882 lines
33 KiB
Groff
882 lines
33 KiB
Groff
-- Module DSAOperationalAttributeTypes (X.501:02/2001)
|
||
DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1)
|
||
dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::=
|
||
BEGIN
|
||
|
||
-- EXPORTS All
|
||
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
|
||
-- within the Directory Specifications, and for the use of other applications which will use them to access
|
||
-- Directory services. Other applications may use them for their own purposes, but this will not constrain
|
||
-- extensions and modifications needed to maintain or improve the Directory service.
|
||
IMPORTS
|
||
-- from ITU-T Rec. X.501 | ISO/IEC 9594-2
|
||
distributedOperations, id-doa, id-kmr, informationFramework,
|
||
opBindingManagement, selectedAttributeTypes, upperBounds
|
||
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
|
||
usefulDefinitions(0) 4}
|
||
ATTRIBUTE, MATCHING-RULE, Name, Attribute, DistinguishedName,
|
||
RelativeDistinguishedName, Refinement, SubtreeSpecification, AttributeType, ContextAssertion
|
||
FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
|
||
informationFramework(1) 4}
|
||
-- OperationalBindingID
|
||
-- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
|
||
-- opBindingManagement(18) 4}
|
||
-- from ITU-T Rec. X.518 | ISO/IEC 9594-4
|
||
AccessPoint, MasterAndShadowAccessPoints
|
||
FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
|
||
distributedOperations(3) 4}
|
||
-- from ITU-T Rec. X.520 | ISO/IEC 9594-6
|
||
DirectoryString, NameAndOptionalUID, bitStringMatch
|
||
FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
|
||
selectedAttributeTypes(5) 4}
|
||
PresentationAddress, ProtocolInformation
|
||
FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
|
||
selectedAttributeTypes(5) 4}
|
||
DirectoryBindArgument, DirectoryBindError, SecurityParameters
|
||
FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
|
||
directoryAbstractService(2) 5}
|
||
-- from ITU-T Rec. X.509 | ISO/IEC 9594-8
|
||
AlgorithmIdentifier
|
||
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
|
||
authenticationFramework(7) 4}
|
||
AttributeTypeAndValue
|
||
FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
|
||
basicAccessControl(24) 4}
|
||
Filter
|
||
FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
|
||
directoryAbstractService(2) 4};
|
||
|
||
-- data types
|
||
DSEType ::= BIT STRING {
|
||
root(0), -- root DSE
|
||
glue(1), -- represents knowledge of a name only
|
||
cp(2), -- context prefix
|
||
entry(3), -- object entry
|
||
alias(4), -- alias entry
|
||
subr(5), -- subordinate reference
|
||
nssr(6), -- non-specific subordinate reference
|
||
supr(7), -- superior reference
|
||
xr(8), -- cross reference
|
||
admPoint(9), -- administrative point
|
||
subentry(10), -- subentry
|
||
shadow(11), -- shadow copy
|
||
immSupr(13), -- immediate superior reference
|
||
rhob(14), -- rhob information
|
||
sa(15), -- subordinate reference to alias entry
|
||
dsSubentry(16), -- DSA Specific subentry
|
||
familyMember(17), -- family member
|
||
ditBridge(18), -- DIT bridge reference
|
||
writeableCopy(19) -- writeable copy
|
||
}
|
||
|
||
SupplierOrConsumer ::= SET {
|
||
-- COMPONENTS OF AccessPoint, - - supplier or consumer
|
||
ae-title [0] Name,
|
||
address [1] PresentationAddress,
|
||
protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
|
||
agreementID [3] OperationalBindingID
|
||
}
|
||
|
||
SupplierInformation ::= SET {
|
||
-- COMPONENTS OF SupplierOrConsumer, - - supplier
|
||
ae-title [0] Name,
|
||
address [1] PresentationAddress,
|
||
protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
|
||
agreementID [3] OperationalBindingID,
|
||
supplier-is-master [4] BOOLEAN DEFAULT TRUE,
|
||
non-supplying-master [5] AccessPoint OPTIONAL
|
||
}
|
||
|
||
ConsumerInformation ::= SupplierOrConsumer -- consumer
|
||
|
||
SupplierAndConsumers ::= SET {
|
||
-- COMPONENTS OF AccessPoint, - - supplier
|
||
ae-title [0] Name,
|
||
address [1] PresentationAddress,
|
||
protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
|
||
consumers [3] SET OF AccessPoint
|
||
}
|
||
|
||
-- attribute types
|
||
--dseType ATTRIBUTE ::= {
