1-- Module InformationFramework (X.501:08/1997) 2InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 3 3} DEFINITIONS ::= 4BEGIN 5 6-- EXPORTS All - 7-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 8-- within the Directory Specifications, and for the use of other applications which will use them to access 9-- Directory services. Other applications may use them for their own purposes, but this will not constrain 10-- extensions and modifications needed to maintain or improve the Directory service. 11IMPORTS 12 id-oc, id-at, id-mr, id-oa, id-sc, id-ar, id-nf, selectedAttributeTypes, 13 directoryAbstractService, upperBounds 14 FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) 15 usefulDefinitions(0) 3} 16 commonName, generalizedTimeMatch, generalizedTimeOrderingMatch, booleanMatch, 17 integerMatch, integerOrderingMatch, objectIdentifierFirstComponentMatch, 18 integerFirstComponentMatch, DirectoryString{} 19 FROM SelectedAttributeTypes selectedAttributeTypes 20-- TypeAndContextAssertion, ServiceControlOptions, SearchControlOptions, 21-- HierarchySelections, FamilyGrouping, FamilyReturn 22-- FROM DirectoryAbstractService directoryAbstractService 23 ub-search 24 FROM UpperBounds upperBounds; 25 26-- attribute data types 27Attribute ::= SEQUENCE { 28 type ATTRIBUTE.&id({SupportedAttributes}), 29 values 30 SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}), 31 valuesWithContext 32 SET SIZE (1..MAX) OF 33 SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}), 34 contextList SET SIZE (1..MAX) OF Context} OPTIONAL 35} 36 37AttributeType ::= ATTRIBUTE.&id 38 39AttributeValue ::= ATTRIBUTE.&Type 40 41Context ::= SEQUENCE { 42 contextType CONTEXT.&id({SupportedContexts}), 43 contextValues 44 SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}), 45 fallback BOOLEAN DEFAULT FALSE 46} 47 48AttributeValueAssertion ::= SEQUENCE { 49 type ATTRIBUTE.&id({SupportedAttributes}), 50 assertion 51 ATTRIBUTE.&equality-match.&AssertionType({SupportedAttributes}{@type}), 52 assertedContexts 53 CHOICE {allContexts [0] NULL, 54 selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion 55 } OPTIONAL 56} 57 58ContextAssertion ::= SEQUENCE { 59 contextType CONTEXT.&id({SupportedContexts}), 60 contextValues 61 SET SIZE (1..MAX) OF CONTEXT.&Assertion({SupportedContexts}{@contextType}) 62} 63 64AttributeTypeAssertion ::= SEQUENCE { 65 type ATTRIBUTE.&id({SupportedAttributes}), 66 assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL 67} 68 69-- Definition of the following information object set is deferred, perhaps to standardized 70-- profiles or to protocol implementation conformance statements. The set is required to 71-- specify a table constraint on the values component of Attribute, the value component 72-- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion. 73SupportedAttributes ATTRIBUTE ::= 74 {objectClass | aliasedEntryName, ...} 75 76-- Definition of the following information object set is deferred, perhaps to standardized 77-- profiles or to protocol implementation conformance statements. The set is required to 78-- specify a table constraint on the context specifications 79SupportedContexts CONTEXT ::= 80 {...