From dd10ccee1e3721329cb04b67ebf94e745d37481c Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 29 Oct 2015 22:22:17 +0100 Subject: Fix naming, remove include --- asn1include/BasicAccessControl.asn1 | 191 ++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 asn1include/BasicAccessControl.asn1 (limited to 'asn1include/BasicAccessControl.asn1') diff --git a/asn1include/BasicAccessControl.asn1 b/asn1include/BasicAccessControl.asn1 new file mode 100644 index 0000000..9877227 --- /dev/null +++ b/asn1include/BasicAccessControl.asn1 @@ -0,0 +1,191 @@ +-- Module BasicAccessControl (X.501:02/2001) +BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4} +DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 + directoryAbstractService, id-aca, id-acScheme, informationFramework, + selectedAttributeTypes, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE, + objectIdentifierMatch, Refinement, SubtreeSpecification, + SupportedAttributes + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 + Filter + FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 4} + -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 + DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID, + UniqueIdentifier + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + ub-tag + FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}; + +-- types +ACIItem ::= SEQUENCE { + identificationTag DirectoryString{ub-tag}, + precedence Precedence, + authenticationLevel AuthenticationLevel, + itemOrUserFirst + CHOICE {itemFirst + [0] SEQUENCE {protectedItems ProtectedItems, + itemPermissions SET OF ItemPermission}, + userFirst + [1] SEQUENCE {userClasses UserClasses, + userPermissions SET OF UserPermission}} +} + +Precedence ::= INTEGER(0..255) + +ProtectedItems ::= SEQUENCE { + entry [0] NULL OPTIONAL, + allUserAttributeTypes [1] NULL OPTIONAL, + attributeType + [2] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + allAttributeValues + [3] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + allUserAttributeTypesAndValues [4] NULL OPTIONAL, + attributeValue + [5] SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL, + selfValue + [6] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + rangeOfValues [7] Filter OPTIONAL, + maxValueCount + [8] SET SIZE (1..MAX) OF MaxValueCount OPTIONAL, + maxImmSub [9] INTEGER OPTIONAL, + restrictedBy + [10] SET SIZE (1..MAX) OF RestrictedValue OPTIONAL, + contexts + [11] SET SIZE (1..MAX) OF ContextAssertion OPTIONAL, + classes [12] Refinement OPTIONAL +} + +MaxValueCount ::= SEQUENCE {type AttributeType, + maxCount INTEGER +} + +RestrictedValue ::= SEQUENCE {type AttributeType, + valuesIn AttributeType +} + +UserClasses ::= SEQUENCE { + allUsers [0] NULL OPTIONAL, + thisEntry [1] NULL OPTIONAL, + name [2] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, + userGroup [3] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, + -- dn component shall be the name of an + -- entry of GroupOfUniqueNames + subtree [4] SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL +} + +ItemPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + userClasses UserClasses, + grantsAndDenials GrantsAndDenials +} + +UserPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + protectedItems ProtectedItems, + grantsAndDenials GrantsAndDenials +} + +AuthenticationLevel ::= CHOICE { + basicLevels + SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)}, + localQualifier INTEGER OPTIONAL, + signed BOOLEAN DEFAULT FALSE}, + other EXTERNAL +} + +GrantsAndDenials ::= BIT STRING { + -- permissions that may be used in conjunction + -- with any component of ProtectedItems + grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3), + grantRead(4), denyRead(5), grantRemove(6), + denyRemove(7), + -- permissions that may be used only in conjunction + -- with the entry component + grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11), + grantImport(12), denyImport(13), grantModify(14), denyModify(15), + grantRename(16), denyRename(17), grantReturnDN(18), + denyReturnDN(19), + -- permissions that may be used in conjunction + -- with any component, except entry, of ProtectedItems + grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23), + grantInvoke(24), denyInvoke(25)} + +AttributeTypeAndValue ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + value ATTRIBUTE.&Type({SupportedAttributes}{@type}) +} + +-- attributes +accessControlScheme ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + USAGE directoryOperation + ID id-aca-accessControlScheme +} + +prescriptiveACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-prescriptiveACI +} + +entryACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-entryACI +} + +subentryACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-subentryACI +} + +-- object identifier assignments +-- attributes +id-aca-accessControlScheme OBJECT IDENTIFIER ::= + {id-aca 1} + +id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4} + +id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5} + +id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6} + +-- access control schemes - +basicAccessControlScheme OBJECT IDENTIFIER ::= + {id-acScheme 1} + +simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2} + +rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3} + +rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4} + +rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5} + +END -- BasicAccessControl + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + -- cgit v1.2.3