summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3281.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc3281.txt')
-rw-r--r--doc/rfc/rfc3281.txt2243
1 files changed, 2243 insertions, 0 deletions
diff --git a/doc/rfc/rfc3281.txt b/doc/rfc/rfc3281.txt
new file mode 100644
index 0000000..91266ee
--- /dev/null
+++ b/doc/rfc/rfc3281.txt
@@ -0,0 +1,2243 @@
+
+
+
+
+
+
+Network Working Group S. Farrell
+Request for Comments: 3281 Baltimore Technologies
+Category: Standards Track R. Housley
+ RSA Laboratories
+ April 2002
+
+
+ An Internet Attribute Certificate
+ Profile for Authorization
+
+Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2002). All Rights Reserved.
+
+Abstract
+
+ This specification defines a profile for the use of X.509 Attribute
+ Certificates in Internet Protocols. Attribute certificates may be
+ used in a wide range of applications and environments covering a
+ broad spectrum of interoperability goals and a broader spectrum of
+ operational and assurance requirements. The goal of this document is
+ to establish a common baseline for generic applications requiring
+ broad interoperability as well as limited special purpose
+ requirements. The profile places emphasis on attribute certificate
+ support for Internet electronic mail, IPSec, and WWW security
+ applications.
+
+Table of Contents
+
+ 1. Introduction................................................. 2
+ 1.1 Delegation and AC chains............................... 4
+ 1.2 Attribute Certificate Distribution ("push" vs. "pull"). 4
+ 1.3 Document Structure..................................... 6
+ 2. Terminology.................................................. 6
+ 3. Requirements................................................. 7
+ 4. Attribute Certificate Profile................................ 7
+ 4.1 X.509 Attribute Certificate Definition................. 8
+ 4.2 Profile of Standard Fields............................. 10
+ 4.2.1 Version.......................................... 10
+ 4.2.2 Holder........................................... 11
+
+
+
+Farrell & Housley Standards Track [Page 1]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ 4.2.3 Issuer........................................... 12
+ 4.2.4 Signature........................................ 12
+ 4.2.5 Serial Number.................................... 12
+ 4.2.6 Validity Period.................................. 13
+ 4.2.7 Attributes....................................... 13
+ 4.2.8 Issuer Unique Identifier......................... 14
+ 4.2.9 Extensions....................................... 14
+ 4.3 Extensions............................................. 14
+ 4.3.1 Audit Identity................................... 14
+ 4.3.2 AC Targeting..................................... 15
+ 4.3.3 Authority Key Identifier......................... 17
+ 4.3.4 Authority Information Access..................... 17
+ 4.3.5 CRL Distribution Points.......................... 17
+ 4.3.6 No Revocation Available.......................... 18
+ 4.4 Attribute Types........................................ 18
+ 4.4.1 Service Authentication Information............... 19
+ 4.4.2 Access Identity.................................. 19
+ 4.4.3 Charging Identity................................ 20
+ 4.4.4 Group............................................ 20
+ 4.4.5 Role............................................. 20
+ 4.4.6 Clearance........................................ 21
+ 4.5 Profile of AC issuer's PKC............................. 22
+ 5. Attribute Certificate Validation............................. 23
+ 6. Revocation................................................... 24
+ 7. Optional Features............................................ 25
+ 7.1 Attribute Encryption................................... 25
+ 7.2 Proxying............................................... 27
+ 7.3 Use of ObjectDigestInfo................................ 28
+ 7.4 AA Controls............................................ 29
+ 8. Security Considerations...................................... 30
+ 9. IANA Considerations.......................................... 32
+ 10. References.................................................. 32
+ Appendix A: Object Identifiers.................................. 34
+ Appendix B: ASN.1 Module........................................ 35
+ Author's Addresses.............................................. 39
+ Acknowledgements................................................ 39
+ Full Copyright Statement........................................ 40
+
+1. Introduction
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in BCP 14, RFC 2119.
+
+ X.509 public key certificates (PKCs) [X.509-1997, X.509-2000,
+ PKIXPROF] bind an identity and a public key. An attribute
+ certificate (AC) is a structure similar to a PKC; the main difference
+ being that the AC contains no public key. An AC may contain
+
+
+
+Farrell & Housley Standards Track [Page 2]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ attributes that specify group membership, role, security clearance,
+ or other authorization information associated with the AC holder.
+ The syntax for the AC is defined in Recommendation X.509, making the
+ term "X.509 certificate" ambiguous.
+
+ Some people constantly confuse PKCs and ACs. An analogy may make the
+ distinction clear. A PKC can be considered to be like a passport: it
+ identifies the holder, tends to last for a long time, and should not
+ be trivial to obtain. An AC is more like an entry visa: it is
+ typically issued by a different authority and does not last for as
+ long a time. As acquiring an entry visa typically requires
+ presenting a passport, getting a visa can be a simpler process.
+
+ Authorization information may be placed in a PKC extension or placed
+ in a separate attribute certificate (AC). The placement of
+ authorization information in PKCs is usually undesirable for two
+ reasons. First, authorization information often does not have the
+ same lifetime as the binding of the identity and the public key.
+ When authorization information is placed in a PKC extension, the
+ general result is the shortening of the PKC useful lifetime. Second,
+ the PKC issuer is not usually authoritative for the authorization
+ information. This results in additional steps for the PKC issuer to
+ obtain authorization information from the authoritative source.
+
+ For these reasons, it is often better to separate authorization
+ information from the PKC. Yet, authorization information also needs
+ to be bound to an identity. An AC provides this binding; it is
+ simply a digitally signed (or certified) identity and set of
+ attributes.
+
+ An AC may be used with various security services, including access
+ control, data origin authentication, and non-repudiation.
+
+ PKCs can provide an identity to access control decision functions.
+ However, in many contexts the identity is not the criterion that is
+ used for access control decisions, rather the role or group-
+ membership of the accessor is the criterion used. Such access
+ control schemes are called role-based access control.
+
+ When making an access control decision based on an AC, an access
+ control decision function may need to ensure that the appropriate AC
+ holder is the entity that has requested access. One way in which the
+ linkage between the request or identity and the AC can be achieved is
+ the inclusion of a reference to a PKC within the AC and the use of
+ the private key corresponding to the PKC for authentication within
+ the access request.
+
+
+
+
+
+Farrell & Housley Standards Track [Page 3]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ ACs may also be used in the context of a data origin authentication
+ service and a non-repudiation service. In these contexts, the
+ attributes contained in the AC provide additional information about
+ the signing entity. This information can be used to make sure that
+ the entity is authorized to sign the data. This kind of checking
+ depends either on the context in which the data is exchanged or on
+ the data that has been digitally signed.
+
+1.1 Delegation and AC chains
+
+ The X.509 standard [X.509-2000] defines authorization as the
+ "conveyance of privilege from one entity that holds such privilege,
+ to another entity". An AC is one authorization mechanism.
+
+ An ordered sequence of ACs could be used to verify the authenticity
+ of a privilege asserter's privilege. In this way, chains or paths of
+ ACs could be employed to delegate authorization.
+
+ Since the administration and processing associated with such AC
+ chains is complex and the use of ACs in the Internet today is quite
+ limited, this specification does NOT RECOMMEND the use of AC chains.
+ Other (future) specifications may address the use of AC chains. This
+ specification deals with the simple cases, where one authority issues
+ all of the ACs for a particular set of attributes. However, this
+ simplification does not preclude the use of several different
+ authorities, each of which manages a different set of attributes.
+ For example, group membership may be included in one AC issued by one
+ authority, and security clearance may be included in another AC
+ issued by another authority.
+
+ This means that conformant implementations are only REQUIRED to be
+ able to process a single AC at a time. Processing of more than one
+ AC, one after another, may be necessary. Note however, that
+ validation of an AC MAY require validation of a chain of PKCs, as
+ specified in [PKIXPROF].
+
+1.2 Attribute Certificate Distribution ("push" vs. "pull")
+
+ As discussed above, ACs provide a mechanism to securely provide
+ authorization information to, for example, access control decision
+ functions. However, there are a number of possible communication
+ paths for ACs.
+
+ In some environments, it is suitable for a client to "push" an AC to
+ a server. This means that no new connections between the client and
+ server are required. It also means that no search burden is imposed
+ on servers, which improves performance and that the AC verifier is
+
+
+
+
+Farrell & Housley Standards Track [Page 4]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ only presented with what it "needs to know." The "push" model is
+ especially suitable in inter-domain cases where the client's rights
+ should be assigned within the client's "home" domain.
+
+ In other cases, it is more suitable for a client to simply
+ authenticate to the server and for the server to request or "pull"
+ the client's AC from an AC issuer or a repository. A major benefit
+ of the "pull" model is that it can be implemented without changes to
+ the client or to the client-server protocol. The "pull" model is
+ especially suitable for inter-domain cases where the client's rights
+ should be assigned within the server's domain, rather than within the
+ client's domain.
+
+ There are a number of possible exchanges involving three entities:
+ the client, the server, and the AC issuer. In addition, a directory
+ service or other repository for AC retrieval MAY be supported.
+
+ Figure 1 shows an abstract view of the exchanges that may involve
+ ACs. This profile does not specify a protocol for these exchanges.