} 81 82-- naming data types 83Name ::= CHOICE { -- only one possibility for now --rdnSequence RDNSequence 84} 85 86RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 87 88DistinguishedName ::= RDNSequence 89 90RelativeDistinguishedName ::= 91 SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue 92 93AttributeTypeAndDistinguishedValue ::= SEQUENCE { 94 type ATTRIBUTE.&id({SupportedAttributes}), 95 value ATTRIBUTE.&Type({SupportedAttributes}{@type}), 96 primaryDistinguished BOOLEAN DEFAULT TRUE, 97 valuesWithContext 98 SET SIZE (1..MAX) OF 99 SEQUENCE {distingAttrValue 100 [0] ATTRIBUTE.&Type({SupportedAttributes}{@type}) OPTIONAL, 101 contextList SET SIZE (1..MAX) OF Context} OPTIONAL 102} 103 104-- subtree data types 105SubtreeSpecification ::= SEQUENCE { 106 base [0] LocalName DEFAULT {}, 107 COMPONENTS OF ChopSpecification, 108 specificationFilter [4] Refinement OPTIONAL 109} 110 111-- empty sequence specifies whole administrative area 112LocalName ::= RDNSequence 113 114ChopSpecification ::= SEQUENCE { 115 specificExclusions 116 [1] SET SIZE (1..MAX) OF 117 CHOICE {chopBefore [0] LocalName, 118 chopAfter [1] LocalName} OPTIONAL, 119 minimum [2] BaseDistance DEFAULT 0, 120 maximum [3] BaseDistance OPTIONAL 121} 122 123BaseDistance ::= INTEGER(0..MAX) 124 125Refinement ::= CHOICE { 126 item [0] OBJECT-CLASS.&id, 127 and [1] SET OF Refinement, 128 or [2] SET OF Refinement, 129 not [3] Refinement 130} 131 132-- OBJECT-CLASS information object class specification 133OBJECT-CLASS ::= CLASS { 134 &Superclasses OBJECT-CLASS OPTIONAL, 135 &kind ObjectClassKind DEFAULT structural, 136 &MandatoryAttributes ATTRIBUTE OPTIONAL, 137 &OptionalAttributes ATTRIBUTE OPTIONAL, 138 &id OBJECT IDENTIFIER UNIQUE 139} 140WITH SYNTAX { 141 [SUBCLASS OF &Superclasses] 142 [KIND &kind] 143 [MUST CONTAIN &MandatoryAttributes] 144 [MAY CONTAIN &OptionalAttributes] 145 ID &id 146} 147 148ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)} 149 150-- object classes 151top OBJECT-CLASS ::= { 152 KIND abstract 153 MUST CONTAIN {objectClass} 154 ID id-oc-top 155} 156 157alias OBJECT-CLASS ::= { 158 SUBCLASS OF {top} 159 MUST CONTAIN {aliasedEntryName} 160 ID id-oc-alias 161} 162 163parent OBJECT-CLASS ::= {KIND abstract 164 ID id-oc-parent 165} 166 167child OBJECT-CLASS ::= {KIND auxiliary 168 ID id-oc-child 169} 170 171-- ATTRIBUTE information object class specification 172ATTRIBUTE ::= CLASS { 173 &derivation ATTRIBUTE OPTIONAL, 174 &Type OPTIONAL, -- either &Type or &derivation required 175 &equality-match MATCHING-RULE OPTIONAL, 176 &ordering-match MATCHING-RULE OPTIONAL, 177 &substrings-match MATCHING-RULE OPTIONAL, 178 &single-valued BOOLEAN DEFAULT FALSE, 179 &collective BOOLEAN DEFAULT FALSE, 180 -- operational extensions 181 &no-user-modification BOOLEAN DEFAULT FALSE, 182 &usage AttributeUsage DEFAULT userApplications, 183 &id OBJECT IDENTIFIER UNIQUE 184} 185WITH SYNTAX { 186 [SUBTYPE OF &derivation] 187 [WITH SYNTAX &Type] 188 [EQUALITY MATCHING RULE &equality-match] 189 [ORDERING MATCHING RULE &ordering-match] 190 [SUBSTRINGS MATCHING RULE &substrings-match] 191 [SINGLE VALUE &single-valued] 192 [COLLECTIVE &collective] 193 [NO USER MODIFICATION &no-user-modification] 194 [USAGE &usage] 195 ID &id 196} 197 198AttributeUsage ::= ENUMERATED { 199 userApplications(0), directoryOperation(1), distributedOperation(2), 200 dSAOperation(3)} 201 202-- attributes 203objectClass ATTRIBUTE ::= { 204 WITH SYNTAX OBJECT IDENTIFIER 205 EQUALITY MATCHING RULE objectIdentifierMatch 206 ID id-at-objectClass 207} 208 209aliasedEntryName ATTRIBUTE ::= { 210 WITH SYNTAX DistinguishedName 211 EQUALITY MATCHING RULE distinguishedNameMatch 212 SINGLE VALUE TRUE 213 ID id-at-aliasedEntryName 214} 215 216-- MATCHING-RULE information object class specification 217MATCHING-RULE ::= CLASS { 218 &ParentMatchingRules MATCHING-RULE.