-- Module InformationFramework (X.501:02/2001) InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 4} DEFINITIONS ::= BEGIN -- EXPORTS All - -- The types and values defined in this module are exported for use in the other ASN.1 modules contained -- within the Directory Specifications, and for the use of other applications which will use them to access -- Directory services. Other applications may use them for their own purposes, but this will not constrain -- extensions and modifications needed to maintain or improve the Directory service. IMPORTS -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 directoryAbstractService, id-ar, id-at, id-mr, id-nf, id-oa, id-oc, id-sc, selectedAttributeTypes, serviceAdministration, upperBounds FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 4} SearchRule FROM ServiceAdministration {joint-iso-itu-t ds(5) module(1) serviceAdministration(33) 4} -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 TypeAndContextAssertion FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) directoryAbstractService(2) 4} -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 booleanMatch, commonName, DirectoryString{}, generalizedTimeMatch, generalizedTimeOrderingMatch, integerFirstComponentMatch, integerMatch, integerOrderingMatch, objectIdentifierFirstComponentMatch FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 4} ub-search FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}; -- attribute data types Attribute ::= SEQUENCE { type ATTRIBUTE.&id({SupportedAttributes}), values SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}), valuesWithContext SET SIZE (1..MAX) OF SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}), contextList SET SIZE (1..MAX) OF Context} OPTIONAL } AttributeType ::= ATTRIBUTE.&id AttributeValue ::= ATTRIBUTE.&Type Context ::= SEQUENCE { contextType CONTEXT.&id({SupportedContexts}), contextValues SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}), fallback BOOLEAN DEFAULT FALSE } AttributeValueAssertion ::= SEQUENCE { type ATTRIBUTE.&id({SupportedAttributes}), assertion ATTRIBUTE.&equality-match.&AssertionType({SupportedAttributes}{@type}), assertedContexts CHOICE {allContexts [0] NULL, selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion } OPTIONAL } ContextAssertion ::= SEQUENCE { contextType CONTEXT.&id({SupportedContexts}), contextValues SET SIZE (1..MAX) OF CONTEXT.&Assertion({SupportedContexts}{@contextType}) } AttributeTypeAssertion ::= SEQUENCE { type ATTRIBUTE.&id({SupportedAttributes}), assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL } -- Definition of the following information object set is deferred, perhaps to standardized -- profiles or to protocol implementation conformance statements. The set is required to -- specify a table constraint on the values component of Attribute, the value component -- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion. SupportedAttributes ATTRIBUTE ::= {objectClass | aliasedEntryName, ...} -- Definition of the following information object set is deferred, perhaps to standardized -- profiles or to protocol implementation conformance statements. The set is required to -- specify a table constraint on the context specifications SupportedContexts CONTEXT ::= {...} -- naming data types Name ::= CHOICE { -- only one possibility for now --rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName DistinguishedName ::= RDNSequence RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue AttributeTypeAndDistinguishedValue ::= SEQUENCE { type ATTRIBUTE.&id({SupportedAttributes}), value ATTRIBUTE.&Type({SupportedAttributes}{@type}), primaryDistinguished BOOLEAN DEFAULT TRUE, valuesWithContext SET SIZE (1..MAX) OF SEQUENCE {distingAttrValue [0] ATTRIBUTE.&Type({SupportedAttributes}{@type}) OPTIONAL, contextList SET SIZE (1..MAX) OF Context} OPTIONAL } -- subtree data types SubtreeSpecification ::= SEQUENCE { base [0] LocalName DEFAULT {}, COMPONENTS OF ChopSpecification, specificationFilter [4] Refinement OPTIONAL } -- empty sequence specifies whole administrative area LocalName ::= RDNSequence ChopSpecification ::= SEQUENCE { specificExclusions [1] SET SIZE (1..MAX) OF CHOICE {chopBefore [0] LocalName, chopAfter [1] LocalName} OPTIONAL, minimum [2] BaseDistance DEFAULT 0, maximum [3] BaseDistance OPTIONAL } BaseDistance ::= INTEGER(0..MAX) Refinement ::= CHOICE { item [0] OBJECT-CLASS.