Subversion Repositories configs

Rev

Rev 4 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
4 - 1
# OpenLDAP X.509 PMI schema
9 - 2
# $OpenLDAP$
4 - 3
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4
##
9 - 5
## Copyright 1998-2014 The OpenLDAP Foundation.
4 - 6
## All rights reserved.
7
##
8
## Redistribution and use in source and binary forms, with or without
9
## modification, are permitted only as authorized by the OpenLDAP
10
## Public License.
11
##
12
## A copy of this license is available in the file LICENSE in the
13
## top-level directory of the distribution or, alternatively, at
14
## <http://www.OpenLDAP.org/license.html>.
15
#
16
## Portions Copyright (C) The Internet Society (1997-2006).
17
## All Rights Reserved.
18
##
19
## This document and translations of it may be copied and furnished to
20
## others, and derivative works that comment on or otherwise explain it
21
## or assist in its implementation may be prepared, copied, published
22
## and distributed, in whole or in part, without restriction of any
23
## kind, provided that the above copyright notice and this paragraph are
24
## included on all such copies and derivative works.  However, this
25
## document itself may not be modified in any way, such as by removing
26
## the copyright notice or references to the Internet Society or other
27
## Internet organizations, except as needed for the purpose of
28
## developing Internet standards in which case the procedures for
29
## copyrights defined in the Internet Standards process must be
30
## followed, or as required to translate it into languages other than
31
## English.
32
##
33
## The limited permissions granted above are perpetual and will not be
34
## revoked by the Internet Society or its successors or assigns.
35
##
36
## This document and the information contained herein is provided on an
37
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
38
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
39
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
40
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
41
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
42
 
43
#
44
#
45
# Includes LDAPv3 schema items from:
46
# ITU X.509 (08/2005)
47
#
48
## X.509 (08/2005) pp. 120-121
49
##
50
## -- object identifier assignments --
51
## -- object classes --
52
## id-oc-pmiUser                            OBJECT IDENTIFIER ::= {id-oc 24}
53
## id-oc-pmiAA                              OBJECT IDENTIFIER ::= {id-oc 25}
54
## id-oc-pmiSOA                             OBJECT IDENTIFIER ::= {id-oc 26}
55
## id-oc-attCertCRLDistributionPts          OBJECT IDENTIFIER ::= {id-oc 27}
56
## id-oc-privilegePolicy                    OBJECT IDENTIFIER ::= {id-oc 32}
57
## id-oc-pmiDelegationPath                  OBJECT IDENTIFIER ::= {id-oc 33}
58
## id-oc-protectedPrivilegePolicy           OBJECT IDENTIFIER ::= {id-oc 34}
59
## -- directory attributes --
60
## id-at-attributeCertificate               OBJECT IDENTIFIER ::= {id-at 58}
61
## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
62
## id-at-aACertificate                      OBJECT IDENTIFIER ::= {id-at 61}
63
## id-at-attributeDescriptorCertificate     OBJECT IDENTIFIER ::= {id-at 62}
64
## id-at-attributeAuthorityRevocationList   OBJECT IDENTIFIER ::= {id-at 63}
65
## id-at-privPolicy                         OBJECT IDENTIFIER ::= {id-at 71}
66
## id-at-role                               OBJECT IDENTIFIER ::= {id-at 72}
67
## id-at-delegationPath                     OBJECT IDENTIFIER ::= {id-at 73}
68
## id-at-protPrivPolicy                     OBJECT IDENTIFIER ::= {id-at 74}
69
## id-at-xMLPrivilegeInfo                   OBJECT IDENTIFIER ::= {id-at 75}
70