&id OPTIONAL, 219 &AssertionType OPTIONAL, 220 &uniqueMatchIndicator ATTRIBUTE.&id OPTIONAL, 221 &id OBJECT IDENTIFIER UNIQUE 222} 223WITH SYNTAX { 224 [PARENT &ParentMatchingRules] 225 [SYNTAX &AssertionType] 226 [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator] 227 ID &id 228} 229 230-- matching rules 231objectIdentifierMatch MATCHING-RULE ::= { 232 SYNTAX OBJECT IDENTIFIER 233 ID id-mr-objectIdentifierMatch 234} 235 236distinguishedNameMatch MATCHING-RULE ::= { 237 SYNTAX DistinguishedName 238 ID id-mr-distinguishedNameMatch 239} 240 241MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult, 242 OBJECT IDENTIFIER:matchingRule} ::= CLASS { 243 &selectBy SelectedBy OPTIONAL, 244 &ApplicableTo ATTRIBUTE, 245 &subtypesIncluded BOOLEAN DEFAULT TRUE, 246 &combinable BOOLEAN(combinable), 247 &mappingResults MappingResult OPTIONAL, 248 &userControl BOOLEAN DEFAULT FALSE, 249 &exclusive BOOLEAN DEFAULT TRUE, 250 &matching-rule MATCHING-RULE.&id(matchingRule), 251 &id OBJECT IDENTIFIER UNIQUE 252} 253WITH SYNTAX { 254 [SELECT BY &selectBy] 255 APPLICABLE TO &ApplicableTo 256 [SUBTYPES INCLUDED &subtypesIncluded] 257 COMBINABLE &combinable 258 [MAPPING RESULTS &mappingResults] 259 [USER CONTROL &userControl] 260 [EXCLUSIVE &exclusive] 261 MATCHING RULE &matching-rule 262 ID &id 263} 264 265-- NAME-FORM information object class specification 266NAME-FORM ::= CLASS { 267 &namedObjectClass OBJECT-CLASS, 268 &MandatoryAttributes ATTRIBUTE, 269 &OptionalAttributes ATTRIBUTE OPTIONAL, 270 &id OBJECT IDENTIFIER UNIQUE 271} 272WITH SYNTAX { 273 NAMES &namedObjectClass 274 WITH ATTRIBUTES &MandatoryAttributes 275 [AND OPTIONALLY &OptionalAttributes] 276 ID &id 277} 278 279-- STRUCTURE-RULE class and DIT structure rule data types 280STRUCTURE-RULE ::= CLASS { 281 &nameForm NAME-FORM, 282 &SuperiorStructureRules STRUCTURE-RULE OPTIONAL, 283 &id RuleIdentifier 284} 285WITH SYNTAX { 286 NAME FORM &nameForm 287 [SUPERIOR RULES &SuperiorStructureRules] 288 ID &id 289} 290 291DITStructureRule ::= SEQUENCE { 292 ruleIdentifier RuleIdentifier, 293 -- must be unique within the scope of the subschema 294 nameForm NAME-FORM.&id, 295 superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL 296} 297 298RuleIdentifier ::= INTEGER 299 300-- CONTENT-RULE class and DIT content rule data types 301CONTENT-RULE ::= CLASS { 302 &structuralClass OBJECT-CLASS.&id UNIQUE, 303 &Auxiliaries OBJECT-CLASS OPTIONAL, 304 &Mandatory ATTRIBUTE OPTIONAL, 305 &Optional ATTRIBUTE OPTIONAL, 306 &Precluded ATTRIBUTE OPTIONAL 307} 308WITH SYNTAX { 309 STRUCTURAL OBJECT-CLASS &structuralClass 310 [AUXILIARY OBJECT-CLASSES &Auxiliaries] 311 [MUST CONTAIN &Mandatory] 312 [MAY CONTAIN &Optional] 313 [MUST-NOT CONTAIN &Precluded] 314} 315 316DITContentRule ::= SEQUENCE { 317 structuralObjectClass OBJECT-CLASS.