| blob | cba83c05387dba9483dae0d746374bd782260af6 |
1 -- Module DSAOperationalAttributeTypes (X.501:02/2001)
2 DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1)
3 dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::=
4 BEGIN
6 -- EXPORTS All
7 -- The types and values defined in this module are exported for use in the other ASN.1 modules contained
8 -- within the Directory Specifications, and for the use of other applications which will use them to access
9 -- Directory services. Other applications may use them for their own purposes, but this will not constrain
10 -- extensions and modifications needed to maintain or improve the Directory service.
11 IMPORTS
12 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
13 distributedOperations, id-doa, id-kmr, informationFramework,
14 opBindingManagement, selectedAttributeTypes, upperBounds
15 FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
16 usefulDefinitions(0) 4}
17 ATTRIBUTE, MATCHING-RULE, Name, Attribute, DistinguishedName,
18 RelativeDistinguishedName, Refinement, SubtreeSpecification, AttributeType, ContextAssertion
19 FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
20 informationFramework(1) 4}
21 -- OperationalBindingID
22 -- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
23 -- opBindingManagement(18) 4}
24 -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
25 AccessPoint, MasterAndShadowAccessPoints
26 FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
27 distributedOperations(3) 4}
28 -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
29 DirectoryString, NameAndOptionalUID, bitStringMatch
30 FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
31 selectedAttributeTypes(5) 4}
32 PresentationAddress, ProtocolInformation
33 FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
34 selectedAttributeTypes(5) 4}
35 DirectoryBindArgument, DirectoryBindError, SecurityParameters
36 FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
37 directoryAbstractService(2) 5}
38 -- from ITU-T Rec. X.509 | ISO/IEC 9594-8
39 AlgorithmIdentifier
40 FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
41 authenticationFramework(7) 4}
42 AttributeTypeAndValue
43 FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
44 basicAccessControl(24) 4}
45 Filter
46 FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
47 directoryAbstractService(2) 4};
49 -- data types
50 DSEType ::= BIT STRING {
51 root(0), -- root DSE
52 glue(1), -- represents knowledge of a name only
53 cp(2), -- context prefix
54 entry(3), -- object entry
55 alias(4), -- alias entry
56 subr(5), -- subordinate reference
57 nssr(6), -- non-specific subordinate reference
58 supr(7), -- superior reference
59 xr(8), -- cross reference
60 admPoint(9), -- administrative point
61 subentry(10), -- subentry
62 shadow(11), -- shadow copy
63 immSupr(13), -- immediate superior reference
64 rhob(14), -- rhob information
65 sa(15), -- subordinate reference to alias entry
66 dsSubentry(16), -- DSA Specific subentry
67 familyMember(17), -- family member
68 ditBridge(18), -- DIT bridge reference
69 writeableCopy(19) -- writeable copy
70 }
72 SupplierOrConsumer ::= SET {
73 -- COMPONENTS OF AccessPoint, - - supplier or consumer
74 ae-title [0] Name,
75 address [1] PresentationAddress,
76 protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
77 agreementID [3] OperationalBindingID
78 }
80 SupplierInformation ::= SET {
81 -- COMPONENTS OF SupplierOrConsumer, - - supplier
82 ae-title [0] Name,
83 address [1] PresentationAddress,
84 protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
85 agreementID [3] OperationalBindingID,
86 supplier-is-master [4] BOOLEAN DEFAULT TRUE,
87 non-supplying-master [5] AccessPoint OPTIONAL
88 }
90 ConsumerInformation ::= SupplierOrConsumer -- consumer
92 SupplierAndConsumers ::= SET {
93 -- COMPONENTS OF AccessPoint, - - supplier
94 ae-title [0] Name,
95 address [1] PresentationAddress,
96 protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
97 consumers [3] SET OF AccessPoint
98 }
100 -- attribute types
101 --dseType ATTRIBUTE ::= {