## id-at-xMLPprotPrivPolicy                 OBJECT IDENTIFIER ::= {id-at 76}
71
## -- attribute certificate extensions --
72
## id-ce-authorityAttributeIdentifier       OBJECT IDENTIFIER ::= {id-ce 38}
73
## id-ce-roleSpecCertIdentifier             OBJECT IDENTIFIER ::= {id-ce 39}
74
## id-ce-basicAttConstraints                OBJECT IDENTIFIER ::= {id-ce 41}
75
## id-ce-delegatedNameConstraints           OBJECT IDENTIFIER ::= {id-ce 42}
76
## id-ce-timeSpecification                  OBJECT IDENTIFIER ::= {id-ce 43}
77
## id-ce-attributeDescriptor                OBJECT IDENTIFIER ::= {id-ce 48}
78
## id-ce-userNotice                         OBJECT IDENTIFIER ::= {id-ce 49}
79
## id-ce-sOAIdentifier                      OBJECT IDENTIFIER ::= {id-ce 50}
80
## id-ce-acceptableCertPolicies             OBJECT IDENTIFIER ::= {id-ce 52}
81
## id-ce-targetInformation                  OBJECT IDENTIFIER ::= {id-ce 55}
82
## id-ce-noRevAvail                         OBJECT IDENTIFIER ::= {id-ce 56}
83
## id-ce-acceptablePrivilegePolicies        OBJECT IDENTIFIER ::= {id-ce 57}
84
## id-ce-indirectIssuer                     OBJECT IDENTIFIER ::= {id-ce 61}
85
## id-ce-noAssertion                        OBJECT IDENTIFIER ::= {id-ce 62}
86
## id-ce-issuedOnBehalfOf                   OBJECT IDENTIFIER ::= {id-ce 64}
87
## -- PMI matching rules --
88
## id-mr-attributeCertificateMatch          OBJECT IDENTIFIER ::= {id-mr 42}
89
## id-mr-attributeCertificateExactMatch     OBJECT IDENTIFIER ::= {id-mr 45}
90
## id-mr-holderIssuerMatch                  OBJECT IDENTIFIER ::= {id-mr 46}
91
## id-mr-authAttIdMatch                     OBJECT IDENTIFIER ::= {id-mr 53}
92
## id-mr-roleSpecCertIdMatch                OBJECT IDENTIFIER ::= {id-mr 54}
93
## id-mr-basicAttConstraintsMatch           OBJECT IDENTIFIER ::= {id-mr 55}
94
## id-mr-delegatedNameConstraintsMatch      OBJECT IDENTIFIER ::= {id-mr 56}
95
## id-mr-timeSpecMatch                      OBJECT IDENTIFIER ::= {id-mr 57}
96
## id-mr-attDescriptorMatch                 OBJECT IDENTIFIER ::= {id-mr 58}
97
## id-mr-acceptableCertPoliciesMatch        OBJECT IDENTIFIER ::= {id-mr 59}
98
## id-mr-delegationPathMatch                OBJECT IDENTIFIER ::= {id-mr 61}
99
## id-mr-sOAIdentifierMatch                 OBJECT IDENTIFIER ::= {id-mr 66}
100
## id-mr-indirectIssuerMatch                OBJECT IDENTIFIER ::= {id-mr 67}
101
##
102
##
103
## X.509 (08/2005) pp. 71, 86-89
104
##
105
## 14.4.1 Role attribute
106
## role  ATTRIBUTE ::= {
107
##       WITH SYNTAX         RoleSyntax
108
##       ID                  id-at-role }
109
## RoleSyntax ::= SEQUENCE {
110
## roleAuthority     [0]     GeneralNames  OPTIONAL,
111
## roleName          [1]     GeneralName }
112
##
113
## 14.5     XML privilege information attribute
114
##    xmlPrivilegeInfo ATTRIBUTE ::= {
115
##      WITH SYNTAX UTF8String -- contains XML-encoded privilege information
116
##      ID                 id-at-xMLPrivilegeInfo }
117
##
118
## 17.1 PMI directory object classes
119
##
120
## 17.1.1   PMI user object class
121
##    pmiUser OBJECT-CLASS ::= {
122
##    -- a PMI user (i.e., a "holder")
123
##      SUBCLASS OF          {top}
124
##      KIND                 auxiliary
125
##      MAY CONTAIN          {attributeCertificateAttribute}
126
##      ID                   id-oc-pmiUser }
127
##
128
## 17.1.2     PMI AA object class
129
##     pmiAA OBJECT-CLASS ::= {
130
##     -- a PMI AA
131
##       SUBCLASS OF          {top}
132
##       KIND                 auxiliary
133
##       MAY CONTAIN          {aACertificate |
134
##                            attributeCertificateRevocationList |
135