&id, 318 auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL, 319 mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, 320 optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, 321 precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL 322} 323 324CONTEXT ::= CLASS { 325 &Type , 326 &Assertion OPTIONAL, 327 &id OBJECT IDENTIFIER UNIQUE 328}WITH SYNTAX {WITH SYNTAX &Type 329 [ASSERTED AS &Assertion] 330 ID &id 331} 332 333DITContextUse ::= SEQUENCE { 334 attributeType ATTRIBUTE.&id, 335 mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL, 336 optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL 337} 338 339DIT-CONTEXT-USE-RULE ::= CLASS { 340 &attributeType ATTRIBUTE.&id UNIQUE, 341 &Mandatory CONTEXT OPTIONAL, 342 &Optional CONTEXT OPTIONAL 343} 344WITH SYNTAX { 345 ATTRIBUTE TYPE &attributeType 346 [MANDATORY CONTEXTS &Mandatory] 347 [OPTIONAL CONTEXTS &Optional] 348} 349 350-- system schema information objects 351-- object classes 352subentry OBJECT-CLASS ::= { 353 SUBCLASS OF {top} 354 KIND structural 355 MUST CONTAIN {commonName | subtreeSpecification} 356 ID id-sc-subentry 357} 358 359subentryNameForm NAME-FORM ::= { 360 NAMES subentry 361 WITH ATTRIBUTES {commonName} 362 ID id-nf-subentryNameForm 363} 364 365accessControlSubentry OBJECT-CLASS ::= { 366 KIND auxiliary 367 ID id-sc-accessControlSubentry 368} 369 370collectiveAttributeSubentry OBJECT-CLASS ::= { 371 KIND auxiliary 372 ID id-sc-collectiveAttributeSubentry 373} 374 375--contextAssertionSubentry OBJECT-CLASS ::= { 376-- KIND auxiliary 377-- MUST CONTAIN {contextAssertionDefaults} 378-- ID id-sc-contextAssertionSubentry 379--} 380 381-- serviceAdminSubentry OBJECT-CLASS ::= { 382-- KIND auxiliary 383-- MUST CONTAIN {searchRules} 384-- ID id-sc-serviceAdminSubentry 385-- } 386 387-- attributes 388createTimestamp ATTRIBUTE ::= { 389 WITH SYNTAX GeneralizedTime 390 -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 391 EQUALITY MATCHING RULE generalizedTimeMatch 392 ORDERING MATCHING RULE generalizedTimeOrderingMatch 393 SINGLE VALUE TRUE 394 NO USER MODIFICATION TRUE 395 USAGE directoryOperation 396 ID id-oa-createTimestamp 397} 398 399modifyTimestamp ATTRIBUTE ::= { 400 WITH SYNTAX GeneralizedTime 401 -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 402 EQUALITY MATCHING RULE generalizedTimeMatch 403 ORDERING MATCHING RULE generalizedTimeOrderingMatch 404 SINGLE VALUE TRUE 405 NO USER MODIFICATION TRUE 406 USAGE directoryOperation 407 ID id-oa-modifyTimestamp 408} 409 410subschemaTimestamp ATTRIBUTE ::= { 411 WITH SYNTAX GeneralizedTime 412 -- as per 41.3 b) or c) of ITU-T Rec.X. 680 | ISO/IEC 8824-1 413 EQUALITY MATCHING RULE generalizedTimeMatch 414 ORDERING MATCHING RULE generalizedTimeOrderingMatch 415 SINGLE VALUE TRUE 416 NO USER MODIFICATION TRUE 417 USAGE directoryOperation 418 ID id-oa-subschemaTimestamp 419} 420 421creatorsName ATTRIBUTE ::= { 422 WITH SYNTAX DistinguishedName 423 EQUALITY MATCHING RULE distinguishedNameMatch 424 SINGLE VALUE TRUE 425 NO USER MODIFICATION TRUE 426 USAGE directoryOperation 427 ID id-oa-creatorsName 428} 429 430modifiersName ATTRIBUTE ::= { 431 WITH SYNTAX DistinguishedName 432 EQUALITY MATCHING RULE distinguishedNameMatch 433 SINGLE VALUE TRUE 434 NO USER MODIFICATION TRUE 435 USAGE directoryOperation 436 ID id-oa-modifiersName 437} 438 439subschemaSubentryList ATTRIBUTE ::= { 440 WITH SYNTAX DistinguishedName 441 EQUALITY MATCHING RULE distinguishedNameMatch 442 SINGLE VALUE TRUE 443 NO USER MODIFICATION TRUE 444 USAGE directoryOperation 445 ID id-oa-subschemaSubentryList 446} 447 448accessControlSubentryList