102 -- WITH SYNTAX DSEType
103 -- EQUALITY MATCHING RULE bitStringMatch
104 -- SINGLE VALUE TRUE
105 -- NO USER MODIFICATION TRUE
106 -- USAGE dSAOperation
107 -- ID id-doa-dseType
108 --}
110 --myAccessPoint ATTRIBUTE ::= {
111 -- WITH SYNTAX AccessPoint
112 -- EQUALITY MATCHING RULE accessPointMatch
113 -- SINGLE VALUE TRUE
114 -- NO USER MODIFICATION TRUE
115 -- USAGE dSAOperation
116 -- ID id-doa-myAccessPoint
117 --}
119 --superiorKnowledge ATTRIBUTE ::= {
120 -- WITH SYNTAX AccessPoint
121 -- EQUALITY MATCHING RULE accessPointMatch
122 -- NO USER MODIFICATION TRUE
123 -- USAGE dSAOperation
124 -- ID id-doa-superiorKnowledge
125 --}
127 --specificKnowledge ATTRIBUTE ::= {
128 -- WITH SYNTAX MasterAndShadowAccessPoints
129 -- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch
130 -- SINGLE VALUE TRUE
131 -- NO USER MODIFICATION TRUE
132 -- USAGE distributedOperation
133 -- ID id-doa-specificKnowledge
134 --}
136 --nonSpecificKnowledge ATTRIBUTE ::= {
137 -- WITH SYNTAX MasterAndShadowAccessPoints
138 -- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch
139 -- NO USER MODIFICATION TRUE
140 -- USAGE distributedOperation
141 -- ID id-doa-nonSpecificKnowledge
142 --}
144 --supplierKnowledge ATTRIBUTE ::= {
145 -- WITH SYNTAX SupplierInformation
146 -- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch
147 -- NO USER MODIFICATION TRUE
148 -- USAGE dSAOperation
149 -- ID id-doa-supplierKnowledge
150 --}
152 --consumerKnowledge ATTRIBUTE ::= {
153 -- WITH SYNTAX ConsumerInformation
154 -- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch
155 -- NO USER MODIFICATION TRUE
156 -- USAGE dSAOperation
157 -- ID id-doa-consumerKnowledge
158 --}
160 --secondaryShadows ATTRIBUTE ::= {
161 -- WITH SYNTAX SupplierAndConsumers
162 -- EQUALITY MATCHING RULE supplierAndConsumersMatch
163 -- NO USER MODIFICATION TRUE
164 -- USAGE dSAOperation
165 -- ID id-doa-secondaryShadows
166 --}
168 -- matching rules
169 --accessPointMatch MATCHING-RULE ::= {
170 -- SYNTAX Name
171 -- ID id-kmr-accessPointMatch
172 --}
174 --masterAndShadowAccessPointsMatch MATCHING-RULE ::= {
175 -- SYNTAX SET OF Name
176 -- ID id-kmr-masterShadowMatch
177 --}
179 --supplierOrConsumerInformationMatch MATCHING-RULE ::= {
180 -- SYNTAX
181 -- SET {ae-title [0] Name,
182 -- agreement-identifier [2] INTEGER}
183 -- ID id-kmr-supplierConsumerMatch
184 --}
186 --supplierAndConsumersMatch MATCHING-RULE ::= {
187 -- SYNTAX Name
188 -- ID id-kmr-supplierConsumersMatch
189 --}
191 -- object identifier assignments
192 -- dsa operational attributes
193 --id-doa-dseType OBJECT IDENTIFIER ::=
194 -- {id-doa 0}
196 --id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1}
198 --id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2}
200 --id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3}
202 --id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4}
204 --id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5}
206 --id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6}
208 --id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7}
210 -- knowledge matching rules
211 --id-kmr-accessPointMatch OBJECT IDENTIFIER ::=
212 -- {id-kmr 0}
214 --id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1}
216 --id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2}
218 --id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3}
220 --END DSAOperationalAttributeTypes
222 -- we include this here to reduce the number of dissectors
223 -- Module OperationalBindingManagement (X.501:08/2005)
224 --OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
225 -- opBindingManagement(18) 5} DEFINITIONS ::=
226 --BEGIN
228 -- EXPORTS All
229 -- The types and values defined in this module are exported for use in the other ASN.1 modules contained
230 -- within the Directory Specifications, and for the use of other applications which will use them to access
231 -- Directory services. Other applications may use them for their own purposes, but this will not constrain
232 -- extensions and modifications needed to maintain or improve the Directory service.
