1-- Module DSAOperationalAttributeTypes (X.501:02/2001) 2DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1) 3 dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::= 4BEGIN 5 6-- EXPORTS All 7-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 8-- within the Directory Specifications, and for the use of other applications which will use them to access 9-- Directory services. Other applications may use them for their own purposes, but this will not constrain 10-- extensions and modifications needed to maintain or improve the Directory service. 11IMPORTS 12 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 13 distributedOperations, id-doa, id-kmr, informationFramework, 14 opBindingManagement, selectedAttributeTypes, upperBounds 15 FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) 16 usefulDefinitions(0) 4} 17 ATTRIBUTE, MATCHING-RULE, Name, Attribute, DistinguishedName, 18 RelativeDistinguishedName, Refinement, SubtreeSpecification, AttributeType, ContextAssertion 19 FROM InformationFramework {joint-iso-itu-t ds(5) module(1) 20 informationFramework(1) 4} 21-- OperationalBindingID 22-- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) 23-- opBindingManagement(18) 4} 24 -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 25 AccessPoint, MasterAndShadowAccessPoints 26 FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) 27 distributedOperations(3) 4} 28 -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 29 DirectoryString, NameAndOptionalUID, bitStringMatch 30 FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) 31 selectedAttributeTypes(5) 4} 32 PresentationAddress, ProtocolInformation 33 FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) 34 selectedAttributeTypes(5) 4} 35 DirectoryBindArgument, DirectoryBindError, SecurityParameters 36 FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) 37 directoryAbstractService(2) 5} 38 -- from ITU-T Rec. X.509 | ISO/IEC 9594-8 39 AlgorithmIdentifier 40 FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) 41 authenticationFramework(7) 4} 42 AttributeTypeAndValue 43 FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) 44 basicAccessControl(24) 4} 45 Filter 46 FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) 47 directoryAbstractService(2) 4}; 48 49-- data types 50DSEType ::= BIT STRING { 51 root(0), -- root DSE 52 glue(1), -- represents knowledge of a name only 53 cp(2), -- context prefix 54 entry(3), -- object entry 55 alias(4), -- alias entry 56 subr(5), -- subordinate reference 57 nssr(6), -- non-specific subordinate reference 58 supr(7), -- superior reference 59 xr(8), -- cross reference 60 admPoint(9), -- administrative point 61 subentry(10), -- subentry 62 shadow(11), -- shadow copy 63 immSupr(13), -- immediate superior reference 64 rhob(14), -- rhob information 65 sa(15), -- subordinate reference to alias entry 66 dsSubentry(16), -- DSA Specific subentry 67 familyMember(17), -- family member 68 ditBridge(18), -- DIT bridge reference 69 writeableCopy(19) -- writeable copy 70} 71 72SupplierOrConsumer ::= SET { 73-- COMPONENTS OF AccessPoint, - - supplier or consumer 74 ae-title [0] Name, 75 address [1] PresentationAddress, 76 protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, 77 agreementID [3] OperationalBindingID 78} 79 80SupplierInformation ::= SET { 81-- COMPONENTS OF SupplierOrConsumer, - - supplier 82 ae-title [0] Name, 83 address [1] PresentationAddress, 84 protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, 85 agreementID [3] OperationalBindingID, 86 supplier-is-master [4] BOOLEAN DEFAULT TRUE, 87 non-supplying-master [5] AccessPoint OPTIONAL 88} 89 90ConsumerInformation ::= SupplierOrConsumer -- consumer 91 92SupplierAndConsumers ::= SET { 93-- COMPONENTS OF AccessPoint, - - supplier 94 ae-title [0] Name, 95 address [1] PresentationAddress, 96 protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, 97 consumers [3] SET OF AccessPoint 