ATTRIBUTE ::= { 449 WITH SYNTAX DistinguishedName 450 EQUALITY MATCHING RULE distinguishedNameMatch 451 NO USER MODIFICATION TRUE 452 USAGE directoryOperation 453 ID id-oa-accessControlSubentryList 454} 455 456collectiveAttributeSubentryList ATTRIBUTE ::= { 457 WITH SYNTAX DistinguishedName 458 EQUALITY MATCHING RULE distinguishedNameMatch 459 NO USER MODIFICATION TRUE 460 USAGE directoryOperation 461 ID id-oa-collectiveAttributeSubentryList 462} 463 464contextDefaultSubentryList ATTRIBUTE ::= { 465 WITH SYNTAX DistinguishedName 466 EQUALITY MATCHING RULE distinguishedNameMatch 467 NO USER MODIFICATION TRUE 468 USAGE directoryOperation 469 ID id-oa-contextDefaultSubentryList 470} 471 472serviceAdminSubentryList ATTRIBUTE ::= { 473 WITH SYNTAX DistinguishedName 474 EQUALITY MATCHING RULE distinguishedNameMatch 475 NO USER MODIFICATION TRUE 476 USAGE directoryOperation 477 ID id-oa-serviceAdminSubentryList 478} 479 480hasSubordinates ATTRIBUTE ::= { 481 WITH SYNTAX BOOLEAN 482 EQUALITY MATCHING RULE booleanMatch 483 SINGLE VALUE TRUE 484 NO USER MODIFICATION TRUE 485 USAGE directoryOperation 486 ID id-oa-hasSubordinates 487} 488 489administrativeRole ATTRIBUTE ::= { 490 WITH SYNTAX OBJECT-CLASS.&id 491 EQUALITY MATCHING RULE objectIdentifierMatch 492 USAGE directoryOperation 493 ID id-oa-administrativeRole 494} 495 496subtreeSpecification ATTRIBUTE ::= { 497 WITH SYNTAX SubtreeSpecification 498 USAGE directoryOperation 499 ID id-oa-subtreeSpecification 500} 501 502collectiveExclusions ATTRIBUTE ::= { 503 WITH SYNTAX OBJECT IDENTIFIER 504 EQUALITY MATCHING RULE objectIdentifierMatch 505 USAGE directoryOperation 506 ID id-oa-collectiveExclusions 507} 508 509-- contextAssertionDefaults ATTRIBUTE ::= { 510-- WITH SYNTAX TypeAndContextAssertion 511-- EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch 512-- USAGE directoryOperation 513-- ID id-oa-contextAssertionDefault 514-- } 515 516-- searchRules ATTRIBUTE ::= { 517-- WITH SYNTAX SearchRuleDescription 518-- EQUALITY MATCHING RULE integerFirstComponentMatch 519-- USAGE directoryOperation 520-- ID id-oa-searchRules 521-- } 522 523-- SearchRuleDescription ::= SEQUENCE { 524-- COMPONENTS OF SearchRule, 525-- name [28] SET SIZE (1..MAX) OF DirectoryString{ub-search} OPTIONAL, 526-- description [29] DirectoryString{ub-search} OPTIONAL, 527-- obsolete [30] BOOLEAN DEFAULT FALSE 528-- } 529 530hierarchyLevel ATTRIBUTE ::= { 531 WITH SYNTAX INTEGER 532 EQUALITY MATCHING RULE integerMatch 533 ORDERING MATCHING RULE integerOrderingMatch 534 SINGLE VALUE TRUE 535 NO USER MODIFICATION TRUE 536 USAGE directoryOperation 537 ID id-oa-hierarchyLevel 538} 539 540hierarchyBelow ATTRIBUTE ::= { 541 WITH SYNTAX BOOLEAN 542 EQUALITY MATCHING RULE booleanMatch 543 SINGLE VALUE TRUE 544 NO USER MODIFICATION TRUE 545 USAGE directoryOperation 546 ID id-oa-hierarchyBelow 547} 548 549hierarchyParent ATTRIBUTE ::= { 550 WITH SYNTAX DistinguishedName 551 EQUALITY MATCHING RULE distinguishedNameMatch 552 SINGLE VALUE TRUE 553 USAGE directoryOperation 554 ID id-oa-hierarchyParent 555} 556 557-- SearchRule ::= SEQUENCE { 558-- COMPONENTS OF SearchRuleId, 559-- serviceType [1] OBJECT IDENTIFIER OPTIONAL, 560-- userClass [2] INTEGER OPTIONAL, 561-- inputAttributeTypes 562-- [3] SEQUENCE SIZE (1..MAX) OF RequestAttribute OPTIONAL, 563-- attributeCombination [4] AttributeCombination