April 13, 1995
John Lowry
Senior Member of the Technical Staff
Bolt Beranek and Newman, Inc.
70 Fawcett St
Cambridge, MA. 02138
email: jlowry@bbn.com
(617) 873-2435 Direct
(617) 873-4086 Fax
Project: Location Independent Information Object Security
(IOS)
Bolt Beranek and Newman, Inc. (BBN), under contract to the
Advanced Research Projects Agency (ARPA), has developed the
Information Object Security (IOS) Tools. These tools use
object identifiers which are registered as Computer Security
Objects. ARPA has unlimited rights in the software
containing the objects. BBN specified, created, and named
the objects under contract to ARPA, and remains the primary
point of contact on all questions regarding naming
conflicts. The NIST Computer Security Objects Register
(CSOR) assumes no responsibility pertaining to any inquiry
regarding ownership or naming conflicts.
The IOS software is publicly available and can be obtained
on the Internet for anonymous ftp at ests.bbn.com.
Object naming information
-------------------------
IOS Key Management Component: 2.16.840.101.3.3.0.4
iosp (3) components (0) keyManagementComponent (4)
id-ios-keyManagementComponent
Object definition and description
---------------------------------
The key management component is one of several components
defined by the Location Independent Information Object
Security (IOS) project. The IOS components are used singly
or in combination with others to achieve a variety of
security services.
This is a syntax that denotes an IOS key mangement
component. The key management component is used to carry
Certificates, Certificate revocation lists (CRLs),
AttributeCertificates and AttributeCertificate revocation
lists.
CertificateAuthorizationComponent ::= SEQUENCE {
dataID DataID,
certificateInfo SEQUENCE OF CertificateInfo }
CertificateInfo ::= SEQUENCE {
referenceID DataID,
certificates CertificationPath,
attributes [0] AttributeCertificationPath
OPTIONAL,
crls CRLList OPTIONAL,
arls [1] ARLList OPTIONAL }
AttributeCertificationPath ::= INTEGER
CRLList ::= SEQUENCE OF CertificateRevocationList
ARLList ::= CRLList
Object usage and rules
-----------------------
Key Management components contain a DataID with the object
identifier that defines the type of component. The DataID
provides a unique identification for a component by the
combination of the componentType, time, random, and name
items. The random element distinguishes among components
created at the same time by the same user, with the
EntityName. The informal name field is provided for those
users who do not have Names.
Such users must take care to supply an informal name that
they can be certain is unique, such as an RFC822 address.
Certificates, CertificationPaths and CRLs are as defined in
X.509. AttributeCertificates, AttributeCertificationPaths,
and ARLs are as defined in X9.30. Note that X9.30 is
undergoing significant change.
A CRLList is used to support validation of the
CertificationPath presented in the
CertificateAuthorizationComponent. The CRLList components
shall be ordered by the issuer in the same sequence as the
components of the CertificationPath. The same is true for
ARLLists and AttributeCertificationPaths.