##                            attributeAuthorityRevocationList}
136
##       ID                   id-oc-pmiAA }
137
##
138
## 17.1.3     PMI SOA object class
139
##     pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
140
##       SUBCLASS OF {top}
141
##       KIND                 auxiliary
142
##       MAY CONTAIN          {attributeCertificateRevocationList |
143
##                            attributeAuthorityRevocationList |
144
##                            attributeDescriptorCertificate}
145
##       ID                   id-oc-pmiSOA }
146
##
147
## 17.1.4     Attribute certificate CRL distribution point object class
148
##     attCertCRLDistributionPt          OBJECT-CLASS ::= {
149
##       SUBCLASS OF {top}
150
##       KIND                 auxiliary
151
##       MAY CONTAIN          { attributeCertificateRevocationList |
152
##                            attributeAuthorityRevocationList }
153
##       ID                   id-oc-attCertCRLDistributionPts }
154
##
155
## 17.1.5     PMI delegation path
156
##     pmiDelegationPath            OBJECT-CLASS ::= {
157
##         SUBCLASS OF              {top}
158
##         KIND                     auxiliary
159
##         MAY CONTAIN              { delegationPath }
160
##         ID                       id-oc-pmiDelegationPath }
161
##
162
## 17.1.6     Privilege policy object class
163
##     privilegePolicy        OBJECT-CLASS ::= {
164
##         SUBCLASS OF              {top}
165
##         KIND                     auxiliary
166
##         MAY CONTAIN              {privPolicy }
167
##         ID                       id-oc-privilegePolicy }
168
##
169
## 17.1.7     Protected privilege policy object class
170
##     protectedPrivilegePolicy               OBJECT-CLASS       ::= {
171
##         SUBCLASS OF              {top}
172
##         KIND                     auxiliary
173
##         MAY CONTAIN            {protPrivPolicy }
174
##         ID                     id-oc-protectedPrivilegePolicy }
175
##
176
## 17.2       PMI Directory attributes
177
##
178
## 17.2.1     Attribute certificate attribute
179
##     attributeCertificateAttribute ATTRIBUTE ::= {
180
##         WITH SYNTAX                            AttributeCertificate
181
##         EQUALITY MATCHING RULE                 attributeCertificateExactMatch
182
##         ID                                     id-at-attributeCertificate }
183
##
184
## 17.2.2     AA certificate attribute
185
##     aACertificate         ATTRIBUTE ::= {
186
##         WITH SYNTAX                            AttributeCertificate
187
##         EQUALITY MATCHING RULE                 attributeCertificateExactMatch
188
##         ID                                     id-at-aACertificate }
189
##
190
## 17.2.3     Attribute descriptor certificate attribute
191
##     attributeDescriptorCertificate        ATTRIBUTE ::= {
192
##         WITH SYNTAX                            AttributeCertificate
193
##         EQUALITY MATCHING RULE                 attributeCertificateExactMatch
194
##         ID                                     id-at-attributeDescriptorCertificate }
195
##
196
## 17.2.4     Attribute certificate revocation list attribute
197
##     attributeCertificateRevocationList         ATTRIBUTE ::= {
198
##         WITH SYNTAX                            CertificateList
199
##         EQUALITY MATCHING RULE                 certificateListExactMatch
200
##         ID                                     id-at-attributeCertificateRevocationList}
201
##
202
## 17.2.5     AA certificate revocation list attribute
203
##     attributeAuthorityRevocationList           ATTRIBUTE ::= {
204
##         WITH SYNTAX                            CertificateList
205
