aboutsummaryrefslogtreecommitdiff
path: root/acse
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2015-10-05 18:32:50 +0200
committerDimitri Sokolyuk <demon@dim13.org>2015-10-05 18:32:50 +0200
commiteea7dedabcfcb7f59d344456da7be1e42cdb20e4 (patch)
tree69bb03920514d72c1eef97b14de13714dbbb05f6 /acse
parentaf6018ecb5c0e6aafd1cb9f2ab5ae91142e118bb (diff)
Rename to lowercase
Diffstat (limited to 'acse')
-rw-r--r--acse/2.2.0.0.1.asn1255
-rw-r--r--acse/2.5.1.0.3.asn1240
-rw-r--r--acse/2.5.1.1.3.asn1876
-rw-r--r--acse/2.5.1.10.3.asn190
-rw-r--r--acse/2.5.1.2.3.asn1718
-rw-r--r--acse/2.5.1.5.3.asn11467
-rw-r--r--acse/acse.go65
7 files changed, 3711 insertions, 0 deletions
diff --git a/acse/2.2.0.0.1.asn1 b/acse/2.2.0.0.1.asn1
new file mode 100644
index 0000000..6768034
--- /dev/null
+++ b/acse/2.2.0.0.1.asn1
@@ -0,0 +1,255 @@
+-- Module ACSE-1 (X.227:04/1995)
+-- See also ITU-T X.227 (04/1995)
+-- See also the index of all ASN.1 assignments needed in this document
+
+ACSE-1 {joint-iso-itu-t association-control(2) modules(0) apdus(0) version1(1)}
+-- ACSE-1 refers to ACSE version 1
+DEFINITIONS ::=
+BEGIN
+
+EXPORTS
+ acse-as-id, ACSE-apdu, aCSE-id, Application-context-name, AP-title,
+ AE-qualifier, AE-title, AP-invocation-identifier, AE-invocation-identifier,
+ Mechanism-name, Authentication-value, ACSE-requirements, ObjectSet;
+
+IMPORTS
+ Name, RelativeDistinguishedName
+ FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+ informationFramework(1) 3};
+
+-- The data types Name and RelativeDistinguishedName are imported from ISO/IEC 9594-2.
+-- object identifier assignments
+acse-as-id OBJECT IDENTIFIER ::=
+ {joint-iso-itu-t association-control(2) abstract-syntax(1) apdus(0)
+ version1(1)}
+
+-- may be used to reference the abstract syntax of the ACSE APDUs
+aCSE-id OBJECT IDENTIFIER ::=
+ {joint-iso-itu-t association-control(2) ase-id(3) acse-ase(1) version(1)}
+
+-- may be used to identify the Association Control ASE.
+-- top level CHOICE
+ACSE-apdu ::= CHOICE {
+ aarq AARQ-apdu,
+ aare AARE-apdu,
+ rlrq RLRQ-apdu,
+ rlre RLRE-apdu,
+ abrt ABRT-apdu,
+ ...
+}
+
+AARQ-apdu ::= [APPLICATION 0] IMPLICIT SEQUENCE {
+ protocol-version
+ [0] IMPLICIT BIT STRING {version1(0)} DEFAULT {version1},
+ application-context-name [1] Application-context-name,
+ called-AP-title [2] AP-title OPTIONAL,
+ called-AE-qualifier [3] AE-qualifier OPTIONAL,
+ called-AP-invocation-identifier [4] AP-invocation-identifier OPTIONAL,
+ called-AE-invocation-identifier [5] AE-invocation-identifier OPTIONAL,
+ calling-AP-title [6] AP-title OPTIONAL,
+ calling-AE-qualifier [7] AE-qualifier OPTIONAL,
+ calling-AP-invocation-identifier [8] AP-invocation-identifier OPTIONAL,
+ calling-AE-invocation-identifier [9] AE-invocation-identifier OPTIONAL,
+ -- The following field shall not be present if only the Kernel is used.
+ sender-acse-requirements [10] IMPLICIT ACSE-requirements OPTIONAL,
+ -- The following field shall only be present if the Authentication functional unit is selected.
+ mechanism-name [11] IMPLICIT Mechanism-name OPTIONAL,
+ -- The following field shall only be present if the Authentication functional unit is selected.
+ calling-authentication-value [12] EXPLICIT Authentication-value OPTIONAL,
+ application-context-name-list
+ [13] IMPLICIT Application-context-name-list OPTIONAL,
+ -- The above field shall only be present if the Application Context Negotiation functional unit is selected
+ implementation-information [29] IMPLICIT Implementation-data OPTIONAL,
+ ...,
+ ...,
+ user-information
+ [30] IMPLICIT Association-information OPTIONAL
+}
+
+AARE-apdu ::= [APPLICATION 1] IMPLICIT SEQUENCE {
+ protocol-version
+ [0] IMPLICIT BIT STRING {version1(0)} DEFAULT {version1},
+ application-context-name [1] Application-context-name,
+ result [2] Associate-result,
+ result-source-diagnostic [3] Associate-source-diagnostic,
+ responding-AP-title [4] AP-title OPTIONAL,
+ responding-AE-qualifier [5] AE-qualifier OPTIONAL,
+ responding-AP-invocation-identifier [6] AP-invocation-identifier OPTIONAL,
+ responding-AE-invocation-identifier [7] AE-invocation-identifier OPTIONAL,
+ -- The following field shall not be present if only the Kernel is used.
+ responder-acse-requirements [8] IMPLICIT ACSE-requirements OPTIONAL,
+ -- The following field shall only be present if the Authentication functional unit is selected.
+ mechanism-name [9] IMPLICIT Mechanism-name OPTIONAL,
+ -- This following field shall only be present if the Authentication functional unit is selected.
+ responding-authentication-value
+ [10] EXPLICIT Authentication-value OPTIONAL,
+ application-context-name-list
+ [11] IMPLICIT Application-context-name-list OPTIONAL,
+ -- The above field shall only be present if the Application Context Negotiation functional unit is selected
+ implementation-information
+ [29] IMPLICIT Implementation-data OPTIONAL,
+ ...,
+ ...,
+ user-information
+ [30] IMPLICIT Association-information OPTIONAL
+}
+
+RLRQ-apdu ::= [APPLICATION 2] IMPLICIT SEQUENCE {
+ reason [0] IMPLICIT Release-request-reason OPTIONAL,
+ ...,
+ ...,
+ user-information [30] IMPLICIT Association-information OPTIONAL
+}
+
+RLRE-apdu ::= [APPLICATION 3] IMPLICIT SEQUENCE {
+ reason [0] IMPLICIT Release-response-reason OPTIONAL,
+ ...,
+ ...,
+ user-information [30] IMPLICIT Association-information OPTIONAL
+}
+
+ABRT-apdu ::= [APPLICATION 4] IMPLICIT SEQUENCE {
+ abort-source [0] IMPLICIT ABRT-source,
+ abort-diagnostic [1] IMPLICIT ABRT-diagnostic OPTIONAL,
+ -- This field shall not be present if only the Kernel is used.
+ ...,
+ ...,
+ user-information [30] IMPLICIT Association-information OPTIONAL
+}
+
+ABRT-diagnostic ::= ENUMERATED {
+ no-reason-given(1), protocol-error(2),
+ authentication-mechanism-name-not-recognized(3),
+ authentication-mechanism-name-required(4), authentication-failure(5),
+ authentication-required(6), ...
+ }
+
+ABRT-source ::= INTEGER {acse-service-user(0), acse-service-provider(1)
+}(0..1, ...)
+
+ACSE-requirements ::= BIT STRING {
+ authentication(0), application-context-negotiation(1)}
+
+Application-context-name-list ::= SEQUENCE OF Application-context-name
+
+Application-context-name ::= OBJECT IDENTIFIER
+
+-- Application-entity title productions follow (not in alphabetical order)
+AP-title ::= CHOICE {
+ ap-title-form1 AP-title-form1,
+ ap-title-form2 AP-title-form2,
+ ...
+}
+
+AE-qualifier ::= CHOICE {
+ ae-qualifier-form1 AE-qualifier-form1,
+ ae-qualifier-form2 AE-qualifier-form2,
+ ...
+}
+
+-- When both AP-title and AE-qualifier data values are present in an AARQ or AARE APDU, both must
+-- have the same form to allow the construction of an AE-title as discussed in CCITT Rec. X.665 |
+-- ISO/IEC 9834-6.
+AP-title-form1 ::=
+ Name
+
+-- The value assigned to AP-title-form1 is The Directory Name of an application-process title.
+AE-qualifier-form1 ::=
+ RelativeDistinguishedName
+
+-- The value assigned to AE-qualifier-form1 is the relative distinguished name of a particular
+-- application-entity of the application-process identified by AP-title-form1.
+AP-title-form2 ::= OBJECT IDENTIFIER
+
+AE-qualifier-form2 ::= INTEGER
+
+AE-title ::= CHOICE {
+ ae-title-form1 AE-title-form1,
+ ae-title-form2 AE-title-form2,
+ ...
+}
+
+-- As defined in CCITT Rec. X.650 | ISO 7498-3, an application-entity title is composed of an application-
+-- process title and an application-entity qualifier. The ACSE protocol provides for the transfer of an
+-- application-entity title value by the transfer of its component values. However, the following data type
+-- is provided for International Standards that reference a single syntactic structure for AE titles.
+AE-title-form1 ::=
+ Name
+
+-- For access to The Directory (ITU-T Rec. X.500-Series | ISO/IEC 9594), an AE title has AE-title-form1.
+-- This value can be constructed from AP-title-form1 and AE-qualifier-form1 values contained in an
+-- AARQ or AARE APDU. A discussion of forming an AE-title-form1 from AP-title-form1 and AE-qualifier-
+-- form1 may be found in CCITT Rec. X.665 | ISO/IEC 9834-6.
+AE-title-form2 ::= OBJECT IDENTIFIER
+
+-- A discussion of forming an AE-title-form2 from AP-title-form2 and AE-qualifier-form2 may be
+-- found in CCITT Rec. X.665 | ISO/IEC 9834-6.
+AE-invocation-identifier ::= INTEGER
+
+AP-invocation-identifier ::= INTEGER
+
+-- End of Application-entity title productions
+Associate-result ::= INTEGER {
+ accepted(0), rejected-permanent(1), rejected-transient(2)}(0..2, ...)
+
+Associate-source-diagnostic ::= CHOICE {
+ acse-service-user
+ [1] INTEGER {null(0), no-reason-given(1),
+ application-context-name-not-supported(2),
+ calling-AP-title-not-recognized(3),
+ calling-AP-invocation-identifier-not-recognized(4),
+ calling-AE-qualifier-not-recognized(5),
+ calling-AE-invocation-identifier-not-recognized(6),
+ called-AP-title-not-recognized(7),
+ called-AP-invocation-identifier-not-recognized(8),
+ called-AE-qualifier-not-recognized(9),
+ called-AE-invocation-identifier-not-recognized(10),
+ authentication-mechanism-name-not-recognized(11),
+ authentication-mechanism-name-required(12),
+ authentication-failure(13), authentication-required(14)}
+ (0..14, ...),
+ acse-service-provider
+ [2] INTEGER {null(0), no-reason-given(1), no-common-acse-version(2)}
+ (0..2, ...)
+}
+
+Association-information ::= SEQUENCE SIZE (1, ..., 0 | 2..MAX) OF EXTERNAL
+
+Authentication-value ::= CHOICE {
+ charstring [0] IMPLICIT GraphicString,
+ bitstring [1] IMPLICIT BIT STRING,
+ external [2] IMPLICIT EXTERNAL,
+ other
+ [3] IMPLICIT SEQUENCE {other-mechanism-name
+ MECHANISM-NAME.&id({ObjectSet}),
+ other-mechanism-value
+ MECHANISM-NAME.&Type
+ ({ObjectSet}{@.other-mechanism-name})}
+}
+
+-- The abstract syntax of (calling/responding) authentication-value is determined by the authentication
+-- mechanism used during association establishment. The authentication mechanism is either explicitly
+-- denoted by the &id field (of type OBJECT IDENTIFIER) for a mechanism belonging to the class
+-- MECHANISM-NAME, or it is known implicitly by
+-- prior agreement between the communicating partners. If the "other" component is chosen, then
+-- the "mechanism-name" component must be present in accordance with
+-- ITU-T Rec. X.680 | ISO/IEC 8824. If the value "mechanism-name" occurs in the AARQ-apdu or the
+-- AARE-apdu, then that value must be the same as the value for "other-mechanism-name"
+Implementation-data ::= GraphicString
+
+Mechanism-name ::= OBJECT IDENTIFIER
+
+MECHANISM-NAME ::= TYPE-IDENTIFIER
+
+ObjectSet MECHANISM-NAME ::=
+ {...}
+
+Release-request-reason ::= INTEGER {normal(0), urgent(1), user-defined(30)
+}(0 | 1 | 30, ...)
+
+Release-response-reason ::= INTEGER {
+ normal(0), not-finished(1), user-defined(30)}(0 | 1 | 30, ...)
