1 PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6)
2 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
3 id-mod-attribute-cert(12)}
5 DEFINITIONS IMPLICIT TAGS ::=
13 -- IMPORTed module OIDs MAY change if [PKIXPROF] changes
14 -- PKIX Certificate Extensions
15 Attribute, AlgorithmIdentifier, CertificateSerialNumber,
16 Extensions, UniqueIdentifier,
17 id-pkix, id-pe, id-kp, id-ad, id-at
18 FROM PKIX1Explicit88 {iso(1) identified-organization(3)
19 dod(6) internet(1) security(5) mechanisms(5)
20 pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
22 GeneralName, GeneralNames, id-ce
23 FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1)
24 certificateExtensions(26) 5} ;
25 -- FROM PKIX1Implicit88 {iso(1) identified-organization(3)
26 -- dod(6) internet(1) security(5) mechanisms(5)
27 -- pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ;
29 id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 }
30 id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 }
31 id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 }
32 id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 }
34 id-aca OBJECT IDENTIFIER ::= { id-pkix 10 }
35 id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 }
36 id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 }
37 id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 }
38 id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 }
39 -- { id-aca 5 } is reserved
40 id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 }
42 id-at-role OBJECT IDENTIFIER ::= { id-at 72}
43 id-at-clearance OBJECT IDENTIFIER ::=
44 { joint-iso-ccitt(2) ds(5) module(1)
45 selected-attribute-types(5) clearance (55) }
47 -- Uncomment this if using a 1988 level ASN.1 compiler
48 -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
50 AttributeCertificate ::= SEQUENCE {
51 acinfo AttributeCertificateInfo,
52 signatureAlgorithm AlgorithmIdentifier,
53 signatureValue BIT STRING
56 AttributeCertificateInfo ::= SEQUENCE {
57 version AttCertVersion, -- version is v2
60 signature AlgorithmIdentifier,
61 serialNumber CertificateSerialNumber,
62 attrCertValidityPeriod AttCertValidityPeriod,
63 attributes SEQUENCE OF Attribute,
64 issuerUniqueID UniqueIdentifier OPTIONAL,
65 extensions Extensions OPTIONAL
68 AttCertVersion ::= INTEGER { v2(1) }
71 baseCertificateID [0] IssuerSerial OPTIONAL,
72 -- the issuer and serial number of
73 -- the holder's Public Key Certificate
74 entityName [1] GeneralNames OPTIONAL,
75 -- the name of the claimant or role
76 objectDigestInfo [2] ObjectDigestInfo OPTIONAL
77 -- used to directly authenticate the
78 -- holder, for example, an executable
81 ObjectDigestInfo ::= SEQUENCE {
82 digestedObjectType ENUMERATED {
85 otherObjectTypes (2) },
86 -- otherObjectTypes MUST NOT
87 -- MUST NOT be used in this profile
88 otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
89 digestAlgorithm AlgorithmIdentifier,
90 objectDigest BIT STRING
93 AttCertIssuer ::= CHOICE {
94 v1Form GeneralNames, -- MUST NOT be used in this
96 v2Form [0] V2Form -- v2 only
100 issuerName GeneralNames OPTIONAL,
101 baseCertificateID [0] IssuerSerial OPTIONAL,
102 objectDigestInfo [1] ObjectDigestInfo OPTIONAL
103 -- issuerName MUST be present in this profile
104 -- baseCertificateID and objectDigestInfo MUST
105 -- NOT be present in this profile
108 IssuerSerial ::= SEQUENCE {
110 serial CertificateSerialNumber,
111 issuerUID UniqueIdentifier OPTIONAL
114 AttCertValidityPeriod ::= SEQUENCE {
115 notBeforeTime GeneralizedTime,
116 notAfterTime GeneralizedTime
119 Targets ::= SEQUENCE OF Target
122 targetName [0] GeneralName,
123 targetGroup [1] GeneralName,
124 targetCert [2] TargetCert
127 TargetCert ::= SEQUENCE {
128 targetCertificate IssuerSerial,
129 targetName GeneralName OPTIONAL,
130 certDigestInfo ObjectDigestInfo OPTIONAL
133 IetfAttrSyntax ::= SEQUENCE {
134 policyAuthority[0] GeneralNames OPTIONAL,
135 values SEQUENCE OF CHOICE {
137 oid OBJECT IDENTIFIER,
142 SvceAuthInfo ::= SEQUENCE {
145 authInfo OCTET STRING OPTIONAL
148 RoleSyntax ::= SEQUENCE {
149 roleAuthority [0] GeneralNames OPTIONAL,
150 roleName [1] GeneralName
153 Clearance ::= SEQUENCE {
154 policyId OBJECT IDENTIFIER,
155 classList ClassList DEFAULT {unclassified},
157 SET OF SecurityCategory OPTIONAL
160 RFC3281Clearance ::= SEQUENCE {
161 policyId [0] OBJECT IDENTIFIER,
162 classList [1] ClassList DEFAULT {unclassified},
164 [2] SET OF SecurityCategory OPTIONAL
168 ClassList ::= BIT STRING {
177 SecurityCategory ::= SEQUENCE {
178 type [0] IMPLICIT OBJECT IDENTIFIER,
179 value [1] ANY DEFINED BY type
182 AAControls ::= SEQUENCE {
183 pathLenConstraint INTEGER (0..MAX) OPTIONAL,
184 permittedAttrs [0] AttrSpec OPTIONAL,
185 excludedAttrs [1] AttrSpec OPTIONAL,
186 permitUnSpecified BOOLEAN DEFAULT TRUE
189 AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
191 ACClearAttrs ::= SEQUENCE {
192 acIssuer GeneralName,
194 attrs SEQUENCE OF Attribute
197 ProxyInfo ::= SEQUENCE OF Targets