+
+ +--------------+
+ | | Server Acquisition
+ | AC issuer +----------------------------+
+ | | |
+ +--+-----------+ |
+ | |
+ | Client |
+ | Acquisition |
+ | |
+ +--+-----------+ +--+------------+
+ | | AC "push" | |
+ | Client +-------------------------+ Server |
+ | | (part of app. protocol) | |
+ +--+-----------+ +--+------------+
+ | |
+ | Client | Server
+ | Lookup +--------------+ | Lookup
+ | | | |
+ +---------------+ Repository +---------+
+ | |
+ +--------------+
+
+ Figure 1: AC Exchanges
+
+
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 5]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+1.3 Document Structure
+
+ Section 2 defines some terminology. Section 3 specifies the
+ requirements that this profile is intended to meet. Section 4
+ contains the profile of the X.509 AC. Section 5 specifies rules for
+ AC validation. Section 6 specifies rules for AC revocation checks.
+ Section 7 specifies optional features which MAY be supported;
+ however, support for these features is not required for conformance
+ to this profile. Finally, appendices contain the list of OIDs
+ required to support this specification and an ASN.1 module.
+
+2. Terminology
+
+ For simplicity, we use the terms client and server in this
+ specification. This is not intended to indicate that ACs are only to
+ be used in client-server environments. For example, ACs may be used
+ in the S/MIME v3 context, where the mail user agent would be both a
+ "client" and a "server" in the sense the terms are used here.
+
+ Term Meaning
+
+ AA Attribute Authority, the entity that issues the
+ AC, synonymous in this specification with "AC
+ issuer"
+ AC Attribute Certificate
+ AC user any entity that parses or processes an AC
+ AC verifier any entity that checks the validity of an AC and
+ then makes use of the result
+ AC issuer the entity which signs the AC, synonymous in this
+ specification with "AA"
+ AC holder the entity indicated (perhaps indirectly) in the
+ holder field of the AC
+ Client the entity which is requesting the action for
+ which authorization checks are to be made
+ Proxying In this specification, Proxying is used to mean
+ the situation where an application server acts as
+ an application client on behalf of a user.
+ Proxying here does not mean granting of authority.
+ PKC Public Key Certificate - uses the type ASN.1
+ Certificate defined in X.509 and profiled in RFC
+ 2459. This (non-standard) acronym is used in order
+ to avoid confusion about the term "X.509
+ certificate".
+ Server the entity which requires that the authorization
+ checks are made
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 6]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+3. Requirements
+
+ This AC profile meets the following requirements.
+
+ Time/Validity requirements:
+
+ 1. Support for short-lived as well as long-lived ACs. Typical
+ short-lived validity periods might be measured in hours, as
+ opposed to months for PKCs. Short validity periods allow ACs to
+ be useful without a revocation mechanism.
+
+ Attribute Types:
+
+ 2. Issuers of ACs should be able to define their own attribute types
+ for use within closed domains.
+
+ 3. Some standard attribute types, which can be contained within ACs,
+ should be defined. Examples include "access identity," "group,"
+ "role," "clearance," "audit identity," and "charging identity."
+
+ 4. Standard attribute types should be defined in a manner that
+ permits an AC verifier to distinguish between uses of the same
+ attribute in different domains. For example, the "Administrators
+ group" as defined by Baltimore and the "Administrators group" as
+ defined by SPYRUS should be easily distinguished.
+
+ Targeting of ACs:
+
+ 5. It should be possible to "target" an AC at one, or a small number
+ of, servers. This means that a trustworthy non-target server will
+ reject the AC for authorization decisions.
+
+ Push vs. Pull
+
+ 6. ACs should be defined so that they can either be "pushed" by the
+ client to the server, or "pulled" by the server from a repository
+ or other network service, including an online AC issuer.
+
+4. Attribute Certificate Profile
+
+ ACs may be used in a wide range of applications and environments
+ covering a broad spectrum of interoperability goals and a broader
+ spectrum of operational and assurance requirements. The goal of this
+ document is to establish a common baseline for generic applications
+ requiring broad interoperability and limited special purpose
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 7]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ requirements. In particular, the emphasis will be on supporting the
+ use of attribute certificates for informal Internet electronic mail,
+ IPSec, and WWW applications.
+
+ This section presents a profile for ACs that will foster
+ interoperability. This section also defines some private extensions
+ for the Internet community.
+
+ While the ISO/IEC/ITU documents use the 1993 (or later) version of
+ ASN.1, this document uses the 1988 ASN.1 syntax, as has been done for
+ PKCs [PKIXPROF]. The encoded certificates and extensions from either
+ ASN.1 version are bit-wise identical.
+
+ Where maximum lengths for fields are specified, these lengths refer
+ to the DER encoding and do not include the ASN.1 tag or length
+ fields.
+
+ Conforming implementations MUST support the profile specified in this
+ section.
+
+4.1 X.509 Attribute Certificate Definition
+
+ X.509 contains the definition of an AC given below. All types that
+ are not defined in this document can be found in [PKIXPROF].
+
+ AttributeCertificate ::= SEQUENCE {
+ acinfo AttributeCertificateInfo,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING
+ }
+
+ AttributeCertificateInfo ::= SEQUENCE {
+ version AttCertVersion -- version is v2,
+ holder Holder,
+ issuer AttCertIssuer,
+ signature AlgorithmIdentifier,
+ serialNumber CertificateSerialNumber,
+ attrCertValidityPeriod AttCertValidityPeriod,
+ attributes SEQUENCE OF Attribute,
+ issuerUniqueID UniqueIdentifier OPTIONAL,
+ extensions Extensions OPTIONAL
+ }
+
+ AttCertVersion ::= INTEGER { v2(1) }
+ Holder ::= SEQUENCE {
+ baseCertificateID [0] IssuerSerial OPTIONAL,
+ -- the issuer and serial number of
+ -- the holder's Public Key Certificate
+
+
+
+Farrell & Housley Standards Track [Page 8]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ entityName [1] GeneralNames OPTIONAL,
+ -- the name of the claimant or role
+ objectDigestInfo [2] ObjectDigestInfo OPTIONAL
+ -- used to directly authenticate the holder,
+ -- for example, an executable
+ }
+
+ ObjectDigestInfo ::= SEQUENCE {
+ digestedObjectType ENUMERATED {
+ publicKey (0),
+ publicKeyCert (1),
+ otherObjectTypes (2) },
+ -- otherObjectTypes MUST NOT
+ -- be used in this profile
+ otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
+ digestAlgorithm AlgorithmIdentifier,
+ objectDigest BIT STRING
+ }
+
+ AttCertIssuer ::= CHOICE {
+ v1Form GeneralNames, -- MUST NOT be used in this
+ -- profile
+ v2Form [0] V2Form -- v2 only
+ }
+
+ V2Form ::= SEQUENCE {
+ issuerName GeneralNames OPTIONAL,
+ baseCertificateID [0] IssuerSerial OPTIONAL,
+ objectDigestInfo [1] ObjectDigestInfo OPTIONAL
+ -- issuerName MUST be present in this profile
+ -- baseCertificateID and objectDigestInfo MUST NOT
+ -- be present in this profile
+ }
+
+ IssuerSerial ::= SEQUENCE {
+ issuer GeneralNames,
+ serial CertificateSerialNumber,
+ issuerUID UniqueIdentifier OPTIONAL
+ }
+
+ AttCertValidityPeriod ::= SEQUENCE {
+ notBeforeTime GeneralizedTime,
+ notAfterTime GeneralizedTime
+ }
+
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 9]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Although the Attribute syntax is defined in [PKIXPROF], we repeat
+ the definition here for convenience.
+
+ Attribute ::= SEQUENCE {
+ type AttributeType,
+ values SET OF AttributeValue
+ -- at least one value is required
+ }
+
+ AttributeType ::= OBJECT IDENTIFIER
+
+ AttributeValue ::= ANY DEFINED BY AttributeType
+
+ Implementers should note that the DER encoding (see [X.509-
+ 1988],[X.208-1988]) of the SET OF values requires ordering of the
+ encodings of the values. Though this issue arises with respect to
+ distinguished names, and has to be handled by [PKIXPROF]
+ implementations, it is much more significant in this context, since
+ the inclusion of multiple values is much more common in ACs.
+
+4.2 Profile of Standard Fields
+
+ GeneralName offers great flexibility. To achieve interoperability,
+ in spite of this flexibility, this profile imposes constraints on the
+ use of GeneralName.
+
+ Conforming implementations MUST be able to support the dNSName,
+ directoryName, uniformResourceIdentifier, and iPAddress options.
+ This is compatible with the GeneralName requirements in [PKIXPROF]
+ (mainly in section 4.2.1.7).
+
+ Conforming implementations MUST NOT use the x400Address,
+ ediPartyName, or registeredID options.
+
+ Conforming implementations MAY use the otherName option to convey
+ name forms defined in Internet Standards. For example, Kerberos
+ [KRB] format names can be encoded into the otherName, using a
+ Kerberos 5 principal name OID and a SEQUENCE of the Realm and the
+ PrincipalName.
+
+4.2.1 Version
+
+ The version field MUST have the value of v2. That is, the version
+ field is present in the DER encoding.