&id, and [1] SET OF Refinement, or [2] SET OF Refinement, not [3] Refinement } -- OBJECT-CLASS information object class specification OBJECT-CLASS ::= CLASS { &Superclasses OBJECT-CLASS OPTIONAL, &kind ObjectClassKind DEFAULT structural, &MandatoryAttributes ATTRIBUTE OPTIONAL, &OptionalAttributes ATTRIBUTE OPTIONAL, &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { [SUBCLASS OF &Superclasses] [KIND &kind] [MUST CONTAIN &MandatoryAttributes] [MAY CONTAIN &OptionalAttributes] ID &id } ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)} -- object classes top OBJECT-CLASS ::= { KIND abstract MUST CONTAIN {objectClass} ID id-oc-top } alias OBJECT-CLASS ::= { SUBCLASS OF {top} MUST CONTAIN {aliasedEntryName} ID id-oc-alias } parent OBJECT-CLASS ::= {KIND abstract ID id-oc-parent } child OBJECT-CLASS ::= {KIND auxiliary ID id-oc-child } -- ATTRIBUTE information object class specification ATTRIBUTE ::= CLASS { &derivation ATTRIBUTE OPTIONAL, &Type OPTIONAL, -- either &Type or &derivation required &equality-match MATCHING-RULE OPTIONAL, &ordering-match MATCHING-RULE OPTIONAL, &substrings-match MATCHING-RULE OPTIONAL, &single-valued BOOLEAN DEFAULT FALSE, &collective BOOLEAN DEFAULT FALSE, -- operational extensions &no-user-modification BOOLEAN DEFAULT FALSE, &usage AttributeUsage DEFAULT userApplications, &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { [SUBTYPE OF &derivation] [WITH SYNTAX &Type] [EQUALITY MATCHING RULE &equality-match] [ORDERING MATCHING RULE &ordering-match] [SUBSTRINGS MATCHING RULE &substrings-match] [SINGLE VALUE &single-valued] [COLLECTIVE &collective] [NO USER MODIFICATION &no-user-modification] [USAGE &usage] ID &id } AttributeUsage ::= ENUMERATED { userApplications(0), directoryOperation(1), distributedOperation(2), dSAOperation(3)} -- attributes objectClass ATTRIBUTE ::= { WITH SYNTAX OBJECT IDENTIFIER EQUALITY MATCHING RULE objectIdentifierMatch ID id-at-objectClass } aliasedEntryName ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch SINGLE VALUE TRUE ID id-at-aliasedEntryName } -- MATCHING-RULE information object class specification MATCHING-RULE ::= CLASS { &ParentMatchingRules MATCHING-RULE OPTIONAL, &AssertionType OPTIONAL, &uniqueMatchIndicator ATTRIBUTE OPTIONAL, &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { [PARENT &ParentMatchingRules] [SYNTAX &AssertionType] [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator] ID &id } -- matching rules objectIdentifierMatch MATCHING-RULE ::= { SYNTAX OBJECT IDENTIFIER ID id-mr-objectIdentifierMatch } distinguishedNameMatch MATCHING-RULE ::= { SYNTAX DistinguishedName ID id-mr-distinguishedNameMatch } MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult, OBJECT IDENTIFIER:matchingRule} ::= CLASS { &selectBy SelectedBy OPTIONAL, &ApplicableTo ATTRIBUTE, &subtypesIncluded BOOLEAN DEFAULT TRUE, &combinable BOOLEAN(combinable), &mappingResults MappingResult OPTIONAL, &userControl BOOLEAN DEFAULT FALSE, &exclusive BOOLEAN DEFAULT TRUE, &matching-rule MATCHING-RULE.&id(matchingRule), &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { [SELECT BY &selectBy] APPLICABLE TO &ApplicableTo [SUBTYPES INCLUDED &subtypesIncluded] COMBINABLE &combinable [MAPPING RESULTS &mappingResults] [USER CONTROL &userControl] [EXCLUSIVE &exclusive] MATCHING RULE &matching-rule ID &id } -- NAME-FORM information object class specification NAME-FORM ::= CLASS { &namedObjectClass OBJECT-CLASS, &MandatoryAttributes ATTRIBUTE, &OptionalAttributes ATTRIBUTE OPTIONAL, &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { NAMES &namedObjectClass WITH ATTRIBUTES &MandatoryAttributes [AND OPTIONALLY &OptionalAttributes] ID &id } -- STRUCTURE-RULE class and DIT structure rule data types STRUCTURE-RULE ::= CLASS { &nameForm NAME-FORM, &SuperiorStructureRules STRUCTURE-RULE OPTIONAL, &id RuleIdentifier } WITH SYNTAX { NAME FORM &nameForm [SUPERIOR RULES &SuperiorStructureRules] ID &id } DITStructureRule ::= SEQUENCE { ruleIdentifier RuleIdentifier, -- shall be unique within the scope of the subschema nameForm NAME-FORM.