+
+END
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/acse/2.5.1.0.3.asn1 b/acse/2.5.1.0.3.asn1
new file mode 100644
index 0000000..b755285
--- /dev/null
+++ b/acse/2.5.1.0.3.asn1
@@ -0,0 +1,240 @@
+-- Module UsefulDefinitions (X.501 TC2:08/1997)
+-- See also ITU-T X.501 (1997) Technical Cor. 2 (02/2001)
+-- See also the index of all ASN.1 assignments needed in this document
+
+UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
+DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All -
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+ID ::= OBJECT IDENTIFIER
+
+ds ID ::= {joint-iso-itu-t ds(5)}
+
+-- categories of information object
+module ID ::= {ds 1}
+
+serviceElement ID ::= {ds 2}
+
+applicationContext ID ::= {ds 3}
+
+attributeType ID ::= {ds 4}
+
+attributeSyntax ID ::= {ds 5}
+
+objectClass ID ::= {ds 6}
+
+-- attributeSet ID ::= {ds 7}
+algorithm ID ::= {ds 8}
+
+abstractSyntax ID ::= {ds 9}
+
+-- object ID ::= {ds 10}
+-- port ID ::= {ds 11}
+dsaOperationalAttribute ID ::=
+ {ds 12}
+
+matchingRule ID ::= {ds 13}
+
+knowledgeMatchingRule ID ::= {ds 14}
+
+nameForm ID ::= {ds 15}
+
+group ID ::= {ds 16}
+
+subentry ID ::= {ds 17}
+
+operationalAttributeType ID ::= {ds 18}
+
+operationalBinding ID ::= {ds 19}
+
+schemaObjectClass ID ::= {ds 20}
+
+schemaOperationalAttribute ID ::= {ds 21}
+
+administrativeRoles ID ::= {ds 23}
+
+accessControlAttribute ID ::= {ds 24}
+
+rosObject ID ::= {ds 25}
+
+contract ID ::= {ds 26}
+
+package ID ::= {ds 27}
+
+accessControlSchemes ID ::= {ds 28}
+
+certificateExtension ID ::= {ds 29}
+
+managementObject ID ::= {ds 30}
+
+attributeValueContext ID ::= {ds 31}
+
+-- securityExchange ID ::= {ds 32}
+idmProtocol ID ::= {ds 33}
+
+problem ID ::= {ds 34}
+
+notification ID ::= {ds 35}
+
+matchingRestriction ID ::=
+ {ds 36} -- None are currently defined by this specification
+
+controlAttributeType ID ::= {ds 37}
+
+-- modules
+usefulDefinitions ID ::= {module usefulDefinitions(0) 3}
+
+informationFramework ID ::= {module informationFramework(1) 3}
+
+directoryAbstractService ID ::= {module directoryAbstractService(2) 3}
+
+distributedOperations ID ::= {module distributedOperations(3) 3}
+
+protocolObjectIdentifiers ID ::= {module protocolObjectIdentifiers(4) 3}
+
+selectedAttributeTypes ID ::= {module selectedAttributeTypes(5) 3}
+
+selectedObjectClasses ID ::= {module selectedObjectClasses(6) 3}
+
+authenticationFramework ID ::= {module authenticationFramework(7) 3}
+
+algorithmObjectIdentifiers ID ::= {module algorithmObjectIdentifiers(8) 3}
+
+directoryObjectIdentifiers ID ::= {module directoryObjectIdentifiers(9) 3}
+
+upperBounds ID ::= {module upperBounds(10) 3}
+
+dap ID ::= {module dap(11) 3}
+
+dsp ID ::= {module dsp(12) 3}
+
+distributedDirectoryOIDs ID ::= {module distributedDirectoryOIDs(13) 3}
+
+directoryShadowOIDs ID ::= {module directoryShadowOIDs(14) 3}
+
+directoryShadowAbstractService ID ::=
+ {module directoryShadowAbstractService(15) 3}
+
+disp ID ::= {module disp(16) 3}
+
+dop ID ::= {module dop(17) 3}
+
+opBindingManagement ID ::= {module opBindingManagement(18) 3}
+
+opBindingOIDs ID ::= {module opBindingOIDs(19) 3}
+
+hierarchicalOperationalBindings ID ::=
+ {module hierarchicalOperationalBindings(20) 3}
+
+dsaOperationalAttributeTypes ID ::= {module dsaOperationalAttributeTypes(22) 3}
+
+schemaAdministration ID ::= {module schemaAdministration(23) 3}
+
+basicAccessControl ID ::= {module basicAccessControl(24) 3}
+
+directoryOperationalBindingTypes ID ::=
+ {module directoryOperationalBindingTypes(25) 3}
+
+certificateExtensions ID ::= {module certificateExtensions(26) 0}
+
+directoryManagement ID ::= {module directoryManagement(27) 1}
+
+enhancedSecurity ID ::= {module enhancedSecurity(28) 1}
+
+iDMProtocolSpecification ID ::= {module iDMProtocolSpecification(30) 4}
+
+directoryIDMProtocols ID ::= {module directoryIDMProtocols(31) 4}
+
+-- directorySecurityExchanges ID ::= {module directorySecurityExchanges (29) 1}
+-- synonyms
+id-oc ID ::=
+ objectClass
+
+id-at ID ::= attributeType
+
+id-as ID ::= abstractSyntax
+
+id-mr ID ::= matchingRule
+
+id-nf ID ::= nameForm
+
+id-sc ID ::= subentry
+
+id-oa ID ::= operationalAttributeType
+
+id-ob ID ::= operationalBinding
+
+id-doa ID ::= dsaOperationalAttribute
+
+id-kmr ID ::= knowledgeMatchingRule
+
+id-soc ID ::= schemaObjectClass
+
+id-soa ID ::= schemaOperationalAttribute
+
+id-ar ID ::= administrativeRoles
+
+id-aca ID ::= accessControlAttribute
+
+id-ac ID ::= applicationContext
+
+id-rosObject ID ::= rosObject
+
+id-contract ID ::= contract
+
+id-package ID ::= package
+
+id-acScheme ID ::= accessControlSchemes
+
+id-ce ID ::= certificateExtension
+
+id-mgt ID ::= managementObject
+
+id-idm ID ::= idmProtocol
+
+id-avc ID ::= attributeValueContext
+
+-- id-se ID ::= securityExchange
+id-pr ID ::= problem
+
+id-not ID ::= notification
+
+id-mre ID ::= matchingRestriction
+
+id-cat ID ::= controlAttributeType
+
+-- obsolete module identifiers
+-- usefulDefinition ID ::= {module 0}
+-- informationFramework ID ::= {module 1}
+-- directoryAbstractService ID ::= {module 2}
+-- distributedOperations ID ::= {module 3}
+-- protocolObjectIdentifiers ID ::= {module 4}
+-- selectedAttributeTypes ID ::= {module 5}
+-- selectedObjectClasses ID ::= {module 6}
+-- authenticationFramework ID ::= {module 7}
+-- algorithmObjectIdentifiers ID ::= {module 8}
+-- directoryObjectIdentifiers ID ::= {module 9}
+-- upperBounds ID ::= {module 10}
+-- dap ID ::= {module 11}
+-- dsp ID ::= {module 12}
+-- distributedDirectoryObjectIdentifiers ID ::= {module 13}
+-- unused module identifiers
+-- directoryShadowOIDs ID ::= {module 14}
+-- directoryShadowAbstractService ID ::= {module 15}
+-- disp ID ::= {module 16}
+-- dop ID ::= {module 17}
+-- opBindingManagement ID ::= {module 18}
+-- opBindingOIDs ID ::= {module 19}
+-- hierarchicalOperationalBindings ID ::= {module 20}
+-- dsaOperationalAttributeTypes ID ::= {module 22}
+-- schemaAdministration ID ::= {module 23}
+-- basicAccessControl ID ::= {module 24}
+-- operationalBindingOIDs ID ::= {module 25}
+END -- UsefulDefinitions
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/acse/2.5.1.1.3.asn1 b/acse/2.5.1.1.3.asn1
new file mode 100644
index 0000000..58d934b
--- /dev/null
+++ b/acse/2.5.1.1.3.asn1
@@ -0,0 +1,876 @@
+-- Module InformationFramework (X.501 TC2:08/1997)
+-- See also ITU-T X.501 (1997) Technical Cor. 2 (02/2001)
+-- See also the index of all ASN.1 assignments needed in this document
+
+InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1)
+ 3} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All -
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+ id-oc, id-at, id-mr, id-oa, id-sc, id-ar, id-nf, selectedAttributeTypes,
+ directoryAbstractService, upperBounds
+ FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+ usefulDefinitions(0) 3}
+ commonName, generalizedTimeMatch, generalizedTimeOrderingMatch, booleanMatch,
+ integerMatch, integerOrderingMatch, objectIdentifierFirstComponentMatch,
+ integerFirstComponentMatch, DirectoryString{}
+ FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+ selectedAttributeTypes(5) 3}
+ TypeAndContextAssertion, ServiceControlOptions, SearchControlOptions,
+ HierarchySelections, FamilyGrouping, FamilyReturn
+ FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+ directoryAbstractService(2) 3}
+ ub-search
+ FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 3};
+
+-- attribute data types
+Attribute ::= SEQUENCE {
+ type ATTRIBUTE.&id({SupportedAttributes}),
+ values
+ SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+ valuesWithContext
+ SET SIZE (1..MAX) OF
+ SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+ contextList SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+AttributeType ::= ATTRIBUTE.&id
+
+AttributeValue ::= ATTRIBUTE.&Type
+
+Context ::= SEQUENCE {
+ contextType CONTEXT.&id({SupportedContexts}),
+ contextValues
+ SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
+ fallback BOOLEAN DEFAULT FALSE
+}
+
+AttributeValueAssertion ::= SEQUENCE {
+ type ATTRIBUTE.&id({SupportedAttributes}),
+ assertion
+ ATTRIBUTE.&equality-match.&AssertionType
+ ({SupportedAttributes}{@type}),
+ assertedContexts
+ CHOICE {allContexts [0] NULL,
+ selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion
+ } OPTIONAL
+}
+
+ContextAssertion ::= SEQUENCE {
+ contextType CONTEXT.&id({SupportedContexts}),
+ contextValues
+ SET SIZE (1..MAX) OF
+ CONTEXT.&Assertion({SupportedContexts}{@contextType})
+}
+
+AttributeTypeAssertion ::= SEQUENCE {
+ type ATTRIBUTE.&id({SupportedAttributes}),
+ assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL
+}
+
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the values component of Attribute, the value component
+-- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion.
+SupportedAttributes ATTRIBUTE ::=
+ {objectClass | aliasedEntryName, ...}
+
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the context specifications
+SupportedContexts CONTEXT ::=
+ {...}
+
+-- naming data types
+Name ::= CHOICE { -- only one possibility for now --rdnSequence RDNSequence
+}
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::= RDNSequence
+
+RelativeDistinguishedName ::=
+ SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue
+
+AttributeTypeAndDistinguishedValue ::= SEQUENCE {
+ type ATTRIBUTE.&id({SupportedAttributes}),
+ value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+ primaryDistinguished BOOLEAN DEFAULT TRUE,
+ valuesWithContext
+ SET SIZE (1..MAX) OF
+ SEQUENCE {distingAttrValue
+ [0] ATTRIBUTE.&Type({SupportedAttributes}{@type})
+ OPTIONAL,
+ contextList SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+-- subtree data types
+SubtreeSpecification ::= SEQUENCE {
+ base [0] LocalName DEFAULT {},
+ COMPONENTS OF ChopSpecification,
+ specificationFilter [4] Refinement OPTIONAL
+}
+
+-- empty sequence specifies whole administrative area
+LocalName ::= RDNSequence
+
+ChopSpecification ::= SEQUENCE {
+ specificExclusions
+ [1] SET SIZE (1..MAX) OF
+ CHOICE {chopBefore [0] LocalName,
+ chopAfter [1] LocalName} OPTIONAL,
+ minimum [2] BaseDistance DEFAULT 0,
+ maximum [3] BaseDistance OPTIONAL
+}
+
+BaseDistance ::= INTEGER(0..MAX)
+
+Refinement ::= CHOICE {
+ item [0] OBJECT-CLASS.&id,
+ and [1] SET OF Refinement,
+ or [2] SET OF Refinement,
+ not [3] Refinement
+}
+
+-- OBJECT-CLASS information object class specification
+OBJECT-CLASS ::= CLASS {
+ &Superclasses OBJECT-CLASS OPTIONAL,
+ &kind ObjectClassKind DEFAULT structural,
+ &MandatoryAttributes ATTRIBUTE OPTIONAL,
+ &OptionalAttributes ATTRIBUTE OPTIONAL,
+ &id OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+ [SUBCLASS OF &Superclasses]
+ [KIND &kind]
+ [MUST CONTAIN &MandatoryAttributes]
+ [MAY CONTAIN &OptionalAttributes]
+ ID &id
+}
+
+ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)}
+
+-- object classes
+top OBJECT-CLASS ::= {
+ KIND abstract
+ MUST CONTAIN {objectClass}
+ ID id-oc-top
+}
+
+alias OBJECT-CLASS ::= {
+ SUBCLASS OF {top}
+ MUST CONTAIN {aliasedEntryName}
+ ID id-oc-alias
+}
+
+parent OBJECT-CLASS ::= {KIND abstract
+ ID id-oc-parent
+}
+
+child OBJECT-CLASS ::= {KIND auxiliary
+ ID id-oc-child
+}
+
+-- ATTRIBUTE information object class specification
+ATTRIBUTE ::= CLASS {
+ &derivation ATTRIBUTE OPTIONAL,
+ &Type OPTIONAL, -- either &Type or &derivation required
+ &equality-match MATCHING-RULE OPTIONAL,
+ &ordering-match MATCHING-RULE OPTIONAL,
+ &substrings-match MATCHING-RULE OPTIONAL,
+ &single-valued BOOLEAN DEFAULT FALSE,
+ &collective BOOLEAN DEFAULT FALSE,
+ -- operational extensions
+ &no-user-modification BOOLEAN DEFAULT FALSE,
+ &usage AttributeUsage DEFAULT userApplications,
+ &id OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+ [SUBTYPE OF &derivation]
+ [WITH SYNTAX &Type]
+ [EQUALITY MATCHING RULE &equality-match]
+ [ORDERING MATCHING RULE &ordering-match]
+ [SUBSTRINGS MATCHING RULE &substrings-match]
+ [SINGLE VALUE &single-valued]
+ [COLLECTIVE &collective]
+ [NO USER MODIFICATION &no-user-modification]
+ [USAGE &usage]
+ ID &id
+}
+
+AttributeUsage ::= ENUMERATED {
+ userApplications(0), directoryOperation(1), distributedOperation(2),
+ dSAOperation(3)}
+
+-- attributes
+objectClass ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ ID id-at-objectClass
+}
+
+aliasedEntryName ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ SINGLE VALUE TRUE
+ ID id-at-aliasedEntryName
+}
+
+-- MATCHING-RULE information object class specification
+MATCHING-RULE ::= CLASS {
+ &ParentMatchingRules MATCHING-RULE.&id OPTIONAL,
+ &AssertionType OPTIONAL,
+ &uniqueMatchIndicator ATTRIBUTE.&id OPTIONAL,
+ &id OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+ [PARENT &ParentMatchingRules]
+ [SYNTAX &AssertionType]
+ [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
+ ID &id
+}
+
+-- matching rules
+objectIdentifierMatch MATCHING-RULE ::= {
+ SYNTAX OBJECT IDENTIFIER
+ ID id-mr-objectIdentifierMatch
+}
+
+distinguishedNameMatch MATCHING-RULE ::= {
+ SYNTAX DistinguishedName
+ ID id-mr-distinguishedNameMatch
+}
+
+MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult,
+ OBJECT IDENTIFIER:matchingRule} ::= CLASS {
+ &selectBy SelectedBy OPTIONAL,
+ &ApplicableTo ATTRIBUTE,
+ &subtypesIncluded BOOLEAN DEFAULT TRUE,
+ &combinable BOOLEAN(combinable),
+ &mappingResults MappingResult OPTIONAL,
+ &userControl BOOLEAN DEFAULT FALSE,
+ &exclusive BOOLEAN DEFAULT TRUE,
+ &matching-rule MATCHING-RULE.&id(matchingRule),
+ &id OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+ [SELECT BY &selectBy]