##         EQUALITY MATCHING RULE                 certificateListExactMatch
206
##         ID                                     id-at-attributeAuthorityRevocationList }
207
##
208
## 17.2.6     Delegation path attribute
209
##     delegationPath        ATTRIBUTE ::= {
210
##         WITH SYNTAX                  AttCertPath
211
##         ID                           id-at-delegationPath }
212
##     AttCertPath      ::= SEQUENCE OF AttributeCertificate
213
##
214
## 17.2.7     Privilege policy attribute
215
##     privPolicy ATTRIBUTE ::= {
216
##         WITH SYNTAX             PolicySyntax
217
##         ID                      id-at-privPolicy }
218
##
219
## 17.2.8     Protected privilege policy attribute
220
##        protPrivPolicy       ATTRIBUTE        ::= {
221
##         WITH SYNTAX                          AttributeCertificate
222
##         EQUALITY MATCHING RULE               attributeCertificateExactMatch
223
##         ID                                   id-at-protPrivPolicy }
224
##
225
## 17.2.9     XML Protected privilege policy attribute
226
##        xmlPrivPolicy        ATTRIBUTE ::= {
227
##         WITH SYNTAX         UTF8String -- contains XML-encoded privilege policy information
228
##         ID                  id-at-xMLPprotPrivPolicy }
229
##
230
 
231
## -- object identifier assignments --
232
## -- object classes --
233
objectidentifier	id-oc-pmiUser 2.5.6.24
234
objectidentifier	id-oc-pmiAA 2.5.6.25
235
objectidentifier	id-oc-pmiSOA 2.5.6.26
236
objectidentifier	id-oc-attCertCRLDistributionPts 2.5.6.27
237
objectidentifier	id-oc-privilegePolicy 2.5.6.32
238
objectidentifier	id-oc-pmiDelegationPath 2.5.6.33
239
objectidentifier	id-oc-protectedPrivilegePolicy 2.5.6.34
240
## -- directory attributes --
241
objectidentifier	id-at-attributeCertificate 2.5.4.58
242
objectidentifier	id-at-attributeCertificateRevocationList 2.5.4.59
243
objectidentifier	id-at-aACertificate 2.5.4.61
244
objectidentifier	id-at-attributeDescriptorCertificate 2.5.4.62
245
objectidentifier	id-at-attributeAuthorityRevocationList 2.5.4.63
246
objectidentifier	id-at-privPolicy 2.5.4.71
247
objectidentifier	id-at-role 2.5.4.72
248
objectidentifier	id-at-delegationPath 2.5.4.73
249
objectidentifier	id-at-protPrivPolicy 2.5.4.74
250
objectidentifier	id-at-xMLPrivilegeInfo 2.5.4.75
251
objectidentifier	id-at-xMLPprotPrivPolicy 2.5.4.76
252
## -- attribute certificate extensions --
253
## id-ce-authorityAttributeIdentifier       OBJECT IDENTIFIER ::= {id-ce 38}
254
## id-ce-roleSpecCertIdentifier             OBJECT IDENTIFIER ::= {id-ce 39}
255
## id-ce-basicAttConstraints                OBJECT IDENTIFIER ::= {id-ce 41}
256
## id-ce-delegatedNameConstraints           OBJECT IDENTIFIER ::= {id-ce 42}
257
## id-ce-timeSpecification                  OBJECT IDENTIFIER ::= {id-ce 43}
258
## id-ce-attributeDescriptor                OBJECT IDENTIFIER ::= {id-ce 48}
259
## id-ce-userNotice                         OBJECT IDENTIFIER ::= {id-ce 49}
260
## id-ce-sOAIdentifier                      OBJECT IDENTIFIER ::= {id-ce 50}
261
## id-ce-acceptableCertPolicies             OBJECT IDENTIFIER ::= {id-ce 52}
262
## id-ce-targetInformation                  OBJECT IDENTIFIER ::= {id-ce 55}
263
## id-ce-noRevAvail                         OBJECT IDENTIFIER ::= {id-ce 56}
264
## id-ce-acceptablePrivilegePolicies        OBJECT IDENTIFIER ::= {id-ce 57}
265
## id-ce-indirectIssuer                     OBJECT IDENTIFIER ::= {id-ce 61}
266
## id-ce-noAssertion                        OBJECT IDENTIFIER ::= {id-ce 62}
267
## id-ce-issuedOnBehalfOf                   OBJECT IDENTIFIER ::= {id-ce 64}
268
## -- PMI matching rules --
269