+
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 10]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Note: This version (v2) is not backwards compatible with the previous
+ attribute certificate definition (v1) from the 1997 X.509 standard
+ [X.509-1997], but is compatible with the v2 definition from X.509
+ (2000) [X.509-2000].
+
+4.2.2 Holder
+
+ The Holder field is a SEQUENCE allowing three different (optional)
+ syntaxes: baseCertificateID, entityName and objectDigestInfo. Where
+ only one option is present, the meaning of the Holder field is clear.
+ However, where more than one option is used, there is a potential for
+ confusion as to which option is "normative", which is a "hint" etc.
+ Since the correct position is not clear from [X.509-2000], this
+ specification RECOMMENDS that only one of the options be used in any
+ given AC.
+
+ For any environment where the AC is passed in an authenticated
+ message or session and where the authentication is based on the use
+ of an X.509 PKC, the holder field SHOULD use the baseCertificateID.
+
+ With the baseCertificateID option, the holder's PKC serialNumber and
+ issuer MUST be identical to the AC holder field. The PKC issuer MUST
+ have a non-empty distinguished name which is to be present as the
+ single value of the holder.baseCertificateID.issuer construct in the
+ directoryName field. The AC holder.baseCertificateID.issuerUID field
+ MUST only be used if the holder's PKC contains an issuerUniqueID
+ field. If both the AC holder.baseCertificateID.issuerUID and the PKC
+ issuerUniqueID fields are present, the same value MUST be present in
+ both fields. Thus, the baseCertificateID is only usable with PKC
+ profiles (like [PKIXPROF]) which mandate that the PKC issuer field
+ contain a non-empty distinguished name value.
+
+ Note: An empty distinguished name is a distinguished name where the
+ SEQUENCE OF relative distinguished names is of zero length. In a DER
+ encoding, this has the value '3000'H.
+
+ If the holder field uses the entityName option and the underlying
+ authentication is based on a PKC, the entityName MUST be the same as
+ the PKC subject field or one of the values of the PKC subjectAltName
+ field extension (if present). Note that [PKIXPROF] mandates that the
+ subjectAltName extension be present if the PKC subject is an empty
+ distinguished name. See the security considerations section which
+ mentions some name collision problems that may arise when using the
+ entityName option.
+
+ In any other case where the holder field uses the entityName option,
+ only one name SHOULD be present.
+
+
+
+
+Farrell & Housley Standards Track [Page 11]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Implementations conforming to this profile are not required to
+ support the use of the objectDigest field. However, section 7.3
+ specifies how this optional feature MAY be used.
+
+ Any protocol conforming to this profile SHOULD specify which AC
+ holder option is to be used and how this fits with the supported
+ authentication schemes defined in that protocol.
+
+4.2.3 Issuer
+
+ ACs conforming to this profile MUST use the v2Form choice, which MUST
+ contain one and only one GeneralName in the issuerName, which MUST
+ contain a non-empty distinguished name in the directoryName field.
+ This means that all AC issuers MUST have non-empty distinguished
+ names. ACs conforming to this profile MUST omit the
+ baseCertificateID and objectDigestInfo fields.
+
+ Part of the reason for the use of the v2Form containing only an
+ issuerName is that it means that the AC issuer does not have to know
+ which PKC the AC verifier will use for it (the AC issuer). Using the
+ baseCertificateID field to reference the AC issuer would mean that
+ the AC verifier would have to trust the PKC that the AC issuer chose
+ (for itself) at AC creation time.
+
+4.2.4 Signature
+
+ Contains the algorithm identifier used to validate the AC signature.
+
+ This MUST be one of the signing algorithms defined in [PKIXALGS].
+ Conforming implementations MUST honor all MUST/SHOULD/MAY signing
+ algorithm statements specified in [PKIXALGS].
+
+4.2.5 Serial Number
+
+ For any conforming AC, the issuer/serialNumber pair MUST form a
+ unique combination, even if ACs are very short-lived.
+
+ AC issuers MUST force the serialNumber to be a positive integer, that
+ is, the sign bit in the DER encoding of the INTEGER value MUST be
+ zero - this can be done by adding a leading (leftmost) '00'H octet if
+ necessary. This removes a potential ambiguity in mapping between a
+ string of octets and an integer value.
+
+ Given the uniqueness and timing requirements above, serial numbers
+ can be expected to contain long integers. AC users MUST be able to
+ handle serialNumber values longer than 4 octets. Conformant ACs MUST
+ NOT contain serialNumber values longer than 20 octets.
+
+
+
+
+Farrell & Housley Standards Track [Page 12]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ There is no requirement that the serial numbers used by any AC issuer
+ follow any particular ordering. In particular, they need not be
+ monotonically increasing with time. Each AC issuer MUST ensure that
+ each AC that it issues contains a unique serial number.
+
+4.2.6 Validity Period
+
+ The attrCertValidityPeriod (a.k.a. validity) field specifies the
+ period for which the AC issuer certifies that the binding between the
+ holder and the attributes fields will be valid.
+
+ The generalized time type, GeneralizedTime, is a standard ASN.1 type
+ for variable precision representation of time. The GeneralizedTime
+ field can optionally include a representation of the time
+ differential between the local time zone and Greenwich Mean Time.
+
+ For the purposes of this profile, GeneralizedTime values MUST be
+ expressed in Coordinated universal time (UTC) (also known as
+ Greenwich Mean Time or Zulu)) and MUST include seconds (i.e., times
+ are YYYYMMDDHHMMSSZ), even when the number of seconds is zero.
+ GeneralizedTime values MUST NOT include fractional seconds.
+
+ (Note: this is the same as specified in [PKIXPROF], section
+ 4.1.2.5.2.)
+
+ AC users MUST be able to handle an AC which, at the time of
+ processing, has parts of its validity period or all its validity
+ period in the past or in the future (a post-dated AC). This is valid
+ for some applications, such as backup.
+
+4.2.7 Attributes
+
+ The attributes field gives information about the AC holder. When the
+ AC is used for authorization, this will often contain a set of
+ privileges.
+
+ The attributes field contains a SEQUENCE OF Attribute. Each
+ Attribute MAY contain a SET OF values. For a given AC, each
+ AttributeType OBJECT IDENTIFIER in the sequence MUST be unique. That
+ is, only one instance of each attribute can occur in a single AC, but
+ each instance can be multi-valued.
+
+ AC users MUST be able to handle multiple values for all attribute
+ types.
+
+ An AC MUST contain at least one attribute. That is, the SEQUENCE OF
+ Attributes MUST NOT be of zero length.
+
+
+
+
+Farrell & Housley Standards Track [Page 13]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Some standard attribute types are defined in section 4.4.
+
+4.2.8 Issuer Unique Identifier
+
+ This field MUST NOT be used unless it is also used in the AC issuer's
+ PKC, in which case it MUST be used. Note that [PKIXPROF] states that
+ this field SHOULD NOT be used by conforming CAs, but that
+ applications SHOULD be able to parse PKCs containing the field.
+
+4.2.9 Extensions
+
+ The extensions field generally gives information about the AC as
+ opposed to information about the AC holder.
+
+ An AC that has no extensions conforms to the profile; however,
+ section 4.3 defines the extensions that MAY be used with this
+ profile, and whether or not they may be marked critical. If any
+ other critical extension is used, the AC does not conform to this
+ profile. However, if any other non-critical extension is used, the
+ AC does conform to this profile.
+
+ The extensions defined for ACs provide methods for associating
+ additional attributes with holders. This profile also allows
+ communities to define private extensions to carry information unique
+ to those communities. Each extension in an AC may be designated as
+ critical or non-critical. An AC using system MUST reject an AC if it
+ encounters a critical extension it does not recognize; however, a
+ non-critical extension may be ignored if it is not recognized.
+ Section 4.3 presents recommended extensions used within Internet ACs
+ and standard locations for information. Communities may elect to use
+ additional extensions; however, caution should be exercised in
+ adopting any critical extensions in ACs which might prevent use in a
+ general context.
+
+4.3 Extensions
+
+4.3.1 Audit Identity
+
+ In some circumstances, it is required (e.g. by data protection/data
+ privacy legislation) that audit trails not contain records which
+ directly identify individuals. This circumstance may make the use of
+ the AC holder field unsuitable for use in audit trails.
+
+ To allow for such cases, an AC MAY contain an audit identity
+ extension. Ideally it SHOULD be infeasible to derive the AC holder's
+ identity from the audit identity value without the cooperation of the
+ AC issuer.
+
+
+
+
+Farrell & Housley Standards Track [Page 14]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ The value of the audit identity, along with the AC issuer/serial,
+ SHOULD then be used for audit/logging purposes. If the value of the
+ audit identity is suitably chosen, a server/service administrator can
+ use audit trails to track the behavior of an AC holder without being
+ able to identify the AC holder.
+
+ The server/service administrator in combination with the AC issuer
+ MUST be able to identify the AC holder in cases where misbehavior is
+ detected. This means that the AC issuer MUST be able to determine
+ the actual identity of the AC holder from the audit identity.