+ APPLICABLE TO &ApplicableTo
+ [SUBTYPES INCLUDED &subtypesIncluded]
+ COMBINABLE &combinable
+ [MAPPING RESULTS &mappingResults]
+ [USER CONTROL &userControl]
+ [EXCLUSIVE &exclusive]
+ MATCHING RULE &matching-rule
+ ID &id
+}
+
+-- NAME-FORM information object class specification
+NAME-FORM ::= CLASS {
+ &namedObjectClass OBJECT-CLASS,
+ &MandatoryAttributes ATTRIBUTE,
+ &OptionalAttributes ATTRIBUTE OPTIONAL,
+ &id OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+ NAMES &namedObjectClass
+ WITH ATTRIBUTES &MandatoryAttributes
+ [AND OPTIONALLY &OptionalAttributes]
+ ID &id
+}
+
+-- STRUCTURE-RULE class and DIT structure rule data types
+STRUCTURE-RULE ::= CLASS {
+ &nameForm NAME-FORM,
+ &SuperiorStructureRules STRUCTURE-RULE OPTIONAL,
+ &id RuleIdentifier
+}
+WITH SYNTAX {
+ NAME FORM &nameForm
+ [SUPERIOR RULES &SuperiorStructureRules]
+ ID &id
+}
+
+DITStructureRule ::= SEQUENCE {
+ ruleIdentifier RuleIdentifier,
+ -- must be unique within the scope of the subschema
+ nameForm NAME-FORM.&id,
+ superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL
+}
+
+RuleIdentifier ::= INTEGER
+
+-- CONTENT-RULE class and DIT content rule data types
+CONTENT-RULE ::= CLASS {
+ &structuralClass OBJECT-CLASS.&id UNIQUE,
+ &Auxiliaries OBJECT-CLASS OPTIONAL,
+ &Mandatory ATTRIBUTE OPTIONAL,
+ &Optional ATTRIBUTE OPTIONAL,
+ &Precluded ATTRIBUTE OPTIONAL
+}
+WITH SYNTAX {
+ STRUCTURAL OBJECT-CLASS &structuralClass
+ [AUXILIARY OBJECT-CLASSES &Auxiliaries]
+ [MUST CONTAIN &Mandatory]
+ [MAY CONTAIN &Optional]
+ [MUST-NOT CONTAIN &Precluded]
+}
+
+DITContentRule ::= SEQUENCE {
+ structuralObjectClass OBJECT-CLASS.&id,
+ auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
+ mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
+ optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
+ precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL
+}
+
+CONTEXT ::= CLASS {
+ &Type ,
+ &Assertion OPTIONAL,
+ &id OBJECT IDENTIFIER UNIQUE
+}WITH SYNTAX {WITH SYNTAX &Type
+ [ASSERTED AS &Assertion]
+ ID &id
+}
+
+DITContextUse ::= SEQUENCE {
+ attributeType ATTRIBUTE.&id,
+ mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
+ optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL
+}
+
+DIT-CONTEXT-USE-RULE ::= CLASS {
+ &attributeType ATTRIBUTE.&id UNIQUE,
+ &Mandatory CONTEXT OPTIONAL,
+ &Optional CONTEXT OPTIONAL
+}
+WITH SYNTAX {
+ ATTRIBUTE TYPE &attributeType
+ [MANDATORY CONTEXTS &Mandatory]
+ [OPTIONAL CONTEXTS &Optional]
+}
+
+-- system schema information objects
+-- object classes
+subentry OBJECT-CLASS ::= {
+ SUBCLASS OF {top}
+ KIND structural
+ MUST CONTAIN {commonName | subtreeSpecification}
+ ID id-sc-subentry
+}
+
+subentryNameForm NAME-FORM ::= {
+ NAMES subentry
+ WITH ATTRIBUTES {commonName}
+ ID id-nf-subentryNameForm
+}
+
+accessControlSubentry OBJECT-CLASS ::= {
+ KIND auxiliary
+ ID id-sc-accessControlSubentry
+}
+
+collectiveAttributeSubentry OBJECT-CLASS ::= {
+ KIND auxiliary
+ ID id-sc-collectiveAttributeSubentry
+}
+
+contextAssertionSubentry OBJECT-CLASS ::= {
+ KIND auxiliary
+ MUST CONTAIN {contextAssertionDefaults}
+ ID id-sc-contextAssertionSubentry
+}
+
+serviceAdminSubentry OBJECT-CLASS ::= {
+ KIND auxiliary
+ MUST CONTAIN {searchRules}
+ ID id-sc-serviceAdminSubentry
+}
+
+-- attributes
+createTimestamp ATTRIBUTE ::= {
+ WITH SYNTAX GeneralizedTime
+ -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+ EQUALITY MATCHING RULE generalizedTimeMatch
+ ORDERING MATCHING RULE generalizedTimeOrderingMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-createTimestamp
+}
+
+modifyTimestamp ATTRIBUTE ::= {
+ WITH SYNTAX GeneralizedTime
+ -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+ EQUALITY MATCHING RULE generalizedTimeMatch
+ ORDERING MATCHING RULE generalizedTimeOrderingMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-modifyTimestamp
+}
+
+subschemaTimestamp ATTRIBUTE ::= {
+ WITH SYNTAX GeneralizedTime
+ -- as per 41.3 b) or c) of ITU-T Rec.X. 680 | ISO/IEC 8824-1
+ EQUALITY MATCHING RULE generalizedTimeMatch
+ ORDERING MATCHING RULE generalizedTimeOrderingMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-subschemaTimestamp
+}
+
+creatorsName ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-creatorsName
+}
+
+modifiersName ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-modifiersName
+}
+
+subschemaSubentryList ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-subschemaSubentryList
+}
+
+accessControlSubentryList ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-accessControlSubentryList
+}
+
+collectiveAttributeSubentryList ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-collectiveAttributeSubentryList
+}
+
+contextDefaultSubentryList ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-contextDefaultSubentryList
+}
+
+serviceAdminSubentryList ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-serviceAdminSubentryList
+}
+
+hasSubordinates ATTRIBUTE ::= {
+ WITH SYNTAX BOOLEAN
+ EQUALITY MATCHING RULE booleanMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-hasSubordinates
+}
+
+administrativeRole ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT-CLASS.&id
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ USAGE directoryOperation
+ ID id-oa-administrativeRole
+}
+
+subtreeSpecification ATTRIBUTE ::= {
+ WITH SYNTAX SubtreeSpecification
+ USAGE directoryOperation
+ ID id-oa-subtreeSpecification
+}
+
+collectiveExclusions ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ USAGE directoryOperation
+ ID id-oa-collectiveExclusions
+}
+
+contextAssertionDefaults ATTRIBUTE ::= {
+ WITH SYNTAX TypeAndContextAssertion
+ EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch
+ USAGE directoryOperation
+ ID id-oa-contextAssertionDefault
+}
+
+searchRules ATTRIBUTE ::= {
+ WITH SYNTAX SearchRuleDescription
+ EQUALITY MATCHING RULE integerFirstComponentMatch
+ USAGE directoryOperation
+ ID id-oa-searchRules
+}
+
+SearchRuleDescription ::= SEQUENCE {
+ COMPONENTS OF SearchRule,
+ name [28] SET SIZE (1..MAX) OF DirectoryString{ub-search} OPTIONAL,
+ description [29] DirectoryString{ub-search} OPTIONAL,
+ obsolete [30] BOOLEAN DEFAULT FALSE
+}
+
+hierarchyLevel ATTRIBUTE ::= {
+ WITH SYNTAX INTEGER
+ EQUALITY MATCHING RULE integerMatch
+ ORDERING MATCHING RULE integerOrderingMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-hierarchyLevel
+}
+
+hierarchyBelow ATTRIBUTE ::= {
+ WITH SYNTAX BOOLEAN
+ EQUALITY MATCHING RULE booleanMatch
+ SINGLE VALUE TRUE
+ NO USER MODIFICATION TRUE
+ USAGE directoryOperation
+ ID id-oa-hierarchyBelow
+}
+
+hierarchyParent ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ SINGLE VALUE TRUE
+ USAGE directoryOperation
+ ID id-oa-hierarchyParent
+}
+
+SearchRule ::= SEQUENCE {
+ COMPONENTS OF SearchRuleId,
+ serviceType [1] OBJECT IDENTIFIER OPTIONAL,
+ userClass [2] INTEGER OPTIONAL,
+ inputAttributeTypes
+ [3] SEQUENCE SIZE (1..MAX) OF RequestAttribute OPTIONAL,
+ attributeCombination [4] AttributeCombination DEFAULT and:{},
+ outputAttributeTypes [5] SEQUENCE SIZE (1..MAX) OF ResultAttribute OPTIONAL,
+ defaultControls [6] ControlOptions OPTIONAL,
+ mandatoryControls [7] ControlOptions OPTIONAL,
+ searchRuleControls [8] ControlOptions OPTIONAL,
+ familyGrouping [9] FamilyGrouping OPTIONAL,
+ familyReturn [10] FamilyReturn OPTIONAL,
+ relaxation [11] RelaxationPolicy OPTIONAL,
+ additionalControl [12] SEQUENCE SIZE (1..MAX) OF AttributeType OPTIONAL,
+ allowedSubset [13] AllowedSubset DEFAULT '111'B,
+ imposedSubset [14] ImposedSubset OPTIONAL,
+ entryLimit [15] EntryLimit OPTIONAL
+}
+
+SearchRuleId ::= SEQUENCE {id INTEGER,
+ dmdId [0] OBJECT IDENTIFIER
+}
+
+AllowedSubset ::= BIT STRING {baseObject(0), oneLevel(1), wholeSubtree(2)}
+
+ImposedSubset ::= ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)}
+
+RequestAttribute ::= SEQUENCE {
+ attributeType ATTRIBUTE.&id({SupportedAttributes}),
+ includeSubtypes [0] BOOLEAN DEFAULT FALSE,
+ selectedValues
+ [1] SEQUENCE SIZE (0..MAX) OF
+ ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) OPTIONAL,
+ defaultValues
+ [2] SEQUENCE SIZE (0..MAX) OF
+ SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL,
+ values
+ SEQUENCE OF
+ ATTRIBUTE.&Type
+ ({SupportedAttributes}{@attributeType})} OPTIONAL,
+ contexts [3] SEQUENCE SIZE (0..MAX) OF ContextProfile OPTIONAL,
+ contextCombination [4] ContextCombination DEFAULT and:{},
+ matchingUse [5] SEQUENCE SIZE (1..MAX) OF MatchingUse OPTIONAL
+}
+
+ContextProfile ::= SEQUENCE {
+ contextType CONTEXT.&id({SupportedContexts}),
+ contextValue
+ SEQUENCE SIZE (1..MAX) OF
+ CONTEXT.&Assertion({SupportedContexts}{@contextType}) OPTIONAL
+}
+
+ContextCombination ::= CHOICE {
+ context [0] CONTEXT.&id,
+ and [1] SEQUENCE OF ContextCombination,
+ or [2] SEQUENCE OF ContextCombination,
+ not [3] ContextCombination
+}
+
+MatchingUse ::= SEQUENCE {
+ restrictionType
+ MATCHING-RESTRICTION.&id({SupportedMatchingRestrictions}),
+ restrictionValue
+ MATCHING-RESTRICTION.&Restriction
+ ({SupportedMatchingRestrictions}{@restrictionType})
+}
+
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the components of SupportedMatchingRestrictions
+SupportedMatchingRestrictions MATCHING-RESTRICTION ::=
+ {...}
+
+AttributeCombination ::= CHOICE {
+ attribute [0] AttributeType,
+ and [1] SEQUENCE OF AttributeCombination,
+ or [2] SEQUENCE OF AttributeCombination,
+ not [3] AttributeCombination
+}
+
+ResultAttribute ::= SEQUENCE {
+ attributeType ATTRIBUTE.&id({SupportedAttributes}),
+ outputValues
+ CHOICE {selectedValues
+ SEQUENCE SIZE (1..MAX) OF
+ ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}),
+ matchedValuesOnly NULL} OPTIONAL,
+ contexts [0] SEQUENCE SIZE (1..MAX) OF ContextProfile OPTIONAL
+}
+
+OutputValues ::= CHOICE {
+ selectedValues
+ SEQUENCE SIZE (1..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}),
+ matchedValuesOnly NULL
+}
+
+ControlOptions ::= SEQUENCE {
+ serviceControls [0] ServiceControlOptions DEFAULT {},
+ searchOptions [1] SearchControlOptions DEFAULT {searchAliases},
+ hierarchyOptions [2] HierarchySelections OPTIONAL
+}
+
+EntryLimit ::= SEQUENCE {default INTEGER,
+ max INTEGER
+}
+
+RelaxationPolicy ::= SEQUENCE {
+ basic [0] MRMapping DEFAULT {},
+ tightenings [1] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL,
+ relaxations [2] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL,
+ maximum [3] INTEGER OPTIONAL, -- mandatory if tightenings is present
+ minimum [4] INTEGER DEFAULT 1
+}
+
+MRMapping ::= SEQUENCE {
+ mapping [0] SEQUENCE SIZE (1..MAX) OF Mapping OPTIONAL,
+ substitution [1] SEQUENCE SIZE (1..MAX) OF MRSubstitution OPTIONAL
+}
+
+Mapping ::= SEQUENCE {
+ mappingFunction
+ OBJECT IDENTIFIER
+ (CONSTRAINED BY {-- shall be an--
+
+ -- object identifier of a mapping-based matching algorithm -- }),
+ level INTEGER DEFAULT 0
+}
+
+MRSubstitution ::= SEQUENCE {
+ attribute AttributeType,
+ oldMatchingRule [0] MATCHING-RULE.&id OPTIONAL,
+ newMatchingRule [1] MATCHING-RULE.&id OPTIONAL
+}
+
+SEARCH-RULE ::= CLASS {
+ &dmdId OBJECT IDENTIFIER,
+ &serviceType OBJECT IDENTIFIER OPTIONAL,
+ &userClass INTEGER OPTIONAL,
+ &InputAttributeTypes REQUEST-ATTRIBUTE OPTIONAL,
+ &combination AttributeCombination OPTIONAL,
+ &OutputAttributeTypes RESULT-ATTRIBUTE OPTIONAL,
+ &defaultControls ControlOptions OPTIONAL,
+ &mandatoryControls ControlOptions OPTIONAL,
+ &searchRuleControls ControlOptions OPTIONAL,
+ &familyGrouping FamilyGrouping OPTIONAL,
+ &familyReturn FamilyReturn OPTIONAL,
+ &additionalControl AttributeType OPTIONAL,
+ &relaxation RelaxationPolicy OPTIONAL,
+ &entryLimit EntryLimit OPTIONAL,
+ &allowedSubset AllowedSubset DEFAULT '111'B,
+ &imposedSubset ImposedSubset OPTIONAL,
+ &id INTEGER UNIQUE
+}
+WITH SYNTAX {
+ DMD ID &dmdId
+ [SERVICE-TYPE &serviceType]
+ [USER-CLASS &userClass]
+ [INPUT ATTRIBUTES &InputAttributeTypes]
+ [COMBINATION &combination]
+ [OUTPUT ATTRIBUTES &OutputAttributeTypes]
+ [DEFAULT CONTROL &defaultControls]
+ [MANDATORY CONTROL &mandatoryControls]
+ [SEARCH-RULE CONTROL &searchRuleControls]
+ [FAMILY-GROUPING &familyGrouping]
+ [FAMILY-RETURN &familyReturn]
+ [ADDITIONAL CONTROL &additionalControl]
+ [RELAXATION &relaxation]
+ [ALLOWED SUBSET &allowedSubset]
+ [IMPOSED SUBSET &imposedSubset]
+ [ENTRY LIMIT &entryLimit]
+ ID &id
+}
+
+REQUEST-ATTRIBUTE ::= CLASS {
+ &attributeType ATTRIBUTE.&id,
+ &SelectedValues ATTRIBUTE.&Type OPTIONAL,
+ &DefaultValues SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL,
+ values SEQUENCE OF ATTRIBUTE.&Type
+ } OPTIONAL,
+ &contexts SEQUENCE OF ContextProfile OPTIONAL,
+ &contextCombination ContextCombination OPTIONAL,
+ &MatchingUse MatchingUse OPTIONAL,
+ &includeSubtypes BOOLEAN DEFAULT FALSE
+}
+WITH SYNTAX {
+ ATTRIBUTE TYPE &attributeType
+ [SELECTED VALUES &SelectedValues]
+ [DEFAULT VALUES &DefaultValues]
+ [CONTEXTS &contexts]
+ [CONTEXT COMBINATION &contextCombination]
+ [MATCHING USE &MatchingUse]
+ [INCLUDE SUBTYPES &includeSubtypes]
+}
+
+RESULT-ATTRIBUTE ::= CLASS {
+ &attributeType ATTRIBUTE.&id,
+ &outputValues OutputValues OPTIONAL,
+ &contexts ContextProfile OPTIONAL
+}
+WITH SYNTAX {
+ ATTRIBUTE TYPE &attributeType
+ [OUTPUT VALUES &outputValues]
+ [CONTEXTS &contexts]
+}
+
+MATCHING-RESTRICTION ::= CLASS {
+ &Restriction ,
+ &Rules MATCHING-RULE.&id,
+ &id OBJECT IDENTIFIER UNIQUE
+}WITH SYNTAX {RESTRICTION &Restriction
+ RULES &Rules
+ ID &id
+}
+
+-- object identifier assignments
+-- object classes
+id-oc-top OBJECT IDENTIFIER ::=
+ {id-oc 0}
+