233 --IMPORTS
234 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
235 -- directoryAbstractService, directoryShadowAbstractService,
236 -- distributedOperations, directoryOSIProtocols, enhancedSecurity,
237 -- hierarchicalOperationalBindings, commonProtocolSpecification
238 -- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
239 -- usefulDefinitions(0) 5}
240 -- OPTIONALLY-PROTECTED-SEQ
241 -- FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1)
242 -- enhancedSecurity(28) 5}
243 -- hierarchicalOperationalBinding, nonSpecificHierarchicalOperationalBinding
244 -- FROM HierarchicalOperationalBindings hierarchicalOperationalBindings
245 -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
246 -- CommonResultsSeq, directoryBind, directoryUnbind, securityError,
247 -- SecurityParameters
248 -- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
249 -- directoryAbstractService(2) 5}
250 -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
251 -- AccessPoint
252 -- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
253 -- distributedOperations(3) 5}
254 -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
255 -- id-err-operationalBindingError, id-op-establishOperationalBinding,
256 -- id-op-modifyOperationalBinding, id-op-terminateOperationalBinding,
257 -- OPERATION, ERROR
258 -- FROM CommonProtocolSpecification commonProtocolSpecification
259 -- APPLICATION-CONTEXT
260 -- FROM DirectoryOSIProtocols directoryOSIProtocols
261 -- from ITU-T Rec. X.525 | ISO/IEC 9594-9
262 -- shadowOperationalBinding
263 -- FROM DirectoryShadowAbstractService directoryShadowAbstractService;
265 -- bind and unbind
266 dSAOperationalBindingManagementBind OPERATION ::=
267 directoryBind
269 DSAOperationalManagementBindArgument ::= DirectoryBindArgument
270 DSAOperationalManagementBindResult ::= DirectoryBindArgument
271 DSAOperationalManagementBindError ::= DirectoryBindError
273 dSAOperationalBindingManagementUnbind OPERATION ::= directoryUnbind
275 -- operations, arguments and results
276 --establishOperationalBinding OPERATION ::= {
277 -- ARGUMENT EstablishOperationalBindingArgument
278 -- RESULT EstablishOperationalBindingResult
279 -- ERRORS {operationalBindingError | securityError}
280 -- CODE id-op-establishOperationalBinding
281 --}
283 EstablishOperationalBindingArgumentData ::=
284 -- OPTIONALLY-PROTECTED-SEQ
285 -- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
286 bindingID [1] OperationalBindingID OPTIONAL,
287 accessPoint [2] AccessPoint,
288 -- symmetric, Role A initiates, or Role B initiates
289 initiator
290 CHOICE {symmetric
291 [3] -- OPERATIONAL-BINDING.&both.&EstablishParam
292 -- ({OpBindingSet}{@bindingType}) -- ANY,
293 roleA-initiates
294 [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam
295 -- ({OpBindingSet}{@bindingType}) -- ANY,
296 roleB-initiates
297 [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam
298 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
299 agreement
300 [6] -- OPERATIONAL-BINDING.&Agreement
301 -- ({OpBindingSet}{@bindingType}) -- ANY,
302 valid [7] Validity DEFAULT {},
303 securityParameters [8] SecurityParameters OPTIONAL} --}
305 -- expand OPTIONALLY-PROTECTED macro
306 EstablishOperationalBindingArgument ::= CHOICE {
307 unsignedEstablishOperationalBindingArgument EstablishOperationalBindingArgumentData,
308 signedEstablishOperationalBindingArgument SEQUENCE {
309 establishOperationalBindingArgument EstablishOperationalBindingArgumentData,
310 algorithmIdentifier AlgorithmIdentifier,
311 encrypted BIT STRING
312 }
313 }
315 OperationalBindingID ::= SEQUENCE {identifier INTEGER,
316 version INTEGER
317 }
319 Validity ::= SEQUENCE {
320 validFrom [0] CHOICE {now [0] NULL,
321 time [1] Time } DEFAULT now:NULL,
322 validUntil
323 [1] CHOICE {explicitTermination [0] NULL,
324 time [1] Time
325 } DEFAULT explicitTermination:NULL
326 }
328 Time ::= CHOICE {utcTime UTCTime,