objectidentifier	id-mr 2.5.13
270
objectidentifier	id-mr-attributeCertificateMatch id-mr:42
271
objectidentifier	id-mr-attributeCertificateExactMatch id-mr:45
272
objectidentifier	id-mr-holderIssuerMatch id-mr:46
273
objectidentifier	id-mr-authAttIdMatch id-mr:53
274
objectidentifier	id-mr-roleSpecCertIdMatch id-mr:54
275
objectidentifier	id-mr-basicAttConstraintsMatch id-mr:55
276
objectidentifier	id-mr-delegatedNameConstraintsMatch id-mr:56
277
objectidentifier	id-mr-timeSpecMatch id-mr:57
278
objectidentifier	id-mr-attDescriptorMatch id-mr:58
279
objectidentifier	id-mr-acceptableCertPoliciesMatch id-mr:59
280
objectidentifier	id-mr-delegationPathMatch id-mr:61
281
objectidentifier	id-mr-sOAIdentifierMatch id-mr:66
282
objectidentifier	id-mr-indirectIssuerMatch id-mr:67
283
## -- syntaxes --
284
## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
285
## to this work in progress
286
objectidentifier	AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
287
objectidentifier	CertificateList 1.3.6.1.4.1.1466.115.121.1.9
288
objectidentifier	AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
289
objectidentifier	PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
290
objectidentifier	RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
291
#  NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
292
#objectidentifier	AttributeCertificate 1.2.826.0.1.3344810.7.5
293
#objectidentifier	AttCertPath 1.2.826.0.1.3344810.7.10
294
#objectidentifier	PolicySyntax 1.2.826.0.1.3344810.7.17
295
#objectidentifier	RoleSyntax 1.2.826.0.1.3344810.7.13
296
##
297
## Substitute syntaxes
298
##
299
## AttCertPath
300
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
301
	NAME 'AttCertPath'
302
	DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
303
	X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
304
##
305
## PolicySyntax
306
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
307
	NAME 'PolicySyntax'
308
	DESC 'X.509 PMI policy syntax'
309
	X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
310
##
311
## RoleSyntax
312
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
313
	NAME 'RoleSyntax'
314
	DESC 'X.509 PMI role syntax'
315
	X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
316
##
317
## X.509 (08/2005) pp. 71, 86-89
318
##
319
## 14.4.1 Role attribute
320
attributeType ( id-at-role
321
	NAME 'role'
322
	DESC 'X.509 Role attribute, use ;binary'
323
	SYNTAX RoleSyntax )
324
##
325
## 14.5     XML privilege information attribute
326
##  -- contains XML-encoded privilege information
327
attributeType ( id-at-xMLPrivilegeInfo
328
	NAME 'xmlPrivilegeInfo'
329
	DESC 'X.509 XML privilege information attribute'
330
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
331
##
332
## 17.2       PMI Directory attributes
333
##
334
## 17.2.1     Attribute certificate attribute
335
attributeType ( id-at-attributeCertificate
336
	NAME 'attributeCertificateAttribute'
337
	DESC 'X.509 Attribute certificate attribute, use ;binary'
338
	SYNTAX AttributeCertificate
339
	EQUALITY attributeCertificateExactMatch )
340
##
341
## 17.2.2     AA certificate attribute
342
attributeType ( id-at-aACertificate
343
	NAME 'aACertificate'
344
	DESC 'X.509 AA certificate attribute, use ;binary'
345
	SYNTAX AttributeCertificate
346
	EQUALITY attributeCertificateExactMatch )
347
##
348
## 17.2.3     Attribute descriptor certificate attribute
349
attributeType ( id-at-attributeDescriptorCertificate
350
	NAME 'attributeDescriptorCertificate'
351
	DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
352
	SYNTAX AttributeCertificate
353
	EQUALITY attributeCertificateExactMatch )
354
##
355
## 17.2.4     Attribute certificate revocation list attribute
356