&id, superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL } RuleIdentifier ::= INTEGER -- CONTENT-RULE class and DIT content rule data types CONTENT-RULE ::= CLASS { &structuralClass OBJECT-CLASS.&id UNIQUE, &Auxiliaries OBJECT-CLASS OPTIONAL, &Mandatory ATTRIBUTE OPTIONAL, &Optional ATTRIBUTE OPTIONAL, &Precluded ATTRIBUTE OPTIONAL } WITH SYNTAX { STRUCTURAL OBJECT-CLASS &structuralClass [AUXILIARY OBJECT-CLASSES &Auxiliaries] [MUST CONTAIN &Mandatory] [MAY CONTAIN &Optional] [MUST-NOT CONTAIN &Precluded] } DITContentRule ::= SEQUENCE { structuralObjectClass OBJECT-CLASS.&id, auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL, mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL } CONTEXT ::= CLASS { &Type , &Assertion OPTIONAL, &id OBJECT IDENTIFIER UNIQUE }WITH SYNTAX {WITH SYNTAX &Type [ASSERTED AS &Assertion] ID &id } DITContextUse ::= SEQUENCE { attributeType ATTRIBUTE.&id, mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL, optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL } DIT-CONTEXT-USE-RULE ::= CLASS { &attributeType ATTRIBUTE.&id UNIQUE, &Mandatory CONTEXT OPTIONAL, &Optional CONTEXT OPTIONAL } WITH SYNTAX { ATTRIBUTE TYPE &attributeType [MANDATORY CONTEXTS &Mandatory] [OPTIONAL CONTEXTS &Optional] } -- system schema information objects -- object classes subentry OBJECT-CLASS ::= { SUBCLASS OF {top} KIND structural MUST CONTAIN {commonName | subtreeSpecification} ID id-sc-subentry } subentryNameForm NAME-FORM ::= { NAMES subentry WITH ATTRIBUTES {commonName} ID id-nf-subentryNameForm } accessControlSubentry OBJECT-CLASS ::= { KIND auxiliary ID id-sc-accessControlSubentry } collectiveAttributeSubentry OBJECT-CLASS ::= { KIND auxiliary ID id-sc-collectiveAttributeSubentry } contextAssertionSubentry OBJECT-CLASS ::= { KIND auxiliary MUST CONTAIN {contextAssertionDefaults} ID id-sc-contextAssertionSubentry } serviceAdminSubentry OBJECT-CLASS ::= { KIND auxiliary MUST CONTAIN {searchRules} ID id-sc-serviceAdminSubentry } -- attributes subtreeSpecification ATTRIBUTE ::= { WITH SYNTAX SubtreeSpecification USAGE directoryOperation ID id-oa-subtreeSpecification } administrativeRole ATTRIBUTE ::= { WITH SYNTAX OBJECT-CLASS.&id EQUALITY MATCHING RULE objectIdentifierMatch USAGE directoryOperation ID id-oa-administrativeRole } createTimestamp ATTRIBUTE ::= { WITH SYNTAX GeneralizedTime -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 EQUALITY MATCHING RULE generalizedTimeMatch ORDERING MATCHING RULE generalizedTimeOrderingMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-createTimestamp } modifyTimestamp ATTRIBUTE ::= { WITH SYNTAX GeneralizedTime -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 EQUALITY MATCHING RULE generalizedTimeMatch ORDERING MATCHING RULE generalizedTimeOrderingMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-modifyTimestamp } subschemaTimestamp ATTRIBUTE ::= { WITH SYNTAX GeneralizedTime -- as per 41.3 b) or c) of ITU-T Rec.X. 680 | ISO/IEC 8824-1 EQUALITY MATCHING RULE generalizedTimeMatch ORDERING MATCHING RULE generalizedTimeOrderingMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-subschemaTimestamp } creatorsName ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-creatorsName } modifiersName ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-modifiersName } subschemaSubentryList ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-subschemaSubentryList } accessControlSubentryList ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-accessControlSubentryList } collectiveAttributeSubentryList ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-collectiveAttributeSubentryList } contextDefaultSubentryList ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-contextDefaultSubentryList } serviceAdminSubentryList ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-serviceAdminSubentryList } hasSubordinates ATTRIBUTE ::= { WITH SYNTAX