+id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1}
+
+id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28}
+
+id-oc-child OBJECT IDENTIFIER ::= {id-oc 29}
+
+-- attributes
+id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
+
+id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
+
+-- matching rules
+id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
+
+id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
+
+-- operational attributes
+id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::=
+ {id-oa 0}
+
+id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1}
+
+id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2}
+
+id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3}
+
+id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4}
+
+id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5}
+
+id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6}
+
+id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7}
+
+id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8}
+
+id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9}
+
+id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10}
+
+id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11}
+
+id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12}
+
+id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13}
+
+id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14}
+
+id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15}
+
+id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16}
+
+id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17}
+
+id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18}
+
+id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19}
+
+-- subentry classes
+id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0}
+
+id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1}
+
+id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2}
+
+id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3}
+
+id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4}
+
+-- Name forms
+id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16}
+
+-- administrative roles
+id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1}
+
+id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2}
+
+id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3}
+
+id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4}
+
+id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5}
+
+id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6}
+
+id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7}
+
+id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8}
+
+END -- InformationFramework
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/acse/2.5.1.10.3.asn1 b/acse/2.5.1.10.3.asn1
new file mode 100644
index 0000000..3ebc334
--- /dev/null
+++ b/acse/2.5.1.10.3.asn1
@@ -0,0 +1,90 @@
+-- Module UpperBounds (X.520:08/1997)
+-- See also ITU-T X.520 (08/1997)
+-- See also the index of all ASN.1 assignments needed in this document
+
+UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 3} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+ub-answerback INTEGER ::=
+ 8
+
+ub-business-category INTEGER ::= 128
+
+ub-common-name INTEGER ::= 64
+
+ub-country-code INTEGER ::= 4
+
+ub-description INTEGER ::= 1024
+
+ub-destination-indicator INTEGER ::= 128
+
+ub-directory-string-first-component-match INTEGER ::= 32768
+
+ub-international-isdn-number INTEGER ::= 16
+
+ub-knowledge-information INTEGER ::= 32768
+
+ub-locality-name INTEGER ::= 128
+
+ub-match INTEGER ::= 128
+
+ub-name INTEGER ::= 64
+
+ub-organization-name INTEGER ::= 64
+
+ub-organizational-unit-name INTEGER ::= 64
+
+ub-physical-office-name INTEGER ::= 128
+
+ub-post-office-box INTEGER ::= 40
+
+ub-postal-code INTEGER ::= 40
+
+ub-postal-line INTEGER ::= 6
+
+ub-postal-string INTEGER ::= 30
+
+ub-privacy-mark-length INTEGER ::= 128
+
+ub-schema INTEGER ::= 1024
+
+ub-search INTEGER ::= 32768
+
+ub-serial-number INTEGER ::= 64
+
+ub-state-name INTEGER ::= 128
+
+ub-street-address INTEGER ::= 128
+
+ub-surname INTEGER ::= 64
+
+ub-tag INTEGER ::= 64
+
+ub-telephone-number INTEGER ::= 32
+
+ub-teletex-terminal-id INTEGER ::= 1024
+
+ub-telex-number INTEGER ::= 14
+
+ub-title INTEGER ::= 64
+
+ub-user-password INTEGER ::= 128
+
+ub-x121-address INTEGER ::= 15
+
+ub-localeContextSyntax INTEGER ::= 128
+
+ub-locale-context-syntax INTEGER ::= 64
+
+ub-pseudonym INTEGER ::= 128
+
+ub-content INTEGER ::= 32768
+
+END -- UpperBounds
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/acse/2.5.1.2.3.asn1 b/acse/2.5.1.2.3.asn1
new file mode 100644
index 0000000..ca1d934
--- /dev/null
+++ b/acse/2.5.1.2.3.asn1
@@ -0,0 +1,718 @@
+-- Module DirectoryAbstractService (X.511 TC2:08/1997)
+-- See also ITU-T X.511 (1997) Technical Cor. 2 (02/2001)
+-- See also the index of all ASN.1 assignments needed in this document
+
+DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+ directoryAbstractService(2) 3} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+ informationFramework, distributedOperations, authenticationFramework,
+ dap, directoryShadowAbstractService, basicAccessControl, enhancedSecurity,
+ id-at
+ FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+ usefulDefinitions(0) 3}
+ AttributeTypeAndValue
+ FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
+ basicAccessControl(24) 3}
+ AgreementID
+ FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1)
+ directoryShadowAbstractService(15) 4}
+ Attribute, AttributeType, AttributeValue, AttributeValueAssertion,
+ DistinguishedName, Name, RelativeDistinguishedName, SupportedAttributes,
+ ATTRIBUTE, MATCHING-RULE, ContextAssertion, AttributeTypeAssertion,
+ OBJECT-CLASS, RelaxationPolicy
+ FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+ informationFramework(1) 3}
+ OperationProgress, ReferenceType, Exclusions, AccessPoint,
+ ContinuationReference
+ FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+ distributedOperations(3) 3}
+ CertificationPath, SIGNED{}, SIGNATURE{}, ENCRYPTED{}, AlgorithmIdentifier,
+ AttributeCertificationPath
+ FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+ authenticationFramework(7) 3}
+ OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{}
+ FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1)
+ enhancedSecurity(28) 1}
+ id-opcode-read, id-opcode-compare, id-opcode-abandon, id-opcode-list,
+ id-opcode-search, id-opcode-addEntry, id-opcode-removeEntry,
+ id-opcode-modifyEntry, id-opcode-modifyDN, id-errcode-abandoned,
+ id-errcode-abandonFailed, id-errcode-attributeError, id-errcode-nameError,
+ id-errcode-referral, id-errcode-securityError, id-errcode-serviceError,
+ id-errcode-updateError
+ FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 3}
+ OPERATION, ERROR, Code
+ FROM Remote-Operations-Information-Objects {joint-iso-itu-t
+ remote-operations(4) informationObjects(5) version1(0)}
+ emptyUnbind
+ FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t
+ remote-operations(4) useful-definitions(7) version1(0)}
+ InvokeId
+ FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t
+ remote-operations(4) generic-ROS-PDUs(6) version1(0)}
+ --PROTECTED
+ -- FROM Notation { joint-iso-itu-t genericULS (20) modules (1) notation (1) }
+ SPKM-REQ, SPKM-REP-TI, SPKM-ERROR
+ FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) spkm(1) spkmGssTokens(10)};
+
+-- Common data types
+-- Parameterized type for representing optional signing
+OPTIONALLY-SIGNED{Type} ::= CHOICE {unsigned Type,
+ signed SIGNED{Type}
+}
+
+CommonArguments ::= SET {
+ serviceControls [30] ServiceControls DEFAULT {},
+ securityParameters [29] SecurityParameters OPTIONAL,
+ requestor [28] DistinguishedName OPTIONAL,
+ operationProgress
+ [27] OperationProgress DEFAULT {nameResolutionPhase notStarted},
+ aliasedRDNs [26] INTEGER OPTIONAL,
+ criticalExtensions [25] BIT STRING OPTIONAL,
+ referenceType [24] ReferenceType OPTIONAL,
+ entryOnly [23] BOOLEAN DEFAULT TRUE,
+ nameResolveOnMaste [21] BOOLEAN DEFAULT FALSE,
+ operationContexts [20] ContextSelection OPTIONAL,
+ familyGrouping [19] FamilyGrouping DEFAULT entryOnly
+}
+
+FamilyGrouping ::= ENUMERATED {
+ entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)}
+
+CommonResults ::= SET {
+ securityParameters [30] SecurityParameters OPTIONAL,
+ performer [29] DistinguishedName OPTIONAL,
+ aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
+ notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+}
+
+CommonResultsSeq ::= SEQUENCE {
+ securityParameters [30] SecurityParameters OPTIONAL,
+ performer [29] DistinguishedName OPTIONAL,
+ aliasDereferenced [28] BOOLEAN DEFAULT FALSE
+}
+
+ServiceControls ::= SET {
+ options [0] ServiceControlOptions DEFAULT {},
+ priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium,
+ timeLimit [2] INTEGER OPTIONAL,
+ sizeLimit [3] INTEGER OPTIONAL,
+ scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL,
+ attributeSizeLimit [5] INTEGER OPTIONAL,
+ manageDSAITPlaneRef
+ [6] SEQUENCE {dsaName Name,
+ agreementID AgreementID} OPTIONAL,
+ serviceType [7] OBJECT IDENTIFIER OPTIONAL,
+ userClass [8] INTEGER OPTIONAL
+}
+
+ServiceControlOptions ::= BIT STRING {
+ preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3),
+ dontDereferenceAliases(4), subentries(5), copyShallDo(6),
+ partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9),
+ noSubtypeSelection(10), countFamily(11)}
+
+EntryInformationSelection ::= SET {
+ attributes
+ CHOICE {allUserAttributes [0] NULL,
+ select [1] SET OF AttributeType
+ -- empty set implies no attributes are requested
+ } DEFAULT allUserAttributes:NULL,
+ infoTypes
+ [2] INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)}
+ DEFAULT attributeTypesAndValues,
+ extraAttributes
+ CHOICE {allOperationalAttributes [3] NULL,
+ select [4] SET OF AttributeType} OPTIONAL,
+ contextSelection ContextSelection OPTIONAL,
+ returnContexts BOOLEAN DEFAULT FALSE,
+ familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly}
+}
+
+ContextSelection ::= CHOICE {
+ allContexts NULL,
+ selectedContexts SET OF TypeAndContextAssertion
+}
+
+TypeAndContextAssertion ::= SEQUENCE {
+ type AttributeType,
+ contextAssertions
+ CHOICE {preference SEQUENCE OF ContextAssertion,
+ all SET OF ContextAssertion}
+}
+
+FamilyReturn ::= SEQUENCE {
+ memberSelect
+ ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2),
+ compoundEntry(3)},
+ familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL
+}
+
+family-information ATTRIBUTE ::= {
+ WITH SYNTAX FamilyEntries
+ USAGE directoryOperation
+ ID id-at-family-information
+}
+
+FamilyEntries ::= SEQUENCE {
+ family-class OBJECT-CLASS.&id, -- structural object class value
+ familyEntries SEQUENCE OF FamilyEntry
+}
+
+FamilyEntry ::= SEQUENCE {
+ rdn RelativeDistinguishedName,
+ information
+ SEQUENCE OF CHOICE {attributeType AttributeType,
+ attribute Attribute},
+ family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL
+}
+
+EntryInformation ::= SEQUENCE {
+ name Name,
+ fromEntry BOOLEAN DEFAULT TRUE,
+ information
+ SET SIZE (1..MAX) OF
+ CHOICE {attributeType AttributeType,
+ attribute Attribute} OPTIONAL,
+ incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems
+ partialNameResolution
+ [4] BOOLEAN DEFAULT FALSE -- not in 1988 or 1993 edition systems --
+}
+
+Filter ::= CHOICE {
+ item [0] FilterItem,
+ and [1] SET OF Filter,
+ or [2] SET OF Filter,
+ not [3] Filter
+}
+
+FilterItem ::= CHOICE {
+ equality [0] AttributeValueAssertion,
+ substrings
+ [1] SEQUENCE {type ATTRIBUTE.&id({SupportedAttributes}),
+ strings
+ SEQUENCE OF
+ CHOICE {initial
+ [0] ATTRIBUTE.&Type
+ ({SupportedAttributes}
+ {@substrings.type}),
+ any
+ [1] ATTRIBUTE.&Type
+ ({SupportedAttributes}
+ {@substrings.type}),
+ final
+ [2] ATTRIBUTE.&Type
+ ({SupportedAttributes}
+ {@substrings.type}),
+ control Attribute -- Used to specify interpretation of following items
+ }},
+ greaterOrEqual [2] AttributeValueAssertion,
+ lessOrEqual [3] AttributeValueAssertion,
+ present [4] AttributeType,
+ approximateMatch [5] AttributeValueAssertion,
+ extensibleMatch [6] MatchingRuleAssertion,
+ contextPresent [7] AttributeTypeAssertion
+}
+
+MatchingRuleAssertion ::= SEQUENCE {
+ matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id,
+ type [2] AttributeType OPTIONAL,
+ matchValue
+ [3] MATCHING-RULE.&AssertionType
+ (CONSTRAINED BY {
+ -- matchValue must be a value of type specified by the &AssertionType field of
+ -- one of the MATCHING-RULE information objects identified by matchingRule -- }),
+ dnAttributes [4] BOOLEAN DEFAULT FALSE
+}
+
+PagedResultsRequest ::= CHOICE {
+ newRequest
+ SEQUENCE {pageSize INTEGER,
+ sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL,
+ reverse [1] BOOLEAN DEFAULT FALSE,
+ unmerged [2] BOOLEAN DEFAULT FALSE},
+ queryReference OCTET STRING
+}
+
+SortKey ::= SEQUENCE {
+ type AttributeType,
+ orderingRule MATCHING-RULE.&id OPTIONAL
+}
+
+SecurityParameters ::= SET {
+ certification-path [0] CertificationPath OPTIONAL,
+ name [1] DistinguishedName OPTIONAL,
+ time [2] Time OPTIONAL,
+ random [3] BIT STRING OPTIONAL,
+ target [4] ProtectionRequest OPTIONAL,
+ response [5] BIT STRING OPTIONAL,
+ operationCode [6] Code OPTIONAL,
+ attributeCertificationPath [7] AttributeCertificationPath OPTIONAL,
+ errorProtection [8] ErrorProtectionRequest OPTIONAL,
+ errorCode [9] Code OPTIONAL
+}
+
+ProtectionRequest ::= INTEGER {
+ none(0), signed(1), encrypted(2), signed-encrypted(3)}
+
+Time ::= CHOICE {utcTime UTCTime,
+ generalizedTime GeneralizedTime
+}
+
+ErrorProtectionRequest ::= INTEGER {
