-- Module DSAOperationalAttributeTypes (X.501:02/2001) DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1) dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::= BEGIN -- EXPORTS All -- The types and values defined in this module are exported for use in the other ASN.1 modules contained -- within the Directory Specifications, and for the use of other applications which will use them to access -- Directory services. Other applications may use them for their own purposes, but this will not constrain -- extensions and modifications needed to maintain or improve the Directory service. IMPORTS -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 distributedOperations, id-doa, id-kmr, informationFramework, opBindingManagement, selectedAttributeTypes, upperBounds FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 4} ATTRIBUTE, MATCHING-RULE, Name, Attribute, DistinguishedName, RelativeDistinguishedName, Refinement, SubtreeSpecification, AttributeType, ContextAssertion FROM InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 4} -- OperationalBindingID -- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) -- opBindingManagement(18) 4} -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 AccessPoint, MasterAndShadowAccessPoints FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) distributedOperations(3) 4} -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 DirectoryString, NameAndOptionalUID, bitStringMatch FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 4} PresentationAddress, ProtocolInformation FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 4} DirectoryBindArgument, DirectoryBindError, SecurityParameters FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) directoryAbstractService(2) 5} -- from ITU-T Rec. X.509 | ISO/IEC 9594-8 AlgorithmIdentifier FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 4} AttributeTypeAndValue FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4} Filter FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) directoryAbstractService(2) 4}; -- data types DSEType ::= BIT STRING { root(0), -- root DSE glue(1), -- represents knowledge of a name only cp(2), -- context prefix entry(3), -- object entry alias(4), -- alias entry subr(5), -- subordinate reference nssr(6), -- non-specific subordinate reference supr(7), -- superior reference xr(8), -- cross reference admPoint(9), -- administrative point subentry(10), -- subentry shadow(11), -- shadow copy immSupr(13), -- immediate superior reference rhob(14), -- rhob information sa(15), -- subordinate reference to alias entry dsSubentry(16), -- DSA Specific subentry familyMember(17), -- family member ditBridge(18), -- DIT bridge reference writeableCopy(19) -- writeable copy } SupplierOrConsumer ::= SET { -- COMPONENTS OF AccessPoint, - - supplier or consumer ae-title [0] Name, address [1] PresentationAddress, protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, agreementID [3] OperationalBindingID } SupplierInformation ::= SET { -- COMPONENTS OF SupplierOrConsumer, - - supplier ae-title [0] Name, address [1] PresentationAddress, protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, agreementID [3] OperationalBindingID, supplier-is-master [4] BOOLEAN DEFAULT TRUE, non-supplying-master [5] AccessPoint OPTIONAL } ConsumerInformation ::= SupplierOrConsumer -- consumer SupplierAndConsumers ::= SET { -- COMPONENTS OF AccessPoint, - - supplier ae-title [0] Name, address [1] PresentationAddress, protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, consumers [3] SET OF AccessPoint } -- attribute types --dseType ATTRIBUTE ::= { -- WITH SYNTAX DSEType -- EQUALITY MATCHING RULE bitStringMatch -- SINGLE VALUE TRUE -- NO USER MODIFICATION TRUE -- USAGE dSAOperation -- ID id-doa-dseType --} --myAccessPoint ATTRIBUTE ::= { -- WITH SYNTAX AccessPoint -- EQUALITY MATCHING RULE accessPointMatch -- SINGLE VALUE TRUE -- NO USER MODIFICATION TRUE -- USAGE dSAOperation -- ID