|
||
-- WITH SYNTAX DSEType
|
||
-- EQUALITY MATCHING RULE bitStringMatch
|
||
-- SINGLE VALUE TRUE
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE dSAOperation
|
||
-- ID id-doa-dseType
|
||
--}
|
||
|
||
--myAccessPoint ATTRIBUTE ::= {
|
||
-- WITH SYNTAX AccessPoint
|
||
-- EQUALITY MATCHING RULE accessPointMatch
|
||
-- SINGLE VALUE TRUE
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE dSAOperation
|
||
-- ID id-doa-myAccessPoint
|
||
--}
|
||
|
||
--superiorKnowledge ATTRIBUTE ::= {
|
||
-- WITH SYNTAX AccessPoint
|
||
-- EQUALITY MATCHING RULE accessPointMatch
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE dSAOperation
|
||
-- ID id-doa-superiorKnowledge
|
||
--}
|
||
|
||
--specificKnowledge ATTRIBUTE ::= {
|
||
-- WITH SYNTAX MasterAndShadowAccessPoints
|
||
-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch
|
||
-- SINGLE VALUE TRUE
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE distributedOperation
|
||
-- ID id-doa-specificKnowledge
|
||
--}
|
||
|
||
--nonSpecificKnowledge ATTRIBUTE ::= {
|
||
-- WITH SYNTAX MasterAndShadowAccessPoints
|
||
-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE distributedOperation
|
||
-- ID id-doa-nonSpecificKnowledge
|
||
--}
|
||
|
||
--supplierKnowledge ATTRIBUTE ::= {
|
||
-- WITH SYNTAX SupplierInformation
|
||
-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE dSAOperation
|
||
-- ID id-doa-supplierKnowledge
|
||
--}
|
||
|
||
--consumerKnowledge ATTRIBUTE ::= {
|
||
-- WITH SYNTAX ConsumerInformation
|
||
-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE dSAOperation
|
||
-- ID id-doa-consumerKnowledge
|
||
--}
|
||
|
||
--secondaryShadows ATTRIBUTE ::= {
|
||
-- WITH SYNTAX SupplierAndConsumers
|
||
-- EQUALITY MATCHING RULE supplierAndConsumersMatch
|
||
-- NO USER MODIFICATION TRUE
|
||
-- USAGE dSAOperation
|
||
-- ID id-doa-secondaryShadows
|
||
--}
|
||
|
||
-- matching rules
|
||
--accessPointMatch MATCHING-RULE ::= {
|
||
-- SYNTAX Name
|
||
-- ID id-kmr-accessPointMatch
|
||
--}
|
||
|
||
--masterAndShadowAccessPointsMatch MATCHING-RULE ::= {
|
||
-- SYNTAX SET OF Name
|
||
-- ID id-kmr-masterShadowMatch
|
||
--}
|
||
|
||
--supplierOrConsumerInformationMatch MATCHING-RULE ::= {
|
||
-- SYNTAX
|
||
-- SET {ae-title [0] Name,
|
||
-- agreement-identifier [2] INTEGER}
|
||
-- ID id-kmr-supplierConsumerMatch
|
||
--}
|
||
|
||
--supplierAndConsumersMatch MATCHING-RULE ::= {
|
||
-- SYNTAX Name
|
||
-- ID id-kmr-supplierConsumersMatch
|
||
--}
|
||
|
||
-- object identifier assignments
|
||
-- dsa operational attributes
|
||
--id-doa-dseType OBJECT IDENTIFIER ::=
|
||
-- {id-doa 0}
|
||
|
||
--id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1}
|
||
|
||
--id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2}
|
||
|
||
--id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3}
|
||
|
||
--id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4}
|
||
|
||
--id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5}
|
||
|
||
--id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6}
|
||
|
||
--id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7}
|
||
|
||
-- knowledge matching rules
|
||
--id-kmr-accessPointMatch OBJECT IDENTIFIER ::=
|
||
-- {id-kmr 0}
|
||
|
||
--id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1}
|
||
|
||
--id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2}
|
||
|
||
--id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3}
|
||
|
||
--END DSAOperationalAttributeTypes
|
||
|
||
-- we include this here to reduce the number of dissectors
|
||
-- Module OperationalBindingManagement (X.501:08/2005)
|
||
--OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
|
||
-- opBindingManagement(18) 5} DEFINITIONS ::=
|
||
--BEGIN
|
||
|
||
-- EXPORTS All
|
||
--<2D>The types and values defined in this module are exported for use in the other ASN.1 modules contained
|
||
--<2D>within the Directory Specifications, and for the use of other applications which will use them to access
|
||
--<2D>Directory services. Other applications may use them for their own purposes, but this will not constrain
|
||
--<2D>extensions and modifications needed to maintain or improve the Directory service.