DEFAULT and:{}, 564-- outputAttributeTypes [5] SEQUENCE SIZE (1..MAX) OF ResultAttribute OPTIONAL, 565-- defaultControls [6] ControlOptions OPTIONAL, 566-- mandatoryControls [7] ControlOptions OPTIONAL, 567-- searchRuleControls [8] ControlOptions OPTIONAL, 568-- familyGrouping [9] FamilyGrouping OPTIONAL, 569-- familyReturn [10] FamilyReturn OPTIONAL, 570-- relaxation [11] RelaxationPolicy OPTIONAL, 571-- additionalControl [12] SEQUENCE SIZE (1..MAX) OF AttributeType OPTIONAL, 572-- allowedSubset [13] AllowedSubset DEFAULT '111'B, 573-- imposedSubset [14] ImposedSubset OPTIONAL, 574-- entryLimit [15] EntryLimit OPTIONAL 575-- } 576 577SearchRuleId ::= SEQUENCE {id INTEGER, 578 dmdId [0] OBJECT IDENTIFIER 579} 580 581AllowedSubset ::= BIT STRING {baseObject(0), oneLevel(1), wholeSubtree(2)} 582 583ImposedSubset ::= ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)} 584 585RequestAttribute ::= SEQUENCE { 586 attributeType ATTRIBUTE.&id({SupportedAttributes}), 587 includeSubtypes [0] BOOLEAN DEFAULT FALSE, 588 selectedValues 589 [1] SEQUENCE SIZE (0..MAX) OF 590 ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) OPTIONAL, 591 defaultValues 592 [2] SEQUENCE SIZE (0..MAX) OF 593 SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL, 594 values 595 SEQUENCE OF 596 ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) 597 } OPTIONAL, 598 contexts [3] SEQUENCE SIZE (0..MAX) OF ContextProfile OPTIONAL, 599 contextCombination [4] ContextCombination DEFAULT and:{}, 600 matchingUse [5] SEQUENCE SIZE (1..MAX) OF MatchingUse OPTIONAL 601} 602 603ContextProfile ::= SEQUENCE { 604 contextType CONTEXT.&id({SupportedContexts}), 605 contextValue 606 SEQUENCE SIZE (1..MAX) OF 607 CONTEXT.&Assertion({SupportedContexts}{@contextType}) OPTIONAL 608} 609 610ContextCombination ::= CHOICE { 611 context [0] CONTEXT.&id, 612 and [1] SEQUENCE OF ContextCombination, 613 or [2] SEQUENCE OF ContextCombination, 614 not [3] ContextCombination 615} 616 617MatchingUse ::= SEQUENCE { 618 restrictionType MATCHING-RESTRICTION.&id({SupportedMatchingRestrictions}), 619 restrictionValue 620 MATCHING-RESTRICTION.&Restriction 621 ({SupportedMatchingRestrictions}{@restrictionType}) 622} 623 624-- Definition of the following information object set is deferred, perhaps to standardized 625-- profiles or to protocol implementation conformance statements. The set is required to 626-- specify a table constraint on the components of SupportedMatchingRestrictions 627SupportedMatchingRestrictions MATCHING-RESTRICTION ::= 628 {...} 629 630AttributeCombination ::= CHOICE { 631 attribute [0] AttributeType, 632 and [1] SEQUENCE OF AttributeCombination, 633 or [2] SEQUENCE OF AttributeCombination, 634 not [3] AttributeCombination 635} 636 637ResultAttribute ::= SEQUENCE { 638 attributeType ATTRIBUTE.&id({SupportedAttributes}), 639 outputValues 640 CHOICE {selectedValues 641 SEQUENCE SIZE (1..MAX) OF 642 ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}), 643 matchedValuesOnly NULL} OPTIONAL, 644 contexts [0] SEQUENCE SIZE (1..MAX) OF ContextProfile OPTIONAL 645} 646 647OutputValues ::= CHOICE { 648 selectedValues 649 SEQUENCE SIZE (1..