#---------------------------------------------------------------------- # # pkiris.schema v: 20150825-3.8.0 # # Objectc classes for a PKI in the IRIS community # # RedIRIS 2005-2015 # #---------------------------------------------------------------------- # # Changelog # # 20150825-3.8.0 - Added pkirisF2F # 20130321-3.7.0 - Added pkirisTraceChecksum # Added pkirisLastF2F # 20130123-3.6.0 - Added pkirisRelatedCopaID to pkirisEndEntity, # pkirisCertificate and pkirisAuthority # 20120717-3.5.0 - Added o $ postalAddress $ postalCode $ l to pkirisEndEntity # 20100224-3.4.0 - Added mail to pkirisCertificate # 20071107-3.3.0 - Added pkirisCertificateExpirationNotificationDate # 20070207-3.2.0 - Change pkirisTrace # EQUALITY caseExactMatch # ORDERING caseExactOrderingMatch # SUBSTR caseExactSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # 20060208-3.1.0 - Added pkirisShowMail # - Added pkirisRevocationReason # - Added pkirisCertificateExpirationDate # - Modified pkirisID (no COPA) # - Added pkirisCopaID # - Modified objectclasses # 20051103-3.0.0 - Changed pkirisRA to pkirisAuthority # - Changed pkirisUsr to pkirisEndEntity # - Changed pkirisCert to pkirisCertificate # - Renamed objectclass OIDs # - Changed attribute name from pkirisRaName to pkirisName # - Changed attribute name from pkirisCount to pkirisCounter # - Added userPassword to pkirisEndEntity # 20050922-2.0.0 - Changed schema name from pkirisgrid.schema to # pkiris.schema # - Changed names from pkirisgrid* to pkiris* # 20050525-1.0.5 - Changed some names # attribute pkirisgridCSRUsrCount to pkirisgridUsrCount # objectClass pkirisgridCSR to pkirisgridCert # 20050517-1.0.4 - Added pkirisgridCertType # 20050503-1.0.3 - Added pkirisgridSubjectDN # 20050303-1.0.2 - Added pkirisgridCSRUsrCount # 20050301-1.0.1 - Added pkirisgridStatus and pkirisgridDate # 20050207-1.0.0 - First version #---------------------------------------------------------------------- # 1.3.6.1.4.1.7547.4.5.3.X Objetos pkirisgrid # 1.3.6.1.4.1.7547.4.5.4.X Atributos pkirisgrid # # pkirisID # # Ej: pepe.perez@uuu.es, ldap/www.uuu.es, www.uuu.es # attributetype ( 1.3.6.1.4.1.7547.4.5.4.1 NAME 'pkirisID' DESC 'End entity identificator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisTrace # # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:new # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:approved # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:submited # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:deleted # attributetype ( 1.3.6.1.4.1.7547.4.5.4.2 NAME 'pkirisTrace' DESC 'CSRs history' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # EQUALITY caseIgnoreIA5Match # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisPin # attributetype ( 1.3.6.1.4.1.7547.4.5.4.3 NAME 'pkirisPin' DESC 'PIN' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # # pkirisCSR # attributetype ( 1.3.6.1.4.1.7547.4.5.4.4 NAME 'pkirisCSR' DESC 'CSR in DER format' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # # pkirisName # attributetype ( 1.3.6.1.4.1.7547.4.5.4.5 NAME 'pkirisName' SUP name ) # # pkirisStatus # attributetype ( 1.3.6.1.4.1.7547.4.5.4.6 NAME 'pkirisStatus' DESC 'CSRs last state' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisDate # attributetype ( 1.3.6.1.4.1.7547.4.5.4.7 NAME 'pkirisDate' DESC 'CSRs last modified time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 SINGLE-VALUE ) # # pkirisCounter # attributetype ( 1.3.6.1.4.1.7547.4.5.4.8 NAME 'pkirisCounter' DESC 'Number of entries below an entry' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) # # pkirisSubjectDN # attributetype ( 1.3.6.1.4.1.7547.4.5.4.9 NAME 'pkirisSubjectDN' DESC 'Subject DN' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisCertType # attributetype ( 1.3.6.1.4.1.7547.4.5.4.10 NAME 'pkirisCertType' DESC 'Type of the Certificate: usr, srv' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisCopaID # # Formato COPA : a999b9999c99 # # a = RA # b = End entity's number below this RA # c = CSR/Cert's number for a given entity # # Ej: a1b5c2 identify RA 2, entity 55, and certificate/CSR 1 # attributetype ( 1.3.6.1.4.1.7547.4.5.4.11 NAME 'pkirisCopaID' DESC 'COPA identificator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisRevocationReason # attributetype ( 1.3.6.1.4.1.7547.4.5.4.12 NAME 'pkirisRevocationReason' DESC 'Revocation Reason (and invalidity date)' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisShowMail # attributetype ( 1.3.6.1.4.1.7547.4.5.4.13 NAME 'pkirisShowMail' DESC 'Boolean variable to decide if email is added to X509v3 Subject Alternative Name' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # # pkirisCertificateExpirationDate # attributetype ( 1.3.6.1.4.1.7547.4.5.4.14 NAME 'pkirisCertificateExpirationDate' DESC 'Certificate Expiration Date' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisCertificateExpirationNotificationDate # attributetype ( 1.3.6.1.4.1.7547.4.5.4.15 NAME 'pkirisCertificateExpirationNotificationDate' DESC 'Certificate Expiration Notification Date' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # pkirisRelatedCopaID # # Formato COPA : a999b9999c99 # # a = RA # b = End entity's number below this RA # c = CSR/Cert's number for a given entity # # Ej: a1b5c2 identify RA 2, entity 55, and certificate/CSR 1 # attributetype ( 1.3.6.1.4.1.7547.4.5.4.16 NAME 'pkirisRelatedCopaID' DESC 'COPA identificator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisTraceChecksum # attributetype ( 1.3.6.1.4.1.7547.4.5.4.17 NAME 'pkirisTraceChecksum' DESC 'Used to store an arbitrary block of digital data for the purpose of detecting accidental errors in pkirisTrace attribute' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisLastF2F # # Format: YYYYMMDDhhmmss # attributetype ( 1.3.6.1.4.1.7547.4.5.4.18 NAME 'pkirisLastF2F' DESC 'Date of last F2F meeting' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisF2F # # Format: YYYYMMDDhhmmss # attributetype ( 1.3.6.1.4.1.7547.4.5.4.19 NAME 'pkirisF2F' DESC 'Date of F2F meeting' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) #---------------------------------------------------------------------- # Object classes #---------------------------------------------------------------------- objectclass ( 1.3.6.1.4.1.7547.4.5.4.1 NAME 'pkirisAuthority' DESC 'Registration Authority (COPA level a)' SUP top STRUCTURAL MUST (pkirisID $ pkirisName $ pkirisCounter) MAY (pkirisCopaID $ pkirisRelatedCopaID) ) objectclass ( 1.3.6.1.4.1.7547.4.5.4.2 NAME 'pkirisEndEntity' DESC 'End entity (COPA level b)' SUP top STRUCTURAL MUST (pkirisID $ userPassword) MAY (pkirisCounter $ cn $ sn $ telephoneNumber $ mail $ pkirisCopaID $ pkirisRelatedCopaID $ o $ postalAddress $ postalCode $ l $ pkirisLastF2F ) ) objectclass ( 1.3.6.1.4.1.7547.4.5.4.3 NAME 'pkirisCertificate' DESC 'Certificate Object (COPA level c)' SUP top STRUCTURAL MUST ( pkirisID $ pkirisTrace $ pkirisStatus $ pkirisDate $ pkirisPin $ pkirisCSR $ pkirisCertType) MAY ( userCertificate $ pkirisSubjectDN $ pkirisCopaID $ pkirisRelatedCopaID $ pkirisRevocationReason $ pkirisShowMail $ pkirisCertificateExpirationDate $ pkirisCertificateExpirationNotificationDate $ mail $ pkirisTraceChecksum $ pkirisF2F ) )