|
||
--IMPORTS
|
||
-- from ITU-T Rec. X.501 | ISO/IEC 9594-2
|
||
-- directoryAbstractService, directoryShadowAbstractService,
|
||
-- distributedOperations, directoryOSIProtocols, enhancedSecurity,
|
||
-- hierarchicalOperationalBindings, commonProtocolSpecification
|
||
-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
|
||
-- usefulDefinitions(0) 5}
|
||
-- OPTIONALLY-PROTECTED-SEQ
|
||
-- FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1)
|
||
-- enhancedSecurity(28) 5}
|
||
-- hierarchicalOperationalBinding, nonSpecificHierarchicalOperationalBinding
|
||
-- FROM HierarchicalOperationalBindings hierarchicalOperationalBindings
|
||
-- from ITU-T Rec. X.511 | ISO/IEC 9594-3
|
||
-- CommonResultsSeq, directoryBind, directoryUnbind, securityError,
|
||
-- SecurityParameters
|
||
-- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
|
||
-- directoryAbstractService(2) 5}
|
||
-- from ITU-T Rec. X.518 | ISO/IEC 9594-4
|
||
-- AccessPoint
|
||
-- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
|
||
-- distributedOperations(3) 5}
|
||
-- from ITU-T Rec. X.519 | ISO/IEC 9594-5
|
||
-- id-err-operationalBindingError, id-op-establishOperationalBinding,
|
||
-- id-op-modifyOperationalBinding, id-op-terminateOperationalBinding,
|
||
-- OPERATION, ERROR
|
||
-- FROM CommonProtocolSpecification commonProtocolSpecification
|
||
-- APPLICATION-CONTEXT
|
||
-- FROM DirectoryOSIProtocols directoryOSIProtocols
|
||
-- from ITU-T Rec. X.525 | ISO/IEC 9594-9
|
||
-- shadowOperationalBinding
|
||
-- FROM DirectoryShadowAbstractService directoryShadowAbstractService;
|
||
|
||
-- bind and unbind
|
||
dSAOperationalBindingManagementBind OPERATION ::=
|
||
directoryBind
|
||
|
||
DSAOperationalManagementBindArgument ::= DirectoryBindArgument
|
||
DSAOperationalManagementBindResult ::= DirectoryBindArgument
|
||
DSAOperationalManagementBindError ::= DirectoryBindError
|
||
|
||
dSAOperationalBindingManagementUnbind OPERATION ::= directoryUnbind
|
||
|
||
-- operations, arguments and results
|
||
--establishOperationalBinding OPERATION ::= {
|
||
-- ARGUMENT EstablishOperationalBindingArgument
|
||
-- RESULT EstablishOperationalBindingResult
|
||
-- ERRORS {operationalBindingError | securityError}
|
||
-- CODE id-op-establishOperationalBinding
|
||
--}
|
||
|
||
EstablishOperationalBindingArgumentData ::=
|
||
-- OPTIONALLY-PROTECTED-SEQ
|
||
-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
|
||
bindingID [1] OperationalBindingID OPTIONAL,
|
||
accessPoint [2] AccessPoint,
|
||
-- symmetric, Role A initiates, or Role B initiates
|
||
initiator
|
||
CHOICE {symmetric
|
||
[3] -- OPERATIONAL-BINDING.&both.&EstablishParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleA-initiates
|
||
[4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleB-initiates
|
||
[5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
|
||
agreement
|
||
[6] -- OPERATIONAL-BINDING.&Agreement
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
valid [7] Validity DEFAULT {},
|
||
securityParameters [8] SecurityParameters OPTIONAL} --}
|
||
|
||
-- expand OPTIONALLY-PROTECTED macro
|
||
EstablishOperationalBindingArgument ::= CHOICE {
|
||
unsignedEstablishOperationalBindingArgument EstablishOperationalBindingArgumentData,
|
||
signedEstablishOperationalBindingArgument SEQUENCE {
|
||
establishOperationalBindingArgument EstablishOperationalBindingArgumentData,
|
||
algorithmIdentifier AlgorithmIdentifier,
|
||
encrypted BIT STRING
|
||
}
|
||
}
|
||
|
||
OperationalBindingID ::= SEQUENCE {identifier INTEGER,
|
||
version INTEGER
|
||
}
|
||
|
||
Validity ::= SEQUENCE {
|
||
validFrom [0] CHOICE {now [0] NULL,
|
||
time [1] Time } DEFAULT now:NULL,
|
||
validUntil
|
||
[1] CHOICE {explicitTermination [0] NULL,
|
||
time [1] Time
|
||
} DEFAULT explicitTermination:NULL
|
||
}
|
||
|
||
Time ::= CHOICE {utcTime UTCTime,
|
||
generalizedTime GeneralizedTime
|
||
}
|
||
|
||
EstablishOperationalBindingResult ::=
|
||
-- OPTIONALLY-PROTECTED-SEQ
|
||
-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
|
||
bindingID [1] OperationalBindingID OPTIONAL,
|
||
accessPoint [2] AccessPoint,
|
||
-- symmetric, Role A replies , or Role B replies
