OID value: 2.16.840.1.101.2.1.0.3
OID description:
MSPDirectoryAdditions {joint-iso-ccitt(2) 16 840 1 101 2
id-infosec(1) id-modules(0)
id-directory(3)}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
-- X.501 The Directory Models
OBJECT-CLASS, ATTRIBUTE
FROM InformationFramework {joint-iso-ccitt ds(5) modules(1)
informationFramework (1)
ORName
FROM MTSAbstractService {joint-iso-ccitt mhs-motis(6)
mts(3)
modules(0)
mts-abstract-service(1)}
octetStringSyntax
FROM SelectedAttributeTypes {joint-iso-ccitt ds(5)
modules(1)
selectedAttributeTypes(5)}
AlgorithmIdentifier, Name, SerialNumber, Certificate
FROM AuthenticationFramework {joint-iso-ccitt ds(5)
modules(1)
authentication-framework(7)};
msp-user-sdns OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN { }
MAY CONTAIN {
sdnsKeyManagementCertificate,
sdnsUserSignatureCertificate
sdnsKMandSigCertificate,
auxiliaryVector,
janUKMs,
febUKMs,
marUKMs,
aprUKMs,
mayUKMs,
junUKMs,
julUKMs,
augUKMs,
sepUKMs,
octUKMs,
novUKMs,
decUKMs,
snsGuardGateway,
algorithmsSupported,
suiteAKeyManagementCertificate,
suiteAUserSignatureCertificate,
suiteAKMandSigCertificate }
::= {id-msp-user-sdns}
-- Although each of the UKMs is optional, the msp-user-sdns
-- entry should contain the UKMs for the current month. This is not
-- a schema constraint.
mail-list OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN { }
MAY CONTAIN {
mlid,
mlReceiptPolicy,
mlMembership,
mlAdministrator,
mlExemptedAddressProcessor }
::= {id-mail-list}
dsa-sdns OBJECT-CLASS
SUBCLASS OF dSA
MUST CONTAIN { }
MAY CONTAIN {
sdnsUserSignatureCertificate,
sdnsKMandSigCertificate,
::= {id-dsa-sdns}
crls-sdns OBJECT-CLASS
SUBCLASS of top
MUST CONTAIN { }
MAY CONTAIN {
metaSDNScrl,
sdnsCRL,
metaSDNSsignatureCRL,
sdnsSignatureCRL
::= {id-crls-sdns}
-- These are the crls issued by the KMS.
-- Meta in this case refers to "later in time", hence the current crl
-- or when two universals are active, the CRL from the new universal.
ca-sdns OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN { }
MAY CONTAIN {
sdnsCASignatureCertificate,
sdnsKMandSigCertificate,
sdnsCertificateRevocationList }
::= {id-ca-sdns}
strong-authenticate-user-sdns OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN { }
MAY CONTAIN {
sdnsUserSignatureCertificate}
::= {id-strong-auth-user-sdns }
msp-user-mosaic OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN { }
MAY CONTAIN {
mosaicKeyManagementCertificate,
mosaicUserSignatureCertificate,
mosaicKMandSigCertificate,
auxiliaryVector,
snsGuardGateway,
algorithmsSupported}
::= {id-msp-user-mosaic}
dsa-mosaic OBJECT-CLASS
SUBCLASS OF dSA
MUST CONTAIN { }
MAY CONTAIN {
mosaicKMandSigCertificate,
mosaicUserSignatureCertificate
::= {id-dsa-mosaic}
ca-mosaic OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN { }
MAY CONTAIN {
mosaicCASignatureCertificate,
mosaicKMandSigCertificate
mosaicCertificateRevocationList,
mosaicKRL}
::= {id-ca-mosaic}
strong-authenticate-user-mosaic OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN { }
MAY CONTAIN {
mosaicUserSignatureCertificate}
::= {id-strong-auth-user-mosaic }
sdnsKeyManagementCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-sdnsKeyManagementCertificate
sdnsKMandSigCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-sdnsKMandSigCertificate
sdnsUserSignatureCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-sdnsUserSignatureCertificate
auxiliaryVector ATTRIBUTE
WITH ATTRIBUTE SYNTAX octetStringSyntax
::= id-auxiliaryVector
janUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-janUKMs
febUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-febUKMs
marUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-marUKMs
aprUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-aprUKMs
mayUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-mayUKMs
junUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-junUKMs
julUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-julUKMs
augUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-augUKMs
sepUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-sepUKMs
octUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-octUKMs
novUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-novUKMs
decUKMs ATTRIBUTE
WITH ATTRIBUTE SYNTAX MonthlyUKMs
::= id-decUKMs
mlReceiptPolicy ATTRIBUTE
WITH ATTRIBUTE SYNTAX MLReceiptPolicy
::= id-mlReceiptPolicy
mlMembership ATTRIBUTE
WITH ATTRIBUTE SYNTAX ORNameList
::= id-mlMembership
mlAdministrators ATTRIBUTE
WITH ATTRIBUTE SYNTAX ORNameList
::= id-mlAdministrators
mlid ATTRIBUTE
WITH ATTRIBUTE SYNTAX Kmid
MATCHES FOR EQUALITY
::= id-mlid
metaSDNScrl ATTRIBUTE
WITH ATTRIBUTE SYNTAX CRLinfo
::= id-metaSDNScrl
sdnsCRL ATTRIBUTE
WITH ATTRIBUTE SYNTAX CRLinfo
::= id-sdnsCRL
metaSDNSsignatureCRL ATTRIBUTE
WITH ATTRIBUTE SYNTAX CRLinfo
::= id-metaSDNSsignatureCRL
sdnsSignatureCRL ATTRIBUTE
WITH ATTRIBUTE SYNTAX CRLinfo
::= id-SDNSsignatureCRL
sdnsCASignatureCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-sdnsCASignatureCertificate
sdnsCertificateRevocationList ATTRIBUTE
WITH ATTRIBUTE SYNTAX CaCertificateRevocationList
::= id-sdnsCertificateRevocationList
mosaicCertificateRevocationList ATTRIBUTE
WITH ATTRIBUTE SYNTAX CaCertificateRevocationList
::= id-mosaicCertificateRevocationList
mosaicKeyManagementCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-mosaicKeyManagementCertificate
mosaicKMandSigCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-mosaicKMandSigCertificate
mosaicUserSignatureCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-mosaicUserSignatureCertificate
mosaicCASignatureCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-mosaicCASignatureCertificate
mosaicKRL ATTRIBUTE
WITH ATTRIBUTE SYNTAX KmidRevocationList
::= id-mosaicKRL
mlExemptedAddressProcessor ATTRIBUTE
WITH ATTRIBUTE SYNTAX ORName
::= id-mlExemptedAddressProcessor
snsGuardGateway ATTRIBUTE
WITH ATTRIBUTE SYNTAX NameList
::= id-snsGuardGateway
algorithmsSupported ATTRIBUTE
WITH ATTRIBUTE SYNTAX AlgorithmList
::= id-algorithmsSupported
suiteAKeyManagementCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-suiteAKeyManagementCertificate
suiteAKMandSigCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-suiteAKMandSigCertificate
suiteAUserSignatureCertificate ATTRIBUTE
WITH ATTRIBUTE SYNTAX Certificate
::= id-suiteAUserSignatureCertificate
-- The following are Attribute Syntaxes.
MonthlyUKMs ::= SIGNED SEQUENCE OF UKMEntry
UKMEntry ::= SEQUENCE {
tag Tag,
ukm OCTET STRING }
Tag ::= SEQUENCE {
kmid Kmid
edition INTEGER,
date UTCTime }
Kmid ::= OCTET STRING
MLReceiptPolicy ::= CHOICE {
none [0] NULL,
insteadOf [1] ORNameList,
inAdditionTo [2] ORNameList }
ORNameList ::= SEQUENCE OF ORName
NameList ::= SEQUENCE OF Name
AlgorithmList ::= SEQUENCE OF AlgorithmIdentifier
CRLinfo ::= SEQUENCE
universalID INTEGER,
crl OCTET STRING }
CaCertificateRevocationList ::= SIGNED SEQUENCE{
signature AlgorithmIdentifier,
issuer Name,
lastUpdate UTCTime,
nextUpdate UTCTime,
revokedCertificates SEQUENCE OF CRLEntry OPTIONAL}
CRLEntry ::= SEQUENCE{
userCertificate SerialNumber,
revocationDate UTCTime}
KmidRevocationList ::= SIGNED SEQUENCE{
signature AlgorithmIdentifier,
issuer Name,
lastUpdate UTCTime,
nextUpdate UTCTime,
revokedKmids SEQUENCE OF KRLEntry OPTIONAL}
KRLEntry ::= SEQUENCE{
userCertificate Kmid,
revocationDate UTCTime}
-- Object Identifiers
ID ::= OBJECT IDENTIFIER
-- hey - this is illegal!