+ none(0), signed(1), encrypted(2), signed-encrypted(3)}
+
+-- Bind and unbind operations
+directoryBind OPERATION ::= {
+ ARGUMENT DirectoryBindArgument
+ RESULT DirectoryBindResult
+ ERRORS {directoryBindError}
+}
+
+DirectoryBindArgument ::= SET {
+ credentials [0] Credentials OPTIONAL,
+ versions [1] Versions DEFAULT {v1}
+}
+
+Credentials ::= CHOICE {
+ simple [0] SimpleCredentials,
+ strong [1] StrongCredentials,
+ externalProcedure [2] EXTERNAL,
+ spkm [3] SpkmCredentials
+}
+
+SimpleCredentials ::= SEQUENCE {
+ name [0] DistinguishedName,
+ validity
+ [1] SET {time1 [0] CHOICE {utc UTCTime,
+ gt GeneralizedTime} OPTIONAL,
+ time2 [1] CHOICE {utc UTCTime,
+ gt GeneralizedTime} OPTIONAL,
+ random1 [2] BIT STRING OPTIONAL,
+ random2 [3] BIT STRING OPTIONAL},
+ password
+ [2] CHOICE {unprotected OCTET STRING,
+ protected SIGNATURE{OCTET STRING}} OPTIONAL
+}
+
+StrongCredentials ::= SET {
+ certification-path [0] CertificationPath OPTIONAL,
+ bind-token [1] Token,
+ name [2] DistinguishedName OPTIONAL,
+ attributeCertificationPath [3] AttributeCertificationPath OPTIONAL
+}
+
+SpkmCredentials ::= CHOICE {req [0] SPKM-REQ,
+ rep [1] SPKM-REP-TI
+}
+
+Token ::=
+ SIGNED
+ {SEQUENCE {algorithm [0] AlgorithmIdentifier,
+ name [1] DistinguishedName,
+ time [2] Time,
+ random [3] BIT STRING,
+ response [4] BIT STRING OPTIONAL,
+ bindIntAlgorithm
+ [5] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
+ bindIntKeyInfo [6] BindKeyInfo OPTIONAL,
+ bindConfAlgorithm
+ [7] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL,
+ bindConfKeyInfo [8] BindKeyInfo OPTIONAL}}
+
+Versions ::= BIT STRING {v1(0), v2(1)}
+
+DirectoryBindResult ::= DirectoryBindArgument
+
+directoryBindError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {versions [0] Versions DEFAULT {v1},
+ error
+ CHOICE {serviceError [1] ServiceProblem,
+ securityError [2] SecurityProblem}}}
+}
+
+BindKeyInfo ::= ENCRYPTED{BIT STRING}
+
+directoryUnbind OPERATION ::= emptyUnbind
+
+-- Operations, arguments, and results
+read OPERATION ::= {
+ ARGUMENT ReadArgument
+ RESULT ReadResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | abandoned |
+ securityError}
+ CODE id-opcode-read
+}
+
+ReadArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ selection [1] EntryInformationSelection DEFAULT {},
+ modifyRightsRequest [2] BOOLEAN DEFAULT FALSE,
+ COMPONENTS OF CommonArguments}}
+
+ReadResult ::=
+ OPTIONALLY-PROTECTED
+ {SET {entry [0] EntryInformation,
+ modifyRights [1] ModifyRights OPTIONAL,
+ COMPONENTS OF CommonResults}}
+
+ModifyRights ::=
+ SET OF
+ SEQUENCE {item
+ CHOICE {entry [0] NULL,
+ attribute [1] AttributeType,
+ value [2] AttributeValueAssertion},
+ permission
+ [3] BIT STRING {add(0), remove(1), rename(2), move(3)}
+ }
+
+compare OPERATION ::= {
+ ARGUMENT CompareArgument
+ RESULT CompareResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | abandoned |
+ securityError}
+ CODE id-opcode-compare
+}
+
+CompareArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ purported [1] AttributeValueAssertion,
+ COMPONENTS OF CommonArguments}}
+
+CompareResult ::=
+ OPTIONALLY-PROTECTED
+ {SET {name Name OPTIONAL,
+ matched [0] BOOLEAN,
+ fromEntry [1] BOOLEAN DEFAULT TRUE,
+ matchedSubtype [2] AttributeType OPTIONAL,
+ COMPONENTS OF CommonResults}}
+
+abandon OPERATION ::= {
+ ARGUMENT AbandonArgument
+ RESULT AbandonResult
+ ERRORS {abandonFailed}
+ CODE id-opcode-abandon
+}
+
+AbandonArgument ::=
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID [0] InvokeId}}
+
+AbandonResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID InvokeId,
+ COMPONENTS OF CommonResultsSeq
+ }}
+}
+
+list OPERATION ::= {
+ ARGUMENT ListArgument
+ RESULT ListResult
+ ERRORS {nameError | serviceError | referral | abandoned | securityError}
+ CODE id-opcode-list
+}
+
+ListArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ pagedResults [1] PagedResultsRequest OPTIONAL,
+ listFamily [2] BOOLEAN DEFAULT FALSE,
+ COMPONENTS OF CommonArguments}}
+
+ListResult ::=
+ OPTIONALLY-PROTECTED
+ {CHOICE {listInfo
+ SET {name Name OPTIONAL,
+ subordinates
+ [1] SET OF
+ SEQUENCE {rdn RelativeDistinguishedName,
+ aliasEntry [0] BOOLEAN DEFAULT FALSE,
+ fromEntry [1] BOOLEAN DEFAULT TRUE
+ },
+ partialOutcomeQualifier
+ [2] PartialOutcomeQualifier OPTIONAL,
+ COMPONENTS OF CommonResults},
+ uncorrelatedListInfo [0] SET OF ListResult}}
+
+PartialOutcomeQualifier ::= SET {
+ limitProblem [0] LimitProblem OPTIONAL,
+ unexplored
+ [1] SET SIZE (1..MAX) OF ContinuationReference OPTIONAL,
+ unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE,
+ unknownErrors
+ [3] SET SIZE (1..MAX) OF ABSTRACT-SYNTAX.&Type OPTIONAL,
+ queryReference [4] OCTET STRING OPTIONAL,
+ overspecFilter [5] Filter OPTIONAL,
+ notification
+ [6] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL,
+ entryCount
+ CHOICE {bestEstimate [7] INTEGER,
+ lowEstimate [8] INTEGER} OPTIONAL
+}
+
+LimitProblem ::= INTEGER {
+ timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2)
+}
+
+search OPERATION ::= {
+ ARGUMENT SearchArgument
+ RESULT SearchResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | abandoned |
+ securityError}
+ CODE id-opcode-search
+}
+
+SearchArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {baseObject [0] Name,
+ subset
+ [1] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)}
+ DEFAULT baseObject,
+ filter [2] Filter DEFAULT and:{},
+ searchAliases [3] BOOLEAN DEFAULT TRUE,
+ selection [4] EntryInformationSelection DEFAULT {},
+ pagedResults [5] PagedResultsRequest OPTIONAL,
+ matchedValuesOnly [6] BOOLEAN DEFAULT FALSE,
+ extendedFilter [7] Filter OPTIONAL,
+ checkOverspecified [8] BOOLEAN DEFAULT FALSE,
+ relaxation [9] RelaxationPolicy OPTIONAL,
+ extendedArea [10] INTEGER OPTIONAL,
+ hierarchySelections [11] HierarchySelections DEFAULT {self},
+ searchControlOptions
+ [12] SearchControlOptions DEFAULT {searchAliases},
+ COMPONENTS OF CommonArguments}}
+
+HierarchySelections ::= BIT STRING {
+ self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5),
+ siblings(6), siblingChildren(7), siblingSubtree(8), all(9)}
+
+SearchControlOptions ::= BIT STRING {
+ searchAliases(0), matchedValuesOnly(1), checkOverspecified(2),
+ performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6),
+ matchOnResidualName(7), entryCount(8), useSubset(9),
+ separateFamilyMembers(10), searchFamily(11)}
+
+SearchResult ::=
+ OPTIONALLY-PROTECTED
+ {CHOICE {searchInfo
+ SET {name Name OPTIONAL,
+ entries [0] SET OF EntryInformation,
+ partialOutcomeQualifier
+ [2] PartialOutcomeQualifier OPTIONAL,
+ altMatching [3] BOOLEAN DEFAULT FALSE,
+ COMPONENTS OF CommonResults},
+ uncorrelatedSearchInfo [0] SET OF SearchResult}}
+
+addEntry OPERATION ::= {
+ ARGUMENT AddEntryArgument
+ RESULT AddEntryResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | securityError |
+ updateError}
+ CODE id-opcode-addEntry
+}
+
+AddEntryArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ entry [1] SET OF Attribute,
+ targetSystem [2] AccessPoint OPTIONAL,
+ COMPONENTS OF CommonArguments}}
+
+AddEntryResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
+}
+
+removeEntry OPERATION ::= {
+ ARGUMENT RemoveEntryArgument
+ RESULT RemoveEntryResult
+ ERRORS {nameError | serviceError | referral | securityError | updateError}
+ CODE id-opcode-removeEntry
+}
+
+RemoveEntryArgument ::=
+ OPTIONALLY-PROTECTED{SET {object [0] Name,
+ COMPONENTS OF CommonArguments}}
+
+RemoveEntryResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}}
+}
+
+modifyEntry OPERATION ::= {
+ ARGUMENT ModifyEntryArgument
+ RESULT ModifyEntryResult
+ ERRORS
+ {attributeError | nameError | serviceError | referral | securityError |
+ updateError}
+ CODE id-opcode-modifyEntry
+}
+
+ModifyEntryArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ changes [1] SEQUENCE OF EntryModification,
+ selection [2] EntryInformationSelection OPTIONAL,
+ COMPONENTS OF CommonArguments}}
+
+ModifyEntryResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {entry [0] EntryInformation OPTIONAL,
+ COMPONENTS OF CommonResultsSeq
+ }}
+}
+
+EntryModification ::= CHOICE {
+ addAttribute [0] Attribute,
+ removeAttribute [1] AttributeType,
+ addValues [2] Attribute,
+ removeValues [3] Attribute,
+ alterValues [4] AttributeTypeAndValue,
+ resetValue [5] AttributeType
+}
+
+modifyDN OPERATION ::= {
+ ARGUMENT ModifyDNArgument
+ RESULT ModifyDNResult
+ ERRORS {nameError | serviceError | referral | securityError | updateError}
+ CODE id-opcode-modifyDN
+}
+
+ModifyDNArgument ::=
+ OPTIONALLY-PROTECTED
+ {SET {object [0] DistinguishedName,
+ newRDN [1] RelativeDistinguishedName,
+ deleteOldRDN [2] BOOLEAN DEFAULT FALSE,
+ newSuperior [3] DistinguishedName OPTIONAL,
+ COMPONENTS OF CommonArguments}}
+
+ModifyDNResult ::= CHOICE {
+ null NULL,
+ information
+ OPTIONALLY-PROTECTED-SEQ{SEQUENCE {newRDN RelativeDistinguishedName,
+ COMPONENTS OF CommonResultsSeq
+ }}
+}
+
+-- Errors and parameters
+abandoned ERROR ::= { -- not literally an "error"
+ PARAMETER OPTIONALLY-PROTECTED {SET {COMPONENTS OF CommonResults}}
+ CODE id-errcode-abandoned
+}
+
+abandonFailed ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] AbandonProblem,
+ operation [1] InvokeId,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-abandonFailed
+}
+
+AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)}
+
+attributeError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {object [0] Name,
+ problems
+ [1] SET OF
+ SEQUENCE {problem [0] AttributeProblem,
+ type [1] AttributeType,
+ value [2] AttributeValue OPTIONAL},
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-attributeError
+}
+
+AttributeProblem ::= INTEGER {
+ noSuchAttributeOrValue(1), invalidAttributeSyntax(2),
+ undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5),
+ attributeOrValueAlreadyExists(6), contextViolation(7)}
+
+nameError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] NameProblem,
+ matched [1] Name,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-nameError
+}
+
+NameProblem ::= INTEGER {
+ noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3),
+ aliasDereferencingProblem(4), contextProblem(5)}
+
+referral ERROR ::= { -- not literally an "error"
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {candidate [0] ContinuationReference,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-referral
+}
+
+securityError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] SecurityProblem,
+ spkmInfo [1] SPKM-ERROR,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-securityError
+}
+
+SecurityProblem ::= INTEGER {
+ inappropriateAuthentication(1), invalidCredentials(2),
+ insufficientAccessRights(3), invalidSignature(4), protectionRequired(5),
+ noInformation(6), blockedCredentials(7), invalidQOPMatch(8), spkmError(9)
+}
+
+serviceError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] ServiceProblem,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-serviceError
+}
+
+ServiceProblem ::= INTEGER {
+ busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4),
+ unableToProceed(5), invalidReference(6), timeLimitExceeded(7),
+ administrativeLimitExceeded(8), loopDetected(9),
+ unavailableCriticalExtension(10), outOfScope(11), ditError(12),
+ invalidQueryReference(13), requestedServiceNotAvailable(14),
+ relaxationNotSupported(15), unavailableRelaxationLevel(16),
+ unsupportedMatchingUse(17), unmatchedKeyAttributes(18),
+ ambiguousKeyAttributes(19)}
+
+updateError ERROR ::= {
+ PARAMETER OPTIONALLY-PROTECTED
+ {SET {problem [0] UpdateProblem,
+ attributeInfo
+ [1] SET SIZE (1..MAX) OF
+ CHOICE {attributeType AttributeType,
+ attribute Attribute} OPTIONAL,
+ COMPONENTS OF CommonResults}}
+ CODE id-errcode-updateError
+}
+
+UpdateProblem ::= INTEGER {
+ namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3),
+ notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6),
+ objectClassModificationProhibited(7), notAncestor(8), parentNotAncestor(9),
+ hierarchyRuleViolation(10), familyRuleViolation(11)}
+
+id-at-family-information OBJECT IDENTIFIER ::= {id-at 64}
+
+END -- DirectoryAbstractService
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/acse/2.5.1.5.3.asn1 b/acse/2.5.1.5.3.asn1
new file mode 100644
index 0000000..0ac391f
--- /dev/null
+++ b/acse/2.5.1.5.3.asn1
@@ -0,0 +1,1467 @@
+-- Module SelectedAttributeTypes (X.520:08/1997)
+-- See also ITU-T X.520 (08/1997)
+-- See also the index of all ASN.1 assignments needed in this document
+
+SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+ selectedAttributeTypes(5) 3} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+ informationFramework, upperBounds, id-at, id-mr, id-avc,
+ directoryAbstractService, id-pr, id-not, id-cat
+ FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+ usefulDefinitions(0) 3}
+ Attribute, ATTRIBUTE, MATCHING-RULE, AttributeType, OBJECT-CLASS,
+ DistinguishedName, objectIdentifierMatch, distinguishedNameMatch,
+ CONTEXT, ContextAssertion, AttributeCombination, ContextCombination,
+ MAPPING-BASED-MATCHING, MRMapping, AttributeValueAssertion
+ FROM InformationFramework informationFramework
+ G3FacsimileNonBasicParameters
+ FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0)
+ mts-abstract-service(1) version-1999(1)}
+ ub-answerback, ub-name, ub-common-name, ub-surname, ub-serial-number,
+ ub-locality-name, ub-state-name, ub-street-address, ub-organization-name,
+ ub-organizational-unit-name, ub-title, ub-description,
+ ub-business-category, ub-postal-line, ub-postal-string, ub-postal-code,
+ ub-post-office-box, ub-physical-office-name, ub-telex-number,
