public_key: Add PKCS-7

First attempt to add PKCS-7 does not compile

1 files changed, 1575 insertions, 0 deletions

diff --git a/lib/public_key/asn1/SelectedAttributeTypes.asn1 b/lib/public_key/asn1/SelectedAttributeTypes.asn1
new file mode 100644
index 0000000000..3ef7077370
--- /dev/null
+++ b/lib/public_key/asn1/SelectedAttributeTypes.asn1
@@ -0,0 +1,1575 @@
+SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+  selectedAttributeTypes(5) 6} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+  directoryAbstractService, id-at, id-avc, id-cat, id-mr, id-not, id-pr,
+    informationFramework, serviceAdministration
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 6}
+  Attribute{}, ATTRIBUTE, AttributeType, AttributeValueAssertion, CONTEXT,
+    ContextAssertion, DistinguishedName, distinguishedNameMatch,
+    MAPPING-BASED-MATCHING{}, MATCHING-RULE, OBJECT-CLASS,
+    objectIdentifierMatch, SupportedAttributes
+    FROM InformationFramework informationFramework
+  AttributeCombination, ContextCombination, MRMapping
+    FROM ServiceAdministration serviceAdministration
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+  FilterItem, HierarchySelections, SearchControlOptions, ServiceControlOptions
+    FROM DirectoryAbstractService directoryAbstractService
+  -- from ITU-T Rec. X.411 | ISO/IEC 10021-4
+  G3FacsimileNonBasicParameters
+    FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0)
+      mts-abstract-service(1) version-1999(1)};
+
+/*from IETF RFC 3727
+
+The following import is provided for information only (see 7.2.16), it is not referenced by any ASN.1 construct within these Directory Specifications. Note that the ASN.1 module in RFC 3727 imports from the InformationFramework module of edition 4 of ITU-T Rec. X.501 | ISO/IEC 9594-2. A specification importing from both these Directory Specifications and from RFC 3727 should take corrective actions, e.g., by making a copy of the ASN.1 module of
+RFC 3727 and then update the IMPORT statement.
+
+	allComponentsMatch, componentFilterMatch, directoryComponentsMatch, presentMatch, rdnMatch
+		FROM ComponentMatching {iso(1) 2 36 79672281 xed(3) module (0)
+		component-matching(4)} */
+-- Directory string type
+UnboundedDirectoryString ::= CHOICE {
+  teletexString    TeletexString(SIZE (1..MAX)),
+  printableString  PrintableString(SIZE (1..MAX)),
+  bmpString        BMPString(SIZE (1..MAX)),
+  universalString  UniversalString(SIZE (1..MAX)),
+  uTF8String       UTF8String(SIZE (1..MAX))
+}
+
+DirectoryString{INTEGER:maxSize} ::= CHOICE {
+  teletexString    TeletexString(SIZE (1..maxSize)),
+  printableString  PrintableString(SIZE (1..maxSize)),
+  bmpString        BMPString(SIZE (1..maxSize)),
+  universalString  UniversalString(SIZE (1..maxSize)),
+  uTF8String       UTF8String(SIZE (1..maxSize))
+}
+
+-- Attribute types
+knowledgeInformation ATTRIBUTE ::= {
+  WITH SYNTAX             UnboundedDirectoryString
+  EQUALITY MATCHING RULE  caseIgnoreMatch
+  ID                      id-at-knowledgeInformation
+}
+
+name ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-name
+}
+
+commonName ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-commonName
+}
+
+surname ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-surname
+}
+
+givenName ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-givenName
+}
+
+initials ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-initials
+}
+
+generationQualifier ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-generationQualifier
+}
+
+uniqueIdentifier ATTRIBUTE ::= {
+  WITH SYNTAX             UniqueIdentifier
+  EQUALITY MATCHING RULE  bitStringMatch
+  ID                      id-at-uniqueIdentifier
+}
+
+UniqueIdentifier ::= BIT STRING
+
+dnQualifier ATTRIBUTE ::= {
+  WITH SYNTAX               PrintableString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  ORDERING MATCHING RULE    caseIgnoreOrderingMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-dnQualifier
+}
+
+serialNumber ATTRIBUTE ::= {
+  WITH SYNTAX               PrintableString(SIZE (1..MAX))
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-serialNumber
+}
+
+pseudonym ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-pseudonym
+}
+
+uUIDPair ATTRIBUTE ::= {
+  WITH SYNTAX             UUIDPair
+  EQUALITY MATCHING RULE  uUIDPairMatch
+  ID                      id-at-uuidpair
+}
+
+UUIDPair ::= SEQUENCE {issuerUUID   UUID,
+                       subjectUUID  UUID
+}
+
+UUID ::= OCTET STRING(SIZE (16)) -- UUID format only
+
+
+countryName ATTRIBUTE ::= {
+  SUBTYPE OF    name
+  WITH SYNTAX   CountryName
+  SINGLE VALUE  TRUE