329 generalizedTime GeneralizedTime
330 }
332 EstablishOperationalBindingResult ::=
333 -- OPTIONALLY-PROTECTED-SEQ
334 -- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
335 bindingID [1] OperationalBindingID OPTIONAL,
336 accessPoint [2] AccessPoint,
337 -- symmetric, Role A replies , or Role B replies
338 initiator
339 CHOICE {symmetric
340 [3] -- OPERATIONAL-BINDING.&both.&EstablishParam
341 -- ({OpBindingSet}{@bindingType}) -- ANY,
342 roleA-replies
343 [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam
344 -- ({OpBindingSet}{@bindingType}) -- ANY,
345 roleB-replies
346 [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam
347 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
348 -- COMPONENTS OF CommonResultsSeq}}
349 securityParameters [30] SecurityParameters OPTIONAL,
350 performer [29] DistinguishedName OPTIONAL,
351 aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
352 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL}
355 --modifyOperationalBinding OPERATION ::= {
356 -- ARGUMENT ModifyOperationalBindingArgument
357 -- RESULT ModifyOperationalBindingResult
358 -- ERRORS {operationalBindingError | securityError}
359 -- CODE id-op-modifyOperationalBinding
360 --}
362 ModifyOperationalBindingArgumentData ::=
363 -- OPTIONALLY-PROTECTED-SEQ
364 -- {--SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
365 bindingID [1] OperationalBindingID,
366 accessPoint [2] AccessPoint OPTIONAL,
367 -- symmetric, Role A initiates, or Role B initiates
368 initiator
369 CHOICE {symmetric
370 [3] -- OPERATIONAL-BINDING.&both.&ModifyParam
371 -- ({OpBindingSet}{@bindingType}) -- ANY,
372 roleA-initiates
373 [4] -- OPERATIONAL-BINDING.&roleA.&ModifyParam
374 -- ({OpBindingSet}{@bindingType}) -- ANY,
375 roleB-initiates
376 [5] -- OPERATIONAL-BINDING.&roleB.&ModifyParam
377 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
378 newBindingID [6] OperationalBindingID,
379 newAgreement
380 [7] -- OPERATIONAL-BINDING.&Agreement
381 -- ({OpBindingSet}{@bindingType}) -- ANY OPTIONAL,
382 valid [8] Validity OPTIONAL,
383 securityParameters [9] SecurityParameters OPTIONAL} -- }
386 ModifyOperationalBindingArgument ::= CHOICE {
387 unsignedModifyOperationalBindingArgument ModifyOperationalBindingArgumentData,
388 signedModifyOperationalBindingArgument SEQUENCE {
389 modifyOperationalBindingArgument ModifyOperationalBindingArgumentData,
390 algorithmIdentifier AlgorithmIdentifier,
391 encrypted BIT STRING
392 }
393 }
395 ModifyOperationalBindingResult ::= CHOICE {
396 null [0] NULL,
397 protected [1] SEQUENCE {
398 modifyOperationalBindingResultData ModifyOperationalBindingResultData,
399 algorithmIdentifier AlgorithmIdentifier,
400 encrypted BIT STRING
401 }
402 }
404 ModifyOperationalBindingResultData ::= SEQUENCE {
405 newBindingID OperationalBindingID,
406 bindingType
407 -- OPERATIONAL-BINDING.&id
408 -- ({OpBindingSet}) -- OBJECT IDENTIFIER,
409 newAgreement
410 -- OPERATIONAL-BINDING.&Agreement
411 -- ({OpBindingSet}{@.bindingType}) -- ANY,
412 valid Validity OPTIONAL,
413 --COMPONENTS OF CommonResultsSeq
414 securityParameters [30] SecurityParameters OPTIONAL,
415 performer [29] DistinguishedName OPTIONAL,
416 aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
417 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
418 -- }}
419 }
421 --terminateOperationalBinding OPERATION ::= {
422 -- ARGUMENT TerminateOperationalBindingArgument
423 -- RESULT TerminateOperationalBindingResult
424 -- ERRORS {operationalBindingError | securityError}
425 -- CODE id-op-terminateOperationalBinding
426 --}
428 TerminateOperationalBindingArgumentData ::=
429 -- OPTIONALLY-PROTECTED-SEQ
430 -- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
431 bindingID [1] OperationalBindingID,
432 -- symmetric, Role A initiates, or Role B initiates
433 initiator
434 CHOICE {symmetric
435 [2] -- OPERATIONAL-BINDING.&both.&TerminateParam