+ ub-country-code, ub-teletex-terminal-id, ub-telephone-number,
+ ub-x121-address, ub-international-isdn-number, ub-destination-indicator,
+ ub-user-password, ub-match, ub-knowledge-information,
+ ub-directory-string-first-component-match, ub-localeContextSyntax,
+ ub-pseudonym
+ FROM UpperBounds upperBounds
+ FilterItem, HierarchySelections, SearchControlOptions, ServiceControlOptions
+ FROM DirectoryAbstractService directoryAbstractService;
+
+-- Directory string type
+DirectoryString{INTEGER:maxSize} ::= CHOICE {
+ teletexString TeletexString(SIZE (1..maxSize)),
+ printableString PrintableString(SIZE (1..maxSize)),
+ universalString UniversalString(SIZE (1..maxSize)),
+ bmpString BMPString(SIZE (1..maxSize)),
+ uTF8String UTF8String(SIZE (1..maxSize))
+}
+
+-- Attribute types
+knowledgeInformation ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-knowledge-information}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ ID id-at-knowledgeInformation
+}
+
+name ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-name}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-name
+}
+
+commonName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-common-name}
+ ID id-at-commonName
+}
+
+surname ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-surname}
+ ID id-at-surname
+}
+
+givenName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-name}
+ ID id-at-givenName
+}
+
+initials ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-name}
+ ID id-at-initials
+}
+
+generationQualifier ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-name}
+ ID id-at-generationQualifier
+}
+
+uniqueIdentifier ATTRIBUTE ::= {
+ WITH SYNTAX UniqueIdentifier
+ EQUALITY MATCHING RULE bitStringMatch
+ ID id-at-uniqueIdentifier
+}
+
+UniqueIdentifier ::= BIT STRING
+
+dnQualifier ATTRIBUTE ::= {
+ WITH SYNTAX PrintableString
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ ORDERING MATCHING RULE caseIgnoreOrderingMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-dnQualifier
+}
+
+serialNumber ATTRIBUTE ::= {
+ WITH SYNTAX PrintableString(SIZE (1..ub-serial-number))
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-serialNumber
+}
+
+pseudonym ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-pseudonym}
+ ID id-at-pseudonym
+}
+
+countryName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX CountryName
+ SINGLE VALUE TRUE
+ ID id-at-countryName
+}
+
+CountryName ::= PrintableString(SIZE (2)) -- ISO 3166 codes only
+
+
+localityName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-locality-name}
+ ID id-at-localityName
+}
+
+collectiveLocalityName ATTRIBUTE ::= {
+ SUBTYPE OF localityName
+ COLLECTIVE TRUE
+ ID id-at-collectiveLocalityName
+}
+
+stateOrProvinceName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-state-name}
+ ID id-at-stateOrProvinceName
+}
+
+collectiveStateOrProvinceName ATTRIBUTE ::= {
+ SUBTYPE OF stateOrProvinceName
+ COLLECTIVE TRUE
+ ID id-at-collectiveStateOrProvinceName
+}
+
+streetAddress ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-street-address}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-streetAddress
+}
+
+collectiveStreetAddress ATTRIBUTE ::= {
+ SUBTYPE OF streetAddress
+ COLLECTIVE TRUE
+ ID id-at-collectiveStreetAddress
+}
+
+houseIdentifier ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-name}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-houseIdentifier
+}
+
+organizationName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-organization-name}
+ ID id-at-organizationName
+}
+
+collectiveOrganizationName ATTRIBUTE ::= {
+ SUBTYPE OF organizationName
+ COLLECTIVE TRUE
+ ID id-at-collectiveOrganizationName
+}
+
+organizationalUnitName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-organizational-unit-name}
+ ID id-at-organizationalUnitName
+}
+
+collectiveOrganizationalUnitName ATTRIBUTE ::= {
+ SUBTYPE OF organizationalUnitName
+ COLLECTIVE TRUE
+ ID id-at-collectiveOrganizationalUnitName
+}
+
+title ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-title}
+ ID id-at-title
+}
+
+description ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-description}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-description
+}
+
+searchGuide ATTRIBUTE ::= {WITH SYNTAX Guide
+ ID id-at-searchGuide
+}
+
+Guide ::= SET {
+ objectClass [0] OBJECT-CLASS.&id OPTIONAL,
+ criteria [1] Criteria
+}
+
+Criteria ::= CHOICE {
+ type [0] CriteriaItem,
+ and [1] SET OF Criteria,
+ or [2] SET OF Criteria,
+ not [3] Criteria
+}
+
+CriteriaItem ::= CHOICE {
+ equality [0] AttributeType,
+ substrings [1] AttributeType,
+ greaterOrEqual [2] AttributeType,
+ lessOrEqual [3] AttributeType,
+ approximateMatch [4] AttributeType
+}
+
+enhancedSearchGuide ATTRIBUTE ::= {
+ WITH SYNTAX EnhancedGuide
+ ID id-at-enhancedSearchGuide
+}
+
+EnhancedGuide ::= SEQUENCE {
+ objectClass [0] OBJECT-CLASS.&id,
+ criteria [1] Criteria,
+ subset
+ [2] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} DEFAULT oneLevel
+}
+
+businessCategory ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-business-category}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-businessCategory
+}
+
+postalAddress ATTRIBUTE ::= {
+ WITH SYNTAX PostalAddress
+ EQUALITY MATCHING RULE caseIgnoreListMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreListSubstringsMatch
+ ID id-at-postalAddress
+}
+
+PostalAddress ::=
+ SEQUENCE SIZE (1..ub-postal-line) OF DirectoryString{ub-postal-string}
+
+collectivePostalAddress ATTRIBUTE ::= {
+ SUBTYPE OF postalAddress
+ COLLECTIVE TRUE
+ ID id-at-collectivePostalAddress
+}
+
+postalCode ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-postal-code}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-postalCode
+}
+
+collectivePostalCode ATTRIBUTE ::= {
+ SUBTYPE OF postalCode
+ COLLECTIVE TRUE
+ ID id-at-collectivePostalCode
+}
+
+postOfficeBox ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-post-office-box}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-postOfficeBox
+}
+
+collectivePostOfficeBox ATTRIBUTE ::= {
+ SUBTYPE OF postOfficeBox
+ COLLECTIVE TRUE
+ ID id-at-collectivePostOfficeBox
+}
+
+physicalDeliveryOfficeName ATTRIBUTE ::= {
+ WITH SYNTAX DirectoryString {ub-physical-office-name}
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-physicalDeliveryOfficeName
+}
+
+collectivePhysicalDeliveryOfficeName ATTRIBUTE ::= {
+ SUBTYPE OF physicalDeliveryOfficeName
+ COLLECTIVE TRUE
+ ID id-at-collectivePhysicalDeliveryOfficeName
+}
+
+telephoneNumber ATTRIBUTE ::= {
+ WITH SYNTAX TelephoneNumber
+ EQUALITY MATCHING RULE telephoneNumberMatch
+ SUBSTRINGS MATCHING RULE telephoneNumberSubstringsMatch
+ ID id-at-telephoneNumber
+}
+
+TelephoneNumber ::= PrintableString(SIZE (1..ub-telephone-number))
+
+-- String complying with CCITT Rec. E.123 only
+collectiveTelephoneNumber ATTRIBUTE ::= {
+ SUBTYPE OF telephoneNumber
+ COLLECTIVE TRUE
+ ID id-at-collectiveTelephoneNumber
+}
+
+telexNumber ATTRIBUTE ::= {
+ WITH SYNTAX TelexNumber
+ ID id-at-telexNumber
+}
+
+TelexNumber ::= SEQUENCE {
+ telexNumber PrintableString(SIZE (1..ub-telex-number)),
+ countryCode PrintableString(SIZE (1..ub-country-code)),
+ answerback PrintableString(SIZE (1..ub-answerback))
+}
+
+collectiveTelexNumber ATTRIBUTE ::= {
+ SUBTYPE OF telexNumber
+ COLLECTIVE TRUE
+ ID id-at-collectiveTelexNumber
+}
+
+facsimileTelephoneNumber ATTRIBUTE ::= {
+ WITH SYNTAX FacsimileTelephoneNumber
+ EQUALITY MATCHING RULE facsimileNumberMatch
+ SUBSTRINGS MATCHING RULE facsimileNumberSubstringsMatch
+ ID id-at-facsimileTelephoneNumber
+}
+
+facsimileNumberMatch MATCHING-RULE ::= {
+ SYNTAX TelephoneNumber
+ ID id-mr-facsimileNumberMatch
+}
+
+facsimileNumberSubstringsMatch MATCHING-RULE ::= {
+ SYNTAX SubstringAssertion
+ ID id-mr-facsimileNumberSubstringsMatch
+}
+
+FacsimileTelephoneNumber ::= SEQUENCE {
+ telephoneNumber TelephoneNumber,
+ parameters G3FacsimileNonBasicParameters OPTIONAL
+}
+
+collectiveFacsimileTelephoneNumber ATTRIBUTE ::= {
+ SUBTYPE OF facsimileTelephoneNumber
+ COLLECTIVE TRUE
+ ID id-at-collectiveFacsimileTelephoneNumber
+}
+
+x121Address ATTRIBUTE ::= {
+ WITH SYNTAX X121Address
+ EQUALITY MATCHING RULE numericStringMatch
+ SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
+ ID id-at-x121Address
+}
+
+X121Address ::= NumericString(SIZE (1..ub-x121-address))
+
+-- String as defined by ITU-T Rec. X.121
+internationalISDNNumber ATTRIBUTE ::= {
+ WITH SYNTAX InternationalISDNNumber
+ EQUALITY MATCHING RULE numericStringMatch
+ SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
+ ID id-at-internationalISDNNumber
+}
+
+InternationalISDNNumber ::=
+ NumericString(SIZE (1..ub-international-isdn-number))
+
+-- String complying with ITU-T Rec. E.164 only
+collectiveInternationalISDNNumber ATTRIBUTE ::= {
+ SUBTYPE OF internationalISDNNumber
+ COLLECTIVE TRUE
+ ID id-at-collectiveInternationalISDNNumber
+}
+
+registeredAddress ATTRIBUTE ::= {
+ SUBTYPE OF postalAddress
+ WITH SYNTAX PostalAddress
+ ID id-at-registeredAddress
+}
+
+destinationIndicator ATTRIBUTE ::= {
+ WITH SYNTAX DestinationIndicator
+ EQUALITY MATCHING RULE caseIgnoreMatch
+ SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
+ ID id-at-destinationIndicator
+}
+
+DestinationIndicator ::= PrintableString(SIZE (1..ub-destination-indicator))
+
+communicationsService ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ ID id-at-communicationsService
+}
+
+communicationsNetwork ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ SINGLE VALUE TRUE
+ ID id-at-communicationsNetwork
+}
+
+-- alphabetical characters only
+preferredDeliveryMethod ATTRIBUTE ::= {
+ WITH SYNTAX PreferredDeliveryMethod
+ SINGLE VALUE TRUE
+ ID id-at-preferredDeliveryMethod
+}
+
+PreferredDeliveryMethod ::=
+ SEQUENCE OF
+ INTEGER {any-delivery-method(0), mhs-delivery(1), physical-delivery(2),
+ telex-delivery(3), teletex-delivery(4), g3-facsimile-delivery(5),
+ g4-facsimile-delivery(6), ia5-terminal-delivery(7),
+ videotex-delivery(8), telephone-delivery(9)}
+
+presentationAddress ATTRIBUTE ::= {
+ WITH SYNTAX PresentationAddress
+ EQUALITY MATCHING RULE presentationAddressMatch
+ SINGLE VALUE TRUE
+ ID id-at-presentationAddress
+}
+
+PresentationAddress ::= SEQUENCE {
+ pSelector [0] OCTET STRING OPTIONAL,
+ sSelector [1] OCTET STRING OPTIONAL,
+ tSelector [2] OCTET STRING OPTIONAL,
+ nAddresses [3] SET SIZE (1..MAX) OF OCTET STRING
+}
+
+supportedApplicationContext ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ ID id-at-supportedApplicationContext
+}
+
+protocolInformation ATTRIBUTE ::= {
+ WITH SYNTAX ProtocolInformation
+ EQUALITY MATCHING RULE protocolInformationMatch
+ ID id-at-protocolInformation
+}
+
+ProtocolInformation ::= SEQUENCE {
+ nAddress OCTET STRING,
+ profiles SET OF OBJECT IDENTIFIER
+}
+
+distinguishedName ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATCHING RULE distinguishedNameMatch
+ ID id-at-distinguishedName
+}
+
+member ATTRIBUTE ::= {SUBTYPE OF distinguishedName
+ ID id-at-member
+}
+
+uniqueMember ATTRIBUTE ::= {
+ WITH SYNTAX NameAndOptionalUID
+ EQUALITY MATCHING RULE uniqueMemberMatch
+ ID id-at-uniqueMember
+}
+
+NameAndOptionalUID ::= SEQUENCE {
+ dn DistinguishedName,
+ uid UniqueIdentifier OPTIONAL
+}
+
+owner ATTRIBUTE ::= {SUBTYPE OF distinguishedName
+ ID id-at-owner
+}
+
+roleOccupant ATTRIBUTE ::= {
+ SUBTYPE OF distinguishedName
+ ID id-at-roleOccupant
+}
+
+seeAlso ATTRIBUTE ::= {SUBTYPE OF distinguishedName
+ ID id-at-seeAlso
+}
+
+dmdName ATTRIBUTE ::= {
+ SUBTYPE OF name
+ WITH SYNTAX DirectoryString {ub-common-name}
+ ID id-at-dmdName
+}
+
+dSAProblem ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ ID id-not-dSAProblem
+}
+
+searchServiceProblem ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ SINGLE VALUE TRUE
+ ID id-not-searchServiceProblem
+}
+
+serviceType ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ SINGLE VALUE TRUE
+ ID id-not-serviceType
+}
+
+attributeTypeList ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ ID id-not-attributeTypeList
+}
+
+filterItem ATTRIBUTE ::= {
+ WITH SYNTAX FilterItem
+ ID id-not-filterItem
+}
+
+attributeCombinations ATTRIBUTE ::= {
+ WITH SYNTAX AttributeCombination
+ ID id-not-attributeCombinations
+}
+
+contextTypeList ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ ID id-not-contextTypeList
+}
+
+contextList ATTRIBUTE ::= {
+ WITH SYNTAX ContextAssertion
+ ID id-not-contextList
+}
+
+hierarchySelectList ATTRIBUTE ::= {
+ WITH SYNTAX HierarchySelections
+ SINGLE VALUE TRUE
+ ID id-not-hierarchySelectList
+}
+
+searchOptionsList ATTRIBUTE ::= {
+ WITH SYNTAX SearchControlOptions
+ SINGLE VALUE TRUE
+ ID id-not-searchOptionsList
+}
+
+serviceControlOptionsList ATTRIBUTE ::= {
+ WITH SYNTAX ServiceControlOptions
+ SINGLE VALUE TRUE
+ ID id-not-serviceControlOptionsList
+}
+
+multipleMatchingLocalities ATTRIBUTE ::= {
+ WITH SYNTAX MultipleMatchingLocalities
+ ID id-not-multipleMatchingLocalities
+}
+
+MultipleMatchingLocalities ::= SEQUENCE {
+ matchingRuleUsed MATCHING-RULE.&id OPTIONAL,
+ attributeList SEQUENCE OF AttributeValueAssertion
+}
+
+proposedRelaxation ATTRIBUTE ::= {
+ WITH SYNTAX SEQUENCE OF MRMapping
+ ID id-not-proposedRelaxation
+}
+
+appliedRelaxation ATTRIBUTE ::= {
+ WITH SYNTAX OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ ID id-not-appliedRelaxation
+}
+
+-- Matching rules
+caseIgnoreMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-match}
+ ID id-mr-caseIgnoreMatch
+}
+
+caseIgnoreOrderingMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-match}
