-- Module Notation (X.830:04/1995)
Notation {joint-iso-itu-t genericULS(20) modules(1) notation(1)} DEFINITIONS
AUTOMATIC TAGS ::=
BEGIN
-- EXPORTS All
IMPORTS
-- From Directory Standards:
informationFramework, selectedAttributeTypes, authenticationFramework
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
usefulDefinitions(0) 3}
Name
FROM InformationFramework informationFramework
UniqueIdentifier
FROM SelectedAttributeTypes selectedAttributeTypes
AlgorithmIdentifier
FROM AuthenticationFramework authenticationFramework
-- From Other GULS Modules:
genericProtectingTransferSyntax
FROM ObjectIdentifiers {joint-iso-itu-t genericULS(20) modules(1)
objectIdentifiers(0)}
SyntaxStructure{}
FROM GenericProtectingTransferSyntax genericProtectingTransferSyntax;
-- *************************************************
-- Notation for security identity and SA-identifiers
-- *************************************************
-- Values of the SecurityIdentity type are used to identify entities
-- which assign externally-established security association identifiers,
-- and for other security-related purposes requiring globally-unique
-- identifiers.
SecurityIdentity ::= CHOICE {
directoryName Name,
objectIdentifier OBJECT IDENTIFIER
}
ExternalSAID ::= SEQUENCE {
localSAID INTEGER,
assignerIdentity SecurityIdentity OPTIONAL
-- Identity of the system which assigned the integer value
}
-- ******************************************
-- Notation for specifying security exchanges
-- ******************************************
SECURITY-EXCHANGE ::=
CLASS
-- This information object class definition is for use when
-- specifying a particular instance of a security exchange.
{
&SE-Items SEC-EXCHG-ITEM,
-- This is an ASN.1 information object set, comprising a set
-- of security exchange items
&sE-Identifier Identifier UNIQUE
-- A local or global identifier for the particular security
-- exchange
}
WITH SYNTAX
-- The following syntax is used to specify a particular security
-- exchange.
{SE-ITEMS &SE-Items
IDENTIFIER &sE-Identifier
}
Identifier ::= CHOICE {local INTEGER,
global OBJECT IDENTIFIER
}
SEC-EXCHG-ITEM ::= CLASS {
&ItemType ,
-- ASN.1 type for this exchange item
&itemId INTEGER,
-- Identifier for this item, e.g. 1, 2, 3, ..
&Errors SE-ERROR OPTIONAL
-- Optional list of errors which may result from
-- transfer of this item
}WITH SYNTAX {ITEM-TYPE &ItemType
ITEM-ID &itemId
[ERRORS &Errors]
}
SE-ERROR ::= CLASS {
&ParameterType OPTIONAL,
-- ASN.1 type of a parameter to accompany the signalling
-- of the error condition back to the sender of the SEI
&errorCode Identifier UNIQUE
-- An identifier used in signalling the error condition
-- back to the sender of the SEI
}WITH SYNTAX {[PARAMETER &ParameterType]
ERROR-CODE &errorCode
}
-- ************************************************
-- Notation for specifying security transformations
-- ************************************************
SECURITY-TRANSFORMATION ::=
CLASS
-- This information object class definition is for use when
-- specifying a particular instance of a security transformation.
{
&sT-Identifier OBJECT IDENTIFIER UNIQUE,
-- Identifier to be used in signalling the application
-- of the particular security transformation
&initialEncodingRules OBJECT IDENTIFIER DEFAULT {joint-iso-ccitt
asn1(1) ber-derived(2)
canonical-encoding(0)},
-- Default initial encoding rules to generate a bit
-- string prior to applying the encoding process of a
-- security transformation.
&StaticUnprotectedParm OPTIONAL,
-- ASN.1 type for conveying static unprotected parameters
&DynamicUnprotectedParm OPTIONAL,
-- ASN.1 type for conveying dynamic unprotected parameters
&XformedDataType ,
-- ASN.1 type of the ASN.1 value produced by the security
-- transformations encoding process
&QualifierType OPTIONAL
-- &QualifierType specifies the ASN.1 type of the qualifier
-- parameter used with the PROTECTED-Q notation.
}
WITH SYNTAX
-- The following syntax is used to specify a particular security
-- transformation.