436 -- ({OpBindingSet}{@bindingType}) -- ANY,
437 roleA-initiates
438 [3] -- OPERATIONAL-BINDING.&roleA.&TerminateParam
439 -- ({OpBindingSet}{@bindingType}) -- ANY,
440 roleB-initiates
441 [4] -- OPERATIONAL-BINDING.&roleB.&TerminateParam
442 -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
443 terminateAt [5] Time OPTIONAL,
444 securityParameters [6] SecurityParameters OPTIONAL} --}
447 TerminateOperationalBindingArgument ::= CHOICE {
448 unsignedTerminateOperationalBindingArgument TerminateOperationalBindingArgumentData,
449 signedTerminateOperationalBindingArgument SEQUENCE {
450 terminateOperationalBindingArgument TerminateOperationalBindingArgumentData,
451 algorithmIdentifier AlgorithmIdentifier,
452 encrypted BIT STRING
453 }
454 }
456 TerminateOperationalBindingResult ::= CHOICE {
457 null [0] NULL,
458 protected [1] SEQUENCE {
459 terminateOperationalBindingResultData TerminateOperationalBindingResultData,
460 algorithmIdentifier AlgorithmIdentifier,
461 encrypted BIT STRING
462 }
463 }
465 TerminateOperationalBindingResultData ::= SEQUENCE {
466 bindingID OperationalBindingID,
467 bindingType
468 -- OPERATIONAL-BINDING.&id
469 -- ({OpBindingSet}) -- OBJECT IDENTIFIER,
470 terminateAt GeneralizedTime OPTIONAL,
471 --COMPONENTS OF CommonResultsSeq
472 securityParameters [30] SecurityParameters OPTIONAL,
473 performer [29] DistinguishedName OPTIONAL,
474 aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
475 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
476 -- }}
477 }
479 -- errors and parameters
480 --operationalBindingError ERROR ::= {
481 -- PARAMETER OPTIONALLY-PROTECTED-SEQ {OpBindingErrorParam}
482 -- CODE id-err-operationalBindingError
483 --}
485 OpBindingErrorParam ::= SEQUENCE {
486 problem
487 [0] ENUMERATED {invalidID(0), duplicateID(1), unsupportedBindingType(2),
488 notAllowedForRole(3), parametersMissing(4),
489 roleAssignment(5), invalidStartTime(6), invalidEndTime(7),
490 invalidAgreement(8), currentlyNotDecidable(9),
491 modificationNotAllowed(10)},
492 bindingType [1] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER OPTIONAL,
493 agreementProposal
494 [2] -- OPERATIONAL-BINDING.&Agreement({OpBindingSet}{@bindingType})-- ANY OPTIONAL,
495 retryAt [3] Time OPTIONAL,
496 -- COMPONENTS OF CommonResultsSeq
497 securityParameters [30] SecurityParameters OPTIONAL,
498 performer [29] DistinguishedName OPTIONAL,
499 aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
500 notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
502 }
504 -- information object classes
505 --OPERATIONAL-BINDING ::= CLASS {
506 -- &Agreement ,
507 -- &Cooperation OP-BINDING-COOP,
508 -- &both OP-BIND-ROLE OPTIONAL,
509 -- &roleA OP-BIND-ROLE OPTIONAL,
510 -- &roleB OP-BIND-ROLE OPTIONAL,
511 -- &id OBJECT IDENTIFIER UNIQUE
512 --}
513 --WITH SYNTAX {
514 -- AGREEMENT &Agreement
515 -- APPLICATION CONTEXTS &Cooperation
516 -- [SYMMETRIC &both]
517 -- [ASYMMETRIC
518 -- [ROLE-A &roleA]
519 -- [ROLE-B &roleB]]
520 -- ID &id
521 --}
523 --OP-BINDING-COOP ::= CLASS {
524 -- &applContext APPLICATION-CONTEXT,
525 -- &Operations OPERATION OPTIONAL
526 --}WITH SYNTAX {&applContext
527 -- [APPLIES TO &Operations]
528 --}
530 --OP-BIND-ROLE ::= CLASS {
531 -- &establish BOOLEAN DEFAULT FALSE,
532 -- &EstablishParam OPTIONAL,
533 -- &modify BOOLEAN DEFAULT FALSE,
534 -- &ModifyParam OPTIONAL,
535 -- &terminate BOOLEAN DEFAULT FALSE,
536 -- &TerminateParam OPTIONAL
537 --}
538 --WITH SYNTAX {
539 -- [ESTABLISHMENT-INITIATOR &establish]
540 -- [ESTABLISHMENT-PARAMETER &EstablishParam]
541 -- [MODIFICATION-INITIATOR &modify]
542 -- [MODIFICATION-PARAMETER &ModifyParam]
543 -- [TERMINATION-INITIATOR &terminate]
544 -- [TERMINATION-PARAMETER &TerminateParam]
545 --}
547 --OpBindingSet OPERATIONAL-BINDING ::=
548 -- {shadowOperationalBinding | hierarchicalOperationalBinding |
549 -- nonSpecificHierarchicalOperationalBinding}
551 --END - - OperationalBindingManagement