id-doa-myAccessPoint --} --superiorKnowledge ATTRIBUTE ::= { -- WITH SYNTAX AccessPoint -- EQUALITY MATCHING RULE accessPointMatch -- NO USER MODIFICATION TRUE -- USAGE dSAOperation -- ID id-doa-superiorKnowledge --} --specificKnowledge ATTRIBUTE ::= { -- WITH SYNTAX MasterAndShadowAccessPoints -- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch -- SINGLE VALUE TRUE -- NO USER MODIFICATION TRUE -- USAGE distributedOperation -- ID id-doa-specificKnowledge --} --nonSpecificKnowledge ATTRIBUTE ::= { -- WITH SYNTAX MasterAndShadowAccessPoints -- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch -- NO USER MODIFICATION TRUE -- USAGE distributedOperation -- ID id-doa-nonSpecificKnowledge --} --supplierKnowledge ATTRIBUTE ::= { -- WITH SYNTAX SupplierInformation -- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch -- NO USER MODIFICATION TRUE -- USAGE dSAOperation -- ID id-doa-supplierKnowledge --} --consumerKnowledge ATTRIBUTE ::= { -- WITH SYNTAX ConsumerInformation -- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch -- NO USER MODIFICATION TRUE -- USAGE dSAOperation -- ID id-doa-consumerKnowledge --} --secondaryShadows ATTRIBUTE ::= { -- WITH SYNTAX SupplierAndConsumers -- EQUALITY MATCHING RULE supplierAndConsumersMatch -- NO USER MODIFICATION TRUE -- USAGE dSAOperation -- ID id-doa-secondaryShadows --} -- matching rules --accessPointMatch MATCHING-RULE ::= { -- SYNTAX Name -- ID id-kmr-accessPointMatch --} --masterAndShadowAccessPointsMatch MATCHING-RULE ::= { -- SYNTAX SET OF Name -- ID id-kmr-masterShadowMatch --} --supplierOrConsumerInformationMatch MATCHING-RULE ::= { -- SYNTAX -- SET {ae-title [0] Name, -- agreement-identifier [2] INTEGER} -- ID id-kmr-supplierConsumerMatch --} --supplierAndConsumersMatch MATCHING-RULE ::= { -- SYNTAX Name -- ID id-kmr-supplierConsumersMatch --} -- object identifier assignments -- dsa operational attributes --id-doa-dseType OBJECT IDENTIFIER ::= -- {id-doa 0} --id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1} --id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2} --id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3} --id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4} --id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5} --id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6} --id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7} -- knowledge matching rules --id-kmr-accessPointMatch OBJECT IDENTIFIER ::= -- {id-kmr 0} --id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1} --id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2} --id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3} --END DSAOperationalAttributeTypes -- we include this here to reduce the number of dissectors -- Module OperationalBindingManagement (X.501:08/2005) --OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) -- opBindingManagement(18) 5} DEFINITIONS ::= --BEGIN -- EXPORTS All -- The types and values defined in this module are exported for use in the other ASN.1 modules contained -- within the Directory Specifications, and for the use of other applications which will use them to access -- Directory services. Other applications may use them for their own purposes, but this will not constrain -- extensions and modifications needed to maintain or improve the Directory service. --IMPORTS -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 -- directoryAbstractService, directoryShadowAbstractService, -- distributedOperations, directoryOSIProtocols, enhancedSecurity, -- hierarchicalOperationalBindings, commonProtocolSpecification -- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) -- usefulDefinitions(0) 5} -- OPTIONALLY-PROTECTED-SEQ -- FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1) -- enhancedSecurity(28) 5} -- hierarchicalOperationalBinding, nonSpecificHierarchicalOperationalBinding -- FROM HierarchicalOperationalBindings hierarchicalOperationalBindings -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 -- CommonResultsSeq, directoryBind, directoryUnbind, securityError, -- SecurityParameters -- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) -- directoryAbstractService(2) 5} -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 -- AccessPoint -- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) -- distributedOperations(3) 5} -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 -- id-err-operationalBindingError, id-op-establishOperationalBinding, -- id-op-modifyOperationalBinding, id-op-terminateOperationalBinding, -- OPERATION, ERROR -- FROM CommonProtocolSpecification commonProtocolSpecification -- APPLICATION-CONTEXT -- FROM DirectoryOSIProtocols directoryOSIProtocols -- from ITU-T Rec. X.525 | ISO/IEC 9594-9 -- shadowOperationalBinding -- FROM DirectoryShadowAbstractService directoryShadowAbstractService; -- bind and unbind dSAOperationalBindingManagementBind OPERATION ::= directoryBind DSAOperationalManagementBindArgument ::= DirectoryBindArgument DSAOperationalManagementBindResult ::= DirectoryBindArgument DSAOperationalManagementBindError ::= DirectoryBindError dSAOperationalBindingManagementUnbind OPERATION ::= directoryUnbind -- operations, arguments and results --establishOperationalBinding OPERATION ::= { -- ARGUMENT EstablishOperationalBindingArgument -- RESULT EstablishOperationalBindingResult -- ERRORS {operationalBindingError | securityError} -- CODE id-op-establishOperationalBinding --} EstablishOperationalBindingArgumentData ::= -- OPTIONALLY-PROTECTED-SEQ -- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER, bindingID [1] OperationalBindingID OPTIONAL, accessPoint [2] AccessPoint, -- symmetric, Role A initiates, or Role B initiates initiator CHOICE {symmetric [3] -- OPERATIONAL-BINDING.&both.&EstablishParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleA-initiates [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleB-initiates [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, agreement [6] -- OPERATIONAL-BINDING.&Agreement -- ({OpBindingSet}{@bindingType}) -- ANY, valid [7] Validity DEFAULT {}, securityParameters [8] SecurityParameters OPTIONAL} --} -- expand OPTIONALLY-PROTECTED macro EstablishOperationalBindingArgument ::= CHOICE { unsignedEstablishOperationalBindingArgument EstablishOperationalBindingArgumentData, signedEstablishOperationalBindingArgument SEQUENCE { establishOperationalBindingArgument EstablishOperationalBindingArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } OperationalBindingID ::= SEQUENCE {identifier INTEGER, version INTEGER } Validity ::= SEQUENCE { validFrom [0] CHOICE {now [0] NULL, time [1] Time } DEFAULT now:NULL, validUntil [1] CHOICE {explicitTermination [0] NULL, time [1] Time } DEFAULT explicitTermination:NULL } Time ::= CHOICE {utcTime UTCTime, generalizedTime GeneralizedTime } EstablishOperationalBindingResult ::= -- OPTIONALLY-PROTECTED-SEQ -- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER, bindingID [1] OperationalBindingID OPTIONAL, accessPoint [2] AccessPoint, -- symmetric, Role A replies , or Role B replies initiator CHOICE {symmetric [3] -- OPERATIONAL-BINDING.&both.&EstablishParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleA-replies [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleB-replies [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, -- COMPONENTS OF CommonResultsSeq}} securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL} --modifyOperationalBinding OPERATION ::= { -- ARGUMENT ModifyOperationalBindingArgument -- RESULT ModifyOperationalBindingResult -- ERRORS {operationalBindingError | securityError} -- CODE id-op-modifyOperationalBinding --} ModifyOperationalBindingArgumentData ::= -- OPTIONALLY-PROTECTED-SEQ -- {--SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER, bindingID [1] OperationalBindingID, accessPoint [2] AccessPoint OPTIONAL, -- symmetric, Role A initiates, or Role B initiates initiator CHOICE {symmetric [3] -- OPERATIONAL-BINDING.