98} 99 100-- attribute types 101--dseType ATTRIBUTE ::= { 102-- WITH SYNTAX DSEType 103-- EQUALITY MATCHING RULE bitStringMatch 104-- SINGLE VALUE TRUE 105-- NO USER MODIFICATION TRUE 106-- USAGE dSAOperation 107-- ID id-doa-dseType 108--} 109 110--myAccessPoint ATTRIBUTE ::= { 111-- WITH SYNTAX AccessPoint 112-- EQUALITY MATCHING RULE accessPointMatch 113-- SINGLE VALUE TRUE 114-- NO USER MODIFICATION TRUE 115-- USAGE dSAOperation 116-- ID id-doa-myAccessPoint 117--} 118 119--superiorKnowledge ATTRIBUTE ::= { 120-- WITH SYNTAX AccessPoint 121-- EQUALITY MATCHING RULE accessPointMatch 122-- NO USER MODIFICATION TRUE 123-- USAGE dSAOperation 124-- ID id-doa-superiorKnowledge 125--} 126 127--specificKnowledge ATTRIBUTE ::= { 128-- WITH SYNTAX MasterAndShadowAccessPoints 129-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch 130-- SINGLE VALUE TRUE 131-- NO USER MODIFICATION TRUE 132-- USAGE distributedOperation 133-- ID id-doa-specificKnowledge 134--} 135 136--nonSpecificKnowledge ATTRIBUTE ::= { 137-- WITH SYNTAX MasterAndShadowAccessPoints 138-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch 139-- NO USER MODIFICATION TRUE 140-- USAGE distributedOperation 141-- ID id-doa-nonSpecificKnowledge 142--} 143 144--supplierKnowledge ATTRIBUTE ::= { 145-- WITH SYNTAX SupplierInformation 146-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch 147-- NO USER MODIFICATION TRUE 148-- USAGE dSAOperation 149-- ID id-doa-supplierKnowledge 150--} 151 152--consumerKnowledge ATTRIBUTE ::= { 153-- WITH SYNTAX ConsumerInformation 154-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch 155-- NO USER MODIFICATION TRUE 156-- USAGE dSAOperation 157-- ID id-doa-consumerKnowledge 158--} 159 160--secondaryShadows ATTRIBUTE ::= { 161-- WITH SYNTAX SupplierAndConsumers 162-- EQUALITY MATCHING RULE supplierAndConsumersMatch 163-- NO USER MODIFICATION TRUE 164-- USAGE dSAOperation 165-- ID id-doa-secondaryShadows 166--} 167 168-- matching rules 169--accessPointMatch MATCHING-RULE ::= { 170-- SYNTAX Name 171-- ID id-kmr-accessPointMatch 172--} 173 174--masterAndShadowAccessPointsMatch MATCHING-RULE ::= { 175-- SYNTAX SET OF Name 176-- ID id-kmr-masterShadowMatch 177--} 178 179--supplierOrConsumerInformationMatch MATCHING-RULE ::= { 180-- SYNTAX 181-- SET {ae-title [0] Name, 182-- agreement-identifier [2] INTEGER} 183-- ID id-kmr-supplierConsumerMatch 184--} 185 186--supplierAndConsumersMatch MATCHING-RULE ::= { 187-- SYNTAX Name 188-- ID id-kmr-supplierConsumersMatch 189--} 190 191-- object identifier assignments 192-- dsa operational attributes 193--id-doa-dseType OBJECT IDENTIFIER ::= 194-- {id-doa 0} 195 196--id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1} 197 198--id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2} 199 200--id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3} 201 202--id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4} 203 204--id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5} 205 206--id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6} 207 208--id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7} 209 210-- knowledge matching rules 211--id-kmr-accessPointMatch OBJECT IDENTIFIER ::= 212-- {id-kmr 0} 213 214--id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1} 215 216--id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2} 217 218--id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3} 219 220--END DSAOperationalAttributeTypes 221 222-- we include this here to reduce the number of dissectors 223-- Module OperationalBindingManagement (X.501:08/2005) 224--OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) 225-- opBindingManagement(18) 5} DEFINITIONS ::= 226--BEGIN 227 228-- EXPORTS All 229-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 230-- within the Directory Specifications, and for the use of other applications which will use them to access 231-- Directory services. Other applications may use them for their own purposes, but this will not constrain 232-- extensions and modifications needed to maintain or improve the Directory service. 