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}), 650 matchedValuesOnly NULL 651} 652 653-- ControlOptions ::= SEQUENCE { 654-- serviceControls [0] ServiceControlOptions DEFAULT {}, 655-- searchOptions [1] SearchControlOptions DEFAULT {searchAliases}, 656-- hierarchyOptions [2] HierarchySelections OPTIONAL 657-- } 658 659EntryLimit ::= SEQUENCE {default INTEGER, 660 max INTEGER 661} 662 663RelaxationPolicy ::= SEQUENCE { 664 basic [0] MRMapping DEFAULT {}, 665 tightenings [1] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL, 666 relaxations [2] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL, 667 maximum [3] INTEGER OPTIONAL, -- mandatory if tightenings is present 668 minimum [4] INTEGER DEFAULT 1 669} 670 671MRMapping ::= SEQUENCE { 672 mapping [0] SEQUENCE SIZE (1..MAX) OF Mapping OPTIONAL, 673 substitution [1] SEQUENCE SIZE (1..MAX) OF MRSubstitution OPTIONAL 674} 675 676Mapping ::= SEQUENCE { 677 mappingFunction 678 OBJECT IDENTIFIER 679 (CONSTRAINED BY {-- shall be an-- 680 681 -- object identifier of a mapping-based matching algorithm -- }), 682 level INTEGER DEFAULT 0 683} 684 685MRSubstitution ::= SEQUENCE { 686 attribute AttributeType, 687 oldMatchingRule [0] MATCHING-RULE.&id OPTIONAL, 688 newMatchingRule [1] MATCHING-RULE.&id OPTIONAL 689} 690 691-- SEARCH-RULE ::= CLASS { 692-- &dmdId OBJECT IDENTIFIER, 693-- &serviceType OBJECT IDENTIFIER OPTIONAL, 694-- &userClass INTEGER OPTIONAL, 695-- &InputAttributeTypes REQUEST-ATTRIBUTE OPTIONAL, 696-- &combination AttributeCombination OPTIONAL, 697-- &OutputAttributeTypes RESULT-ATTRIBUTE OPTIONAL, 698-- &defaultControls ControlOptions OPTIONAL, 699-- &mandatoryControls ControlOptions OPTIONAL, 700-- &searchRuleControls ControlOptions OPTIONAL, 701-- &familyGrouping FamilyGrouping OPTIONAL, 702-- &familyReturn FamilyReturn OPTIONAL, 703-- &additionalControl AttributeType OPTIONAL, 704-- &relaxation RelaxationPolicy OPTIONAL, 705-- &entryLimit EntryLimit OPTIONAL, 706-- &allowedSubset AllowedSubset DEFAULT '111'B, 707-- &imposedSubset ImposedSubset OPTIONAL, 708-- &id INTEGER UNIQUE 709-- } 710-- WITH SYNTAX { 711-- DMD ID &dmdId 712-- [SERVICE-TYPE &serviceType] 713-- [USER-CLASS &userClass] 714-- [INPUT ATTRIBUTES &InputAttributeTypes] 715-- [COMBINATION &combination] 716-- [OUTPUT ATTRIBUTES &OutputAttributeTypes] 717-- [DEFAULT CONTROL &defaultControls] 718-- [MANDATORY CONTROL &mandatoryControls] 719-- [SEARCH-RULE CONTROL &searchRuleControls] 720-- [FAMILY-GROUPING &familyGrouping] 721-- [FAMILY-RETURN &familyReturn] 722-- [ADDITIONAL CONTROL &additionalControl] 723-- [RELAXATION &relaxation] 724-- [ALLOWED SUBSET &allowedSubset] 725-- [IMPOSED SUBSET &imposedSubset] 726-- [ENTRY LIMIT &entryLimit] 727-- ID &id 728-- } 729 730REQUEST-ATTRIBUTE ::= CLASS { 731 &attributeType ATTRIBUTE.&id, 732 &SelectedValues ATTRIBUTE.&Type OPTIONAL, 733 &DefaultValues SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL, 734 values SEQUENCE OF ATTRIBUTE.&Type 735 } OPTIONAL, 736 &contexts SEQUENCE OF ContextProfile OPTIONAL, 737 &contextCombination ContextCombination OPTIONAL, 738 &MatchingUse MatchingUse OPTIONAL, 739 &includeSubtypes BOOLEAN DEFAULT FALSE 740} 741WITH SYNTAX { 742 ATTRIBUTE TYPE &attributeType 743 [SELECTED VALUES &SelectedValues] 744 [DEFAULT VALUES &DefaultValues] 745 [CONTEXTS &contexts] 746 [CONTEXT COMBINATION &contextCombination] 747 [MATCHING USE &MatchingUse] 748 [INCLUDE SUBTYPES &includeSubtypes] 749} 750 751RESULT-ATTRIBUTE ::= CLASS { 752 &attributeType ATTRIBUTE.