553 -- Module HierarchicalOperationalBindings (X.518:08/2005)
554 --HierarchicalOperationalBindings {joint-iso-itu-t ds(5) module(1)
555 -- hierarchicalOperationalBindings(20) 5} DEFINITIONS ::=
556 --BEGIN
558 -- EXPORTS All
559 -- The types and values defined in this module are exported for use in the other ASN.1 modules contained
560 -- within the Directory Specifications, and for the use of other applications which will use them to access
561 -- Directory services. Other applications may use them for their own purposes, but this will not constrain
562 -- extensions and modifications needed to maintain or improve the Directory service.
563 --IMPORTS
564 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
565 -- directoryOperationalBindingTypes, directoryOSIProtocols,
566 -- distributedOperations, informationFramework, opBindingManagement
567 -- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
568 -- usefulDefinitions(0) 5}
569 -- Attribute, DistinguishedName, RelativeDistinguishedName
570 -- FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
571 -- informationFramework(1) 5}
572 -- OPERATIONAL-BINDING
573 -- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
574 -- opBindingManagement(18) 5}
575 -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
576 -- MasterAndShadowAccessPoints
577 -- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
578 -- distributedOperations(3) 5}
579 -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
580 -- directorySystemAC
581 -- FROM DirectoryOSIProtocols {joint-iso-itu-t ds(5) module(1)
582 -- directoryOSIProtocols(37) 5}
583 -- id-op-binding-hierarchical, id-op-binding-non-specific-hierarchical
584 -- FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1)
585 -- directoryOperationalBindingTypes(25) 5};
587 -- types
588 HierarchicalAgreement ::= SEQUENCE {
589 rdn [0] RelativeDistinguishedName,
590 immediateSuperior [1] DistinguishedName
591 }
593 SuperiorToSubordinate ::= SEQUENCE {
594 contextPrefixInfo [0] DITcontext,
595 entryInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
596 immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
597 }
599 DITcontext ::= SEQUENCE OF Vertex
601 Vertex ::= SEQUENCE {
602 rdn [0] RelativeDistinguishedName,
603 admPointInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
604 subentries [2] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL,
605 accessPoints [3] MasterAndShadowAccessPoints OPTIONAL
606 }
608 SubentryInfo ::= SEQUENCE {
609 rdn [0] RelativeDistinguishedName,
610 info [1] SET OF Attribute
611 }
613 SubordinateToSuperior ::= SEQUENCE {
614 accessPoints [0] MasterAndShadowAccessPoints OPTIONAL,
615 alias [1] BOOLEAN DEFAULT FALSE,
616 entryInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
617 subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
618 }
620 SuperiorToSubordinateModification ::=
621 -- SuperiorToSubordinate(WITH COMPONENTS {
622 -- ...,
623 -- entryInfo ABSENT
624 -- })
625 SEQUENCE {
626 contextPrefixInfo [0] DITcontext,
627 immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
628 }
630 NonSpecificHierarchicalAgreement ::= SEQUENCE {
631 immediateSuperior [1] DistinguishedName
632 }
634 NHOBSuperiorToSubordinate ::=
635 -- SuperiorToSubordinate(WITH COMPONENTS {
636 -- ...,
637 -- entryInfo ABSENT
638 -- })
639 SEQUENCE {
640 contextPrefixInfo [0] DITcontext,
641 immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
642 }
644 NHOBSubordinateToSuperior ::= SEQUENCE {
645 accessPoints [0] MasterAndShadowAccessPoints OPTIONAL,
646 subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
647 }
649 -- operational binding information objects
650 --hierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
651 -- AGREEMENT HierarchicalAgreement
652 -- APPLICATION CONTEXTS {{directorySystemAC}}
653 -- ASYMMETRIC ROLE-A - - superior DSA - -
654 -- {ESTABLISHMENT-INITIATOR TRUE