233--IMPORTS 234 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 235-- directoryAbstractService, directoryShadowAbstractService, 236-- distributedOperations, directoryOSIProtocols, enhancedSecurity, 237-- hierarchicalOperationalBindings, commonProtocolSpecification 238-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) 239-- usefulDefinitions(0) 5} 240-- OPTIONALLY-PROTECTED-SEQ 241-- FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1) 242-- enhancedSecurity(28) 5} 243-- hierarchicalOperationalBinding, nonSpecificHierarchicalOperationalBinding 244-- FROM HierarchicalOperationalBindings hierarchicalOperationalBindings 245 -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 246-- CommonResultsSeq, directoryBind, directoryUnbind, securityError, 247-- SecurityParameters 248-- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) 249-- directoryAbstractService(2) 5} 250 -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 251-- AccessPoint 252-- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) 253-- distributedOperations(3) 5} 254 -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 255-- id-err-operationalBindingError, id-op-establishOperationalBinding, 256-- id-op-modifyOperationalBinding, id-op-terminateOperationalBinding, 257-- OPERATION, ERROR 258-- FROM CommonProtocolSpecification commonProtocolSpecification 259-- APPLICATION-CONTEXT 260-- FROM DirectoryOSIProtocols directoryOSIProtocols 261 -- from ITU-T Rec. X.525 | ISO/IEC 9594-9 262-- shadowOperationalBinding 263-- FROM DirectoryShadowAbstractService directoryShadowAbstractService; 264 265-- bind and unbind 266dSAOperationalBindingManagementBind OPERATION ::= 267 directoryBind 268 269DSAOperationalManagementBindArgument ::= DirectoryBindArgument 270DSAOperationalManagementBindResult ::= DirectoryBindArgument 271DSAOperationalManagementBindError ::= DirectoryBindError 272 273dSAOperationalBindingManagementUnbind OPERATION ::= directoryUnbind 274 275-- operations, arguments and results 276--establishOperationalBinding OPERATION ::= { 277-- ARGUMENT EstablishOperationalBindingArgument 278-- RESULT EstablishOperationalBindingResult 279-- ERRORS {operationalBindingError | securityError} 280-- CODE id-op-establishOperationalBinding 281--} 282 283EstablishOperationalBindingArgumentData ::= 284-- OPTIONALLY-PROTECTED-SEQ 285-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER, 286 bindingID [1] OperationalBindingID OPTIONAL, 287 accessPoint [2] AccessPoint, 288 -- symmetric, Role A initiates, or Role B initiates 289 initiator 290 CHOICE {symmetric 291 [3] -- OPERATIONAL-BINDING.&both.&EstablishParam 292 -- ({OpBindingSet}{@bindingType}) -- ANY, 293 roleA-initiates 294 [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam 295 -- ({OpBindingSet}{@bindingType}) -- ANY, 296 roleB-initiates 297 [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam 298 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, 299 agreement 300 [6] -- OPERATIONAL-BINDING.&Agreement 301 -- ({OpBindingSet}{@bindingType}) -- ANY, 302 valid [7] Validity DEFAULT {}, 303 securityParameters [8] SecurityParameters OPTIONAL} --} 304 305-- expand OPTIONALLY-PROTECTED macro 306EstablishOperationalBindingArgument ::= CHOICE { 307 unsignedEstablishOperationalBindingArgument EstablishOperationalBindingArgumentData, 308 signedEstablishOperationalBindingArgument SEQUENCE { 309 establishOperationalBindingArgument EstablishOperationalBindingArgumentData, 310 algorithmIdentifier AlgorithmIdentifier, 311 encrypted BIT STRING 312 } 313} 314 315OperationalBindingID ::= SEQUENCE {identifier INTEGER, 316 version INTEGER 317} 318 319Validity ::= SEQUENCE { 320 validFrom [0] CHOICE {now [0] NULL, 321 time [1] Time } DEFAULT now:NULL, 322 validUntil 323 [1] CHOICE {explicitTermination [0] NULL, 324 time [1] Time 325 } DEFAULT explicitTermination:NULL 326} 327 328Time ::= CHOICE {utcTime UTCTime, 329 generalizedTime GeneralizedTime 330} 331 332EstablishOperationalBindingResult ::= 333-- OPTIONALLY-PROTECTED-SEQ 334-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER, 335 bindingID [1] OperationalBindingID OPTIONAL, 336 accessPoint [2] AccessPoint, 337 -- symmetric, Role A replies , or Role B replies 338 initiator 339 CHOICE {symmetric 340 [3] -- OPERATIONAL-BINDING.