+ ID id-mr-caseIgnoreOrderingMatch
+}
+
+caseIgnoreSubstringsMatch MATCHING-RULE ::= {
+ SYNTAX SubstringAssertion
+ ID id-mr-caseIgnoreSubstringsMatch
+}
+
+SubstringAssertion ::=
+ SEQUENCE OF
+ CHOICE {initial [0] DirectoryString{ub-match},
+ any [1] DirectoryString{ub-match},
+ final [2] DirectoryString{ub-match},
+ control Attribute
+ } -- Used to specify interpretation of the following items
+
+-- at most one initial and one final component
+caseExactMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-match}
+ ID id-mr-caseExactMatch
+}
+
+caseExactOrderingMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-match}
+ ID id-mr-caseExactOrderingMatch
+}
+
+caseExactSubstringsMatch MATCHING-RULE ::= {
+ SYNTAX SubstringAssertion -- only the PrintableString choice
+ ID id-mr-caseExactSubstringsMatch
+}
+
+numericStringMatch MATCHING-RULE ::= {
+ SYNTAX NumericString
+ ID id-mr-numericStringMatch
+}
+
+numericStringOrderingMatch MATCHING-RULE ::= {
+ SYNTAX NumericString
+ ID id-mr-numericStringOrderingMatch
+}
+
+numericStringSubstringsMatch MATCHING-RULE ::= {
+ SYNTAX SubstringAssertion
+ ID id-mr-numericStringSubstringsMatch
+}
+
+caseIgnoreListMatch MATCHING-RULE ::= {
+ SYNTAX CaseIgnoreListMatch
+ ID id-mr-caseIgnoreListMatch
+}
+
+CaseIgnoreListMatch ::= SEQUENCE OF DirectoryString{ub-match}
+
+caseIgnoreListSubstringsMatch MATCHING-RULE ::= {
+ SYNTAX SubstringAssertion
+ ID id-mr-caseIgnoreListSubstringsMatch
+}
+
+storedPrefixMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-match}
+ ID id-mr-storedPrefixMatch
+}
+
+booleanMatch MATCHING-RULE ::= {SYNTAX BOOLEAN
+ ID id-mr-booleanMatch
+}
+
+integerMatch MATCHING-RULE ::= {SYNTAX INTEGER
+ ID id-mr-integerMatch
+}
+
+integerOrderingMatch MATCHING-RULE ::= {
+ SYNTAX INTEGER
+ ID id-mr-integerOrderingMatch
+}
+
+bitStringMatch MATCHING-RULE ::= {
+ SYNTAX BIT STRING
+ ID id-mr-bitStringMatch
+}
+
+octetStringMatch MATCHING-RULE ::= {
+ SYNTAX OCTET STRING
+ ID id-mr-octetStringMatch
+}
+
+octetStringOrderingMatch MATCHING-RULE ::= {
+ SYNTAX OCTET STRING
+ ID id-mr-octetStringOrderingMatch
+}
+
+octetStringSubstringsMatch MATCHING-RULE ::= {
+ SYNTAX OctetSubstringAssertion
+ ID id-mr-octetStringSubstringsMatch
+}
+
+OctetSubstringAssertion ::=
+ SEQUENCE OF
+ CHOICE {initial [0] OCTET STRING,
+ any [1] OCTET STRING,
+ final [2] OCTET STRING}
+
+-- at most one initial and one final component
+telephoneNumberMatch MATCHING-RULE ::= {
+ SYNTAX TelephoneNumber
+ ID id-mr-telephoneNumberMatch
+}
+
+telephoneNumberSubstringsMatch MATCHING-RULE ::= {
+ SYNTAX SubstringAssertion
+ ID id-mr-telephoneNumberSubstringsMatch
+}
+
+presentationAddressMatch MATCHING-RULE ::= {
+ SYNTAX PresentationAddress
+ ID id-mr-presentationAddressMatch
+}
+
+uniqueMemberMatch MATCHING-RULE ::= {
+ SYNTAX NameAndOptionalUID
+ ID id-mr-uniqueMemberMatch
+}
+
+protocolInformationMatch MATCHING-RULE ::= {
+ SYNTAX OCTET STRING
+ ID id-mr-protocolInformationMatch
+}
+
+uTCTimeMatch MATCHING-RULE ::= {SYNTAX UTCTime
+ ID id-mr-uTCTimeMatch
+}
+
+uTCTimeOrderingMatch MATCHING-RULE ::= {
+ SYNTAX UTCTime
+ ID id-mr-uTCTimeOrderingMatch
+}
+
+generalizedTimeMatch MATCHING-RULE ::= {
+ SYNTAX GeneralizedTime
+ -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+ ID id-mr-generalizedTimeMatch
+}
+
+generalizedTimeOrderingMatch MATCHING-RULE ::= {
+ SYNTAX GeneralizedTime
+ -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+ ID id-mr-generalizedTimeOrderingMatch
+}
+
+integerFirstComponentMatch MATCHING-RULE ::= {
+ SYNTAX INTEGER
+ ID id-mr-integerFirstComponentMatch
+}
+
+objectIdentifierFirstComponentMatch MATCHING-RULE ::= {
+ SYNTAX OBJECT IDENTIFIER
+ ID id-mr-objectIdentifierFirstComponentMatch
+}
+
+directoryStringFirstComponentMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-directory-string-first-component-match}
+ ID id-mr-directoryStringFirstComponentMatch
+}
+
+wordMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-match}
+ ID id-mr-wordMatch
+}
+
+keywordMatch MATCHING-RULE ::= {
+ SYNTAX DirectoryString {ub-match}
+ ID id-mr-keywordMatch
+}
+
+systemProposedMatch MATCHING-RULE ::= {ID id-mr-systemProposedMatch
+}
+
+generalWordMatch MATCHING-RULE ::= {
+ SYNTAX SubstringAssertion
+ ID id-mr-generalWordMatch
+}
+
+sequenceMatchType ATTRIBUTE ::= {
+ WITH SYNTAX
+ ENUMERATED {sequenceExact(0), sequenceDeletion(1),
+ sequenceRestrictedDeletion(2), sequencePermutation(3),
+ sequencePermutationAndDeletion(4), sequenceProviderDefined(5)}
+ SINGLE VALUE TRUE
+ ID id-cat-sequenceMatchType
+} -- defaulting to sequenceExact,
+
+wordMatchTypes ATTRIBUTE ::= {
+ WITH SYNTAX
+ ENUMERATED {wordExact(0), wordTruncated(1), wordPhonetic(2),
+ wordProviderDefined(3)}
+ SINGLE VALUE TRUE
+ ID id-cat-wordMatchType
+} -- defaulting to wordExact
+
+characterMatchTypes ATTRIBUTE ::= {
+ WITH SYNTAX
+ ENUMERATED {characterExact(0), characterCaseIgnore(1), characterMapped(2)}
+ SINGLE VALUE TRUE
+ ID id-cat-characterMatchTypes
+}
+
+selectedContexts ATTRIBUTE ::= {
+ WITH SYNTAX ContextAssertion
+ ID id-cat-selectedContexts
+}
+
+approximateStringMatch MATCHING-RULE ::= {ID id-mr-approximateStringMatch
+}
+
+ignoreIfAbsentMatch MATCHING-RULE ::= {ID id-mr-ignoreIfAbsentMatch
+}
+
+nullMatch MATCHING-RULE ::= {ID id-mr-nullMatch
+}
+
+ZONAL-MATCHING ::=
+ MAPPING-BASED-MATCHING{ZonalSelect, TRUE, ZonalResult, zonalMatch.&id}
+
+ZonalSelect ::= SEQUENCE OF AttributeType
+
+ZonalResult ::= ENUMERATED {
+ cannot-select-mapping(0), zero-mappings(2), multiple-mappings(3)}
+
+zonalMatch MATCHING-RULE ::= {
+ UNIQUE-MATCH-INDICATOR multipleMatchingLocalities.&id
+ ID id-mr-zonalMatch
+}
+
+-- Contexts
+languageContext CONTEXT ::= {
+ WITH SYNTAX LanguageContextSyntax
+ ID id-avc-language
+}
+
+LanguageContextSyntax ::= PrintableString(SIZE (2..3)) -- ISO 639-2 codes only
+
+
+temporalContext CONTEXT ::= {
+ WITH SYNTAX TimeSpecification
+ ASSERTED AS TimeAssertion
+ ID id-avc-temporal
+}
+
+TimeSpecification ::= SEQUENCE {
+ time
+ CHOICE {absolute
+ SEQUENCE {startTime [0] GeneralizedTime OPTIONAL,
+ endTime [1] GeneralizedTime OPTIONAL},
+ periodic SET OF Period},
+ notThisTime BOOLEAN DEFAULT FALSE,
+ timeZone TimeZone OPTIONAL
+}
+
+Period ::= SEQUENCE {
+ timesOfDay [0] SET SIZE (1..MAX) OF DayTimeBand OPTIONAL,
+ days
+ [1] CHOICE {intDay SET OF INTEGER,
+ bitDay
+ BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3),
+ thursday(4), friday(5), saturday(6)},
+ dayOf XDayOf} OPTIONAL,
+ weeks
+ [2] CHOICE {allWeeks NULL,
+ intWeek SET OF INTEGER,
+ bitWeek
+ BIT STRING {week1(0), week2(1), week3(2), week4(3), week5(4)}
+ } OPTIONAL,
+ months
+ [3] CHOICE {allMonths NULL,
+ intMonth SET OF INTEGER,
+ bitMonth
+ BIT STRING {january(0), february(1), march(2), april(3),
+ may(4), june(5), july(6), august(7),
+ september(8), october(9), november(10),
+ december(11)}} OPTIONAL,
+ years [4] SET OF INTEGER(1000..MAX) OPTIONAL
+}
+
+XDayOf ::= CHOICE {
+ first [1] NamedDay,
+ second [2] NamedDay,
+ third [3] NamedDay,
+ fourth [4] NamedDay,
+ fifth [5] NamedDay
+}
+
+NamedDay ::= CHOICE {
+ intNamedDays
+ ENUMERATED {sunday(1), monday(2), tuesday(3), wednesday(4), thursday(5),
+ friday(6), saturday(7)},
+ bitNamedDays
+ BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4),
+ friday(5), saturday(6)}
+}
+
+DayTimeBand ::= SEQUENCE {
+ startDayTime [0] DayTime DEFAULT {hour 0},
+ endDayTime [1] DayTime DEFAULT {hour 23, minute 59, second 59}
+}
+
+DayTime ::= SEQUENCE {
+ hour [0] INTEGER(0..23),
+ minute [1] INTEGER(0..59) DEFAULT 0,
+ second [2] INTEGER(0..59) DEFAULT 0
+}
+
+TimeZone ::= INTEGER(-12..12)
+
+TimeAssertion ::= CHOICE {
+ now NULL,
+ at GeneralizedTime,
+ between
+ SEQUENCE {startTime [0] GeneralizedTime,
+ endTime [1] GeneralizedTime OPTIONAL,
+ entirely BOOLEAN DEFAULT FALSE}
+}
+
+localeContext CONTEXT ::= {
+ WITH SYNTAX LocaleContextSyntax
+ ID id-avc-locale
+}
+
+LocaleContextSyntax ::= CHOICE {
+ localeID1 OBJECT IDENTIFIER,
+ localeID2 DirectoryString{ub-localeContextSyntax}
+}
+
+-- Object identifier assignments -
+-- object identifiers assigned in other modules are shown in comments
+-- Attributes
+-- id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
+-- id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
+id-at-encryptedAliasedEntryName OBJECT IDENTIFIER ::=
+ {id-at 1 2}
+
+id-at-knowledgeInformation OBJECT IDENTIFIER ::= {id-at 2}
+
+id-at-commonName OBJECT IDENTIFIER ::= {id-at 3}
+
+id-at-encryptedCommonName OBJECT IDENTIFIER ::= {id-at 3 2}
+
+id-at-surname OBJECT IDENTIFIER ::= {id-at 4}
+
+id-at-encryptedSurname OBJECT IDENTIFIER ::= {id-at 4 2}
+
+id-at-serialNumber OBJECT IDENTIFIER ::= {id-at 5}
+
+id-at-encryptedSerialNumber OBJECT IDENTIFIER ::= {id-at 5 2}
+
+id-at-countryName OBJECT IDENTIFIER ::= {id-at 6}
+
+id-at-encryptedCountryName OBJECT IDENTIFIER ::= {id-at 6 2}
+
+id-at-localityName OBJECT IDENTIFIER ::= {id-at 7}
+
+id-at-encryptedLocalityName OBJECT IDENTIFIER ::= {id-at 7 2}
+
+id-at-collectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1}
+
+id-at-encryptedCollectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1 2}
+
+id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8}
+
+id-at-encryptedStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 2}
+
+id-at-collectiveStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 1}
+
+id-at-encryptedCollectiveStateOrProvinceName OBJECT IDENTIFIER ::=
+ {id-at 8 1 2}
+
+id-at-streetAddress OBJECT IDENTIFIER ::= {id-at 9}
+
+id-at-encryptedStreetAddress OBJECT IDENTIFIER ::= {id-at 9 2}
+
+id-at-collectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1}
+
+id-at-encryptedCollectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1 2}
+
+id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10}
+
+id-at-encryptedOrganizationName OBJECT IDENTIFIER ::= {id-at 10 2}
+
+id-at-collectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1}
+
+id-at-encryptedCollectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1 2}
+
+id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11}
+
+id-at-encryptedOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 2}
+
+id-at-collectiveOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 1}
+
+id-at-encryptedCollectiveOrganizationalUnitName OBJECT IDENTIFIER ::=
+ {id-at 11 1 2}
+
+id-at-title OBJECT IDENTIFIER ::= {id-at 12}
+
+id-at-encryptedTitle OBJECT IDENTIFIER ::= {id-at 12 2}
+
+id-at-description OBJECT IDENTIFIER ::= {id-at 13}
+
+id-at-encryptedDescription OBJECT IDENTIFIER ::= {id-at 13 2}
+
+id-at-searchGuide OBJECT IDENTIFIER ::= {id-at 14}
+
+id-at-encryptedSearchGuide OBJECT IDENTIFIER ::= {id-at 14 2}
+
+id-at-businessCategory OBJECT IDENTIFIER ::= {id-at 15}
+
+id-at-encryptedBusinessCategory OBJECT IDENTIFIER ::= {id-at 15 2}
+
+id-at-postalAddress OBJECT IDENTIFIER ::= {id-at 16}
+
+id-at-encryptedPostalAddress OBJECT IDENTIFIER ::= {id-at 16 2}
+
+id-at-collectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1}
+
+id-at-encryptedCollectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1 2}
+
+id-at-postalCode OBJECT IDENTIFIER ::= {id-at 17}
+
+id-at-encryptedPostalCode OBJECT IDENTIFIER ::= {id-at 17 2}
+
+id-at-collectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1}
+
+id-at-encryptedCollectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1 2}
+
+id-at-postOfficeBox OBJECT IDENTIFIER ::= {id-at 18}
+
+id-at-encryptedPostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 2}
+
+id-at-collectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1}
+
+id-at-encryptedCollectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1 2}
+
+id-at-physicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19}
+
+id-at-encryptedPhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 2}
+
+id-at-collectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 1}
+
+id-at-encryptedCollectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::=
+ {id-at 19 1 2}
+
+id-at-telephoneNumber OBJECT IDENTIFIER ::= {id-at 20}
+
+id-at-encryptedTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 2}
+
+id-at-collectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1}
+
+id-at-encryptedCollectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1 2}
+
+id-at-telexNumber OBJECT IDENTIFIER ::= {id-at 21}
+
+id-at-encryptedTelexNumber OBJECT IDENTIFIER ::= {id-at 21 2}
+
+id-at-collectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1}
+
+id-at-encryptedCollectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1 2}
+
+-- id-at-teletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22}
+-- id-at-encryptedTeletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22 2}
+-- id-at-collectiveTeletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22 1}
+-- id-at-encryptedCollectiveTeletexTerminalIdentifier
+-- OBJECT IDENTIFIER ::= {id-at 22 1 2}
+id-at-facsimileTelephoneNumber OBJECT IDENTIFIER ::=
+ {id-at 23}
+
+id-at-encryptedFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 2}
+
+id-at-collectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 1}
+
+id-at-encryptedCollectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::=
+ {id-at 23 1 2}
+
+id-at-x121Address OBJECT IDENTIFIER ::= {id-at 24}
+
+id-at-encryptedX121Address OBJECT IDENTIFIER ::= {id-at 24 2}
+
+id-at-internationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25}
+
+id-at-encryptedInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 2}
+
+id-at-collectiveInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 1}
+
+id-at-encryptedCollectiveInternationalISDNNumber OBJECT IDENTIFIER ::=
