#---------------------------------------------------------------------- # # pkiris.schema v: 20090218-3.1.1 # # Objectc classes for a PKI in the IRIS community # # RedIRIS 2005-2009 # #---------------------------------------------------------------------- # # Changelog # # 20090218-3.1.1 - Modified Object classes OID (1.3.6.1.4.1.7547.4.5.X.*) # 20060208-3.1.0 - Added pkirisShowMail # - Added pkirisRevocationReason # - Added pkirisCertificateExpirationDate # - Modified pkirisID (no COPA) # - Added pkirisCopaID # - Modified objectclasses # 20051103-3.0.0 - Changed pkirisRA to pkirisAuthority # - Changed pkirisUsr to pkirisEndEntity # - Changed pkirisCert to pkirisCertificate # - Renamed objectclass OIDs # - Changed attribute name from pkirisRaName to pkirisName # - Changed attribute name from pkirisCount to pkirisCounter # - Added userPassword to pkirisEndEntity # 20050922-2.0.0 - Changed schema name from pkirisgrid.schema to # pkiris.schema # - Changed names from pkirisgrid* to pkiris* # 20050525-1.0.5 - Changed some names # attribute pkirisgridCSRUsrCount to pkirisgridUsrCount # objectClass pkirisgridCSR to pkirisgridCert # 20050517-1.0.4 - Added pkirisgridCertType # 20050503-1.0.3 - Added pkirisgridSubjectDN # 20050303-1.0.2 - Added pkirisgridCSRUsrCount # 20050301-1.0.1 - Added pkirisgridStatus and pkirisgridDate # 20050207-1.0.0 - First version #---------------------------------------------------------------------- # 1.3.6.1.4.1.7547.4.5.3.X Objetos pkirisgrid # 1.3.6.1.4.1.7547.4.5.4.X Atributos pkirisgrid # # pkirisID # # Ej: pepe.perez@uuu.es, ldap/www.uuu.es, www.uuu.es # attributetype ( 1.3.6.1.4.1.7547.4.5.4.1 NAME 'pkirisID' DESC 'End entity identificator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisTrace # # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:new # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:approved # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:submited # urn:mace:rediris.es:irisgrid:pki:csr:state:YYYYMMDDhhmmss:deleted # attributetype ( 1.3.6.1.4.1.7547.4.5.4.2 NAME 'pkirisTrace' DESC 'CSRs history' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisPin # attributetype ( 1.3.6.1.4.1.7547.4.5.4.3 NAME 'pkirisPin' DESC 'PIN' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # # pkirisCSR # attributetype ( 1.3.6.1.4.1.7547.4.5.4.4 NAME 'pkirisCSR' DESC 'CSR in DER format' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # # pkirisName # attributetype ( 1.3.6.1.4.1.7547.4.5.4.5 NAME 'pkirisName' SUP name ) # # pkirisStatus # attributetype ( 1.3.6.1.4.1.7547.4.5.4.6 NAME 'pkirisStatus' DESC 'CSRs last state' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisDate # attributetype ( 1.3.6.1.4.1.7547.4.5.4.7 NAME 'pkirisDate' DESC 'CSRs last modified time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 SINGLE-VALUE ) # # pkirisCounter # attributetype ( 1.3.6.1.4.1.7547.4.5.4.8 NAME 'pkirisCounter' DESC 'Number of entries below an entry' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) # # pkirisSubjectDN # attributetype ( 1.3.6.1.4.1.7547.4.5.4.9 NAME 'pkirisSubjectDN' DESC 'Subject DN' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisCertType # attributetype ( 1.3.6.1.4.1.7547.4.5.4.10 NAME 'pkirisCertType' DESC 'Type of the Certificate: usr, srv' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # pkirisCopaID # # Formato COPA : a999b9999c99 # # a = RA # b = End entity's number below this RA # c = CSR/Cert's number for a given entity # # Ej: a1b5c2 identify RA 2, entity 55, and certificate/CSR 1 # attributetype ( 1.3.6.1.4.1.7547.4.5.4.11 NAME 'pkirisCopaID' DESC 'COPA identificator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisRevocationReason # attributetype ( 1.3.6.1.4.1.7547.4.5.4.12 NAME 'pkirisRevocationReason' DESC 'Revocation Reason (and invalidity date)' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # pkirisShowMail # attributetype ( 1.3.6.1.4.1.7547.4.5.4.13 NAME 'pkirisShowMail' DESC 'Boolean variable to decide if email is added to X509v3 Subject Alternative Name' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # # pkirisCertificateExpirationDate # attributetype ( 1.3.6.1.4.1.7547.4.5.4.14 NAME 'pkirisCertificateExpirationDate' DESC 'Certificate Expiration Date' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) #---------------------------------------------------------------------- # Object classes #---------------------------------------------------------------------- objectclass ( 1.3.6.1.4.1.7547.4.5.3.1 NAME 'pkirisAuthority' DESC 'Registration Authority (COPA level a)' SUP top STRUCTURAL MUST (pkirisID $ pkirisName $ pkirisCounter) MAY (pkirisCopaID) ) objectclass ( 1.3.6.1.4.1.7547.4.5.3.2 NAME 'pkirisEndEntity' DESC 'End entity (COPA level b)' SUP top STRUCTURAL MUST (pkirisID $ userPassword) MAY (pkirisCounter $ cn $ sn $ telephoneNumber $ mail $ pkirisCopaID) ) objectclass ( 1.3.6.1.4.1.7547.4.5.3.3 NAME 'pkirisCertificate' DESC 'Certificate Object (COPA level c)' SUP top STRUCTURAL MUST ( pkirisID $ pkirisTrace $ pkirisStatus $ pkirisDate $ pkirisPin $ pkirisCSR $ pkirisCertType) MAY ( userCertificate $ pkirisSubjectDN $ pkirisCopaID $ pkirisRevocationReason $ pkirisShowMail $ pkirisCertificateExpirationDate) )