&both.&EstablishParam 341 -- ({OpBindingSet}{@bindingType}) -- ANY, 342 roleA-replies 343 [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam 344 -- ({OpBindingSet}{@bindingType}) -- ANY, 345 roleB-replies 346 [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam 347 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, 348-- COMPONENTS OF CommonResultsSeq}} 349 securityParameters [30] SecurityParameters OPTIONAL, 350 performer [29] DistinguishedName OPTIONAL, 351 aliasDereferenced [28] BOOLEAN DEFAULT FALSE, 352 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL} 353 354 355--modifyOperationalBinding OPERATION ::= { 356-- ARGUMENT ModifyOperationalBindingArgument 357-- RESULT ModifyOperationalBindingResult 358-- ERRORS {operationalBindingError | securityError} 359-- CODE id-op-modifyOperationalBinding 360--} 361 362ModifyOperationalBindingArgumentData ::= 363-- OPTIONALLY-PROTECTED-SEQ 364-- {--SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER, 365 bindingID [1] OperationalBindingID, 366 accessPoint [2] AccessPoint OPTIONAL, 367 -- symmetric, Role A initiates, or Role B initiates 368 initiator 369 CHOICE {symmetric 370 [3] -- OPERATIONAL-BINDING.&both.&ModifyParam 371 -- ({OpBindingSet}{@bindingType}) -- ANY, 372 roleA-initiates 373 [4] -- OPERATIONAL-BINDING.&roleA.&ModifyParam 374 -- ({OpBindingSet}{@bindingType}) -- ANY, 375 roleB-initiates 376 [5] -- OPERATIONAL-BINDING.&roleB.&ModifyParam 377 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, 378 newBindingID [6] OperationalBindingID, 379 newAgreement 380 [7] -- OPERATIONAL-BINDING.&Agreement 381 -- ({OpBindingSet}{@bindingType}) -- ANY OPTIONAL, 382 valid [8] Validity OPTIONAL, 383 securityParameters [9] SecurityParameters OPTIONAL} -- } 384 385 386ModifyOperationalBindingArgument ::= CHOICE { 387 unsignedModifyOperationalBindingArgument ModifyOperationalBindingArgumentData, 388 signedModifyOperationalBindingArgument SEQUENCE { 389 modifyOperationalBindingArgument ModifyOperationalBindingArgumentData, 390 algorithmIdentifier AlgorithmIdentifier, 391 encrypted BIT STRING 392 } 393} 394 395ModifyOperationalBindingResult ::= CHOICE { 396 null [0] NULL, 397 protected [1] SEQUENCE { 398 modifyOperationalBindingResultData ModifyOperationalBindingResultData, 399 algorithmIdentifier AlgorithmIdentifier, 400 encrypted BIT STRING 401 } 402} 403 404ModifyOperationalBindingResultData ::= SEQUENCE { 405 newBindingID OperationalBindingID, 406 bindingType 407 -- OPERATIONAL-BINDING.&id 408 -- ({OpBindingSet}) -- OBJECT IDENTIFIER, 409 newAgreement 410 -- OPERATIONAL-BINDING.&Agreement 411 -- ({OpBindingSet}{@.bindingType}) -- ANY, 412 valid Validity OPTIONAL, 413 --COMPONENTS OF CommonResultsSeq 414 securityParameters [30] SecurityParameters OPTIONAL, 415 performer [29] DistinguishedName OPTIONAL, 416 aliasDereferenced [28] BOOLEAN DEFAULT FALSE, 417 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL 418 -- }} 419} 420 421--terminateOperationalBinding OPERATION ::= { 422-- ARGUMENT TerminateOperationalBindingArgument 423-- RESULT TerminateOperationalBindingResult 424-- ERRORS {operationalBindingError | securityError} 425-- CODE id-op-terminateOperationalBinding 426--} 427 428TerminateOperationalBindingArgumentData ::= 429-- OPTIONALLY-PROTECTED-SEQ 430-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER, 431 bindingID [1] OperationalBindingID, 432 -- symmetric, Role A initiates, or Role B initiates 433 initiator 434 CHOICE {symmetric 435 [2] -- OPERATIONAL-BINDING.