1
-- Module Notation (X.830:04/1995)
3
Notation {joint-iso-itu-t genericULS(20) modules(1) notation(1)} DEFINITIONS
9
-- From Directory Standards:
10
informationFramework, selectedAttributeTypes, authenticationFramework
11
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
12
usefulDefinitions(0) 3}
14
FROM InformationFramework informationFramework
16
FROM SelectedAttributeTypes selectedAttributeTypes
18
FROM AuthenticationFramework authenticationFramework
19
-- From Other GULS Modules:
20
genericProtectingTransferSyntax
21
FROM ObjectIdentifiers {joint-iso-itu-t genericULS(20) modules(1)
24
FROM GenericProtectingTransferSyntax genericProtectingTransferSyntax;
26
-- *************************************************
27
-- Notation for security identity and SA-identifiers
28
-- *************************************************
29
-- Values of the SecurityIdentity type are used to identify entities
30
-- which assign externally-established security association identifiers,
31
-- and for other security-related purposes requiring globally-unique
33
SecurityIdentity ::= CHOICE {
35
objectIdentifier OBJECT IDENTIFIER
38
ExternalSAID ::= SEQUENCE {
40
assignerIdentity SecurityIdentity OPTIONAL
41
-- Identity of the system which assigned the integer value
44
-- ******************************************
45
-- Notation for specifying security exchanges
46
-- ******************************************
49
-- This information object class definition is for use when
50
-- specifying a particular instance of a security exchange.
52
&SE-Items SEC-EXCHG-ITEM,
53
-- This is an ASN.1 information object set, comprising a set
54
-- of security exchange items
55
&sE-Identifier Identifier UNIQUE
56
-- A local or global identifier for the particular security
60
-- The following syntax is used to specify a particular security
63
IDENTIFIER &sE-Identifier
66
Identifier ::= CHOICE {local INTEGER,
67
global OBJECT IDENTIFIER
70
SEC-EXCHG-ITEM ::= CLASS {
72
-- ASN.1 type for this exchange item
74
-- Identifier for this item, e.g. 1, 2, 3, ..
75
&Errors SE-ERROR OPTIONAL
76
-- Optional list of errors which may result from
77
-- transfer of this item
78
}WITH SYNTAX {ITEM-TYPE &ItemType
84
&ParameterType OPTIONAL,
85
-- ASN.1 type of a parameter to accompany the signalling
86
-- of the error condition back to the sender of the SEI
87
&errorCode Identifier UNIQUE
88
-- An identifier used in signalling the error condition
89
-- back to the sender of the SEI
90
}WITH SYNTAX {[PARAMETER &ParameterType]
94
-- ************************************************
95
-- Notation for specifying security transformations
96
-- ************************************************
97
SECURITY-TRANSFORMATION ::=
99
-- This information object class definition is for use when
100
-- specifying a particular instance of a security transformation.
102
&sT-Identifier OBJECT IDENTIFIER UNIQUE,
103
-- Identifier to be used in signalling the application
104
-- of the particular security transformation
105
&initialEncodingRules OBJECT IDENTIFIER DEFAULT {joint-iso-ccitt
106
asn1(1) ber-derived(2)
107
canonical-encoding(0)},
108
-- Default initial encoding rules to generate a bit
109
-- string prior to applying the encoding process of a
110
-- security transformation.
111
&StaticUnprotectedParm OPTIONAL,
112
-- ASN.1 type for conveying static unprotected parameters
113
&DynamicUnprotectedParm OPTIONAL,
114
-- ASN.1 type for conveying dynamic unprotected parameters
116
-- ASN.1 type of the ASN.1 value produced by the security
117
-- transformations encoding process
118
&QualifierType OPTIONAL
119
-- &QualifierType specifies the ASN.1 type of the qualifier
120
-- parameter used with the PROTECTED-Q notation.