-- id-infosec ID ::=
-- {joint-iso-ccitt (2) country (16) us (840) organization (1)
-- u.s. government (101) dod
-- (2) 1}
id-infosec ID ::=
{joint-iso-ccitt (2) country (16) us (840) organization (1)
us-government (101) dod
(2) 1}
id-modules ID ::= {id-infosec 0}
id-algorithms ID ::= {id-infosec 1}
id-formats ID ::= {id-infosec 2}
id-policy ID ::= {id-infosec 3}
id-object-classes ID ::= {id-infosec 4}
id-attributes ID ::= {id-infosec 5}
id-sdnsSignatureAlgorithm ID ::= {id-algorithms 1}
id-mosaicSignatureAlgorithm ID ::= {id-algorithms 2}
id-sdnsConfidentialityAlgorithm ID ::= {id-algorithms 3}
id-mosaicConfidentialityAlgorithm ID ::= {id-algorithms 4}
id-sdnsIntegrityAlgorithm ID ::= {id-algorithms 5}
id-mosaicIntegrityAlgorithm ID ::= {id-algorithms 6}
id-sdnsTokenProtectionAlgorithm ID ::= {id-algorithms 7}
id-mosaicTokenProtectionAlgorithm ID ::= {id-algorithms 8}
id-sdnsKeyManagementAlgorithm ID ::= {id-algorithms 9}
id-mosaicKeyManagementAlgorithm ID ::= {id-algorithms 10}
id-sdnsKMandSigAlgorithms ID ::= {id-algorithms 11}
id-mosaicKMandSigAlgorithms ID ::= {id-algorithms 12}
id-SuiteASignatureAlgorithm ID ::= {id-algorithms 13}
id-SuiteAConfidentialityAlgorithm ID ::= {id-algorithms 14}
id-SuiteAIntegrityAlgorithm ID ::= {id-algorithms 15}
id-SuiteATokenProtectionAlgorithm ID ::= {id-algorithms 16}
id-SuiteAKeyManagementAlgorithm ID ::= {id-algorithms 17}
id-SuiteAKMandSigAlgorithms ID ::= {id-algorithms 18}
id-mosaicUpdatedSigAlgorithm ID ::= {id-algorithms 19}
id-mosaicKMandUpdSigAlgorithms ID ::= {id-algorithms 20}
id-mosaicUpdatedIntegAlgorithm ID ::= {id-algorithms 21}
id-msp-content-type ID ::= {id-formats 48}
id-msp-rev3-content-type ID ::= {id-formats 42}
id-msp-rekey-agent-protocol ID ::= {id-formats 49}
id-rfc822-message-format ID ::= {id-formats 1}
id-empty-content ID ::= {id-formats 2}
forwarded-MSP-message-body-part ID ::= {id-formats 72}
id-sdns-security-policy-id ID ::= {id-policy 1}
id-sdns-prbac-id ID ::= {id-policy 2}
id-mosaic-prbac-id ID ::= {id-policy 3}
id-msp-user-sdns ID ::= {id-object-classes 1}
id-mail-list ID ::= {id-object-classes 2}
id-dsa-sdns ID ::= {id-object-classes 3}
id-ca-sdns ID ::= {id-object-classes 4}
id-crls-sdns ID ::= {id-object-classes 5}
id-msp-user-mosaic ID ::= {id-object-classes 6}
id-dsa-mosaic ID ::= {id-object-classes 7}
id-ca-mosaic ID ::= {id-object-classes 8}
-- RESERVED id-krl-mosaic ID ::= {id-object-classes 9}
id-strong-auth-user-sdns ID ::= {id-object-classes 10}
id-strong-auth-user-mosaic ID ::= {id-object-classes 11}
id-sdnsKeyManagementCertificate ID ::= {id-attributes 1}
id-sdnsUserSignatureCertificate ID ::= {id-attributes 2}
id-sdnsKMandSigCertificate ID ::= {id-attributes 3}
id-mosaicKeyManagementCertificate ID ::= {id-attributes 4}
id-mosaicKMandSigCertificate ID ::= {id-attributes 5}
id-mosaicUserSignatureCertificate ID ::= {id-attributes 6}
id-mosaicCASignatureCertificate ID ::= {id-attributes 7}
id-sdnsCASignatureCertificate ID ::= {id-attributes 8}
id-auxiliaryVector ID ::= {id-attributes 10}
id-mlReceiptPolicy ID ::= {id-attributes 11}
id-mlMembership ID ::= {id-attributes 12}
id-mlAdministrators ID ::= {id-attributes 13}
id-mlid ID ::= {id-attributes 14}
id-janUKMs ID ::= {id-attributes 20}
id-febUKMs ID ::= {id-attributes 21}
id-marUKMs ID ::= {id-attributes 22}
id-aprUKMs ID ::= {id-attributes 23}
id-mayUKMs ID ::= {id-attributes 24}
id-junUKMs ID ::= {id-attributes 25}
id-julUKMs ID ::= {id-attributes 26}
id-augUKMs ID ::= {id-attributes 27}
id-sepUKMs ID ::= {id-attributes 28}
id-octUKMs ID ::= {id-attributes 29}
id-novUKMs ID ::= {id-attributes 30}
id-decUKMs ID ::= {id-attributes 31}
id-metaSDNScrl ID ::= {id-attributes 40}
id-sdnsCRL ID ::= {id-attributes 41}
id-metaSDNSsignatureCRL ID ::= {id-attributes 42}
id-SDNSsignatureCRL ID ::= {id-attributes 43}
id-sdnsCertificateRevocationList ID ::= {id-attributes 44}
id-mosaicCertificateRevocationList ID ::= {id-attributes 45}
id-mosaicKRL ID ::= {id-attributes 46}
id-mlExemptedAddressProcessor ID ::= {id-attributes 47}
id-snsGuardGateway ID ::= {id-attributes 48}
id-algorithmsSupported ID ::= {id-attributes 49}
id-suiteAKeyManagementCertificate ID ::= {id-attributes 50}
id-suiteAKMandSigCertificate ID ::= {id-attributes 51}
id-suiteAUserSignatureCertificate ID ::= {id-attributes 52}
--
END
Enter new OIDs into the lists