April 13, 1995 John Lowry Senior Member of the Technical Staff Bolt Beranek and Newman, Inc. 70 Fawcett St Cambridge, MA. 02138 email: jlowry@bbn.com (617) 873-2435 Direct (617) 873-4086 Fax Project: Location Independent Information Object Security (IOS) Bolt Beranek and Newman, Inc. (BBN), under contract to the Advanced Research Projects Agency (ARPA), has developed the Information Object Security (IOS) Tools. These tools use object identifiers which are registered as Computer Security Objects. ARPA has unlimited rights in the software containing the objects. BBN specified, created, and named the objects under contract to ARPA, and remains the primary point of contact on all questions regarding naming conflicts. The NIST Computer Security Objects Register (CSOR) assumes no responsibility pertaining to any inquiry regarding ownership or naming conflicts. The IOS software is publicly available and can be obtained on the Internet for anonymous ftp at ests.bbn.com. Object naming information ------------------------- IOS Key Management Component: 2.16.840.101.3.3.0.4 iosp (3) components (0) keyManagementComponent (4) id-ios-keyManagementComponent Object definition and description --------------------------------- The key management component is one of several components defined by the Location Independent Information Object Security (IOS) project. The IOS components are used singly or in combination with others to achieve a variety of security services. This is a syntax that denotes an IOS key mangement component. The key management component is used to carry Certificates, Certificate revocation lists (CRLs), AttributeCertificates and AttributeCertificate revocation lists. CertificateAuthorizationComponent ::= SEQUENCE { dataID DataID, certificateInfo SEQUENCE OF CertificateInfo } CertificateInfo ::= SEQUENCE { referenceID DataID, certificates CertificationPath, attributes [0] AttributeCertificationPath OPTIONAL, crls CRLList OPTIONAL, arls [1] ARLList OPTIONAL } AttributeCertificationPath ::= INTEGER CRLList ::= SEQUENCE OF CertificateRevocationList ARLList ::= CRLList Object usage and rules ----------------------- Key Management components contain a DataID with the object identifier that defines the type of component. The DataID provides a unique identification for a component by the combination of the componentType, time, random, and name items. The random element distinguishes among components created at the same time by the same user, with the EntityName. The informal name field is provided for those users who do not have Names. Such users must take care to supply an informal name that they can be certain is unique, such as an RFC822 address. Certificates, CertificationPaths and CRLs are as defined in X.509. AttributeCertificates, AttributeCertificationPaths, and ARLs are as defined in X9.30. Note that X9.30 is undergoing significant change. A CRLList is used to support validation of the CertificationPath presented in the CertificateAuthorizationComponent. The CRLList components shall be ordered by the issuer in the same sequence as the components of the CertificationPath. The same is true for ARLLists and AttributeCertificationPaths.