&both.&TerminateParam 436 -- ({OpBindingSet}{@bindingType}) -- ANY, 437 roleA-initiates 438 [3] -- OPERATIONAL-BINDING.&roleA.&TerminateParam 439 -- ({OpBindingSet}{@bindingType}) -- ANY, 440 roleB-initiates 441 [4] -- OPERATIONAL-BINDING.&roleB.&TerminateParam 442 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, 443 terminateAt [5] Time OPTIONAL, 444 securityParameters [6] SecurityParameters OPTIONAL} --} 445 446 447TerminateOperationalBindingArgument ::= CHOICE { 448 unsignedTerminateOperationalBindingArgument TerminateOperationalBindingArgumentData, 449 signedTerminateOperationalBindingArgument SEQUENCE { 450 terminateOperationalBindingArgument TerminateOperationalBindingArgumentData, 451 algorithmIdentifier AlgorithmIdentifier, 452 encrypted BIT STRING 453 } 454} 455 456TerminateOperationalBindingResult ::= CHOICE { 457 null [0] NULL, 458 protected [1] SEQUENCE { 459 terminateOperationalBindingResultData TerminateOperationalBindingResultData, 460 algorithmIdentifier AlgorithmIdentifier, 461 encrypted BIT STRING 462 } 463} 464 465TerminateOperationalBindingResultData ::= SEQUENCE { 466 bindingID OperationalBindingID, 467 bindingType 468 -- OPERATIONAL-BINDING.&id 469 -- ({OpBindingSet}) -- OBJECT IDENTIFIER, 470 terminateAt GeneralizedTime OPTIONAL, 471 --COMPONENTS OF CommonResultsSeq 472 securityParameters [30] SecurityParameters OPTIONAL, 473 performer [29] DistinguishedName OPTIONAL, 474 aliasDereferenced [28] BOOLEAN DEFAULT FALSE, 475 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL 476-- }} 477} 478 479-- errors and parameters 480--operationalBindingError ERROR ::= { 481-- PARAMETER OPTIONALLY-PROTECTED-SEQ {OpBindingErrorParam} 482-- CODE id-err-operationalBindingError 483--} 484 485OpBindingErrorParam ::= SEQUENCE { 486 problem 487 [0] ENUMERATED {invalidID(0), duplicateID(1), unsupportedBindingType(2), 488 notAllowedForRole(3), parametersMissing(4), 489 roleAssignment(5), invalidStartTime(6), invalidEndTime(7), 490 invalidAgreement(8), currentlyNotDecidable(9), 491 modificationNotAllowed(10)}, 492 bindingType [1] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER OPTIONAL, 493 agreementProposal 494 [2] -- OPERATIONAL-BINDING.&Agreement({OpBindingSet}{@bindingType})-- ANY OPTIONAL, 495 retryAt [3] Time OPTIONAL, 496-- COMPONENTS OF CommonResultsSeq 497 securityParameters [30] SecurityParameters OPTIONAL, 498 performer [29] DistinguishedName OPTIONAL, 499 aliasDereferenced [28] BOOLEAN DEFAULT FALSE, 500 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL 501 502} 503 504-- information object classes 505--OPERATIONAL-BINDING ::= CLASS { 506-- &Agreement , 507-- &Cooperation OP-BINDING-COOP, 508-- &both OP-BIND-ROLE OPTIONAL, 509-- &roleA OP-BIND-ROLE OPTIONAL, 510-- &roleB OP-BIND-ROLE OPTIONAL, 511-- &id OBJECT IDENTIFIER UNIQUE 512--} 513--WITH SYNTAX { 514-- AGREEMENT &Agreement 515-- APPLICATION CONTEXTS &Cooperation 516-- [SYMMETRIC &both] 517-- [ASYMMETRIC 518-- [ROLE-A &roleA] 519-- [ROLE-B &roleB]] 520-- ID &id 521--} 522 523--OP-BINDING-COOP ::= CLASS { 524-- &applContext APPLICATION-CONTEXT, 525-- &Operations OPERATION OPTIONAL 526--}WITH SYNTAX {&applContext 527-- [APPLIES TO &Operations] 528--} 529 530--OP-BIND-ROLE ::= CLASS { 531-- &establish BOOLEAN DEFAULT FALSE, 532-- &EstablishParam OPTIONAL, 533-- &modify BOOLEAN DEFAULT FALSE, 534-- &ModifyParam OPTIONAL, 535-- &terminate BOOLEAN DEFAULT FALSE, 536-- &TerminateParam OPTIONAL 537--} 538--WITH SYNTAX { 539-- [ESTABLISHMENT-INITIATOR &establish] 540-- [ESTABLISHMENT-PARAMETER &EstablishParam] 541-- [MODIFICATION-INITIATOR &modify] 542-- [MODIFICATION-PARAMETER &ModifyParam] 543-- [TERMINATION-INITIATOR &terminate] 544-- [TERMINATION-PARAMETER &TerminateParam] 545--} 546 547--OpBindingSet OPERATIONAL-BINDING ::= 548-- {shadowOperationalBinding | hierarchicalOperationalBinding | 549-- nonSpecificHierarchicalOperationalBinding} 550 551--END - - OperationalBindingManagement 552 553-- Module HierarchicalOperationalBindings (X.518:08/2005) 554--HierarchicalOperationalBindings {joint-iso-itu-t ds(5) module(1) 555-- hierarchicalOperationalBindings(20) 5} DEFINITIONS ::= 556--BEGIN 557 558-- EXPORTS All 559-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 560-- within the Directory Specifications, and for the use of other applications which will use them to access 561-- Directory services. Other applications may use them for their own purposes, but this will not constrain 562-- extensions and modifications needed to maintain or improve the Directory service. 563--IMPORTS 564 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 565-- directoryOperationalBindingTypes, directoryOSIProtocols, 566-- distributedOperations, informationFramework, opBindingManagement 567-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) 568-- usefulDefinitions(0) 5} 569-- Attribute, DistinguishedName, RelativeDistinguishedName 570-- FROM InformationFramework {joint-iso-itu-t ds(5) module(1) 571-- informationFramework(1) 5} 572-- OPERATIONAL-BINDING 573-- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) 574-- opBindingManagement(18) 5} 575 -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 576-- MasterAndShadowAccessPoints 577-- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) 578-- distributedOperations(3) 5} 579 -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 580-- directorySystemAC 581-- FROM DirectoryOSIProtocols {joint-iso-itu-t ds(5) module(1) 582-- directoryOSIProtocols(37) 5} 583-- id-op-binding-hierarchical, id-op-binding-non-specific-hierarchical 584-- FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1) 585-- directoryOperationalBindingTypes(25) 5}; 586 587-- types 588HierarchicalAgreement ::= SEQUENCE { 589 rdn [0] RelativeDistinguishedName, 590 immediateSuperior [1] DistinguishedName 591} 592 593SuperiorToSubordinate ::= SEQUENCE { 594 contextPrefixInfo [0] DITcontext, 595 entryInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, 596 immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL 597} 598 599DITcontext ::= SEQUENCE OF Vertex 600 601Vertex ::= SEQUENCE { 602 rdn [0] RelativeDistinguishedName, 603 admPointInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, 604 subentries [2] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL, 605 accessPoints [3] MasterAndShadowAccessPoints OPTIONAL 606} 607 608SubentryInfo ::= SEQUENCE { 609 rdn [0] RelativeDistinguishedName, 610 info [1] SET OF Attribute 611} 612 613SubordinateToSuperior ::= SEQUENCE { 614 accessPoints [0] MasterAndShadowAccessPoints OPTIONAL, 615 alias [1] BOOLEAN DEFAULT FALSE, 616 entryInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, 617 subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL 618} 619 620SuperiorToSubordinateModification ::= 621-- SuperiorToSubordinate(WITH COMPONENTS { 622-- ..., 623-- entryInfo ABSENT 624-- }) 625 SEQUENCE { 626 contextPrefixInfo [0] DITcontext, 627 immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL 628} 629 630NonSpecificHierarchicalAgreement ::= SEQUENCE { 631 immediateSuperior [1] DistinguishedName 632} 633 634NHOBSuperiorToSubordinate ::= 635-- SuperiorToSubordinate(WITH COMPONENTS { 636-- ..., 637-- entryInfo ABSENT 638-- }) 639 SEQUENCE { 640 contextPrefixInfo [0] DITcontext, 641 immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL 642} 643 644NHOBSubordinateToSuperior ::= SEQUENCE { 645 accessPoints [0] MasterAndShadowAccessPoints OPTIONAL, 646 subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL 647} 648 649-- operational binding information objects 650--hierarchicalOperationalBinding OPERATIONAL-BINDING ::= { 651-- AGREEMENT HierarchicalAgreement 652-- APPLICATION CONTEXTS {{directorySystemAC}} 653-- ASYMMETRIC ROLE-A - - superior DSA - - 654-- {ESTABLISHMENT-INITIATOR