{
IDENTIFIER &sT-Identifier
[INITIAL-ENCODING-RULES &initialEncodingRules]
[STATIC-UNPROT-PARM &StaticUnprotectedParm]
[DYNAMIC-UNPROT-PARM &DynamicUnprotectedParm]
XFORMED-DATA-TYPE &XformedDataType
[QUALIFIER-TYPE &QualifierType]
}
-- **************************************************
-- Notation for specifying selective field protection
-- **************************************************
PROTECTED{BaseType, PROTECTION-MAPPING:protectionReqd} ::= CHOICE {
dirEncrypt
BIT STRING
(CONSTRAINED BY {
BaseType-- dirEncrypt is for use only with the
-- dirEncryptedTransformation,
-- and generates the same encoding as the
-- X.509/9594-8 ENCRYPTED type-- }),
dirSign
SEQUENCE {baseType BaseType OPTIONAL,
-- must be present for dirSignedTransformation
-- and must be omitted for
-- dirSignatureTransformation
algorithmId AlgorithmIdentifier,
encipheredHash
BIT STRING
(CONSTRAINED BY {
BaseType-- contains enciphered hash--
-- of a value of BaseType -- })}-- dirSign is for use only with the
-- dirSignedTransformation or
-- dirSignatureTransformation, and generates
-- the same encoding as the corresponding
-- X.509/9594-8 SIGNED or SIGNATURE type--,
noTransform [0] BaseType,
-- noTransform invokes no security transformation.
-- Subject to security policy, noTransform may be used
-- if adequate protection is provided by lower layers
-- and any application relays through which the data
-- may pass are trusted to maintain the required
-- protection. This alternative may only be used
-- if protectionReqd.&bypassPermitted is TRUE,
direct [1] SyntaxStructure{{protectionReqd.&SecurityTransformation}},
-- direct generates a protecting transfer syntax
-- value, which is encoded using the same encoding
-- rules as the surrounding ASN.1 (The type
-- SyntaxStructure is imported from Rec. X.833 |
-- ISO/IEC 11586-3)
embedded
[2] EMBEDDED PDV
(WITH COMPONENTS {
identification (WITH COMPONENTS {
presentation-context-id ,
context-negotiation (WITH COMPONENTS {
transfer-syntax (CONSTRAINED BY {
OBJECT
IDENTIFIER:
protectionReqd.
&protTransferSyntax})
}),
transfer-syntax (CONSTRAINED BY {
OBJECT IDENTIFIER:
protectionReqd.
&protTransferSyntax})
}),
data-value (CONTAINING BaseType )
-- The data value encoded is a value of type BaseType
})
}
PROTECTED-Q{BaseType, PROTECTION-MAPPING:protectionReqd,
PROTECTION-MAPPING.&SecurityTransformation.&QualifierType:qualifier}
::=
PROTECTED{BaseType, protectionReqd}
(CONSTRAINED BY {
protectionReqd.&SecurityTransformation.&QualifierType:qualifier
-- The value of qualifier must be made available to
-- the security transformation used
})
-- BaseType is the type to be protected, and protectionReqd is an
-- object of class PROTECTION-MAPPING. The use of PROTECTED requires
-- the importation into the user's module of the PROTECTED parameterized
-- type, together with the necessary PROTECTION-MAPPING object
-- definition.
-- *******************************************
-- Notation for specifying protection mappings
-- *******************************************
PROTECTION-MAPPING ::= CLASS {
&SecurityTransformation SECURITY-TRANSFORMATION,
-- &SecurityTransformation specifies an ASN.1 object set of the
-- SECURITY-TRANSFORMATION class. Use of the particular
-- protection mapping implies use of one of the specified
-- transformations, with the choice being left to the
-- encoding system. Rules for selecting between these security
-- transformations may be specified in comments.
&protTransferSyntax OBJECT IDENTIFIER DEFAULT {joint-iso-itu-t
genericULS(20)
generalTransferSyntax(2)},
-- Identifies the particular protecting transfer syntax to
-- be used in an EMDEDDED PDV encoding for the embedded
-- option.
&bypassPermitted BOOLEAN DEFAULT FALSE
-- Indicates if bypassing of protection is permitted
}
WITH SYNTAX {
SECURITY-TRANSFORMATION &SecurityTransformation
[PROTECTING-TRANSFER-SYNTAX &protTransferSyntax]
[BYPASS-PERMITTED &bypassPermitted]
}
END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
-- content of stack:
--