|
||
initiator
|
||
CHOICE {symmetric
|
||
[3] -- OPERATIONAL-BINDING.&both.&EstablishParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleA-replies
|
||
[4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleB-replies
|
||
[5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
|
||
-- COMPONENTS OF CommonResultsSeq}}
|
||
securityParameters [30] SecurityParameters OPTIONAL,
|
||
performer [29] DistinguishedName OPTIONAL,
|
||
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
|
||
notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL}
|
||
|
||
|
||
--modifyOperationalBinding OPERATION ::= {
|
||
-- ARGUMENT ModifyOperationalBindingArgument
|
||
-- RESULT ModifyOperationalBindingResult
|
||
-- ERRORS {operationalBindingError | securityError}
|
||
-- CODE id-op-modifyOperationalBinding
|
||
--}
|
||
|
||
ModifyOperationalBindingArgumentData ::=
|
||
-- OPTIONALLY-PROTECTED-SEQ
|
||
-- {--SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
|
||
bindingID [1] OperationalBindingID,
|
||
accessPoint [2] AccessPoint OPTIONAL,
|
||
-- symmetric, Role A initiates, or Role B initiates
|
||
initiator
|
||
CHOICE {symmetric
|
||
[3] -- OPERATIONAL-BINDING.&both.&ModifyParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleA-initiates
|
||
[4] -- OPERATIONAL-BINDING.&roleA.&ModifyParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleB-initiates
|
||
[5] -- OPERATIONAL-BINDING.&roleB.&ModifyParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
|
||
newBindingID [6] OperationalBindingID,
|
||
newAgreement
|
||
[7] -- OPERATIONAL-BINDING.&Agreement
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY OPTIONAL,
|
||
valid [8] Validity OPTIONAL,
|
||
securityParameters [9] SecurityParameters OPTIONAL} -- }
|
||
|
||
|
||
ModifyOperationalBindingArgument ::= CHOICE {
|
||
unsignedModifyOperationalBindingArgument ModifyOperationalBindingArgumentData,
|
||
signedModifyOperationalBindingArgument SEQUENCE {
|
||
modifyOperationalBindingArgument ModifyOperationalBindingArgumentData,
|
||
algorithmIdentifier AlgorithmIdentifier,
|
||
encrypted BIT STRING
|
||
}
|
||
}
|
||
|
||
ModifyOperationalBindingResult ::= CHOICE {
|
||
null [0] NULL,
|
||
protected [1] SEQUENCE {
|
||
modifyOperationalBindingResultData ModifyOperationalBindingResultData,
|
||
algorithmIdentifier AlgorithmIdentifier,
|
||
encrypted BIT STRING
|
||
}
|
||
}
|
||
|
||
ModifyOperationalBindingResultData ::= SEQUENCE {
|
||
newBindingID OperationalBindingID,
|
||
bindingType
|
||
-- OPERATIONAL-BINDING.&id
|
||
-- ({OpBindingSet}) -- OBJECT IDENTIFIER,
|
||
newAgreement
|
||
-- OPERATIONAL-BINDING.&Agreement
|
||
-- ({OpBindingSet}{@.bindingType}) -- ANY,
|
||
valid Validity OPTIONAL,
|
||
--COMPONENTS OF CommonResultsSeq
|
||
securityParameters [30] SecurityParameters OPTIONAL,
|
||
performer [29] DistinguishedName OPTIONAL,
|
||
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
|
||
notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
|
||
-- }}
|
||
}
|
||
|
||
--terminateOperationalBinding OPERATION ::= {
|
||
-- ARGUMENT TerminateOperationalBindingArgument
|
||
-- RESULT TerminateOperationalBindingResult
|
||
-- ERRORS {operationalBindingError | securityError}
|
||
-- CODE id-op-terminateOperationalBinding
|
||
--}
|
||
|
||
TerminateOperationalBindingArgumentData ::=
|
||
-- OPTIONALLY-PROTECTED-SEQ
|
||
-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
|
||
bindingID [1] OperationalBindingID,
|
||
-- symmetric, Role A initiates, or Role B initiates
|
||
initiator
|
||
CHOICE {symmetric
|
||
[2] -- OPERATIONAL-BINDING.&both.&TerminateParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleA-initiates
|
||
[3] -- OPERATIONAL-BINDING.&roleA.&TerminateParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY,
|
||
roleB-initiates
|
||
[4] -- OPERATIONAL-BINDING.&roleB.&TerminateParam
|
||
-- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
|
||
terminateAt [5] Time OPTIONAL,
|
||
securityParameters [6] SecurityParameters OPTIONAL} --}
|
||
|
||
|
||
TerminateOperationalBindingArgument ::= CHOICE {
|
||
unsignedTerminateOperationalBindingArgument TerminateOperationalBindingArgumentData,