+
+ Of course, auditing could be based on the AC issuer/serial pair;
+ however, this method does not allow tracking of the same AC holder
+ with multiple ACs. Thus, an audit identity is only useful if it
+ lasts for longer than the typical AC lifetime. Auditing could also
+ be based on the AC holder's PKC issuer/serial; however, this will
+ often allow the server/service administrator to identify the AC
+ holder.
+
+ As the AC verifier might otherwise use the AC holder or some other
+ identifying value for audit purposes, this extension MUST be critical
+ when used.
+
+ Protocols that use ACs will often expose the identity of the AC
+ holder in the bits on-the-wire. In such cases, an opaque audit
+ identity does not make use of the AC anonymous; it simply ensures
+ that the ensuing audit trails do not contain identifying information.
+
+ The value of an audit identity MUST be longer than zero octets. The
+ value of an audit identity MUST NOT be longer than 20 octets.
+
+ name id-pe-ac-auditIdentity
+ OID { id-pe 4 }
+ syntax OCTET STRING
+ criticality MUST be TRUE
+
+4.3.2 AC Targeting
+
+ To target an AC, the target information extension, imported from
+ [X.509-2000], MAY be used to specify a number of servers/services.
+ The intent is that the AC SHOULD only be usable at the specified
+ servers/services. An (honest) AC verifier who is not amongst the
+ named servers/services MUST reject the AC.
+
+ If this extension is not present, the AC is not targeted and may be
+ accepted by any server.
+
+
+
+
+
+Farrell & Housley Standards Track [Page 15]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ In this profile, the targeting information simply consists of a list
+ of named targets or groups.
+
+ The following syntax is used to represent the targeting information:
+
+ Targets ::= SEQUENCE OF Target
+
+ Target ::= CHOICE {
+ targetName [0] GeneralName,
+ targetGroup [1] GeneralName,
+ targetCert [2] TargetCert
+ }
+
+ TargetCert ::= SEQUENCE {
+ targetCertificate IssuerSerial,
+ targetName GeneralName OPTIONAL,
+ certDigestInfo ObjectDigestInfo OPTIONAL
+ }
+
+ The targetCert CHOICE within the Target structure is only present to
+ allow future compatibility with [X.509-2000] and MUST NOT be used.
+
+ The targets check passes if the current server (recipient) is one of
+ the targetName fields in the Targets SEQUENCE, or if the current
+ server is a member of one of the targetGroup fields in the Targets
+ SEQUENCE. In this case, the current server is said to "match" the
+ targeting extension.
+
+ How the membership of a target within a targetGroup is determined is
+ not defined here. It is assumed that any given target "knows" the
+ names of the targetGroups to which it belongs or can otherwise
+ determine its membership. For example, the targetGroup specifies a
+ DNS domain, and the AC verifier knows the DNS domain to which it
+ belongs. For another example, the targetGroup specifies "PRINTERS,"
+ and the AC verifier knows whether or not it is a printer or print
+ server.
+
+ Note: [X.509-2000] defines the extension syntax as a "SEQUENCE OF
+ Targets". Conforming AC issuer implementations MUST only produce one
+ "Targets" element. Confirming AC users MUST be able to accept a
+ "SEQUENCE OF Targets". If more than one Targets element is found in
+ an AC, the extension MUST be treated as if all Target elements had
+ been found within one Targets element.
+
+ name id-ce-targetInformation
+ OID { id-ce 55 }
+ syntax SEQUENCE OF Targets
+ criticality MUST be TRUE
+
+
+
+Farrell & Housley Standards Track [Page 16]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+4.3.3 Authority Key Identifier
+
+ The authorityKeyIdentifier extension, as profiled in [PKIXPROF], MAY
+ be used to assist the AC verifier in checking the signature of the
+ AC. The [PKIXPROF] description should be read as if "CA" meant "AC
+ issuer." As with PKCs, this extension SHOULD be included in ACs.
+
+ Note: An AC, where the issuer field used the baseCertificateID
+ CHOICE, would not need an authorityKeyIdentifier extension, as it is
+ explicitly linked to the key in the referred certificate. However,
+ as this profile states (in section 4.2.3), ACs MUST use the v2Form
+ with issuerName CHOICE, this duplication does not arise.
+
+ name id-ce-authorityKeyIdentifier
+ OID { id-ce 35 }
+ syntax AuthorityKeyIdentifier
+ criticality MUST be FALSE
+
+4.3.4 Authority Information Access
+
+ The authorityInformationAccess extension, as defined in [PKIXPROF],
+ MAY be used to assist the AC verifier in checking the revocation
+ status of the AC. Support for the id-ad-caIssuers accessMethod is
+ NOT REQUIRED by this profile since AC chains are not expected.
+
+ The following accessMethod is used to indicate that revocation status
+ checking is provided for this AC, using the OCSP protocol defined in
+ [OCSP]:
+
+ id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+
+ The accessLocation MUST contain a URI, and the URI MUST contain an
+ HTTP URL [URL] that specifies the location of an OCSP responder. The
+ AC issuer MUST, of course, maintain an OCSP responder at this
+ location.
+
+ name id-ce-authorityInfoAccess
+ OID { id-pe 1 }
+ syntax AuthorityInfoAccessSyntax
+ criticality MUST be FALSE
+
+4.3.5 CRL Distribution Points
+
+ The crlDistributionPoints extension, as profiled in [PKIXPROF], MAY
+ be used to assist the AC verifier in checking the revocation status
+ of the AC. See section 6 for details on revocation.
+
+
+
+
+
+Farrell & Housley Standards Track [Page 17]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ If the crlDistributionPoints extension is present, then exactly one
+ distribution point MUST be present. The crlDistributionPoints
+ extension MUST use the DistributionPointName option, which MUST
+ contain a fullName, which MUST contain a single name form. That name
+ MUST contain either a distinguished name or a URI. The URI MUST be
+ either an HTTP URL or an LDAP URL [URL].
+
+ name id-ce-cRLDistributionPoints
+ OID { id-ce 31 }
+ syntax CRLDistPointsSyntax
+ criticality MUST be FALSE
+
+4.3.6 No Revocation Available
+
+ The noRevAvail extension, defined in [X.509-2000], allows an AC
+ issuer to indicate that no revocation information will be made
+ available for this AC.
+
+ This extension MUST be non-critical. An AC verifier that does not
+ understand this extension might be able to find a revocation list
+ from the AC issuer, but the revocation list will never include an
+ entry for the AC.
+
+ name id-ce-noRevAvail
+ OID { id-ce 56 }
+ syntax NULL (i.e. '0500'H is the DER encoding)
+ criticality MUST be FALSE
+
+4.4 Attribute Types
+
+ Some of the attribute types defined below make use of the
+ IetfAttrSyntax type, also defined below. The reasons for using this
+ type are:
+
+ 1. It allows a separation between the AC issuer and the attribute
+ policy authority. This is useful for situations where a single
+ policy authority (e.g. an organization) allocates attribute
+ values, but where multiple AC issuers are deployed for performance
+ or other reasons.
+
+ 2. The syntaxes allowed for values are restricted to OCTET STRING,
+ OBJECT IDENTIFIER, and UTF8String, which significantly reduces the
+ complexity associated with matching more general syntaxes. All
+ multi-valued attributes using this syntax are restricted so that
+ each value MUST use the same choice of value syntax. For example,
+ AC issuers must not use one value with an oid and a second value
+ with a string.
+
+
+
+
+Farrell & Housley Standards Track [Page 18]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ IetfAttrSyntax ::= SEQUENCE {
+ policyAuthority [0] GeneralNames OPTIONAL,
+ values SEQUENCE OF CHOICE {
+ octets OCTET STRING,
+ oid OBJECT IDENTIFIER,
+ string UTF8String
+ }
+ }
+
+ In the descriptions below, each attribute type is either tagged
+ "Multiple Allowed" or "One Attribute value only; multiple values
+ within the IetfAttrSyntax". This refers to the SET OF
+ AttributeValues; the AttributeType still only occurs once, as
+ specified in section 4.2.7.
+
+4.4.1 Service Authentication Information
+
+ The SvceAuthInfo attribute identifies the AC holder to the
+ server/service by a name, and the attribute MAY include optional
+ service specific authentication information. Typically this will
+ contain a username/password pair for a "legacy" application.
+
+ This attribute provides information that can be presented by the AC
+ verifier to be interpreted and authenticated by a separate
+ application within the target system. Note that this is a different
+ use to that intended for the accessIdentity attribute in 4.4.2 below.
+
+ This attribute type will typically be encrypted when the authInfo
+ field contains sensitive information, such as a password.
+
+ name id-aca-authenticationInfo
+ OID { id-aca 1 }
+ Syntax SvceAuthInfo
+ values: Multiple allowed
+
+ SvceAuthInfo ::= SEQUENCE {
+ service GeneralName,
+ ident GeneralName,
+ authInfo OCTET STRING OPTIONAL
+ }
+
+4.4.2 Access Identity
+
+ The accessIdentity attribute identifies the AC holder to the
+ server/service. For this attribute the authInfo field MUST NOT be
+ present.
+
+
+
+
+
+Farrell & Housley Standards Track [Page 19]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ This attribute is intended to be used to provide information about
+ the AC holder, that can be used by the AC verifier (or a larger
+ system of which the AC verifier is a component) to authorize the
+ actions of the AC holder within the AC verifier's system. Note that
+ this is a different use to that intended for the svceAuthInfo
+ attribute described in 4.4.1 above.