attributeType ( id-at-attributeCertificateRevocationList
357
	NAME 'attributeCertificateRevocationList'
358
	DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
359
	SYNTAX CertificateList
360
	X-EQUALITY 'certificateListExactMatch, not implemented yet' )
361
##
362
## 17.2.5     AA certificate revocation list attribute
363
attributeType ( id-at-attributeAuthorityRevocationList
364
	NAME 'attributeAuthorityRevocationList'
365
	DESC 'X.509 AA certificate revocation list attribute, use ;binary'
366
	SYNTAX CertificateList
367
	X-EQUALITY 'certificateListExactMatch, not implemented yet' )
368
##
369
## 17.2.6     Delegation path attribute
370
attributeType ( id-at-delegationPath
371
	NAME 'delegationPath'
372
	DESC 'X.509 Delegation path attribute, use ;binary'
373
	SYNTAX AttCertPath )
374
##     AttCertPath      ::= SEQUENCE OF AttributeCertificate
375
##
376
## 17.2.7     Privilege policy attribute
377
attributeType ( id-at-privPolicy
378
	NAME 'privPolicy'
379
	DESC 'X.509 Privilege policy attribute, use ;binary'
380
	SYNTAX PolicySyntax )
381
##
382
## 17.2.8     Protected privilege policy attribute
383
attributeType ( id-at-protPrivPolicy
384
	NAME 'protPrivPolicy'
385
	DESC 'X.509 Protected privilege policy attribute, use ;binary'
386
	SYNTAX AttributeCertificate
387
	EQUALITY attributeCertificateExactMatch )
388
##
389
## 17.2.9     XML Protected privilege policy attribute
390
## -- contains XML-encoded privilege policy information
391
attributeType ( id-at-xMLPprotPrivPolicy
392
	NAME 'xmlPrivPolicy'
393
	DESC 'X.509 XML Protected privilege policy attribute'
394
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
395
##
396
## 17.1 PMI directory object classes
397
##
398
## 17.1.1   PMI user object class
399
##    -- a PMI user (i.e., a "holder")
400
objectClass ( id-oc-pmiUser
401
	NAME 'pmiUser'
402
	DESC 'X.509 PMI user object class'
403
	SUP top
404
	AUXILIARY
405
	MAY ( attributeCertificateAttribute ) )
406
##
407
## 17.1.2     PMI AA object class
408
##     -- a PMI AA
409
objectClass ( id-oc-pmiAA
410
	NAME 'pmiAA'
411
	DESC 'X.509 PMI AA object class'
412
	SUP top
413
	AUXILIARY
414
	MAY ( aACertificate $
415
		attributeCertificateRevocationList $
416
		attributeAuthorityRevocationList
417
	) )
418
##
419
## 17.1.3     PMI SOA object class
420
##     -- a PMI Source of Authority
421
objectClass ( id-oc-pmiSOA
422
	NAME 'pmiSOA'
423
	DESC 'X.509 PMI SOA object class'
424
	SUP top
425
	AUXILIARY
426
	MAY ( attributeCertificateRevocationList $
427
		attributeAuthorityRevocationList $
428
		attributeDescriptorCertificate
429
	) )
430
##
431
## 17.1.4     Attribute certificate CRL distribution point object class
432
objectClass ( id-oc-attCertCRLDistributionPts
433
	NAME 'attCertCRLDistributionPt'
434
	DESC 'X.509 Attribute certificate CRL distribution point object class'
435
	SUP top
436
	AUXILIARY
437
	MAY ( attributeCertificateRevocationList $
438
		attributeAuthorityRevocationList
439
	) )
440
##
441
## 17.1.5     PMI delegation path
442
objectClass ( id-oc-pmiDelegationPath
443
	NAME 'pmiDelegationPath'
444
	DESC 'X.509 PMI delegation path'
445
	SUP top
446
	AUXILIARY
447
	MAY ( delegationPath ) )
448
##
449
## 17.1.6     Privilege policy object class
450
objectClass ( id-oc-privilegePolicy
451
	NAME 'privilegePolicy'
452
	DESC 'X.509 Privilege policy object class'
453
	SUP top
454
	AUXILIARY
455
	MAY ( privPolicy ) )
456
##
457
## 17.1.7     Protected privilege policy object class
458
objectClass ( id-oc-protectedPrivilegePolicy
459
	NAME 'protectedPrivilegePolicy'
460
	DESC 'X.509 Protected privilege policy object class'
461
	SUP top
462
	AUXILIARY
463
	MAY ( protPrivPolicy ) )
464