|
||
signedTerminateOperationalBindingArgument SEQUENCE {
|
||
terminateOperationalBindingArgument TerminateOperationalBindingArgumentData,
|
||
algorithmIdentifier AlgorithmIdentifier,
|
||
encrypted BIT STRING
|
||
}
|
||
}
|
||
|
||
TerminateOperationalBindingResult ::= CHOICE {
|
||
null [0] NULL,
|
||
protected [1] SEQUENCE {
|
||
terminateOperationalBindingResultData TerminateOperationalBindingResultData,
|
||
algorithmIdentifier AlgorithmIdentifier,
|
||
encrypted BIT STRING
|
||
}
|
||
}
|
||
|
||
TerminateOperationalBindingResultData ::= SEQUENCE {
|
||
bindingID OperationalBindingID,
|
||
bindingType
|
||
-- OPERATIONAL-BINDING.&id
|
||
-- ({OpBindingSet}) -- OBJECT IDENTIFIER,
|
||
terminateAt GeneralizedTime OPTIONAL,
|
||
--COMPONENTS OF CommonResultsSeq
|
||
securityParameters [30] SecurityParameters OPTIONAL,
|
||
performer [29] DistinguishedName OPTIONAL,
|
||
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
|
||
notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
|
||
-- }}
|
||
}
|
||
|
||
-- errors and parameters
|
||
--operationalBindingError ERROR ::= {
|
||
-- PARAMETER OPTIONALLY-PROTECTED-SEQ {OpBindingErrorParam}
|
||
-- CODE id-err-operationalBindingError
|
||
--}
|
||
|
||
OpBindingErrorParam ::= SEQUENCE {
|
||
problem
|
||
[0] ENUMERATED {invalidID(0), duplicateID(1), unsupportedBindingType(2),
|
||
notAllowedForRole(3), parametersMissing(4),
|
||
roleAssignment(5), invalidStartTime(6), invalidEndTime(7),
|
||
invalidAgreement(8), currentlyNotDecidable(9),
|
||
modificationNotAllowed(10)},
|
||
bindingType [1] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER OPTIONAL,
|
||
agreementProposal
|
||
[2] -- OPERATIONAL-BINDING.&Agreement({OpBindingSet}{@bindingType})-- ANY OPTIONAL,
|
||
retryAt [3] Time OPTIONAL,
|
||
-- COMPONENTS OF CommonResultsSeq
|
||
securityParameters [30] SecurityParameters OPTIONAL,
|
||
performer [29] DistinguishedName OPTIONAL,
|
||
aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
|
||
notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
|
||
|
||
}
|
||
|
||
-- information object classes
|
||
--OPERATIONAL-BINDING ::= CLASS {
|
||
-- &Agreement ,
|
||
-- &Cooperation OP-BINDING-COOP,
|
||
-- &both OP-BIND-ROLE OPTIONAL,
|
||
-- &roleA OP-BIND-ROLE OPTIONAL,
|
||
-- &roleB OP-BIND-ROLE OPTIONAL,
|
||
-- &id OBJECT IDENTIFIER UNIQUE
|
||
--}
|
||
--WITH SYNTAX {
|
||
-- AGREEMENT &Agreement
|
||
-- APPLICATION CONTEXTS &Cooperation
|
||
-- [SYMMETRIC &both]
|
||
-- [ASYMMETRIC
|
||
-- [ROLE-A &roleA]
|
||
-- [ROLE-B &roleB]]
|
||
-- ID &id
|
||
--}
|
||
|
||
--OP-BINDING-COOP ::= CLASS {
|
||
-- &applContext APPLICATION-CONTEXT,
|
||
-- &Operations OPERATION OPTIONAL
|
||
--}WITH SYNTAX {&applContext
|
||
-- [APPLIES TO &Operations]
|
||
--}
|
||
|
||
--OP-BIND-ROLE ::= CLASS {
|
||
-- &establish BOOLEAN DEFAULT FALSE,
|
||
-- &EstablishParam OPTIONAL,
|
||
-- &modify BOOLEAN DEFAULT FALSE,
|
||
-- &ModifyParam OPTIONAL,
|
||
-- &terminate BOOLEAN DEFAULT FALSE,
|
||
-- &TerminateParam OPTIONAL
|
||
--}
|
||
--WITH SYNTAX {
|
||
-- [ESTABLISHMENT-INITIATOR &establish]
|
||
-- [ESTABLISHMENT-PARAMETER &EstablishParam]
|
||
-- [MODIFICATION-INITIATOR &modify]
|
||
-- [MODIFICATION-PARAMETER &ModifyParam]
|
||
-- [TERMINATION-INITIATOR &terminate]
|
||
-- [TERMINATION-PARAMETER &TerminateParam]
|
||
--}
|
||
|
||
--OpBindingSet OPERATIONAL-BINDING ::=
|
||
-- {shadowOperationalBinding | hierarchicalOperationalBinding |
|
||
-- nonSpecificHierarchicalOperationalBinding}
|
||
|
||
--END - - OperationalBindingManagement
|
||
|
||
-- Module HierarchicalOperationalBindings (X.518:08/2005)
|
||
--HierarchicalOperationalBindings {joint-iso-itu-t ds(5) module(1)
|
||
-- hierarchicalOperationalBindings(20) 5} DEFINITIONS ::=
|
||
--BEGIN
|
||
|
||
-- EXPORTS All
|
||
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
|
||
-- within the Directory Specifications, and for the use of other applications which will use them to access
|
||
-- Directory services. Other applications may use them for their own purposes, but this will not constrain
|
||
-- extensions and modifications needed to maintain or improve the Directory service.