+
+ name id-aca-accessIdentity
+ OID { id-aca 2 }
+ syntax SvceAuthInfo
+ values: Multiple allowed
+
+4.4.3 Charging Identity
+
+ The chargingIdentity attribute identifies the AC holder for charging
+ purposes. In general, the charging identity will be different from
+ other identities of the holder. For example, the holder's company
+ may be charged for service.
+
+ name id-aca-chargingIdentity
+ OID { id-aca 3 }
+ syntax IetfAttrSyntax
+ values: One Attribute value only; multiple values within the
+ IetfAttrSyntax
+
+4.4.4 Group
+
+ The group attribute carries information about group memberships of
+ the AC holder.
+
+ name id-aca-group
+ OID { id-aca 4 }
+ syntax IetfAttrSyntax
+ values: One Attribute value only; multiple values within the
+ IetfAttrSyntax
+
+4.4.5 Role
+
+ The role attribute, specified in [X.509-2000], carries information
+ about role allocations of the AC holder.
+
+ The syntax used for this attribute is:
+
+ RoleSyntax ::= SEQUENCE {
+ roleAuthority [0] GeneralNames OPTIONAL,
+ roleName [1] GeneralName
+ }
+
+
+
+
+Farrell & Housley Standards Track [Page 20]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ The roleAuthority field MAY be used to specify the issuing authority
+ for the role specification certificate. There is no requirement that
+ a role specification certificate necessarily exists for the
+ roleAuthority. This differs from [X.500-2000], where the
+ roleAuthority field is assumed to name the issuer of a role
+ specification certificate. For example, to distinguish the
+ administrator role as defined by "Baltimore" from that defined by
+ "SPYRUS", one could put the value "urn:administrator" in the roleName
+ field and the value "Baltimore" or "SPYRUS" in the roleAuthority
+ field.
+
+ The roleName field MUST be present, and roleName MUST use the
+ uniformResourceIdentifier CHOICE of the GeneralName.
+
+ name id-at-role
+ OID { id-at 72 }
+ syntax RoleSyntax
+ values: Multiple allowed
+
+4.4.6 Clearance
+
+ The clearance attribute, specified in [X.501-1993], carries clearance
+ (associated with security labeling) information about the AC holder.
+
+ The policyId field is used to identify the security policy to which
+ the clearance relates. The policyId indicates the semantics of the
+ classList and securityCategories fields.
+
+ This specification includes the classList field exactly as it is
+ specified in [X.501-1993]. Additional security classification
+ values, and their position in the classification hierarchy, may be
+ defined by a security policy as a local matter or by bilateral
+ agreement. The basic security classification hierarchy is, in
+ ascending order: unmarked, unclassified, restricted, confidential,
+ secret, and top-secret.
+
+ An organization can develop its own security policy that defines
+ security classification values and their meanings. However, the BIT
+ STRING positions 0 through 5 are reserved for the basic security
+ classification hierarchy.
+
+ If present, the SecurityCategory field provides further authorization
+ information. The security policy identified by the policyId field
+ indicates the syntaxes that are allowed to be present in the
+ securityCategories SET. An OBJECT IDENTIFIER identifies each of the
+ allowed syntaxes. When one of these syntaxes is present in the
+ securityCategories SET, the OBJECT IDENTIFIER associated with that
+ syntax is carried in the SecurityCategory.type field.
+
+
+
+Farrell & Housley Standards Track [Page 21]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Clearance ::= SEQUENCE {
+ policyId [0] OBJECT IDENTIFIER,
+ classList [1] ClassList DEFAULT {unclassified},
+ securityCategories
+ [2] SET OF SecurityCategory OPTIONAL
+ }
+
+ ClassList ::= BIT STRING {
+ unmarked (0),
+ unclassified (1),
+ restricted (2)
+ confidential (3),
+ secret (4),
+ topSecret (5)
+ }
+
+ SecurityCategory ::= SEQUENCE {
+ type [0] IMPLICIT OBJECT IDENTIFIER,
+ value [1] ANY DEFINED BY type
+ }
+
+ -- This is the same as the original syntax which was defined
+ -- using the MACRO construct, as follows:
+ -- SecurityCategory ::= SEQUENCE {
+ -- type [0] IMPLICIT SECURITY-CATEGORY,
+ -- value [1] ANY DEFINED BY type
+ -- }
+ --
+ -- SECURITY-CATEGORY MACRO ::=
+ -- BEGIN
+ -- TYPE NOTATION ::= type | empty
+ -- VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
+ -- END
+
+
+
+ name { id-at-clearance }
+ OID { joint-iso-ccitt(2) ds(5) module(1)
+ selected-attribute-types(5) clearance (55) }
+ syntax Clearance - imported from [X.501-1993]
+ values Multiple allowed
+
+4.5 Profile of AC issuer's PKC
+
+ The AC issuer's PKC MUST conform to [PKIXPROF], and the keyUsage
+ extension in the PKC MUST NOT explicitly indicate that the AC
+ issuer's public key cannot be used to validate a digital signature.
+ In order to avoid confusion regarding serial numbers and revocations,
+
+
+
+Farrell & Housley Standards Track [Page 22]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ an AC issuer MUST NOT also be a PKC Issuer. That is, an AC issuer
+ cannot be a CA as well. So, the AC issuer's PKC MUST NOT have a
+ basicConstraints extension with the cA BOOLEAN set to TRUE.
+
+5. Attribute Certificate Validation
+
+ This section describes a basic set of rules that all valid ACs MUST
+ satisfy. Some additional checks are also described which AC
+ verifiers MAY choose to implement.
+
+ To be valid an AC MUST satisfy all of the following:
+
+ 1. Where the holder uses a PKC to authenticate to the AC verifier,
+ the AC holder's PKC MUST be found, and the entire certification
+ path of that PKC MUST be verified in accordance with [PKIXPROF].
+ As noted in the security considerations section, if some other
+ authentication scheme is used, AC verifiers need to be very
+ careful mapping the identities (authenticated identity, holder
+ field) involved.
+
+ 2. The AC signature must be cryptographically correct, and the AC
+ issuer's entire PKC certification path MUST be verified in
+ accordance with [PKIXPROF].
+
+ 3. The AC issuer's PKC MUST also conform to the profile specified in
+ section 4.5 above.
+
+ 4. The AC issuer MUST be directly trusted as an AC issuer (by
+ configuration or otherwise).
+
+ 5. The time for which the AC is being evaluated MUST be within the AC
+ validity. If the evaluation time is equal to either notBeforeTime
+ or notAfterTime, then the AC is timely and this check succeeds.
+ Note that in some applications, the evaluation time MAY not be the
+ same as the current time.
+
+ 6. The AC targeting check MUST pass as specified in section 4.3.2.
+
+ 7. If the AC contains an unsupported critical extension, the AC MUST
+ be rejected.
+
+ Support for an extension in this context means:
+
+ 1. The AC verifier MUST be able to parse the extension value.
+
+ 2. Where the extension value SHOULD cause the AC to be rejected, the
+ AC verifier MUST reject the AC.
+
+
+
+
+Farrell & Housley Standards Track [Page 23]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Additional Checks:
+
+ 1. The AC MAY be rejected on the basis of further AC verifier
+ configuration. For example, an AC verifier may be configured to
+ reject ACs which contain or lack certain attributes.
+
+ 2. If the AC verifier provides an interface that allows applications
+ to query the contents of the AC, then the AC verifier MAY filter
+ the attributes from the AC on the basis of configured information.
+ For example, an AC verifier might be configured not to return
+ certain attributes to certain servers.
+
+6. Revocation
+
+ In many environments, the validity period of an AC is less than the
+ time required to issue and distribute revocation information.
+ Therefore, short-lived ACs typically do not require revocation
+ support. However, long-lived ACs and environments where ACs enable
+ high value transactions MAY require revocation support.
+
+ Two revocation schemes are defined, and the AC issuer should elect
+ the one that is best suited to the environment in which the AC will
+ be employed.
+
+ "Never revoke" scheme:
+
+ ACs may be marked so that the relying party understands that no
+ revocation status information will be made available. The
+ noRevAvail extension is defined in section 4.3.6, and the
+ noRevAvail extension MUST be present in the AC to indicate use of
+ this scheme.
+
+ Where no noRevAvail is present, the AC issuer is implicitly
+ stating that revocation status checks are supported, and some
+ revocation method MUST be provided to allow AC verifiers to
+ establish the revocation status of the AC.
+
+ "Pointer in AC" scheme:
+
+ ACs may "point" to sources of revocation status information, using
+ either an authorityInfoAccess extension or a crlDistributionPoints
+ extension within the AC.
+
+ For AC users, the "never revoke" scheme MUST be supported, and the
+ "pointer in AC" scheme SHOULD be supported. If only the "never
+ revoke" scheme is supported, then all ACs that do not contain a
+ noRevAvail extension, MUST be rejected.
