summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc5916.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc5916.txt')
-rw-r--r--doc/rfc/rfc5916.txt339
1 files changed, 339 insertions, 0 deletions
diff --git a/doc/rfc/rfc5916.txt b/doc/rfc/rfc5916.txt
new file mode 100644
index 0000000..7b0dda4
--- /dev/null
+++ b/doc/rfc/rfc5916.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) S. Turner
+Request for Comments: 5916 IECA
+Category: Informational June 2010
+ISSN: 2070-1721
+
+
+ Device Owner Attribute
+
+Abstract
+
+ This document defines the Device Owner attribute. It indicates the
+ entity (e.g., company, organization, department, agency) that owns
+ the device. This attribute may be included in public key
+ certificates and attribute certificates.
+
+Status of This Memo
+
+ This document is not an Internet Standards Track specification; it is
+ published for informational purposes.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Not all documents
+ approved by the IESG are a candidate for any level of Internet
+ Standard; see Section 2 of RFC 5741.
+
+ Information about the current status of this document, any
+ errata, and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc5916.
+
+Copyright Notice
+
+ Copyright (c) 2010 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+
+
+
+
+
+Turner Informational [Page 1]
+
+RFC 5916 Device Owner Attribute June 2010
+
+
+1. Introduction
+
+ This document specifies the Device Owner attribute. It indicates the
+ entity (e.g., company, organization, department, agency) that owns
+ the device. This attribute is intended to be used in public key
+ certificates [RFC5280] and attribute certificates [RFC5755].
+
+ This attribute may be used in automated authorization decisions. For
+ example, when two peers are deciding whether to communicate, each
+ could check that the device owner present in the other device's
+ certificate is on an "approved" list. This check is performed in
+ addition to certification path validation [RFC5280]. The mechanism
+ for managing the "approved" list is beyond the scope of this
+ document.
+
+ NOTE: This document does not provide an equivalent Lightweight
+ Directory Access Protocol (LDAP) schema specification as this
+ attribute is targeted at public key certificates [RFC5280] and
+ attribute certificates [RFC5755]. Definition of an equivalent LDAP
+ schema is left to a future specification.
+
+1.1. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+1.2. ASN.1 Syntax Notation
+
+ The attribute is defined using ASN.1 [X.680], [X.681], [X.682], and
+ [X.683].
+
+2. Device Owner
+
+ The Device Owner attribute indicates the entity (e.g., company,
+ organization, department, agency) that owns the device with which
+ this attribute is associated. Device Owner is an object identifier.
+
+ The following object identifier identifies the Device Owner
+ attribute:
+
+ id-deviceOwner OBJECT IDENTIFIER ::= {
+ joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+ dod(2) infosec(1) attributes(5) 69
+ }
+
+
+
+
+
+
+Turner Informational [Page 2]
+
+RFC 5916 Device Owner Attribute June 2010
+
+
+ The ASN.1 syntax for the Device Owner attribute is as follows:
+
+ at-deviceOwner ATTRIBUTE ::= {
+ TYPE OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ IDENTIFIED BY id-deviceOwner
+ }
+
+ There MUST only be one value of Device Owner associated with a
+ device. Distinct owners MUST be represented in separate
+ certificates.
+
+3. Security Considerations
+
+ If this attribute is used as part of an authorization process, the
+ procedures employed by the entity that assigns each value must ensure
+ that the correct value is applied. Including this attribute in a
+ public key certificate or attribute certificate ensures the value for
+ the device owner is integrity protected.
+
+4. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
+ Housley, R., and W. Polk, "Internet X.509 Public Key
+ Infrastructure Certificate and Certificate Revocation List
+ (CRL) Profile", RFC 5280, May 2008.
+
+ [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet
+ Attribute Certificate Profile for Authorization", RFC
+ 5755, January 2010.
+
+ [RFC5912] Schaad, J. and P. Hoffman, "New ASN.1 Modules for the
+ Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
+ June 2010.
+
+ [X.501] ITU-T Recommendation X.520 (2002) | ISO/IEC 9594-2:2002,
+ Information technology - The Directory: Models.
+
+ [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002,
+ Information technology - Abstract Syntax Notation One
+ (ASN.1): Specification of basic notation.
+
+ [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002,
+ Information Technology - Abstract Syntax Notation One:
+ Information Object Specification.
+
+
+
+Turner Informational [Page 3]
+
+RFC 5916 Device Owner Attribute June 2010
+
+
+ [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002,
+ Information Technology - Abstract Syntax Notation One:
+ Constraint Specification.
+
+ [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002,
+ Information Technology - Abstract Syntax Notation One:
+ Parameterization of ASN.1 Specifications.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Turner Informational [Page 4]
+
+RFC 5916 Device Owner Attribute June 2010
+
+
+Appendix A. ASN.1 Module
+
+ This appendix provides the normative ASN.1 [X.680] definitions for
+ the structures described in this specification using ASN.1 as defined
+ in [X.680], [X.681], [X.682], and [X.683].
+
+ DeviceOwnerAttribute-2008
+ { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+ dod(2) infosec(1) module(0) id-deviceOwnerAttribute-2008(34) }
+
+ DEFINITIONS IMPLICIT TAGS ::=
+
+ BEGIN
+
+ -- EXPORTS ALL --
+
+ IMPORTS
+
+ -- IMPORTS from New PKIX ASN.1 [RFC5912]
+
+ ATTRIBUTE
+ FROM PKIX-CommonTypes-2009
+ { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) id-mod(0)
+ id-mod-pkixCommon-02(57) }
+
+ -- Imports from ITU-T X.501 [X.501]
+
+ objectIdentifierMatch
+ FROM InformationFramework
+ { joint-iso-itu-t ds(5) module(1) informationFramework(1) 4 }
+
+ ;
+
+ -- device owner attribute OID and syntax
+
+ id-deviceOwner OBJECT IDENTIFIER ::= {
+ joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+ dod(2) infosec(1) attributes(5) 69
+ }
+
+ at-deviceOwner ATTRIBUTE ::= {
+ TYPE OBJECT IDENTIFIER
+ EQUALITY MATCHING RULE objectIdentifierMatch
+ IDENTIFIED BY id-deviceOwner
+ }
+
+ END
+
+
+
+Turner Informational [Page 5]
+
+RFC 5916 Device Owner Attribute June 2010
+
+
+Author's Address
+
+ Sean Turner
+ IECA, Inc.
+ 3057 Nutley Street, Suite 106
+ Fairfax, VA 22031
+ USA
+
+ EMail: turners@ieca.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Turner Informational [Page 6]
+