655 -- ESTABLISHMENT-PARAMETER SuperiorToSubordinate
656 -- MODIFICATION-INITIATOR TRUE
657 -- MODIFICATION-PARAMETER SuperiorToSubordinateModification
658 -- TERMINATION-INITIATOR TRUE}
659 -- ROLE-B - - subordinate DSA - -
660 -- {ESTABLISHMENT-INITIATOR TRUE
661 -- ESTABLISHMENT-PARAMETER SubordinateToSuperior
662 -- MODIFICATION-INITIATOR TRUE
663 -- MODIFICATION-PARAMETER SubordinateToSuperior
664 -- TERMINATION-INITIATOR TRUE}
665 -- ID id-op-binding-hierarchical
666 --}
668 --nonSpecificHierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
669 -- AGREEMENT NonSpecificHierarchicalAgreement
670 -- APPLICATION CONTEXTS {{directorySystemAC}}
671 -- ASYMMETRIC ROLE-A - - superior DSA - -
672 -- {ESTABLISHMENT-PARAMETER NHOBSuperiorToSubordinate
673 -- MODIFICATION-INITIATOR TRUE
674 -- MODIFICATION-PARAMETER NHOBSuperiorToSubordinate
675 -- TERMINATION-INITIATOR TRUE}
676 -- ROLE-B - - subordinate DSA - -
677 -- {ESTABLISHMENT-INITIATOR TRUE
678 -- ESTABLISHMENT-PARAMETER NHOBSubordinateToSuperior
679 -- MODIFICATION-INITIATOR TRUE
680 -- MODIFICATION-PARAMETER NHOBSubordinateToSuperior
681 -- TERMINATION-INITIATOR TRUE}
682 -- ID id-op-binding-non-specific-hierarchical
683 --}
685 --END - - HierarchicalOperationalBindings
687 -- Module BasicAccessControl (X.501:02/2001)
688 --BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4}
689 --DEFINITIONS ::=
690 --BEGIN
692 -- EXPORTS All
693 -- The types and values defined in this module are exported for use in the other ASN.1 modules contained
694 -- within the Directory Specifications, and for the use of other applications which will use them to access
695 -- Directory services. Other applications may use them for their own purposes, but this will not constrain
696 -- extensions and modifications needed to maintain or improve the Directory service.
697 --IMPORTS
698 -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
699 -- directoryAbstractService, id-aca, id-acScheme, informationFramework,
700 -- selectedAttributeTypes, upperBounds
701 -- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
702 -- usefulDefinitions(0) 4}
703 -- ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE,
704 -- objectIdentifierMatch, Refinement, SubtreeSpecification,
705 -- SupportedAttributes
706 -- FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
707 -- informationFramework(1) 4}
708 -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
709 -- Filter
710 -- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
711 -- directoryAbstractService(2) 4}
712 -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
713 -- DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID,
714 -- UniqueIdentifier
715 -- FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
716 -- selectedAttributeTypes(5) 4}
717 -- ub-tag
718 -- FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4};
720 -- types
721 ACIItem ::= SEQUENCE {
722 identificationTag DirectoryString --{ub-tag}--,
723 precedence Precedence,
724 authenticationLevel AuthenticationLevel,
725 itemOrUserFirst
726 CHOICE {itemFirst
727 [0] SEQUENCE {protectedItems ProtectedItems,
728 itemPermissions SET OF ItemPermission},
729 userFirst
730 [1] SEQUENCE {userClasses UserClasses,
731 userPermissions SET OF UserPermission}}
732 }
734 Precedence ::= INTEGER --(0..255)--
736 ProtectedItems ::= SEQUENCE {
737 entry [0] NULL OPTIONAL,
738 allUserAttributeTypes [1] NULL OPTIONAL,
739 attributeType
740 [2] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
741 allAttributeValues
742 [3] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
743 allUserAttributeTypesAndValues [4] NULL OPTIONAL,
744 attributeValue
745 [5] SET --SIZE (1..MAX)-- OF AttributeTypeAndValue OPTIONAL,
746 selfValue
747 [6] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
748 rangeOfValues [7] Filter OPTIONAL,
749 maxValueCount
750 [8] SET --SIZE (1..MAX)-- OF MaxValueCount OPTIONAL,
751 maxImmSub [9] INTEGER OPTIONAL,
