1 PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) 2 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 3 id-mod-attribute-cert(12)} 4 5 DEFINITIONS IMPLICIT TAGS ::= 6 7 BEGIN 8 9 -- EXPORTS ALL -- 10 11 IMPORTS 12 13 -- IMPORTed module OIDs MAY change if [PKIXPROF] changes 14 -- PKIX Certificate Extensions 15 Attribute, AlgorithmIdentifier, CertificateSerialNumber, 16 Extensions, UniqueIdentifier, 17 id-pkix, id-pe, id-kp, id-ad, id-at 18 FROM PKIX1Explicit88 {iso(1) identified-organization(3) 19 dod(6) internet(1) security(5) mechanisms(5) 20 pkix(7) id-mod(0) id-pkix1-explicit-88(1)} 21 22 GeneralName, GeneralNames, id-ce 23 FROM PKIX1Implicit88 {iso(1) identified-organization(3) 24 dod(6) internet(1) security(5) mechanisms(5) 25 pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ; 26 27 id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 } 28 id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 } 29 id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 } 30 id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 } 31 32 id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } 33 id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 } 34 id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 } 35 id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 } 36 id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 } 37 -- { id-aca 5 } is reserved 38 id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 } 39 40 id-at-role OBJECT IDENTIFIER ::= { id-at 72} 41 id-at-clearance OBJECT IDENTIFIER ::= 42 { joint-iso-ccitt(2) ds(5) module(1) 43 selected-attribute-types(5) clearance (55) } 44 45 -- Uncomment this if using a 1988 level ASN.1 compiler 46-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING 47 48 AttributeCertificate ::= SEQUENCE { 49 acinfo AttributeCertificateInfo, 50 signatureAlgorithm AlgorithmIdentifier, 51 signatureValue BIT STRING 52 } 53 54 AttributeCertificateInfo ::= SEQUENCE { 55 version AttCertVersion, -- version is v2 56 holder Holder, 57 issuer AttCertIssuer, 58 signature AlgorithmIdentifier, 59 serialNumber CertificateSerialNumber, 60 attrCertValidityPeriod AttCertValidityPeriod, 61 attributes SEQUENCE OF Attribute, 62 issuerUniqueID UniqueIdentifier OPTIONAL, 63 extensions Extensions OPTIONAL 64 } 65 66 AttCertVersion ::= INTEGER { v2(1) } 67 68 Holder ::= SEQUENCE { 69 baseCertificateID [0] IssuerSerial OPTIONAL, 70 -- the issuer and serial number of 71 -- the holder's Public Key Certificate 72 entityName [1] GeneralNames OPTIONAL, 73 -- the name of the claimant or role 74 objectDigestInfo [2] ObjectDigestInfo OPTIONAL 75 -- used to directly authenticate the 76 -- holder, for example, an executable 77 } 78 79 ObjectDigestInfo ::= SEQUENCE { 80 digestedObjectType ENUMERATED { 81 publicKey (0), 82 publicKeyCert (1), 83 otherObjectTypes (2) }, 84 -- otherObjectTypes MUST NOT 85 -- MUST NOT be used in this profile 86 otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, 87 digestAlgorithm AlgorithmIdentifier, 88 objectDigest BIT STRING 89 } 90 91 AttCertIssuer ::= CHOICE { 92 v1Form GeneralNames, -- MUST NOT be used in this 93 -- profile 94 v2Form [0] V2Form -- v2 only 95 } 96 97 V2Form ::= SEQUENCE { 98 issuerName GeneralNames OPTIONAL, 99 baseCertificateID [0] IssuerSerial OPTIONAL, 100 objectDigestInfo [1] ObjectDigestInfo OPTIONAL 101 -- issuerName MUST be present in this profile 102 -- baseCertificateID and objectDigestInfo MUST 103 -- NOT be present in this profile 104 } 105 106 IssuerSerial ::= SEQUENCE { 107 issuer GeneralNames, 108 serial CertificateSerialNumber, 109 issuerUID UniqueIdentifier OPTIONAL 110 } 111 112 AttCertValidityPeriod ::= SEQUENCE { 113 notBeforeTime GeneralizedTime, 114 notAfterTime GeneralizedTime 115 } 116 117 Targets ::= SEQUENCE OF Target 118 119 Target ::= CHOICE { 120 targetName [0] GeneralName, 121 targetGroup [1] GeneralName, 122 targetCert [2] TargetCert 123 } 124 125 TargetCert ::= SEQUENCE { 126 targetCertificate IssuerSerial, 127 targetName GeneralName OPTIONAL, 128 certDigestInfo ObjectDigestInfo OPTIONAL 129 } 130 131 IetfAttrSyntax ::= SEQUENCE { 132 policyAuthority[0] GeneralNames OPTIONAL, 133 values SEQUENCE OF CHOICE { 134 octets OCTET STRING, 135 oid OBJECT IDENTIFIER, 136 string UTF8String 137 } 138 } 139 140 SvceAuthInfo ::= SEQUENCE { 141 service GeneralName, 142 ident GeneralName, 143 authInfo OCTET STRING OPTIONAL 144 } 145 146 RoleSyntax ::= SEQUENCE { 147 roleAuthority [0] GeneralNames OPTIONAL, 148 roleName [1] GeneralName 149 } 150 151 Clearance ::= SEQUENCE { 152 policyId [0] OBJECT IDENTIFIER, 153 classList [1] ClassList DEFAULT {unclassified}, 154 securityCategories 155 [2] SET OF SecurityCategory OPTIONAL 156 } 157 158 ClassList ::= BIT STRING { 159 unmarked (0), 160 unclassified (1), 161 restricted (2), 162 confidential (3), 163 secret (4), 164 topSecret (5) 165 } 166 167 SecurityCategory ::= SEQUENCE { 168 type [0] IMPLICIT OBJECT IDENTIFIER, 169 value [1] ANY DEFINED BY type 170 } 171 172 AAControls ::= SEQUENCE { 173 pathLenConstraint INTEGER (0..MAX) OPTIONAL, 174 permittedAttrs [0] AttrSpec OPTIONAL, 175 excludedAttrs [1] AttrSpec OPTIONAL, 176 permitUnSpecified BOOLEAN DEFAULT TRUE 177 } 178 179 AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER 180 181 ACClearAttrs ::= SEQUENCE { 182 acIssuer GeneralName, 183 acSerial INTEGER, 184 attrs SEQUENCE OF Attribute 185 } 186 187 ProxyInfo ::= SEQUENCE OF Targets 188 189 END 190