|
||
--IMPORTS
|
||
-- from ITU-T Rec. X.501 | ISO/IEC 9594-2
|
||
-- directoryOperationalBindingTypes, directoryOSIProtocols,
|
||
-- distributedOperations, informationFramework, opBindingManagement
|
||
-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
|
||
-- usefulDefinitions(0) 5}
|
||
-- Attribute, DistinguishedName, RelativeDistinguishedName
|
||
-- FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
|
||
-- informationFramework(1) 5}
|
||
-- OPERATIONAL-BINDING
|
||
-- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
|
||
-- opBindingManagement(18) 5}
|
||
-- from ITU-T Rec. X.518 | ISO/IEC 9594-4
|
||
-- MasterAndShadowAccessPoints
|
||
-- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
|
||
-- distributedOperations(3) 5}
|
||
-- from ITU-T Rec. X.519 | ISO/IEC 9594-5
|
||
-- directorySystemAC
|
||
-- FROM DirectoryOSIProtocols {joint-iso-itu-t ds(5) module(1)
|
||
-- directoryOSIProtocols(37) 5}
|
||
-- id-op-binding-hierarchical, id-op-binding-non-specific-hierarchical
|
||
-- FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1)
|
||
-- directoryOperationalBindingTypes(25) 5};
|
||
|
||
-- types
|
||
HierarchicalAgreement ::= SEQUENCE {
|
||
rdn [0] RelativeDistinguishedName,
|
||
immediateSuperior [1] DistinguishedName
|
||
}
|
||
|
||
SuperiorToSubordinate ::= SEQUENCE {
|
||
contextPrefixInfo [0] DITcontext,
|
||
entryInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
|
||
immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
|
||
}
|
||
|
||
DITcontext ::= SEQUENCE OF Vertex
|
||
|
||
Vertex ::= SEQUENCE {
|
||
rdn [0] RelativeDistinguishedName,
|
||
admPointInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
|
||
subentries [2] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL,
|
||
accessPoints [3] MasterAndShadowAccessPoints OPTIONAL
|
||
}
|
||
|
||
SubentryInfo ::= SEQUENCE {
|
||
rdn [0] RelativeDistinguishedName,
|
||
info [1] SET OF Attribute
|
||
}
|
||
|
||
SubordinateToSuperior ::= SEQUENCE {
|
||
accessPoints [0] MasterAndShadowAccessPoints OPTIONAL,
|
||
alias [1] BOOLEAN DEFAULT FALSE,
|
||
entryInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
|
||
subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
|
||
}
|
||
|
||
SuperiorToSubordinateModification ::=
|
||
-- SuperiorToSubordinate(WITH COMPONENTS {
|
||
-- ...,
|
||
-- entryInfo ABSENT
|
||
-- })
|
||
SEQUENCE {
|
||
contextPrefixInfo [0] DITcontext,
|
||
immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
|
||
}
|
||
|
||
NonSpecificHierarchicalAgreement ::= SEQUENCE {
|
||
immediateSuperior [1] DistinguishedName
|
||
}
|
||
|
||
NHOBSuperiorToSubordinate ::=
|
||
-- SuperiorToSubordinate(WITH COMPONENTS {
|
||
-- ...,
|
||
-- entryInfo ABSENT
|
||
-- })
|
||
SEQUENCE {
|
||
contextPrefixInfo [0] DITcontext,
|
||
immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
|
||
}
|
||
|
||
NHOBSubordinateToSuperior ::= SEQUENCE {
|
||
accessPoints [0] MasterAndShadowAccessPoints OPTIONAL,
|
||
subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
|
||
}
|
||
|
||
-- operational binding information objects
|
||
--hierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
|
||
-- AGREEMENT HierarchicalAgreement
|
||
-- APPLICATION CONTEXTS {{directorySystemAC}}
|
||
-- ASYMMETRIC ROLE-A - - superior DSA - -
|
||
-- {ESTABLISHMENT-INITIATOR TRUE
|
||
-- ESTABLISHMENT-PARAMETER SuperiorToSubordinate
|
||
-- MODIFICATION-INITIATOR TRUE
|
||
-- MODIFICATION-PARAMETER SuperiorToSubordinateModification
|
||
-- TERMINATION-INITIATOR TRUE}
|
||
-- ROLE-B - - subordinate DSA - -
|
||
-- {ESTABLISHMENT-INITIATOR TRUE
|
||
-- ESTABLISHMENT-PARAMETER SubordinateToSuperior
|
||
-- MODIFICATION-INITIATOR TRUE
|
||
-- MODIFICATION-PARAMETER SubordinateToSuperior
|
||
-- TERMINATION-INITIATOR TRUE}
|
||
-- ID id-op-binding-hierarchical