752 restrictedBy
753 [10] SET --SIZE (1..MAX)-- OF RestrictedValue OPTIONAL,
754 contexts
755 [11] SET --SIZE (1..MAX)-- OF ContextAssertion OPTIONAL,
756 classes [12] Refinement OPTIONAL
757 }
759 MaxValueCount ::= SEQUENCE {type AttributeType,
760 maxCount INTEGER
761 }
763 RestrictedValue ::= SEQUENCE {type AttributeType,
764 valuesIn AttributeType
765 }
767 UserClasses ::= SEQUENCE {
768 allUsers [0] NULL OPTIONAL,
769 thisEntry [1] NULL OPTIONAL,
770 name [2] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
771 userGroup [3] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
772 -- dn component shall be the name of an
773 -- entry of GroupOfUniqueNames
774 subtree [4] SET --SIZE (1..MAX)-- OF SubtreeSpecification OPTIONAL
775 }
777 ItemPermission ::= SEQUENCE {
778 precedence Precedence OPTIONAL,
779 -- defaults to precedence in ACIItem
780 userClasses UserClasses,
781 grantsAndDenials GrantsAndDenials
782 }
784 UserPermission ::= SEQUENCE {
785 precedence Precedence OPTIONAL,
786 -- defaults to precedence in ACIItem
787 protectedItems ProtectedItems,
788 grantsAndDenials GrantsAndDenials
789 }
791 AuthenticationLevel ::= CHOICE {
792 basicLevels
793 SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)},
794 localQualifier INTEGER OPTIONAL,
795 signed BOOLEAN DEFAULT FALSE},
796 other EXTERNAL
797 }
799 GrantsAndDenials ::= BIT STRING {
800 -- permissions that may be used in conjunction
801 -- with any component of ProtectedItems
802 grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
803 grantRead(4), denyRead(5), grantRemove(6),
804 denyRemove(7),
805 -- permissions that may be used only in conjunction
806 -- with the entry component
807 grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
808 grantImport(12), denyImport(13), grantModify(14), denyModify(15),
809 grantRename(16), denyRename(17), grantReturnDN(18),
810 denyReturnDN(19),
811 -- permissions that may be used in conjunction
812 -- with any component, except entry, of ProtectedItems
813 grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
814 grantInvoke(24), denyInvoke(25)}
816 --AttributeTypeAndValue ::= SEQUENCE {
817 -- type ATTRIBUTE.&id({SupportedAttributes}),
818 -- value ATTRIBUTE.&Type({SupportedAttributes}{@type})
819 --}
821 -- attributes
822 --accessControlScheme ATTRIBUTE ::= {
823 -- WITH SYNTAX OBJECT IDENTIFIER
824 -- EQUALITY MATCHING RULE objectIdentifierMatch
825 -- SINGLE VALUE TRUE
826 -- USAGE directoryOperation
827 -- ID id-aca-accessControlScheme
828 --}
830 --prescriptiveACI ATTRIBUTE ::= {
831 -- WITH SYNTAX ACIItem
832 -- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
833 -- USAGE directoryOperation
834 -- ID id-aca-prescriptiveACI
835 --}
837 --entryACI ATTRIBUTE ::= {
838 -- WITH SYNTAX ACIItem
839 -- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
840 -- USAGE directoryOperation
841 -- ID id-aca-entryACI
842 --}
844 --subentryACI ATTRIBUTE ::= {
845 -- WITH SYNTAX ACIItem
846 -- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
847 -- USAGE directoryOperation
848 -- ID id-aca-subentryACI
849 --}
851 -- object identifier assignments
852 -- attributes
853 --id-aca-accessControlScheme OBJECT IDENTIFIER ::=
854 -- {id-aca 1}
856 --id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}
858 --id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}
860 --id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}
862 -- access control schemes -
863 --basicAccessControlScheme OBJECT IDENTIFIER ::=
864 -- {id-acScheme 1}
866 --simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}
868 --rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}
870 --rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}
872 --rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}
874 END -- BasicAccessControl
876 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
880 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D