BOOLEAN EQUALITY MATCHING RULE booleanMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-hasSubordinates } collectiveExclusions ATTRIBUTE ::= { WITH SYNTAX OBJECT IDENTIFIER EQUALITY MATCHING RULE objectIdentifierMatch USAGE directoryOperation ID id-oa-collectiveExclusions } contextAssertionDefaults ATTRIBUTE ::= { WITH SYNTAX TypeAndContextAssertion EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch USAGE directoryOperation ID id-oa-contextAssertionDefault } searchRules ATTRIBUTE ::= { WITH SYNTAX SearchRuleDescription EQUALITY MATCHING RULE integerFirstComponentMatch USAGE directoryOperation ID id-oa-searchRules } SearchRuleDescription ::= SEQUENCE { COMPONENTS OF SearchRule, name [28] SET SIZE (1..MAX) OF DirectoryString{ub-search} OPTIONAL, description [29] DirectoryString{ub-search} OPTIONAL } hierarchyLevel ATTRIBUTE ::= { WITH SYNTAX HierarchyLevel EQUALITY MATCHING RULE integerMatch ORDERING MATCHING RULE integerOrderingMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-hierarchyLevel } HierarchyLevel ::= INTEGER hierarchyBelow ATTRIBUTE ::= { WITH SYNTAX HierarchyBelow EQUALITY MATCHING RULE booleanMatch SINGLE VALUE TRUE NO USER MODIFICATION TRUE USAGE directoryOperation ID id-oa-hierarchyBelow } HierarchyBelow ::= BOOLEAN hierarchyParent ATTRIBUTE ::= { WITH SYNTAX DistinguishedName EQUALITY MATCHING RULE distinguishedNameMatch SINGLE VALUE TRUE USAGE directoryOperation ID id-oa-hierarchyParent } -- object identifier assignments -- object classes id-oc-top OBJECT IDENTIFIER ::= {id-oc 0} id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1} id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28} id-oc-child OBJECT IDENTIFIER ::= {id-oc 29} -- attributes id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0} id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1} -- matching rules id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0} id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1} -- operational attributes id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::= {id-oa 0} id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1} id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2} id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3} id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4} id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5} id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6} id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7} id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8} id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9} id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10} id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11} id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12} id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13} id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14} id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15} id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16} id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17} id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18} id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19} -- subentry classes id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0} id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1} id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2} id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3} id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4} -- Name forms id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16} -- administrative roles id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1} id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2} id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3} id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4} id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5} id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6} id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7} id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8} END -- InformationFramework -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D