+ {id-at 25 1 2}
+
+id-at-registeredAddress OBJECT IDENTIFIER ::= {id-at 26}
+
+id-at-encryptedRegisteredAddress OBJECT IDENTIFIER ::= {id-at 26 2}
+
+id-at-destinationIndicator OBJECT IDENTIFIER ::= {id-at 27}
+
+id-at-encryptedDestinationIndicator OBJECT IDENTIFIER ::= {id-at 27 2}
+
+id-at-preferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28}
+
+id-at-encryptedPreferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28 2}
+
+id-at-presentationAddress OBJECT IDENTIFIER ::= {id-at 29}
+
+id-at-encryptedPresentationAddress OBJECT IDENTIFIER ::= {id-at 29 2}
+
+id-at-supportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30}
+
+id-at-encryptedSupportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30 2}
+
+id-at-member OBJECT IDENTIFIER ::= {id-at 31}
+
+id-at-encryptedMember OBJECT IDENTIFIER ::= {id-at 31 2}
+
+id-at-owner OBJECT IDENTIFIER ::= {id-at 32}
+
+id-at-encryptedOwner OBJECT IDENTIFIER ::= {id-at 32 2}
+
+id-at-roleOccupant OBJECT IDENTIFIER ::= {id-at 33}
+
+id-at-encryptedRoleOccupant OBJECT IDENTIFIER ::= {id-at 33 2}
+
+id-at-seeAlso OBJECT IDENTIFIER ::= {id-at 34}
+
+id-at-encryptedSeeAlso OBJECT IDENTIFIER ::= {id-at 34 2}
+
+-- id-at-userPassword OBJECT IDENTIFIER ::= {id-at 35}
+id-at-encryptedUserPassword OBJECT IDENTIFIER ::=
+ {id-at 35 2}
+
+-- id-at-userCertificate OBJECT IDENTIFIER ::= {id-at 36}
+id-at-encryptedUserCertificate OBJECT IDENTIFIER ::=
+ {id-at 36 2}
+
+-- id-at-cACertificate OBJECT IDENTIFIER ::= {id-at 37}
+id-at-encryptedCACertificate OBJECT IDENTIFIER ::=
+ {id-at 37 2}
+
+-- id-at-authorityRevocationList OBJECT IDENTIFIER ::= {id-at 38}
+id-at-encryptedAuthorityRevocationList OBJECT IDENTIFIER ::=
+ {id-at 38 2}
+
+-- id-at-certificateRevocationList OBJECT IDENTIFIER ::= {id-at 39}
+id-at-encryptedCertificateRevocationList OBJECT IDENTIFIER ::=
+ {id-at 39 2}
+
+-- id-at-crossCertificatePair OBJECT IDENTIFIER ::= {id-at 40}
+id-at-encryptedCrossCertificatePair OBJECT IDENTIFIER ::=
+ {id-at 40 2}
+
+id-at-name OBJECT IDENTIFIER ::= {id-at 41}
+
+id-at-givenName OBJECT IDENTIFIER ::= {id-at 42}
+
+id-at-encryptedGivenName OBJECT IDENTIFIER ::= {id-at 42 2}
+
+id-at-initials OBJECT IDENTIFIER ::= {id-at 43}
+
+id-at-encryptedInitials OBJECT IDENTIFIER ::= {id-at 43 2}
+
+id-at-generationQualifier OBJECT IDENTIFIER ::= {id-at 44}
+
+id-at-encryptedGenerationQualifier OBJECT IDENTIFIER ::= {id-at 44 2}
+
+id-at-uniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45}
+
+id-at-encryptedUniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45 2}
+
+id-at-dnQualifier OBJECT IDENTIFIER ::= {id-at 46}
+
+id-at-encryptedDnQualifier OBJECT IDENTIFIER ::= {id-at 46 2}
+
+id-at-enhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47}
+
+id-at-encryptedEnhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47 2}
+
+id-at-protocolInformation OBJECT IDENTIFIER ::= {id-at 48}
+
+id-at-encryptedProtocolInformation OBJECT IDENTIFIER ::= {id-at 48 2}
+
+id-at-distinguishedName OBJECT IDENTIFIER ::= {id-at 49}
+
+id-at-encryptedDistinguishedName OBJECT IDENTIFIER ::= {id-at 49 2}
+
+id-at-uniqueMember OBJECT IDENTIFIER ::= {id-at 50}
+
+id-at-encryptedUniqueMember OBJECT IDENTIFIER ::= {id-at 50 2}
+
+id-at-houseIdentifier OBJECT IDENTIFIER ::= {id-at 51}
+
+id-at-encryptedHouseIdentifier OBJECT IDENTIFIER ::= {id-at 51 2}
+
+--id-at-supportedAlgorithms OBJECT IDENTIFIER ::= {id-at 52}
+id-at-encryptedSupportedAlgorithms OBJECT IDENTIFIER ::=
+ {id-at 52 2}
+
+--id-at-deltaRevocationList OBJECT IDENTIFIER ::= {id-at 53}
+id-at-encryptedDeltaRevocationList OBJECT IDENTIFIER ::=
+ {id-at 53 2}
+
+id-at-dmdName OBJECT IDENTIFIER ::= {id-at 54}
+
+id-at-encryptedDmdName OBJECT IDENTIFIER ::= {id-at 54 2}
+
+-- id-at-clearance OBJECT IDENTIFIER ::= {id-at 55}
+id-at-encryptedClearance OBJECT IDENTIFIER ::=
+ {id-at 55 2}
+
+-- id-at-defaultDirQop OBJECT IDENTIFIER ::= {id-at 56}
+id-at-encryptedDefaultDirQop OBJECT IDENTIFIER ::=
+ {id-at 56 2}
+
+-- id-at-attributeIntegrityInfo OBJECT IDENTIFIER ::= {id-at 57}
+id-at-encryptedAttributeIntegrityInfo OBJECT IDENTIFIER ::=
+ {id-at 57 2}
+
+--id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+id-at-encryptedAttributeCertificate OBJECT IDENTIFIER ::=
+ {id-at 58 2}
+
+-- id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+id-at-encryptedAttributeCertificateRevocationList OBJECT IDENTIFIER ::=
+ {id-at 59 2}
+
+-- id-at-confKeyInfo OBJECT IDENTIFIER ::= {id-at 60}
+id-at-encryptedConfKeyInfo OBJECT IDENTIFIER ::=
+ {id-at 60 2}
+
+-- id-at-family-information OBJECT IDENTIFIER {id-at 64}
+id-at-pseudonym OBJECT IDENTIFIER ::=
+ {id-at 65}
+
+id-at-communicationsService OBJECT IDENTIFIER ::= {id-at 66}
+
+id-at-communicationsNetwork OBJECT IDENTIFIER ::= {id-at 67}
+
+-- Matching rules
+-- id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
+-- id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
+id-mr-caseIgnoreMatch OBJECT IDENTIFIER ::=
+ {id-mr 2}
+
+id-mr-caseIgnoreOrderingMatch OBJECT IDENTIFIER ::= {id-mr 3}
+
+id-mr-caseIgnoreSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 4}
+
+id-mr-caseExactMatch OBJECT IDENTIFIER ::= {id-mr 5}
+
+id-mr-caseExactOrderingMatch OBJECT IDENTIFIER ::= {id-mr 6}
+
+id-mr-caseExactSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 7}
+
+id-mr-numericStringMatch OBJECT IDENTIFIER ::= {id-mr 8}
+
+id-mr-numericStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 9}
+
+id-mr-numericStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 10}
+
+id-mr-caseIgnoreListMatch OBJECT IDENTIFIER ::= {id-mr 11}
+
+id-mr-caseIgnoreListSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 12}
+
+id-mr-booleanMatch OBJECT IDENTIFIER ::= {id-mr 13}
+
+id-mr-integerMatch OBJECT IDENTIFIER ::= {id-mr 14}
+
+id-mr-integerOrderingMatch OBJECT IDENTIFIER ::= {id-mr 15}
+
+id-mr-bitStringMatch OBJECT IDENTIFIER ::= {id-mr 16}
+
+id-mr-octetStringMatch OBJECT IDENTIFIER ::= {id-mr 17}
+
+id-mr-octetStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 18}
+
+id-mr-octetStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 19}
+
+id-mr-telephoneNumberMatch OBJECT IDENTIFIER ::= {id-mr 20}
+
+id-mr-telephoneNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 21}
+
+id-mr-presentationAddressMatch OBJECT IDENTIFIER ::= {id-mr 22}
+
+id-mr-uniqueMemberMatch OBJECT IDENTIFIER ::= {id-mr 23}
+
+id-mr-protocolInformationMatch OBJECT IDENTIFIER ::= {id-mr 24}
+
+id-mr-uTCTimeMatch OBJECT IDENTIFIER ::= {id-mr 25}
+
+id-mr-uTCTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 26}
+
+id-mr-generalizedTimeMatch OBJECT IDENTIFIER ::= {id-mr 27}
+
+id-mr-generalizedTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 28}
+
+id-mr-integerFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 29}
+
+id-mr-objectIdentifierFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 30}
+
+id-mr-directoryStringFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 31}
+
+id-mr-wordMatch OBJECT IDENTIFIER ::= {id-mr 32}
+
+id-mr-keywordMatch OBJECT IDENTIFIER ::= {id-mr 33}
+
+-- id-mr-certificateExactMatch OBJECT IDENTIFIER ::= {id-mr 34}
+-- id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35}
+-- id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36}
+-- id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37}
+-- id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38}
+-- id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39}
+-- id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40}
+id-mr-storedPrefixMatch OBJECT IDENTIFIER ::=
+ {id-mr 41}
+
+-- id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+-- id-mr-readerAndKeyIDMatch OBJECT IDENTIFIER ::= {id-mr 43}
+--id-mr-attributeIntegrityMatch OBJECT IDENTIFIER ::= {id-mr 44}
+id-mr-systemProposedMatch OBJECT IDENTIFIER ::=
+ {id-mr 47}
+
+id-mr-generalWordMatch OBJECT IDENTIFIER ::= {id-mr 48}
+
+id-mr-approximateStringMatch OBJECT IDENTIFIER ::= {id-mr 49}
+
+id-mr-ignoreIfAbsentMatch OBJECT IDENTIFIER ::= {id-mr 50}
+
+id-mr-nullMatch OBJECT IDENTIFIER ::= {id-mr 51}
+
+id-mr-zonalMatch OBJECT IDENTIFIER ::= {id-mr 52}
+
+id-mr-facsimileNumberMatch OBJECT IDENTIFIER ::= {id-mr 63}
+
+id-mr-facsimileNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 64}
+
+-- contexts
+id-avc-language OBJECT IDENTIFIER ::= {id-avc 0}
+
+id-avc-temporal OBJECT IDENTIFIER ::= {id-avc 1}
+
+id-avc-locale OBJECT IDENTIFIER ::= {id-avc 2}
+
+--id-avc-attributeValueSecurityLabelContext OBJECT IDENTIFIER ::= {id-avc 3}
+--id-avc-attributeValueIntegrityInfoContext OBJECT IDENTIFIER ::= {id-avc 4}
+-- Problem definitions
+id-pr-targetDsaUnavailable OBJECT IDENTIFIER ::=
+ {id-pr 1}
+
+id-pr-dataSourceUnavailable OBJECT IDENTIFIER ::= {id-pr 2}
+
+id-pr-unidentifiedOperation OBJECT IDENTIFIER ::= {id-pr 3}
+
+id-pr-unavailableOperation OBJECT IDENTIFIER ::= {id-pr 4}
+
+id-pr-searchAttributeViolation OBJECT IDENTIFIER ::= {id-pr 5}
+
+id-pr-searchAttributeCombinationViolation OBJECT IDENTIFIER ::= {id-pr 6}
+
+id-pr-searchValueNotAllowed OBJECT IDENTIFIER ::= {id-pr 7}
+
+id-pr-missingSearchAttribute OBJECT IDENTIFIER ::= {id-pr 8}
+
+id-pr-searchValueViolation OBJECT IDENTIFIER ::= {id-pr 9}
+
+id-pr-attributeNegationViolation OBJECT IDENTIFIER ::= {id-pr 10}
+
+id-pr-searchValueRequired OBJECT IDENTIFIER ::= {id-pr 11}
+
+id-pr-invalidSearchValue OBJECT IDENTIFIER ::= {id-pr 12}
+
+id-pr-searchContextViolation OBJECT IDENTIFIER ::= {id-pr 13}
+
+id-pr-searchContextCombinationViolation OBJECT IDENTIFIER ::= {id-pr 14}
+
+id-pr-missingSearchContext OBJECT IDENTIFIER ::= {id-pr 15}
+
+id-pr-searchContextValueViolation OBJECT IDENTIFIER ::= {id-pr 16}
+
+id-pr-searchContextValueRequired OBJECT IDENTIFIER ::= {id-pr 17}
+
+id-pr-invalidContextSearchValue OBJECT IDENTIFIER ::= {id-pr 18}
+
+id-pr-unsupportedMatchingRule OBJECT IDENTIFIER ::= {id-pr 19}
+
+id-pr-attributeMatchingViolation OBJECT IDENTIFIER ::= {id-pr 20}
+
+id-pr-unsupportedMatchingUse OBJECT IDENTIFIER ::= {id-pr 21}
+
+id-pr-matchingUseViolation OBJECT IDENTIFIER ::= {id-pr 22}
+
+id-pr-hierarchySelectForbidden OBJECT IDENTIFIER ::= {id-pr 23}
+
+id-pr-invalidHierarchySelect OBJECT IDENTIFIER ::= {id-pr 24}
+
+id-pr-unavailableHierarchySelect OBJECT IDENTIFIER ::= {id-pr 25}
+
+id-pr-invalidSearchOptions OBJECT IDENTIFIER ::= {id-pr 26}
+
+id-pr-missingSearchOptions OBJECT IDENTIFIER ::= {id-pr 27}
+
+id-pr-invalidServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 28}
+
+id-pr-missingServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 29}
+
+id-pr-searchSubsetViolation OBJECT IDENTIFIER ::= {id-pr 30}
+
+id-pr-unmatchedKeyAttributes OBJECT IDENTIFIER ::= {id-pr 31}
+
+id-pr-ambiguousKeyAttributes OBJECT IDENTIFIER ::= {id-pr 32}
+
+-- Notification attributes
+id-not-dSAProblem OBJECT IDENTIFIER ::= {id-not 0}
+
+id-not-searchServiceProblem OBJECT IDENTIFIER ::= {id-not 1}
+
+id-not-serviceType OBJECT IDENTIFIER ::= {id-not 2}
+
+id-not-attributeTypeList OBJECT IDENTIFIER ::= {id-not 3}
+
+id-not-matchingRuleList OBJECT IDENTIFIER ::= {id-not 4}
+
+id-not-filterItem OBJECT IDENTIFIER ::= {id-not 5}
+
+id-not-attributeCombinations OBJECT IDENTIFIER ::= {id-not 6}
+
+id-not-contextTypeList OBJECT IDENTIFIER ::= {id-not 7}
+
+id-not-contextList OBJECT IDENTIFIER ::= {id-not 8}
+
+id-not-contextCombinations OBJECT IDENTIFIER ::= {id-not 9}
+
+id-not-hierarchySelectList OBJECT IDENTIFIER ::= {id-not 10}
+
+id-not-searchOptionsList OBJECT IDENTIFIER ::= {id-not 11}
+
+id-not-serviceControlOptionsList OBJECT IDENTIFIER ::= {id-not 12}
+
+id-not-multipleMatchingLocalities OBJECT IDENTIFIER ::= {id-not 13}
+
+id-not-proposedRelaxation OBJECT IDENTIFIER ::= {id-not 14}
+
+id-not-appliedRelaxation OBJECT IDENTIFIER ::= {id-not 15}
+
+id-not-substringRequirements OBJECT IDENTIFIER ::= {id-not 16}
+
+-- Control attributes
+id-cat-sequenceMatchType OBJECT IDENTIFIER ::=
+ {id-cat 1}
+
+id-cat-wordMatchType OBJECT IDENTIFIER ::= {id-cat 2}
+
+id-cat-characterMatchTypes OBJECT IDENTIFIER ::= {id-cat 3}
+
+id-cat-selectedContexts OBJECT IDENTIFIER ::= {id-cat 4}
+
+END -- SelectedAttributeTypes
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/acse/acse.go b/acse/acse.go
new file mode 100644
index 0000000..8429b83
--- /dev/null
+++ b/acse/acse.go
@@ -0,0 +1,65 @@
+package acse
+
+// 2.2.0.0.1
+
+type ObjectIdentifier []int // asn1.ObjectIdentifier
+
+// A-ASSOCIATE Request
+// Application Constructed implicit 0
+type AARQ struct {
+ ProtocolVersion Version // 0 implicit BitString
+ ApplicationContextName ObjectIdentifier // 1
+ UserInformation interface{} // 30 implicit
+}
+
+type Version byte
+
+const (
+ Version1 Version = iota
+)
+
+// A-ASSOCIATE Result (Result == 0)
+// A-REJECT (Result == 1)
+// Application Constructed implicit 1
+type AARE struct {
+ ProtocolVersion Version // 0 implicit BitString
+ ApplicationContextName ObjectIdentifier // 1
+ Result Result // 2
+ ResultSourceDiagnostic AcseServiceUser // 3
+ UserInformation interface{} // 30 implicit
+}
+
+type Result int
+
+const (
+ Accepted Result = iota
+ RejectedPermanent
+)
+
+type AcseServiceUser int
+
+const (
+ Null AcseServiceUser = iota
+ NoReasonGiven
+)
+
+// A-RELEASE Request
+// Application Constructed implicit 2
+type RLRQ struct{}
+
+// A-RELEASE Result
+// Application Constructed implicit 3
+type RLRE struct{}
+
+// A-ABORT
+// Application Constructed implicit 4
+type ABRT struct {
+ AbortSource AbortSource // 0 implicit
+}
+
+type AbortSource int
+
+const (
+ ServiceUser AbortSource = iota
+ ServiceProvider
+)