+
+
+
+
+Farrell & Housley Standards Track [Page 24]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ For AC issuers, the "never revoke" scheme MUST be supported. If all
+ ACs that will ever be issued by that AC issuer, contains a noRevAvail
+ extension, the "pointer in AC" scheme need not be supported. If any
+ AC can be issued that does not contain the noRevAvail extension, the
+ "pointer in AC" scheme MUST be supported.
+
+ An AC MUST NOT contain both a noRevAvail and a "pointer in AC".
+
+ An AC verifier MAY use any source for AC revocation status
+ information.
+
+7. Optional Features
+
+ This section specifies features that MAY be implemented. Conformance
+ to this profile does NOT require support for these features; however,
+ if these features are offered, they MUST be offered as described
+ below.
+
+7.1 Attribute Encryption
+
+ Where an AC will be carried in clear within an application protocol
+ or where an AC contains some sensitive information like a legacy
+ application username/password, then encryption of AC attributes MAY
+ be needed.
+
+ When a set of attributes are to be encrypted within an AC, the
+ Cryptographic Message Syntax, EnvelopedData structure [CMS] is used
+ to carry the ciphertext and associated per-recipient keying
+ information.
+
+ This type of attribute encryption is targeted. Before the AC is
+ signed, the attributes are encrypted for a set of predetermined
+ recipients.
+
+ The AC then contains the ciphertext inside its signed data. The
+ EnvelopedData (id-envelopedData) ContentType is used, and the content
+ field will contain the EnvelopedData type.
+
+ The ciphertext is included in the AC as the value of an encAttrs
+ attribute. Only one encAttrs attribute can be present in an AC;
+ however, the encAttrs attribute MAY be multi-valued, and each of its
+ values will contain an independent EnvelopedData.
+
+ Each value can contain a set of attributes (each possibly a multi-
+ valued attribute) encrypted for a set of predetermined recipients.
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 25]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ The cleartext that is encrypted has the type:
+
+ ACClearAttrs ::= SEQUENCE {
+ acIssuer GeneralName,
+ acSerial INTEGER,
+ attrs SEQUENCE OF Attribute
+ }
+
+ The DER encoding of the ACClearAttrs structure is used as the
+ encryptedContent field of the EnvelopedData. The DER encoding MUST
+ be embedded in an OCTET STRING.
+
+ The acIssuer and acSerial fields are present to prevent ciphertext
+ stealing. When an AC verifier has successfully decrypted an
+ encrypted attribute, it MUST then check that the AC issuer and
+ serialNumber fields contain the same values. This prevents a
+ malicious AC issuer from copying ciphertext from another AC (without
+ knowing its corresponding plaintext).
+
+ The procedure for an AC issuer when encrypting attributes is
+ illustrated by the following (any other procedure that gives the same
+ result MAY be used):
+
+ 1. Identify the sets of attributes that are to be encrypted for
+ each set of recipients.
+ 2. For each attribute set which is to be encrypted:
+ 2.1. Create an EnvelopedData structure for the data for this
+ set of recipients.
+ 2.2. Encode the ContentInfo containing the EnvelopedData as a
+ value of the encAttrs attribute.
+ 2.3. Ensure the cleartext attributes are not present in the
+ to-be-signed AC.
+ 3. Add the encAttrs (with its multiple values) to the AC.
+
+ Note that there may be more than one attribute of the same type (the
+ same OBJECT IDENTIFIER) after decryption. That is, an AC MAY contain
+ the same attribute type both in clear and in encrypted form (and
+ indeed several times if the same recipient is associated with more
+ than one EnvelopedData). One approach implementers may choose, would
+ be to merge attribute values following decryption in order to re-
+ establish the "once only" constraint.
+
+ name id-aca-encAttrs
+ OID { id-aca 6}
+ Syntax ContentInfo
+ values Multiple Allowed
+
+
+
+
+
+Farrell & Housley Standards Track [Page 26]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ If an AC contains attributes, apparently encrypted for the AC
+ verifier, the decryption process MUST not fail. If decryption does
+ fail, the AC MUST be rejected.
+
+7.2 Proxying
+
+ When a server acts as a client for another server on behalf of the AC
+ holder, the server MAY need to proxy an AC. Such proxying MAY have
+ to be done under the AC issuer's control, so that not every AC is
+ proxiable and so that a given proxiable AC can be proxied in a
+ targeted fashion. Support for chains of proxies (with more than one
+ intermediate server) MAY also be required. Note that this does not
+ involve a chain of ACs.
+
+ In order to meet this requirement we define another extension,
+ ProxyInfo, similar to the targeting extension.
+
+ When this extension is present, the AC verifier must check that the
+ entity from which the AC was received was allowed to send it and that
+ the AC is allowed to be used by this verifier.
+
+ The proxying information consists of a set of proxy information, each
+ of which is a set of targeting information. If the verifier and the
+ sender of the AC are both named in the same proxy set, the AC can
+ then be accepted (the exact rule is given below).
+
+ The effect is that the AC holder can send the AC to any valid target
+ which can then only proxy to targets which are in one of the same
+ proxy sets as itself.
+
+ The following data structure is used to represent the
+ targeting/proxying information.
+
+ ProxyInfo ::= SEQUENCE OF Targets
+
+ As in the case of targeting, the targetCert CHOICE MUST NOT be used.
+
+ A proxy check succeeds if either one of the conditions below is met:
+
+ 1. The identity of the sender, as established by the underlying
+ authentication service, matches the holder field of the AC, and
+ the current server "matches" any one of the proxy sets. Recall
+ that "matches" is as defined section 4.3.2.
+
+
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 27]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ 2. The identity of the sender, as established by the underlying
+ authentication service, "matches" one of the proxy sets (call it
+ set "A"), and the current server is one of the targetName fields
+ in the set "A", or the current server is a member of one of the
+ targetGroup fields in set "A".
+
+ When an AC is proxied more than once, a number of targets will be on
+ the path from the original client, which is normally, but not always,
+ the AC holder. In such cases, prevention of AC "stealing" requires
+ that the AC verifier MUST check that all targets on the path are
+ members of the same proxy set. It is the responsibility of the AC-
+ using protocol to ensure that a trustworthy list of targets on the
+ path is available to the AC verifier.
+
+ name id-pe-ac-proxying
+ OID { id-pe 10 }
+ syntax ProxyInfo
+ criticality MUST be TRUE
+
+7.3 Use of ObjectDigestInfo
+
+ In some environments, it may be required that the AC is not linked
+ either to an identity (via entityName) or to a PKC (via
+ baseCertificateID). The objectDigestInfo CHOICE in the holder field
+ allows support for this requirement.
+
+ If the holder is identified with the objectDigestInfo field, then the
+ AC version field MUST contain v2 (the integer 1).
+
+ The idea is to link the AC to an object by placing a hash of that
+ object into the holder field of the AC. For example, this allows
+ production of ACs that are linked to public keys rather than names.
+ It also allows production of ACs which contain privileges associated
+ with an executable object such as a Java class. However, this
+ profile only specifies how to use a hash over a public key or PKC.
+ That is, conformant ACs MUST NOT use the otherObjectTypes value for
+ the digestedObjectType.
+
+ To link an AC to a public key, the hash must be calculated over the
+ representation of that public key which would be present in a PKC,
+ specifically, the input for the hash algorithm MUST be the DER
+ encoding of a SubjectPublicKeyInfo representation of the key. Note:
+ This includes the AlgorithmIdentifier as well as the BIT STRING. The
+ rules given in [PKIXPROF] for encoding keys MUST be followed. In
+ this case, the digestedObjectType MUST be publicKey and the
+ otherObjectTypeID field MUST NOT be present.
+
+
+
+
+
+Farrell & Housley Standards Track [Page 28]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Note that if the public key value used as input to the hash function
+ has been extracted from a PKC, it is possible that the
+ SubjectPublicKeyInfo from that PKC is NOT the value which should be
+ hashed. This can occur if DSA Dss-parms are inherited as described
+ in section 7.3.3 of [PKIXPROF]. The correct input for hashing in
+ this context will include the value of the parameters inherited from
+ the CA's PKC, and thus may differ from the SubjectPublicKeyInfo
+ present in the PKC.
+
+ Implementations which support this feature MUST be able to handle the
+ representations of public keys for the algorithms specified in
+ section 7.3 of [PKIXPROF]. In this case, the digestedObjectType MUST
+ be publicKey and the otherObjectTypeID field MUST NOT be present.
+
+ In order to link an AC to a PKC via a digest, the digest MUST be
+ calculated over the DER encoding of the entire PKC, including the
+ signature value. In this case the digestedObjectType MUST be
+ publicKeyCert and the otherObjectTypeID field MUST NOT be present.
+
+7.4 AA Controls
+
+ During AC validation a relying party has to answer the question: is
+ this AC issuer trusted to issue ACs containing this attribute? The
+ AAControls PKC extension MAY be used to help answer the question.
+ The AAControls extension is intended to be used in CA and AC issuer
+ PKCs.
+
+ id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 }
+
+ AAControls ::= SEQUENCE {
+ pathLenConstraint INTEGER (0..MAX) OPTIONAL,
+ permittedAttrs [0] AttrSpec OPTIONAL,
+ excludedAttrs [1] AttrSpec OPTIONAL,
+ permitUnSpecified BOOLEAN DEFAULT TRUE
+ }
+
+ AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
+
+ The AAControls extension is used as follows:
+
+ The pathLenConstraint, if present, is interpreted as in [PKIXPROF].
