
id-at-role OBJECT IDENTIFIER ::= {id-at 72}
|
|
id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
|
|
id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
|
|
id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
|
|
id-at-xmlPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
|
|
id-at-permission OBJECT IDENTIFIER ::= {id-at 82}
|
|
|
|
-- attribute certificate extensions
|
|
|
|
id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
|
|
id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
|
|
id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
|
|
id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
|
|
id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
|
|
id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
|
|
id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
|
|
id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
|
|
id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
|
|
id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
|
|
id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
|
|
id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
|
|
id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
|
|
id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
|
|
id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
|
|
id-ce-singleUse OBJECT IDENTIFIER ::= {id-ce 65}
|
|
id-ce-groupAC OBJECT IDENTIFIER ::= {id-ce 66}
|
|
id-ce-allowedAttAss OBJECT IDENTIFIER ::= {id-ce 67}
|
|
id-ce-attributeMappings OBJECT IDENTIFIER ::= {id-ce 68}
|
|
id-ce-holderNameConstraints OBJECT IDENTIFIER ::= {id-ce 69}
|
|
|
|
-- PMI matching rules
|
|
|
|
id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
|
|
id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
|
|
id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
|
|
id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
|
|
id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
|
|
id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
|
|
id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
|
|
id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
|
|
id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
|
|
id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
|
|
id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
|
|
id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
|
|
id-mr-extensionPresenceMatch OBJECT IDENTIFIER ::= {id-mr 67}
|
|
id-mr-dualStringMatch OBJECT IDENTIFIER ::= {id-mr 69}
|
|
|
|
END -- AttributeCertificateDefinitions |