&id, 753 &outputValues OutputValues OPTIONAL, 754 &contexts ContextProfile OPTIONAL 755} 756WITH SYNTAX { 757 ATTRIBUTE TYPE &attributeType 758 [OUTPUT VALUES &outputValues] 759 [CONTEXTS &contexts] 760} 761 762MATCHING-RESTRICTION ::= CLASS { 763 &Restriction , 764 &Rules MATCHING-RULE.&id, 765 &id OBJECT IDENTIFIER UNIQUE 766}WITH SYNTAX {RESTRICTION &Restriction 767 RULES &Rules 768 ID &id 769} 770 771-- object identifier assignments 772-- object classes 773id-oc-top OBJECT IDENTIFIER ::= 774 {id-oc 0} 775 776id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1} 777 778id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28} 779 780id-oc-child OBJECT IDENTIFIER ::= {id-oc 29} 781 782-- attributes 783id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0} 784 785id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1} 786 787-- matching rules 788id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0} 789 790id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1} 791 792-- operational attributes 793id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::= 794 {id-oa 0} 795 796id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1} 797 798id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2} 799 800id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3} 801 802id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4} 803 804id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5} 805 806id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6} 807 808id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7} 809 810id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8} 811 812id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9} 813 814id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10} 815 816id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11} 817 818id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12} 819 820id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13} 821 822id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14} 823 824id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15} 825 826id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16} 827 828id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17} 829 830id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18} 831 832id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19} 833 834-- subentry classes 835id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0} 836 837id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1} 838 839id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2} 840 841id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3} 842 843id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4} 844 845-- Name forms 846id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16} 847 848-- administrative roles 849id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1} 850 851id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2} 852 853id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3} 854 855id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4} 856 857id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5} 858 859id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6} 860 861id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7} 862 863id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8} 864 865END -- InformationFramework 866 867-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D 868 869