|
||
--}
|
||
|
||
--nonSpecificHierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
|
||
-- AGREEMENT NonSpecificHierarchicalAgreement
|
||
-- APPLICATION CONTEXTS {{directorySystemAC}}
|
||
-- ASYMMETRIC ROLE-A - - superior DSA - -
|
||
-- {ESTABLISHMENT-PARAMETER NHOBSuperiorToSubordinate
|
||
-- MODIFICATION-INITIATOR TRUE
|
||
-- MODIFICATION-PARAMETER NHOBSuperiorToSubordinate
|
||
-- TERMINATION-INITIATOR TRUE}
|
||
-- ROLE-B - - subordinate DSA - -
|
||
-- {ESTABLISHMENT-INITIATOR TRUE
|
||
-- ESTABLISHMENT-PARAMETER NHOBSubordinateToSuperior
|
||
-- MODIFICATION-INITIATOR TRUE
|
||
-- MODIFICATION-PARAMETER NHOBSubordinateToSuperior
|
||
-- TERMINATION-INITIATOR TRUE}
|
||
-- ID id-op-binding-non-specific-hierarchical
|
||
--}
|
||
|
||
--END - - HierarchicalOperationalBindings
|
||
|
||
-- Module BasicAccessControl (X.501:02/2001)
|
||
--BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4}
|
||
--DEFINITIONS ::=
|
||
--BEGIN
|
||
|
||
-- EXPORTS All
|
||
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
|
||
-- within the Directory Specifications, and for the use of other applications which will use them to access
|
||
-- Directory services. Other applications may use them for their own purposes, but this will not constrain
|
||
-- extensions and modifications needed to maintain or improve the Directory service.
|
||
--IMPORTS
|
||
-- from ITU-T Rec. X.501 | ISO/IEC 9594-2
|
||
-- directoryAbstractService, id-aca, id-acScheme, informationFramework,
|
||
-- selectedAttributeTypes, upperBounds
|
||
-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
|
||
-- usefulDefinitions(0) 4}
|
||
-- ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE,
|
||
-- objectIdentifierMatch, Refinement, SubtreeSpecification,
|
||
-- SupportedAttributes
|
||
-- FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
|
||
-- informationFramework(1) 4}
|
||
-- from ITU-T Rec. X.511 | ISO/IEC 9594-3
|
||
-- Filter
|
||
-- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
|
||
-- directoryAbstractService(2) 4}
|
||
-- from ITU-T Rec. X.520 | ISO/IEC 9594-6
|
||
-- DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID,
|
||
-- UniqueIdentifier
|
||
-- FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
|
||
-- selectedAttributeTypes(5) 4}
|
||
-- ub-tag
|
||
-- FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4};
|
||
|
||
-- types
|
||
ACIItem ::= SEQUENCE {
|
||
identificationTag DirectoryString --{ub-tag}--,
|
||
precedence Precedence,
|
||
authenticationLevel AuthenticationLevel,
|
||
itemOrUserFirst
|
||
CHOICE {itemFirst
|
||
[0] SEQUENCE {protectedItems ProtectedItems,
|
||
itemPermissions SET OF ItemPermission},
|
||
userFirst
|
||
[1] SEQUENCE {userClasses UserClasses,
|
||
userPermissions SET OF UserPermission}}
|
||
}
|
||
|
||
Precedence ::= INTEGER --(0..255)--
|
||
|
||
ProtectedItems ::= SEQUENCE {
|
||
entry [0] NULL OPTIONAL,
|
||
allUserAttributeTypes [1] NULL OPTIONAL,
|
||
attributeType
|
||
[2] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
|
||
allAttributeValues
|
||
[3] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
|
||
allUserAttributeTypesAndValues [4] NULL OPTIONAL,
|
||
attributeValue
|
||
[5] SET --SIZE (1..MAX)-- OF AttributeTypeAndValue OPTIONAL,
|
||
selfValue
|
||
[6] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
|
||
rangeOfValues [7] Filter OPTIONAL,
|
||
maxValueCount
|
||
[8] SET --SIZE (1..MAX)-- OF MaxValueCount OPTIONAL,
|
||
maxImmSub [9] INTEGER OPTIONAL,
|
||
restrictedBy
|
||
[10] SET --SIZE (1..MAX)-- OF RestrictedValue OPTIONAL,
|
||
contexts
|
||
[11] SET --SIZE (1..MAX)-- OF ContextAssertion OPTIONAL,
|
||
classes [12] Refinement OPTIONAL
|
||
}
|
||
|
||
MaxValueCount ::= SEQUENCE {type AttributeType,
|
||
maxCount INTEGER
|
||
}
|
||
|
||