&both.&ModifyParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleA-initiates [4] -- OPERATIONAL-BINDING.&roleA.&ModifyParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleB-initiates [5] -- OPERATIONAL-BINDING.&roleB.&ModifyParam -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, newBindingID [6] OperationalBindingID, newAgreement [7] -- OPERATIONAL-BINDING.&Agreement -- ({OpBindingSet}{@bindingType}) -- ANY OPTIONAL, valid [8] Validity OPTIONAL, securityParameters [9] SecurityParameters OPTIONAL} -- } ModifyOperationalBindingArgument ::= CHOICE { unsignedModifyOperationalBindingArgument ModifyOperationalBindingArgumentData, signedModifyOperationalBindingArgument SEQUENCE { modifyOperationalBindingArgument ModifyOperationalBindingArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } ModifyOperationalBindingResult ::= CHOICE { null [0] NULL, protected [1] SEQUENCE { modifyOperationalBindingResultData ModifyOperationalBindingResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } ModifyOperationalBindingResultData ::= SEQUENCE { newBindingID OperationalBindingID, bindingType -- OPERATIONAL-BINDING.&id -- ({OpBindingSet}) -- OBJECT IDENTIFIER, newAgreement -- OPERATIONAL-BINDING.&Agreement -- ({OpBindingSet}{@.bindingType}) -- ANY, valid Validity OPTIONAL, --COMPONENTS OF CommonResultsSeq securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL -- }} } --terminateOperationalBinding OPERATION ::= { -- ARGUMENT TerminateOperationalBindingArgument -- RESULT TerminateOperationalBindingResult -- ERRORS {operationalBindingError | securityError} -- CODE id-op-terminateOperationalBinding --} TerminateOperationalBindingArgumentData ::= -- OPTIONALLY-PROTECTED-SEQ -- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER, bindingID [1] OperationalBindingID, -- symmetric, Role A initiates, or Role B initiates initiator CHOICE {symmetric [2] -- OPERATIONAL-BINDING.&both.&TerminateParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleA-initiates [3] -- OPERATIONAL-BINDING.&roleA.&TerminateParam -- ({OpBindingSet}{@bindingType}) -- ANY, roleB-initiates [4] -- OPERATIONAL-BINDING.&roleB.&TerminateParam -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, terminateAt [5] Time OPTIONAL, securityParameters [6] SecurityParameters OPTIONAL} --} TerminateOperationalBindingArgument ::= CHOICE { unsignedTerminateOperationalBindingArgument TerminateOperationalBindingArgumentData, signedTerminateOperationalBindingArgument SEQUENCE { terminateOperationalBindingArgument TerminateOperationalBindingArgumentData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } TerminateOperationalBindingResult ::= CHOICE { null [0] NULL, protected [1] SEQUENCE { terminateOperationalBindingResultData TerminateOperationalBindingResultData, algorithmIdentifier AlgorithmIdentifier, encrypted BIT STRING } } TerminateOperationalBindingResultData ::= SEQUENCE { bindingID OperationalBindingID, bindingType -- OPERATIONAL-BINDING.&id -- ({OpBindingSet}) -- OBJECT IDENTIFIER, terminateAt GeneralizedTime OPTIONAL, --COMPONENTS OF CommonResultsSeq securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL -- }} } -- errors and parameters --operationalBindingError ERROR ::= { -- PARAMETER OPTIONALLY-PROTECTED-SEQ {OpBindingErrorParam} -- CODE id-err-operationalBindingError --} OpBindingErrorParam ::= SEQUENCE { problem [0] ENUMERATED {invalidID(0), duplicateID(1), unsupportedBindingType(2), notAllowedForRole(3), parametersMissing(4), roleAssignment(5), invalidStartTime(6), invalidEndTime(7), invalidAgreement(8), currentlyNotDecidable(9), modificationNotAllowed(10)}, bindingType [1] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER OPTIONAL, agreementProposal [2] -- OPERATIONAL-BINDING.