TRUE 655-- ESTABLISHMENT-PARAMETER SuperiorToSubordinate 656-- MODIFICATION-INITIATOR TRUE 657-- MODIFICATION-PARAMETER SuperiorToSubordinateModification 658-- TERMINATION-INITIATOR TRUE} 659-- ROLE-B - - subordinate DSA - - 660-- {ESTABLISHMENT-INITIATOR TRUE 661-- ESTABLISHMENT-PARAMETER SubordinateToSuperior 662-- MODIFICATION-INITIATOR TRUE 663-- MODIFICATION-PARAMETER SubordinateToSuperior 664-- TERMINATION-INITIATOR TRUE} 665-- ID id-op-binding-hierarchical 666--} 667 668--nonSpecificHierarchicalOperationalBinding OPERATIONAL-BINDING ::= { 669-- AGREEMENT NonSpecificHierarchicalAgreement 670-- APPLICATION CONTEXTS {{directorySystemAC}} 671-- ASYMMETRIC ROLE-A - - superior DSA - - 672-- {ESTABLISHMENT-PARAMETER NHOBSuperiorToSubordinate 673-- MODIFICATION-INITIATOR TRUE 674-- MODIFICATION-PARAMETER NHOBSuperiorToSubordinate 675-- TERMINATION-INITIATOR TRUE} 676-- ROLE-B - - subordinate DSA - - 677-- {ESTABLISHMENT-INITIATOR TRUE 678-- ESTABLISHMENT-PARAMETER NHOBSubordinateToSuperior 679-- MODIFICATION-INITIATOR TRUE 680-- MODIFICATION-PARAMETER NHOBSubordinateToSuperior 681-- TERMINATION-INITIATOR TRUE} 682-- ID id-op-binding-non-specific-hierarchical 683--} 684 685--END - - HierarchicalOperationalBindings 686 687-- Module BasicAccessControl (X.501:02/2001) 688--BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4} 689--DEFINITIONS ::= 690--BEGIN 691 692-- EXPORTS All 693-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 694-- within the Directory Specifications, and for the use of other applications which will use them to access 695-- Directory services. Other applications may use them for their own purposes, but this will not constrain 696-- extensions and modifications needed to maintain or improve the Directory service. 697--IMPORTS 698 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 699-- directoryAbstractService, id-aca, id-acScheme, informationFramework, 700-- selectedAttributeTypes, upperBounds 701-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) 702-- usefulDefinitions(0) 4} 703-- ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE, 704-- objectIdentifierMatch, Refinement, SubtreeSpecification, 705-- SupportedAttributes 706-- FROM InformationFramework {joint-iso-itu-t ds(5) module(1) 707-- informationFramework(1) 4} 708 -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 709-- Filter 710-- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) 711-- directoryAbstractService(2) 4} 712 -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 713-- DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID, 714-- UniqueIdentifier 715-- FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) 716-- selectedAttributeTypes(5) 4} 717-- ub-tag 718-- FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}; 719 720-- types 721ACIItem ::= SEQUENCE { 722 identificationTag DirectoryString --{ub-tag}--, 723 precedence Precedence, 724 authenticationLevel AuthenticationLevel, 725 itemOrUserFirst 726 CHOICE {itemFirst 727 [0] SEQUENCE {protectedItems ProtectedItems, 728 itemPermissions SET OF ItemPermission}, 729 userFirst 730 [1] SEQUENCE {userClasses UserClasses, 731 userPermissions SET OF UserPermission}} 732} 733 734Precedence ::= INTEGER --(0..255)-- 735 736ProtectedItems ::= SEQUENCE { 737 entry [0] NULL OPTIONAL, 738 allUserAttributeTypes [1] NULL OPTIONAL, 739 attributeType 740 [2] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, 741 allAttributeValues 742 [3] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, 743 allUserAttributeTypesAndValues [4] NULL OPTIONAL, 744 attributeValue 745 [5] SET --SIZE (1..MAX)-- OF AttributeTypeAndValue OPTIONAL, 746 selfValue 747 [6] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, 748 rangeOfValues [7] Filter OPTIONAL, 749 maxValueCount 750 [8] SET --SIZE (1..MAX)-- OF MaxValueCount OPTIONAL, 751 maxImmSub [9] INTEGER OPTIONAL, 752 restrictedBy 753 [10] SET --SIZE (1..MAX)-- OF