April 13, 1995

John Lowry
Senior Member of the Technical Staff

Bolt Beranek and Newman, Inc.
70 Fawcett St
Cambridge, MA.  02138  

email: jlowry@bbn.com

(617) 873-2435 Direct
(617) 873-4086 Fax


Project: Location Independent Information Object Security
(IOS)

Bolt Beranek and Newman, Inc. (BBN), under contract to the
Advanced Research Projects Agency (ARPA), has developed the
Information Object Security (IOS) Tools.  These tools use
object identifiers which are registered as Computer Security
Objects.  ARPA has unlimited rights in the software
containing the objects.  BBN specified, created, and named
the objects under contract to ARPA, and remains the primary
point of contact on all questions regarding naming
conflicts.  The NIST Computer Security Objects Register
(CSOR) assumes no responsibility pertaining to any inquiry
regarding ownership or naming conflicts. 

The IOS software is publicly available and can be obtained
on the Internet for anonymous ftp at ests.bbn.com. 

Object naming information
-------------------------

   IOS Components:  2.16.840.101.3.3.0

      iosp (3) components (0) 

   id-ios-components


Object definition and description
---------------------------------

The Location Independent Information Object Security (IOS)
project defines components as the separate building blocks
that are used singly or in combination with others to
achieve a variety of security services.

The types of components are:

     Data component (id-ios-dataComponent)
     Access Control component
(id-ios-accessControlComponent)
     Confidentiality component
(id-ios-confidentialityComponent)
     Signature component (id-ios-signatureComponent)
     Key Management component
(id-ios-keyManagementComponent)
     Annotation component (id-ios-annotationComponent)


Object usage and rules
-----------------------

Components are generally grouped in a structure called a
Component List:

    ComponentList ::= SEQUENCE {
     version     IOS-Version DEFAULT 0,
        list        SEQUENCE OF Components }

    IOS-Version ::= INTEGER { 0 (0)}


Every IOS component contains a DataID structure (defined in
each of the individual component types) that provides a
unique identification for a component.  Most components can
point to one or more other components and can be pointed to
by one or more other components.  For example, a data
component may be pointed to by more than one signature
component.  The pointers are in the structure:

    ReferenceID ::= SEQUENCE OF DataID

and are in the definition for the each of the component
types that can reference other components.