&Agreement({OpBindingSet}{@bindingType})-- ANY OPTIONAL, retryAt [3] Time OPTIONAL, -- COMPONENTS OF CommonResultsSeq securityParameters [30] SecurityParameters OPTIONAL, performer [29] DistinguishedName OPTIONAL, aliasDereferenced [28] BOOLEAN DEFAULT FALSE, notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL } -- information object classes --OPERATIONAL-BINDING ::= CLASS { -- &Agreement , -- &Cooperation OP-BINDING-COOP, -- &both OP-BIND-ROLE OPTIONAL, -- &roleA OP-BIND-ROLE OPTIONAL, -- &roleB OP-BIND-ROLE OPTIONAL, -- &id OBJECT IDENTIFIER UNIQUE --} --WITH SYNTAX { -- AGREEMENT &Agreement -- APPLICATION CONTEXTS &Cooperation -- [SYMMETRIC &both] -- [ASYMMETRIC -- [ROLE-A &roleA] -- [ROLE-B &roleB]] -- ID &id --} --OP-BINDING-COOP ::= CLASS { -- &applContext APPLICATION-CONTEXT, -- &Operations OPERATION OPTIONAL --}WITH SYNTAX {&applContext -- [APPLIES TO &Operations] --} --OP-BIND-ROLE ::= CLASS { -- &establish BOOLEAN DEFAULT FALSE, -- &EstablishParam OPTIONAL, -- &modify BOOLEAN DEFAULT FALSE, -- &ModifyParam OPTIONAL, -- &terminate BOOLEAN DEFAULT FALSE, -- &TerminateParam OPTIONAL --} --WITH SYNTAX { -- [ESTABLISHMENT-INITIATOR &establish] -- [ESTABLISHMENT-PARAMETER &EstablishParam] -- [MODIFICATION-INITIATOR &modify] -- [MODIFICATION-PARAMETER &ModifyParam] -- [TERMINATION-INITIATOR &terminate] -- [TERMINATION-PARAMETER &TerminateParam] --} --OpBindingSet OPERATIONAL-BINDING ::= -- {shadowOperationalBinding | hierarchicalOperationalBinding | -- nonSpecificHierarchicalOperationalBinding} --END - - OperationalBindingManagement -- Module HierarchicalOperationalBindings (X.518:08/2005) --HierarchicalOperationalBindings {joint-iso-itu-t ds(5) module(1) -- hierarchicalOperationalBindings(20) 5} DEFINITIONS ::= --BEGIN -- EXPORTS All -- The types and values defined in this module are exported for use in the other ASN.1 modules contained -- within the Directory Specifications, and for the use of other applications which will use them to access -- Directory services. Other applications may use them for their own purposes, but this will not constrain -- extensions and modifications needed to maintain or improve the Directory service. --IMPORTS -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 -- directoryOperationalBindingTypes, directoryOSIProtocols, -- distributedOperations, informationFramework, opBindingManagement -- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) -- usefulDefinitions(0) 5} -- Attribute, DistinguishedName, RelativeDistinguishedName -- FROM InformationFramework {joint-iso-itu-t ds(5) module(1) -- informationFramework(1) 5} -- OPERATIONAL-BINDING -- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) -- opBindingManagement(18) 5} -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 -- MasterAndShadowAccessPoints -- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) -- distributedOperations(3) 5} -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 -- directorySystemAC -- FROM DirectoryOSIProtocols {joint-iso-itu-t ds(5) module(1) -- directoryOSIProtocols(37) 5} -- id-op-binding-hierarchical, id-op-binding-non-specific-hierarchical -- FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1) -- directoryOperationalBindingTypes(25) 5}; -- types HierarchicalAgreement ::= SEQUENCE { rdn [0] RelativeDistinguishedName, immediateSuperior [1] DistinguishedName } SuperiorToSubordinate ::= SEQUENCE { contextPrefixInfo [0] DITcontext, entryInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL } DITcontext ::= SEQUENCE OF Vertex Vertex ::= SEQUENCE { rdn [0] RelativeDistinguishedName, admPointInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, subentries [2] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL, accessPoints [3] MasterAndShadowAccessPoints OPTIONAL } SubentryInfo ::= SEQUENCE { rdn [0] RelativeDistinguishedName, info [1] SET OF Attribute } SubordinateToSuperior ::= SEQUENCE { accessPoints [0] MasterAndShadowAccessPoints OPTIONAL, alias [1] BOOLEAN DEFAULT FALSE, entryInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL } SuperiorToSubordinateModification ::= -- SuperiorToSubordinate(WITH COMPONENTS { -- ..., -- entryInfo ABSENT -- }) SEQUENCE { contextPrefixInfo [0] DITcontext, immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL } NonSpecificHierarchicalAgreement ::= SEQUENCE { immediateSuperior [1] DistinguishedName } NHOBSuperiorToSubordinate ::= -- SuperiorToSubordinate(WITH COMPONENTS { -- ..., -- entryInfo ABSENT -- }) SEQUENCE { contextPrefixInfo [0] DITcontext, immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL } NHOBSubordinateToSuperior ::= SEQUENCE { accessPoints [0] MasterAndShadowAccessPoints OPTIONAL, subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL } -- operational binding information objects --hierarchicalOperationalBinding OPERATIONAL-BINDING ::= { -- AGREEMENT HierarchicalAgreement -- APPLICATION CONTEXTS {{directorySystemAC}} -- ASYMMETRIC ROLE-A - - superior DSA - - -- {ESTABLISHMENT-INITIATOR TRUE -- ESTABLISHMENT-PARAMETER SuperiorToSubordinate -- MODIFICATION-INITIATOR TRUE -- MODIFICATION-PARAMETER SuperiorToSubordinateModification -- TERMINATION-INITIATOR TRUE} -- ROLE-B - - subordinate DSA - - -- {ESTABLISHMENT-INITIATOR TRUE -- ESTABLISHMENT-PARAMETER SubordinateToSuperior -- MODIFICATION-INITIATOR TRUE -- MODIFICATION-PARAMETER SubordinateToSuperior -- TERMINATION-INITIATOR TRUE} -- ID id-op-binding-hierarchical --} --nonSpecificHierarchicalOperationalBinding OPERATIONAL-BINDING ::= { -- AGREEMENT NonSpecificHierarchicalAgreement -- APPLICATION CONTEXTS {{directorySystemAC}} -- ASYMMETRIC ROLE-A - - superior DSA - - -- {ESTABLISHMENT-PARAMETER NHOBSuperiorToSubordinate -- MODIFICATION-INITIATOR TRUE -- MODIFICATION-PARAMETER NHOBSuperiorToSubordinate -- TERMINATION-INITIATOR TRUE} -- ROLE-B - - subordinate DSA - - -- {ESTABLISHMENT-INITIATOR TRUE -- ESTABLISHMENT-PARAMETER NHOBSubordinateToSuperior -- MODIFICATION-INITIATOR TRUE -- MODIFICATION-PARAMETER NHOBSubordinateToSuperior -- TERMINATION-INITIATOR TRUE} -- ID id-op-binding-non-specific-hierarchical --} --END - - HierarchicalOperationalBindings -- Module BasicAccessControl (X.501:02/2001) --BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4} --DEFINITIONS ::= --BEGIN -- EXPORTS All -- The types and values defined in this module are exported for use in the other ASN.1 modules contained -- within the Directory Specifications, and for the use of other applications which will use them to access -- Directory services. Other applications may use them for their own purposes, but this will not constrain -- extensions and modifications needed to maintain or improve the Directory service. --IMPORTS -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 -- directoryAbstractService, id-aca, id-acScheme, informationFramework, -- selectedAttributeTypes, upperBounds -- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) -- usefulDefinitions(0) 4} -- ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE, -- objectIdentifierMatch, Refinement, SubtreeSpecification, -- SupportedAttributes -- FROM InformationFramework {joint-iso-itu-t ds(5) module(1) -- informationFramework(1) 4} -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 -- Filter -- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) -- directoryAbstractService(2) 4} -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 -- DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID, -- UniqueIdentifier -- FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) -- selectedAttributeTypes(5) 4} -- ub-tag -- FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}; -- types ACIItem ::= SEQUENCE { identificationTag DirectoryString --{ub-tag}--, precedence Precedence, authenticationLevel AuthenticationLevel, itemOrUserFirst CHOICE {itemFirst [0] SEQUENCE {protectedItems ProtectedItems, itemPermissions SET OF ItemPermission}, userFirst [1] SEQUENCE {userClasses UserClasses, userPermissions SET OF UserPermission}} } Precedence ::= INTEGER --(0..255)-- ProtectedItems ::= SEQUENCE { entry [0] NULL OPTIONAL, allUserAttributeTypes [1] NULL