+ It restricts the allowed distance between the AA CA (a CA directly
+ trusted to include AAControls in its PKCs), and the AC issuer.
+
+ The permittedAttrs field specifies a set of attribute types that any
+ AC issuer below this AA CA is allowed to include in ACs. If this
+ field is not present, it means that no attribute types are explicitly
+ allowed.
+
+
+
+Farrell & Housley Standards Track [Page 29]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ The excludedAttrs field specifies a set of attribute types that no AC
+ issuer is allowed to include in ACs. If this field is not present,
+ it means that no attribute types are explicitly disallowed.
+
+ The permitUnSpecified field specifies how to handle attribute types
+ which are not present in either the permittedAttrs or excludedAttrs
+ fields. TRUE (the default) means that any unspecified attribute type
+ is allowed in ACs; FALSE means that no unspecified attribute type is
+ allowed.
+
+ When AAControls are used, the following additional checks on an AA's
+ PKC chain MUST all succeed for the AC to be valid:
+
+ 1. Some CA on the ACs certificate path MUST be directly trusted to
+ issue PKCs which precede the AC issuer in the certification path;
+ call this CA the "AA CA".
+
+ 2. All PKCs on the path from the AA CA, down to and including the AC
+ issuer's PKC, MUST contain an AAControls extension; however, the
+ AA CA's PKC need not contain this extension.
+
+ 3. Only those attributes in the AC which are allowed, according to
+ all of the AAControls extension values in all of the PKCs from the
+ AA CA to the AC issuer, may be used for authorization decisions;
+ all other attributes MUST be ignored. This check MUST be applied
+ to the set of attributes following attribute decryption, and the
+ id-aca-encAttrs type MUST also be checked.
+
+ name id-pe-aaControls
+ OID { id-pe 6 }
+ syntax AAControls
+ criticality MAY be TRUE
+
+8. Security Considerations
+
+ The protection afforded for private keys is a critical factor in
+ maintaining security. Failure of AC issuers to protect their private
+ keys will permit an attacker to masquerade as them, potentially
+ generating false ACs or revocation status. Existence of bogus ACs
+ and revocation status will undermine confidence in the system. If
+ the compromise is detected, all ACs issued by the AC issuer MUST be
+ revoked. Rebuilding after such a compromise will be problematic, so
+ AC issuers are advised to implement a combination of strong technical
+ measures (e.g., tamper-resistant cryptographic modules) and
+ appropriate management procedures (e.g., separation of duties) to
+ avoid such an incident.
+
+
+
+
+
+Farrell & Housley Standards Track [Page 30]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Loss of an AC issuer's private signing key may also be problematic.
+ The AC issuer would not be able to produce revocation status or
+ perform AC renewal. AC issuers are advised to maintain secure backup
+ for signing keys. The security of the key backup procedures is a
+ critical factor in avoiding key compromise.
+
+ The availability and freshness of revocation status will affect the
+ degree of assurance that should be placed in a long-lived AC. While
+ long-lived ACs expire naturally, events may occur during its natural
+ lifetime which negate the binding between the AC holder and the
+ attributes. If revocation status is untimely or unavailable, the
+ assurance associated with the binding is clearly reduced.
+
+ The binding between an AC holder and attributes cannot be stronger
+ than the cryptographic module implementation and algorithms used to
+ generate the signature. Short key lengths or weak hash algorithms
+ will limit the utility of an AC. AC issuers are encouraged to note
+ advances in cryptology so they can employ strong cryptographic
+ techniques.
+
+ Inconsistent application of name comparison rules may result in
+ acceptance of invalid targeted or proxied ACs, or rejection of valid
+ ones. The X.500 series of specifications defines rules for comparing
+ distinguished names. These rules require comparison of strings
+ without regard to case, character set, multi-character white space
+ substrings, or leading and trailing white space. This specification
+ and [PKIXPROF] relaxes these requirements, requiring support for
+ binary comparison at a minimum.
+
+ AC issuers MUST encode the distinguished name in the AC
+ holder.entityName field identically to the distinguished name in the
+ holder's PKC. If different encodings are used, implementations of
+ this specification may fail to recognize that the AC and PKC belong
+ to the same entity.
+
+ If an attribute certificate is tied to the holder's PKC using the
+ baseCertificateID component of the Holder field and the PKI in use
+ includes a rogue CA with the same issuer name specified in the
+ baseCertificateID component, this rogue CA could issue a PKC to a
+ malicious party, using the same issuer name and serial number as the
+ proper holder's PKC. Then the malicious party could use this PKC in
+ conjunction with the AC. This scenario SHOULD be avoided by properly
+ managing and configuring the PKI so that there cannot be two CAs with
+ the same name. Another alternative is to tie ACs to PKCs using the
+ publicKeyCert type in the ObjectDigestInfo field. Failing this, AC
+ verifiers have to establish (using other means) that the potential
+ collisions cannot actually occur, for example, the CPSs of the CAs
+ involved may make it clear that no such name collisions can occur.
+
+
+
+Farrell & Housley Standards Track [Page 31]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ Implementers MUST ensure that following validation of an AC, only
+ attributes that the issuer is trusted to issue are used in
+ authorization decisions. Other attributes, which MAY be present MUST
+ be ignored. Given that the AA controls PKC extension is optional to
+ implement, AC verifiers MUST be provided with this information by
+ other means. Configuration information is a likely alternative
+ means. This becomes very important if an AC verifier trusts more
+ than one AC issuer.
+
+ There is often a requirement to map between the authentication
+ supplied by a particular security protocol (e.g. TLS, S/MIME) and the
+ AC holder's identity. If the authentication uses PKCs, then this
+ mapping is straightforward. However, it is envisaged that ACs will
+ also be used in environments where the holder may be authenticated
+ using other means. Implementers SHOULD be very careful in mapping
+ the authenticated identity to the AC holder.
+
+9. IANA Considerations
+
+ Attributes and attribute certificate extensions are identified by
+ object identifiers (OIDs). Many of the OIDs used in this document
+ are copied from X.509 [X.509-2000]. Other OIDs were assigned from an
+ arc delegated by the IANA. No further action by the IANA is
+ necessary for this document or any anticipated updates.
+
+10. References
+
+ [CMC] Myers, M., Liu, X., Schaad, J. and J. Weinstein,
+ "Certificate Management Messages over CMS", RFC 2797,
+ April 2000.
+
+ [CMP] Adams, C. and S. Farrell, "Internet X.509 Public Key
+ Infrastructure - Certificate Management Protocols", RFC
+ 2510, March 1999.
+
+ [CMS] Housley, R., "Cryptographic Message Syntax", RFC 2630,
+ June 1999.
+
+ [ESS] Hoffman, P., "Enhanced Security Services for S/MIME",
+ RFC 2634, June 1999.
+
+ [KRB] Kohl, J. and C. Neuman, "The Kerberos Network
+ Authentication Service (V5)", RFC 1510, September 1993.
+
+ [LDAP] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
+ Access Protocol (v3)", RFC 2251, December 1997.
+
+
+
+
+
+Farrell & Housley Standards Track [Page 32]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ [OCSP] Myers, M., Ankney, R., Malpani, A., Galperin, S. and C.
+ Adams, "X.509 Internet Public Key Infrastructure -
+ Online Certificate Status Protocol - OCSP", RFC 2560,
+ June 1999.
+
+ [PKIXALGS] Bassham, L., Polk, W. and R. Housley, "Algorithms and
+ Identifiers for the Internet X.509 Public Key
+ Infrastructure Certificate and Certificate Revocation
+ Lists CRL Profile", RFC 3279, April 2002.
+
+ [PKIXPROF] Housley, R., Polk, T, Ford, W. and Solo, D., "Internet
+ X.509 Public Key Infrastructure Certificate and
+ Certificate Revocation List (CRL) Profile", RFC 3280,
+ April 2002.
+
+ [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
+ 3", BCP 9, RFC 2026, October 1996.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [URL] Berners-Lee, T., Masinter L. and M. McCahill, "Uniform
+ Resource Locators (URL)", RFC 1738, December 1994.
+
+ [X.208-1988] CCITT Recommendation X.208: Specification of Abstract
+ Syntax Notation One (ASN.1). 1988.
+
+ [X.209-88] CCITT Recommendation X.209: Specification of Basic
+ Encoding Rules for Abstract Syntax Notation One (ASN.1).
+ 1988.
+
+ [X.501-88] CCITT Recommendation X.501: The Directory - Models.
+ 1988.
+
+ [X.501-1993] ITU-T Recommendation X.501 : Information Technology -
+ Open Systems Interconnection - The Directory: Models,
+ 1993.
+
+ [X.509-1988] CCITT Recommendation X.509: The Directory -
+ Authentication Framework. 1988.
+
+ [X.509-1997] ITU-T Recommendation X.509: The Directory -
+ Authentication Framework. 1997.
