1
PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6)
2
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
3
id-mod-attribute-cert(12)}
5
DEFINITIONS IMPLICIT TAGS ::=
13
-- IMPORTed module OIDs MAY change if [PKIXPROF] changes
14
-- PKIX Certificate Extensions
15
Attribute, AlgorithmIdentifier, CertificateSerialNumber,
16
Extensions, UniqueIdentifier,
17
id-pkix, id-pe, id-kp, id-ad, id-at
18
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
19
dod(6) internet(1) security(5) mechanisms(5)
20
pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
22
GeneralName, GeneralNames, id-ce
23
FROM PKIX1Implicit88 {iso(1) identified-organization(3)
24
dod(6) internet(1) security(5) mechanisms(5)
25
pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ;
27
id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 }
28
id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 }
29
id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 }
30
id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 }
32
id-aca OBJECT IDENTIFIER ::= { id-pkix 10 }
33
id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 }
34
id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 }
35
id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 }
36
id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 }
37
-- { id-aca 5 } is reserved
38
id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 }
40
id-at-role OBJECT IDENTIFIER ::= { id-at 72}
41
id-at-clearance OBJECT IDENTIFIER ::=
42
{ joint-iso-ccitt(2) ds(5) module(1)
43
selected-attribute-types(5) clearance (55) }
45
-- Uncomment this if using a 1988 level ASN.1 compiler
46
-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
48
AttributeCertificate ::= SEQUENCE {
49
acinfo AttributeCertificateInfo,
50
signatureAlgorithm AlgorithmIdentifier,
51
signatureValue BIT STRING
54
AttributeCertificateInfo ::= SEQUENCE {
55
version AttCertVersion, -- version is v2
58
signature AlgorithmIdentifier,
59
serialNumber CertificateSerialNumber,
60
attrCertValidityPeriod AttCertValidityPeriod,
61
attributes SEQUENCE OF Attribute,
62
issuerUniqueID UniqueIdentifier OPTIONAL,
63
extensions Extensions OPTIONAL
66
AttCertVersion ::= INTEGER { v2(1) }
69
baseCertificateID [0] IssuerSerial OPTIONAL,
70
-- the issuer and serial number of
71
-- the holder's Public Key Certificate
72
entityName [1] GeneralNames OPTIONAL,
73
-- the name of the claimant or role
74
objectDigestInfo [2] ObjectDigestInfo OPTIONAL
75
-- used to directly authenticate the
76
-- holder, for example, an executable
79
ObjectDigestInfo ::= SEQUENCE {
80
digestedObjectType ENUMERATED {
83
otherObjectTypes (2) },
84
-- otherObjectTypes MUST NOT
85
-- MUST NOT be used in this profile
86
otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
87
digestAlgorithm AlgorithmIdentifier,
88
objectDigest BIT STRING
91
AttCertIssuer ::= CHOICE {
92
v1Form GeneralNames, -- MUST NOT be used in this
94
v2Form [0] V2Form -- v2 only
98
issuerName GeneralNames OPTIONAL,
99
baseCertificateID [0] IssuerSerial OPTIONAL,
100
objectDigestInfo [1] ObjectDigestInfo OPTIONAL
101
-- issuerName MUST be present in this profile
102
-- baseCertificateID and objectDigestInfo MUST
103
-- NOT be present in this profile
106
IssuerSerial ::= SEQUENCE {
108
serial CertificateSerialNumber,
109
issuerUID UniqueIdentifier OPTIONAL
112
AttCertValidityPeriod ::= SEQUENCE {
113
notBeforeTime GeneralizedTime,
114
notAfterTime GeneralizedTime
117
Targets ::= SEQUENCE OF Target
120
targetName [0] GeneralName,
121
targetGroup [1] GeneralName,
122
targetCert [2] TargetCert
125
TargetCert ::= SEQUENCE {
126
targetCertificate IssuerSerial,
127
targetName GeneralName OPTIONAL,
128
certDigestInfo ObjectDigestInfo OPTIONAL
131
IetfAttrSyntax ::= SEQUENCE {
132
policyAuthority[0] GeneralNames OPTIONAL,
133
values SEQUENCE OF CHOICE {
135
oid OBJECT IDENTIFIER,
140
SvceAuthInfo ::= SEQUENCE {
143
authInfo OCTET STRING OPTIONAL
146
RoleSyntax ::= SEQUENCE {
147
roleAuthority [0] GeneralNames OPTIONAL,
148
roleName [1] GeneralName
151
Clearance ::= SEQUENCE {
152
policyId [0] OBJECT IDENTIFIER,
153
classList [1] ClassList DEFAULT {unclassified},
155
[2] SET OF SecurityCategory OPTIONAL
158
ClassList ::= BIT STRING {
167
SecurityCategory ::= SEQUENCE {
168
type [0] IMPLICIT OBJECT IDENTIFIER,
169
value [1] ANY DEFINED BY type
172
AAControls ::= SEQUENCE {
173
pathLenConstraint INTEGER (0..MAX) OPTIONAL,
174
permittedAttrs [0] AttrSpec OPTIONAL,
175
excludedAttrs [1] AttrSpec OPTIONAL,
176
permitUnSpecified BOOLEAN DEFAULT TRUE
179
AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
181
ACClearAttrs ::= SEQUENCE {
182
acIssuer GeneralName,
184
attrs SEQUENCE OF Attribute
187
ProxyInfo ::= SEQUENCE OF Targets