OPTIONAL, attributeType [2] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, allAttributeValues [3] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, allUserAttributeTypesAndValues [4] NULL OPTIONAL, attributeValue [5] SET --SIZE (1..MAX)-- OF AttributeTypeAndValue OPTIONAL, selfValue [6] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, rangeOfValues [7] Filter OPTIONAL, maxValueCount [8] SET --SIZE (1..MAX)-- OF MaxValueCount OPTIONAL, maxImmSub [9] INTEGER OPTIONAL, restrictedBy [10] SET --SIZE (1..MAX)-- OF RestrictedValue OPTIONAL, contexts [11] SET --SIZE (1..MAX)-- OF ContextAssertion OPTIONAL, classes [12] Refinement OPTIONAL } MaxValueCount ::= SEQUENCE {type AttributeType, maxCount INTEGER } RestrictedValue ::= SEQUENCE {type AttributeType, valuesIn AttributeType } UserClasses ::= SEQUENCE { allUsers [0] NULL OPTIONAL, thisEntry [1] NULL OPTIONAL, name [2] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL, userGroup [3] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL, -- dn component shall be the name of an -- entry of GroupOfUniqueNames subtree [4] SET --SIZE (1..MAX)-- OF SubtreeSpecification OPTIONAL } ItemPermission ::= SEQUENCE { precedence Precedence OPTIONAL, -- defaults to precedence in ACIItem userClasses UserClasses, grantsAndDenials GrantsAndDenials } UserPermission ::= SEQUENCE { precedence Precedence OPTIONAL, -- defaults to precedence in ACIItem protectedItems ProtectedItems, grantsAndDenials GrantsAndDenials } AuthenticationLevel ::= CHOICE { basicLevels SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)}, localQualifier INTEGER OPTIONAL, signed BOOLEAN DEFAULT FALSE}, other EXTERNAL } GrantsAndDenials ::= BIT STRING { -- permissions that may be used in conjunction -- with any component of ProtectedItems grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3), grantRead(4), denyRead(5), grantRemove(6), denyRemove(7), -- permissions that may be used only in conjunction -- with the entry component grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11), grantImport(12), denyImport(13), grantModify(14), denyModify(15), grantRename(16), denyRename(17), grantReturnDN(18), denyReturnDN(19), -- permissions that may be used in conjunction -- with any component, except entry, of ProtectedItems grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23), grantInvoke(24), denyInvoke(25)} --AttributeTypeAndValue ::= SEQUENCE { -- type ATTRIBUTE.&id({SupportedAttributes}), -- value ATTRIBUTE.&Type({SupportedAttributes}{@type}) --} -- attributes --accessControlScheme ATTRIBUTE ::= { -- WITH SYNTAX OBJECT IDENTIFIER -- EQUALITY MATCHING RULE objectIdentifierMatch -- SINGLE VALUE TRUE -- USAGE directoryOperation -- ID id-aca-accessControlScheme --} --prescriptiveACI ATTRIBUTE ::= { -- WITH SYNTAX ACIItem -- EQUALITY MATCHING RULE directoryStringFirstComponentMatch -- USAGE directoryOperation -- ID id-aca-prescriptiveACI --} --entryACI ATTRIBUTE ::= { -- WITH SYNTAX ACIItem -- EQUALITY MATCHING RULE directoryStringFirstComponentMatch -- USAGE directoryOperation -- ID id-aca-entryACI --} --subentryACI ATTRIBUTE ::= { -- WITH SYNTAX ACIItem -- EQUALITY MATCHING RULE directoryStringFirstComponentMatch -- USAGE directoryOperation -- ID id-aca-subentryACI --} -- object identifier assignments -- attributes --id-aca-accessControlScheme OBJECT IDENTIFIER ::= -- {id-aca 1} --id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4} --id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5} --id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6} -- access control schemes - --basicAccessControlScheme OBJECT IDENTIFIER ::= -- {id-acScheme 1} --simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2} --rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3} --rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4} --rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5} END -- BasicAccessControl -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D