+
+ [X.509-2000] ITU-T Recommendation X.509: The Directory - Public-Key
+ and Attribute Certificate Frameworks. 2000
+
+
+
+
+
+Farrell & Housley Standards Track [Page 33]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+Appendix A: Object Identifiers
+
+ This (normative) appendix lists the new object identifiers which are
+ defined in this specification. Some of these are required only for
+ support of optional features and are not required for conformance to
+ this profile. This specification mandates support for OIDs which
+ have arc elements with values that are less than 2^32, (i.e. they
+ MUST be between 0 and 4,294,967,295 inclusive) and SHOULD be less
+ than 2^31 (i.e. less than or equal to 2,147,483,647). This allows
+ each arc element to be represented within a single 32 bit word.
+ Implementations MUST also support OIDs where the length of the dotted
+ decimal (see [LDAP], section 4.1.2) string representation can be up
+ to 100 bytes (inclusive). Implementations MUST be able to handle
+ OIDs with up to 20 elements (inclusive). AA's SHOULD NOT issue ACs
+ which contain OIDs that breach these requirements.
+
+ The following OIDs are imported from [PKIXPROF]:
+
+ id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
+ id-mod OBJECT IDENTIFIER ::= { id-pkix 0 }
+ id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
+ id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+ id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+ id-ce OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 29 }
+
+ The following new ASN.1 module OID is defined:
+
+ id-mod-attribute-cert OBJECT IDENTIFIER ::= { id-mod 12 }
+
+ The following AC extension OIDs are defined:
+
+ id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 }
+ id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 }
+ id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 }
+
+ The following PKC extension OIDs are defined:
+
+ id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 }
+
+
+
+
+
+
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 34]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ The following attribute OIDs are defined:
+
+ id-aca OBJECT IDENTIFIER ::= { id-pkix 10 }
+ id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 }
+ id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 }
+ id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 }
+ id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 }
+ id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 }
+ id-at-role OBJECT IDENTIFIER ::= { id-at 72 }
+ id-at-clearance OBJECT IDENTIFIER ::=
+ { joint-iso-ccitt(2) ds(5) module(1)
+ selected-attribute-types(5) clearance (55) }
+
+Appendix B: ASN.1 Module
+
+ PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6)
+ internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+ id-mod-attribute-cert(12)}
+
+ DEFINITIONS IMPLICIT TAGS ::=
+
+ BEGIN
+
+ -- EXPORTS ALL --
+
+ IMPORTS
+
+ -- IMPORTed module OIDs MAY change if [PKIXPROF] changes
+ -- PKIX Certificate Extensions
+ Attribute, AlgorithmIdentifier, CertificateSerialNumber,
+ Extensions, UniqueIdentifier,
+ id-pkix, id-pe, id-kp, id-ad, id-at
+ FROM PKIX1Explicit88 {iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) mechanisms(5)
+ pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
+
+ GeneralName, GeneralNames, id-ce
+ FROM PKIX1Implicit88 {iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) mechanisms(5)
+ pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ;
+
+ id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 }
+ id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 }
+ id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 }
+ id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 }
+
+ id-aca OBJECT IDENTIFIER ::= { id-pkix 10 }
+
+
+
+
+Farrell & Housley Standards Track [Page 35]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 }
+ id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 }
+ id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 }
+ id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 }
+ -- { id-aca 5 } is reserved
+ id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 }
+
+ id-at-role OBJECT IDENTIFIER ::= { id-at 72}
+ id-at-clearance OBJECT IDENTIFIER ::=
+ { joint-iso-ccitt(2) ds(5) module(1)
+ selected-attribute-types(5) clearance (55) }
+
+ -- Uncomment this if using a 1988 level ASN.1 compiler
+ -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+
+ AttributeCertificate ::= SEQUENCE {
+ acinfo AttributeCertificateInfo,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING
+ }
+
+ AttributeCertificateInfo ::= SEQUENCE {
+ version AttCertVersion -- version is v2,
+ holder Holder,
+ issuer AttCertIssuer,
+ signature AlgorithmIdentifier,
+ serialNumber CertificateSerialNumber,
+ attrCertValidityPeriod AttCertValidityPeriod,
+ attributes SEQUENCE OF Attribute,
+ issuerUniqueID UniqueIdentifier OPTIONAL,
+ extensions Extensions OPTIONAL
+ }
+
+ AttCertVersion ::= INTEGER { v2(1) }
+
+ Holder ::= SEQUENCE {
+ baseCertificateID [0] IssuerSerial OPTIONAL,
+ -- the issuer and serial number of
+ -- the holder's Public Key Certificate
+ entityName [1] GeneralNames OPTIONAL,
+ -- the name of the claimant or role
+ objectDigestInfo [2] ObjectDigestInfo OPTIONAL
+ -- used to directly authenticate the
+ -- holder, for example, an executable
+ }
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 36]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ ObjectDigestInfo ::= SEQUENCE {
+ digestedObjectType ENUMERATED {
+ publicKey (0),
+ publicKeyCert (1),
+ otherObjectTypes (2) },
+ -- otherObjectTypes MUST NOT
+ -- MUST NOT be used in this profile
+ otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
+ digestAlgorithm AlgorithmIdentifier,
+ objectDigest BIT STRING
+ }
+
+ AttCertIssuer ::= CHOICE {
+ v1Form GeneralNames, -- MUST NOT be used in this
+ -- profile
+ v2Form [0] V2Form -- v2 only
+ }
+
+ V2Form ::= SEQUENCE {
+ issuerName GeneralNames OPTIONAL,
+ baseCertificateID [0] IssuerSerial OPTIONAL,
+ objectDigestInfo [1] ObjectDigestInfo OPTIONAL
+ -- issuerName MUST be present in this profile
+ -- baseCertificateID and objectDigestInfo MUST
+ -- NOT be present in this profile
+ }
+
+ IssuerSerial ::= SEQUENCE {
+ issuer GeneralNames,
+ serial CertificateSerialNumber,
+ issuerUID UniqueIdentifier OPTIONAL
+ }
+
+ AttCertValidityPeriod ::= SEQUENCE {
+ notBeforeTime GeneralizedTime,
+ notAfterTime GeneralizedTime
+ }
+
+ Targets ::= SEQUENCE OF Target
+
+ Target ::= CHOICE {
+ targetName [0] GeneralName,
+ targetGroup [1] GeneralName,
+ targetCert [2] TargetCert
+ }
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 37]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ TargetCert ::= SEQUENCE {
+ targetCertificate IssuerSerial,
+ targetName GeneralName OPTIONAL,
+ certDigestInfo ObjectDigestInfo OPTIONAL
+ }
+
+ IetfAttrSyntax ::= SEQUENCE {
+ policyAuthority[0] GeneralNames OPTIONAL,
+ values SEQUENCE OF CHOICE {
+ octets OCTET STRING,
+ oid OBJECT IDENTIFIER,
+ string UTF8String
+ }
+ }
+
+ SvceAuthInfo ::= SEQUENCE {
+ service GeneralName,
+ ident GeneralName,
+ authInfo OCTET STRING OPTIONAL
+ }
+
+ RoleSyntax ::= SEQUENCE {
+ roleAuthority [0] GeneralNames OPTIONAL,
+ roleName [1] GeneralName
+ }
+
+ Clearance ::= SEQUENCE {
+ policyId [0] OBJECT IDENTIFIER,
+ classList [1] ClassList DEFAULT {unclassified},
+ securityCategories
+ [2] SET OF SecurityCategory OPTIONAL
+ }
+
+ ClassList ::= BIT STRING {
+ unmarked (0),
+ unclassified (1),
+ restricted (2),
+ confidential (3),
+ secret (4),
+ topSecret (5)
+ }
+
+ SecurityCategory ::= SEQUENCE {
+ type [0] IMPLICIT OBJECT IDENTIFIER,
+ value [1] ANY DEFINED BY type
+ }
+
+
+
+
+
+Farrell & Housley Standards Track [Page 38]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+ AAControls ::= SEQUENCE {
+ pathLenConstraint INTEGER (0..MAX) OPTIONAL,
+ permittedAttrs [0] AttrSpec OPTIONAL,
+ excludedAttrs [1] AttrSpec OPTIONAL,
+ permitUnSpecified BOOLEAN DEFAULT TRUE
+ }
+
+ AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
+
+ ACClearAttrs ::= SEQUENCE {
+ acIssuer GeneralName,
+ acSerial INTEGER,
+ attrs SEQUENCE OF Attribute
+ }
+
+ ProxyInfo ::= SEQUENCE OF Targets
+
+ END
+
+Author's Addresses
+
+ Stephen Farrell
+ Baltimore Technologies
+ 39/41 Parkgate Street
+ Dublin 8
+ IRELAND
+
+ EMail: stephen.farrell@baltimore.ie
+
+ Russell Housley
+ RSA Laboratories
+ 918 Spring Knoll Drive
+ Herndon, VA 20170
+ USA
+
+ EMail: rhousley@rsasecurity.com
+
+Acknowledgements
+
+ Russ Housley thanks the management at SPYRUS, who supported the
+ development of this specification while he was employed at SPYRUS.
+ Russ Housley also thanks the management at RSA Laboratories, who
+ supported the completion of the specification after a job change.
+
+
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 39]
+
+RFC 3281 An Internet Attribute Certificate April 2002
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2002). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Farrell & Housley Standards Track [Page 40]
+