HTML Annotations, Copyright 1996, T.M.A. Lomas,
Computer Security Group,
University of Cambridge
Computer Laboratory.
All Rights Reserved.
These are based upon a protocol description issued 8th August 1996 by MasterCard and VISA, who we presume to retain copyright in the text of these documents.
Permission is granted to use or distribute these files provided this copyright information is preserved, and subject to any conditions imposed by MasterCard and VISA.
2151 SetAttribute DEFINITIONS EXPLICIT TAGS ::= BEGIN
2152
2153 --
2154 -- This module defines types from ISO/IEC 9594-2:1995(E), Annex B, known
2155 -- as the Information Framework. A minimal number of types have been
2156 -- copied in order to constrain certificate names in SET. Specific SET
2157 -- implementations may wish to copy additional X.501 types as necessary
2158 -- to facilitate directory manipulation. National language support is
2159 -- achieved through the DirectoryString type, copied from the X-500
2160 -- series SelectedAttributeTypes module, and restricted for use in SET.
2161 --
2162
2163 -- EXPORTS All;
2164
2165 IMPORTS
2166
2167 CertificatePoliciesSyntax, KeyUsage
2168 FROM SetCertificateExtensions;
2169
2170
2171 -- attributes
2172
2173 commonName ATTRIBUTE ::= {
2174 WITH SYNTAX DirectoryString { ub-common-name }
2175 ID { id-at-commonName }
2176 }
2177
2178 countryName ATTRIBUTE ::= { -- SET requires three characters
2179 WITH SYNTAX PrintableString( SIZE(3) )
2180 ID { id-at-countryName }
2181 }
2182
2183 organizationName ATTRIBUTE ::= {
2184 WITH SYNTAX DirectoryString { ub-organization-name }
2185 ID { id-at-organizationName }
2186 }
2187
2188 organizationalUnitName ATTRIBUTE ::= {
2189 WITH SYNTAX DirectoryString { ub-organizational-unit-name }
2190 ID { id-at-organizationalUnitName }
2191 }
2192
2193 -- attribute data types
2194
2195 Attribute ::= SEQUENCE {
2196 type ATTRIBUTE.&id({SupportedAttributes}),
2197 values SET SIZE(1) OF ATTRIBUTE.&Type({SupportedAttributes}{@type})
2198 }
2199
2200 AttributeTypeAndValue ::= SEQUENCE {
2201 type ATTRIBUTE.&id({SupportedAttributes}),
2202 value ATTRIBUTE.&Type({SupportedAttributes}{@type})
2203 }
2204
2205 -- The following information object set is required to specify a table
2206 -- constraint on the values component of Attribute, and the value
2207 -- component of AttributeTypeAndValue. SET conformant applications will
2208 -- support certificates which only contain these attributes.
2209
2210 SupportedAttributes ATTRIBUTE ::= {
2211 countryName |
2212 organizationName |
2213 organizationalUnitName |
2214 commonName
2215 }
2216
2217 SupportedAlgorithm ::= SEQUENCE {
2218 algorithm AlgorithmIdentifier,
2219 intendedUsage [0] KeyUsage OPTIONAL,
2220 intendedCertificatePolicies [1] CertificatePoliciesSyntax OPTIONAL
2221 }
2222
2223 ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
2224
2225 AlgorithmIdentifier ::= SEQUENCE {
2226 algorithm ALGORITHM-IDENTIFIER.&id({SupportedAlgorithms}),
2227 parameters ALGORITHM-IDENTIFIER.&Type({SupportedAlgorithms}
2228 {@algorithm}) OPTIONAL
2229 }
2230
2231 SupportedAlgorithms ALGORITHM-IDENTIFIER ::= { ... }
2232
2233 -- naming data types
2234
2235 Name ::= CHOICE { -- only one possibility for now --
2236 distinguishedName [0] RDNSequence }
2237
2238 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
2239
2240 RelativeDistinguishedName ::= SET SIZE(1..MAX) OF AttributeTypeAndValue
2241
2242 ATTRIBUTE ::= CLASS {
2243 &derivation ATTRIBUTE OPTIONAL,
2244 &Type OPTIONAL, -- &Type or &derivation required
2245 &equality-match MATCHING-RULE OPTIONAL,
2246 &ordering-match MATCHING-RULE OPTIONAL,
2247 &substrings-match MATCHING-RULE OPTIONAL,
2248 &single-valued BOOLEAN DEFAULT FALSE,
2249 &collective BOOLEAN DEFAULT FALSE,
2250 -- operational extensions
2251 &no-user-modification BOOLEAN DEFAULT FALSE,
2252 &usage AttributeUsage DEFAULT userApplications,
2253 &id OBJECT IDENTIFIER UNIQUE
2254 }
2255 WITH SYNTAX {
2256 [ SUBTYPE OF &derivation ]
2257 [ WITH SYNTAX &Type ]
2258 [ EQUALITY MATCHING RULE &equality-match ]
2259 [ ORDERING MATCHING RULE &ordering-match ]
2260 [ SUBSTRINGS MATCHING RULE &substrings-match ]
2261 [ SINGLE VALUE &single-valued ]
2262 [ COLLECTIVE &collective ]
2263 [ NO USER MODIFICATION &no-user-modification ]
2264 ID &id
2265 }
2266
2267 AttributeUsage ::= ENUMERATED {
2268 userApplications (0),
2269 directoryOperation (1),
2270 distributedOperation (2),
2271 dSAOperation (3)
2272 }
2273
2274 -- MATCHING-RULE information object class specification
2275
2276 MATCHING-RULE ::= CLASS {
2277 &AssertionType OPTIONAL,
2278 &id OBJECT IDENTIFIER UNIQUE
2279 }
2280 WITH SYNTAX {
2281 [ SYNTAX &AssertionType ]
2282 ID &id
2283 }
2284
2285 --
2286
2287 DirectoryString { INTEGER:maxSIZE } ::= CHOICE {
2288 --
2289 -- Note that SET supports only the type PrintableString and BMPString
2290 -- alternatives of DirectoryString, and disallows the use of types
2291 -- TelexString or UniversalString. Implementations should use the
2292 -- PrintableString alternative when possible, and type BMPString to
2293 -- support national languages.
2294 --
2295 teletexString TeletexString (SIZE(1..maxSIZE)),
2296 printableString PrintableString (SIZE(1..maxSIZE)), -- ASCII subset
2297 universalString UniversalString (SIZE(1..maxSIZE)),
2298 bmpString BMPString (SIZE(1..maxSIZE)) -- UNICODE --
2299
2300 } ( WITH COMPONENTS { printableString PRESENT } |
2301 WITH COMPONENTS { bmpString PRESENT })
2302
2303 -- Upper bounds of type Name components
2304
2305 ub-common-name INTEGER ::= 64
2306 ub-name INTEGER ::= 64
2307 ub-organization-name INTEGER ::= 64
2308 ub-organizational-unit-name INTEGER ::= 64
2309 ub-match INTEGER ::= 128
2310
2311 ds OBJECT IDENTIFIER ::= { joint-iso-ccitt ds(5) }
2312
2313 id-at OBJECT IDENTIFIER ::= { ds 4 }
2314 id-at-commonName OBJECT IDENTIFIER ::= { id-at 3 }
2315 id-at-countryName OBJECT IDENTIFIER ::= { id-at 6 }
2316 id-at-organizationName OBJECT IDENTIFIER ::= { id-at 10 }
2317 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-at 11 }
2318 id-at-supportedAlgorithms OBJECT IDENTIFIER ::= { id-at 52 }
2319
2320
2321 END