123
-- The following syntax is used to specify a particular security
126
IDENTIFIER &sT-Identifier
127
[INITIAL-ENCODING-RULES &initialEncodingRules]
128
[STATIC-UNPROT-PARM &StaticUnprotectedParm]
129
[DYNAMIC-UNPROT-PARM &DynamicUnprotectedParm]
130
XFORMED-DATA-TYPE &XformedDataType
131
[QUALIFIER-TYPE &QualifierType]
134
-- **************************************************
135
-- Notation for specifying selective field protection
136
-- **************************************************
137
PROTECTED{BaseType, PROTECTION-MAPPING:protectionReqd} ::= CHOICE {
141
BaseType-- dirEncrypt is for use only with the
142
-- dirEncryptedTransformation,
143
-- and generates the same encoding as the
144
-- X.509/9594-8 ENCRYPTED type-- }),
146
SEQUENCE {baseType BaseType OPTIONAL,
147
-- must be present for dirSignedTransformation
148
-- and must be omitted for
149
-- dirSignatureTransformation
150
algorithmId AlgorithmIdentifier,
154
BaseType-- contains enciphered hash--
155
-- of a value of BaseType -- })}-- dirSign is for use only with the
156
-- dirSignedTransformation or
157
-- dirSignatureTransformation, and generates
158
-- the same encoding as the corresponding
159
-- X.509/9594-8 SIGNED or SIGNATURE type--,
160
noTransform [0] BaseType,
161
-- noTransform invokes no security transformation.
162
-- Subject to security policy, noTransform may be used
163
-- if adequate protection is provided by lower layers
164
-- and any application relays through which the data
165
-- may pass are trusted to maintain the required
166
-- protection. This alternative may only be used
167
-- if protectionReqd.&bypassPermitted is TRUE,
168
direct [1] SyntaxStructure{{protectionReqd.&SecurityTransformation}},
169
-- direct generates a protecting transfer syntax
170
-- value, which is encoded using the same encoding
171
-- rules as the surrounding ASN.1 (The type
172
-- SyntaxStructure is imported from Rec. X.833 |
177
identification (WITH COMPONENTS {
178
presentation-context-id ,
179
context-negotiation (WITH COMPONENTS {
180
transfer-syntax (CONSTRAINED BY {
184
&protTransferSyntax})
186
transfer-syntax (CONSTRAINED BY {
189
&protTransferSyntax})
191
data-value (CONTAINING BaseType )
193
-- The data value encoded is a value of type BaseType
197
PROTECTED-Q{BaseType, PROTECTION-MAPPING:protectionReqd,
198
PROTECTION-MAPPING.&SecurityTransformation.&QualifierType:qualifier}
200
PROTECTED{BaseType, protectionReqd}
202
protectionReqd.&SecurityTransformation.&QualifierType:qualifier
203
-- The value of qualifier must be made available to
204
-- the security transformation used
207
-- BaseType is the type to be protected, and protectionReqd is an
208
-- object of class PROTECTION-MAPPING. The use of PROTECTED requires
209
-- the importation into the user's module of the PROTECTED parameterized
210
-- type, together with the necessary PROTECTION-MAPPING object
212
-- *******************************************
213
-- Notation for specifying protection mappings
214
-- *******************************************
215
PROTECTION-MAPPING ::= CLASS {
216
&SecurityTransformation SECURITY-TRANSFORMATION,
217
-- &SecurityTransformation specifies an ASN.1 object set of the
218
-- SECURITY-TRANSFORMATION class. Use of the particular
219
-- protection mapping implies use of one of the specified
220
-- transformations, with the choice being left to the
221
-- encoding system. Rules for selecting between these security
222
-- transformations may be specified in comments.
223
&protTransferSyntax OBJECT IDENTIFIER DEFAULT {joint-iso-itu-t
225
generalTransferSyntax(2)},
226
-- Identifies the particular protecting transfer syntax to
227
-- be used in an EMDEDDED PDV encoding for the embedded
229
&bypassPermitted BOOLEAN DEFAULT FALSE
230
-- Indicates if bypassing of protection is permitted
233
SECURITY-TRANSFORMATION &SecurityTransformation
234
[PROTECTING-TRANSFER-SYNTAX &protTransferSyntax]
235
[BYPASS-PERMITTED &bypassPermitted]
240
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D