RestrictedValue OPTIONAL, 754 contexts 755 [11] SET --SIZE (1..MAX)-- OF ContextAssertion OPTIONAL, 756 classes [12] Refinement OPTIONAL 757} 758 759MaxValueCount ::= SEQUENCE {type AttributeType, 760 maxCount INTEGER 761} 762 763RestrictedValue ::= SEQUENCE {type AttributeType, 764 valuesIn AttributeType 765} 766 767UserClasses ::= SEQUENCE { 768 allUsers [0] NULL OPTIONAL, 769 thisEntry [1] NULL OPTIONAL, 770 name [2] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL, 771 userGroup [3] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL, 772 -- dn component shall be the name of an 773 -- entry of GroupOfUniqueNames 774 subtree [4] SET --SIZE (1..MAX)-- OF SubtreeSpecification OPTIONAL 775} 776 777ItemPermission ::= SEQUENCE { 778 precedence Precedence OPTIONAL, 779 -- defaults to precedence in ACIItem 780 userClasses UserClasses, 781 grantsAndDenials GrantsAndDenials 782} 783 784UserPermission ::= SEQUENCE { 785 precedence Precedence OPTIONAL, 786 -- defaults to precedence in ACIItem 787 protectedItems ProtectedItems, 788 grantsAndDenials GrantsAndDenials 789} 790 791AuthenticationLevel ::= CHOICE { 792 basicLevels 793 SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)}, 794 localQualifier INTEGER OPTIONAL, 795 signed BOOLEAN DEFAULT FALSE}, 796 other EXTERNAL 797} 798 799GrantsAndDenials ::= BIT STRING { 800 -- permissions that may be used in conjunction 801 -- with any component of ProtectedItems 802 grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3), 803 grantRead(4), denyRead(5), grantRemove(6), 804 denyRemove(7), 805 -- permissions that may be used only in conjunction 806 -- with the entry component 807 grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11), 808 grantImport(12), denyImport(13), grantModify(14), denyModify(15), 809 grantRename(16), denyRename(17), grantReturnDN(18), 810 denyReturnDN(19), 811 -- permissions that may be used in conjunction 812 -- with any component, except entry, of ProtectedItems 813 grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23), 814 grantInvoke(24), denyInvoke(25)} 815 816--AttributeTypeAndValue ::= SEQUENCE { 817-- type ATTRIBUTE.&id({SupportedAttributes}), 818-- value ATTRIBUTE.&Type({SupportedAttributes}{@type}) 819--} 820 821-- attributes 822--accessControlScheme ATTRIBUTE ::= { 823-- WITH SYNTAX OBJECT IDENTIFIER 824-- EQUALITY MATCHING RULE objectIdentifierMatch 825-- SINGLE VALUE TRUE 826-- USAGE directoryOperation 827-- ID id-aca-accessControlScheme 828--} 829 830--prescriptiveACI ATTRIBUTE ::= { 831-- WITH SYNTAX ACIItem 832-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch 833-- USAGE directoryOperation 834-- ID id-aca-prescriptiveACI 835--} 836 837--entryACI ATTRIBUTE ::= { 838-- WITH SYNTAX ACIItem 839-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch 840-- USAGE directoryOperation 841-- ID id-aca-entryACI 842--} 843 844--subentryACI ATTRIBUTE ::= { 845-- WITH SYNTAX ACIItem 846-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch 847-- USAGE directoryOperation 848-- ID id-aca-subentryACI 849--} 850 851-- object identifier assignments 852-- attributes 853--id-aca-accessControlScheme OBJECT IDENTIFIER ::= 854-- {id-aca 1} 855 856--id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4} 857 858--id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5} 859 860--id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6} 861 862-- access control schemes - 863--basicAccessControlScheme OBJECT IDENTIFIER ::= 864-- {id-acScheme 1} 865 866--simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2} 867 868--rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3} 869 870--rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4} 871 872--rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5} 873 874END -- BasicAccessControl 875 876-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D 877 878 879 880-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D 881 882