RestrictedValue ::= SEQUENCE {type AttributeType,
|
||
valuesIn AttributeType
|
||
}
|
||
|
||
UserClasses ::= SEQUENCE {
|
||
allUsers [0] NULL OPTIONAL,
|
||
thisEntry [1] NULL OPTIONAL,
|
||
name [2] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
|
||
userGroup [3] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
|
||
-- dn component shall be the name of an
|
||
-- entry of GroupOfUniqueNames
|
||
subtree [4] SET --SIZE (1..MAX)-- OF SubtreeSpecification OPTIONAL
|
||
}
|
||
|
||
ItemPermission ::= SEQUENCE {
|
||
precedence Precedence OPTIONAL,
|
||
-- defaults to precedence in ACIItem
|
||
userClasses UserClasses,
|
||
grantsAndDenials GrantsAndDenials
|
||
}
|
||
|
||
UserPermission ::= SEQUENCE {
|
||
precedence Precedence OPTIONAL,
|
||
-- defaults to precedence in ACIItem
|
||
protectedItems ProtectedItems,
|
||
grantsAndDenials GrantsAndDenials
|
||
}
|
||
|
||
AuthenticationLevel ::= CHOICE {
|
||
basicLevels
|
||
SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)},
|
||
localQualifier INTEGER OPTIONAL,
|
||
signed BOOLEAN DEFAULT FALSE},
|
||
other EXTERNAL
|
||
}
|
||
|
||
GrantsAndDenials ::= BIT STRING {
|
||
-- permissions that may be used in conjunction
|
||
-- with any component of ProtectedItems
|
||
grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
|
||
grantRead(4), denyRead(5), grantRemove(6),
|
||
denyRemove(7),
|
||
-- permissions that may be used only in conjunction
|
||
-- with the entry component
|
||
grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
|
||
grantImport(12), denyImport(13), grantModify(14), denyModify(15),
|
||
grantRename(16), denyRename(17), grantReturnDN(18),
|
||
denyReturnDN(19),
|
||
-- permissions that may be used in conjunction
|
||
-- with any component, except entry, of ProtectedItems
|
||
grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
|
||
grantInvoke(24), denyInvoke(25)}
|
||
|
||
--AttributeTypeAndValue ::= SEQUENCE {
|
||
-- type ATTRIBUTE.&id({SupportedAttributes}),
|
||
-- value ATTRIBUTE.&Type({SupportedAttributes}{@type})
|
||
--}
|
||
|
||
-- attributes
|
||
--accessControlScheme ATTRIBUTE ::= {
|
||
-- WITH SYNTAX OBJECT IDENTIFIER
|
||
-- EQUALITY MATCHING RULE objectIdentifierMatch
|
||
-- SINGLE VALUE TRUE
|
||
-- USAGE directoryOperation
|
||
-- ID id-aca-accessControlScheme
|
||
--}
|
||
|
||
--prescriptiveACI ATTRIBUTE ::= {
|
||
-- WITH SYNTAX ACIItem
|
||
-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
|
||
-- USAGE directoryOperation
|
||
-- ID id-aca-prescriptiveACI
|
||
--}
|
||
|
||
--entryACI ATTRIBUTE ::= {
|
||
-- WITH SYNTAX ACIItem
|
||
-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
|
||
-- USAGE directoryOperation
|
||
-- ID id-aca-entryACI
|
||
--}
|
||
|
||
--subentryACI ATTRIBUTE ::= {
|
||
-- WITH SYNTAX ACIItem
|
||
-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
|
||
-- USAGE directoryOperation
|
||
-- ID id-aca-subentryACI
|
||
--}
|
||
|
||
-- object identifier assignments
|
||
-- attributes
|
||
--id-aca-accessControlScheme OBJECT IDENTIFIER ::=
|
||
-- {id-aca 1}
|
||
|
||
--id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}
|
||
|
||
--id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}
|
||
|
||
--id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}
|
||
|
||
-- access control schemes -
|
||
--basicAccessControlScheme OBJECT IDENTIFIER ::=
|
||
-- {id-acScheme 1}
|
||
|
||
--simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}
|
||
|
||
--rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}
|
||
|
||
--rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}
|
||
|
||
--rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}
|
||
|
||
END -- BasicAccessControl
|
||
|
||
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
|
||
|
||
|
||
|
||
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
|
||
|