+  ID            id-at-countryName
+}
+
+CountryName ::= PrintableString(SIZE (2)) -- ISO 3166 codes only
+
+
+localityName ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-localityName
+}
+
+collectiveLocalityName ATTRIBUTE ::= {
+  SUBTYPE OF  localityName
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveLocalityName
+}
+
+stateOrProvinceName ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-stateOrProvinceName
+}
+
+collectiveStateOrProvinceName ATTRIBUTE ::= {
+  SUBTYPE OF  stateOrProvinceName
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveStateOrProvinceName
+}
+
+streetAddress ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-streetAddress
+}
+
+collectiveStreetAddress ATTRIBUTE ::= {
+  SUBTYPE OF  streetAddress
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveStreetAddress
+}
+
+houseIdentifier ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-houseIdentifier
+}
+
+organizationName ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-organizationName
+}
+
+collectiveOrganizationName ATTRIBUTE ::= {
+  SUBTYPE OF  organizationName
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveOrganizationName
+}
+
+organizationalUnitName ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-organizationalUnitName
+}
+
+collectiveOrganizationalUnitName ATTRIBUTE ::= {
+  SUBTYPE OF  organizationalUnitName
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveOrganizationalUnitName
+}
+
+title ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-title
+}
+
+description ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-description
+}
+
+searchGuide ATTRIBUTE ::= {WITH SYNTAX  Guide
+                           ID           id-at-searchGuide
+}
+
+Guide ::= SET {
+  objectClass  [0]  OBJECT-CLASS.&id OPTIONAL,
+  criteria     [1]  Criteria
+}
+
+Criteria ::= CHOICE {
+  type  [0]  CriteriaItem,
+  and   [1]  SET OF Criteria,
+  or    [2]  SET OF Criteria,
+  not   [3]  Criteria
+}
+
+CriteriaItem ::= CHOICE {
+  equality          [0]  AttributeType,
+  substrings        [1]  AttributeType,
+  greaterOrEqual    [2]  AttributeType,
+  lessOrEqual       [3]  AttributeType,
+  approximateMatch  [4]  AttributeType
+}
+
+enhancedSearchGuide ATTRIBUTE ::= {
+  WITH SYNTAX  EnhancedGuide
+  ID           id-at-enhancedSearchGuide
+}
+
+EnhancedGuide ::= SEQUENCE {
+  objectClass  [0]  OBJECT-CLASS.&id,
+  criteria     [1]  Criteria,
+  subset
+    [2]  INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} DEFAULT oneLevel
+}
+
+businessCategory ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-businessCategory
+}
+
+postalAddress ATTRIBUTE ::= {
+  WITH SYNTAX               PostalAddress
+  EQUALITY MATCHING RULE    caseIgnoreListMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreListSubstringsMatch
+  ID                        id-at-postalAddress
+}
+
+PostalAddress ::= SEQUENCE SIZE (1..MAX) OF UnboundedDirectoryString
+
+collectivePostalAddress ATTRIBUTE ::= {
+  SUBTYPE OF  postalAddress
+  COLLECTIVE  TRUE
+  ID          id-at-collectivePostalAddress
+}
+
+postalCode ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-postalCode
+}
+
+collectivePostalCode ATTRIBUTE ::= {
+  SUBTYPE OF  postalCode
+  COLLECTIVE  TRUE
+  ID          id-at-collectivePostalCode
+}
+
+postOfficeBox ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-postOfficeBox
+}
+
+collectivePostOfficeBox ATTRIBUTE ::= {
+  SUBTYPE OF  postOfficeBox
+  COLLECTIVE  TRUE
+  ID          id-at-collectivePostOfficeBox
+}
+
+physicalDeliveryOfficeName ATTRIBUTE ::= {
+  WITH SYNTAX               UnboundedDirectoryString
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-physicalDeliveryOfficeName
+}
+
+collectivePhysicalDeliveryOfficeName ATTRIBUTE ::= {
+  SUBTYPE OF  physicalDeliveryOfficeName
+  COLLECTIVE  TRUE
+  ID          id-at-collectivePhysicalDeliveryOfficeName
+}
+
+telephoneNumber ATTRIBUTE ::= {
+  WITH SYNTAX               TelephoneNumber
+  EQUALITY MATCHING RULE    telephoneNumberMatch
+  SUBSTRINGS MATCHING RULE  telephoneNumberSubstringsMatch
+  ID                        id-at-telephoneNumber
+}
+
+TelephoneNumber ::= PrintableString(SIZE (1..ub-telephone-number))
+
+-- String complying with ITU-T Rec. E.123 only
+ub-telephone-number INTEGER ::=
+  32
+
+collectiveTelephoneNumber ATTRIBUTE ::= {
+  SUBTYPE OF  telephoneNumber
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveTelephoneNumber
+}
+
+telexNumber ATTRIBUTE ::= {
+  WITH SYNTAX  TelexNumber
+  ID           id-at-telexNumber
+}
+
+TelexNumber ::= SEQUENCE {
+  telexNumber  PrintableString(SIZE (1..ub-telex-number)),
+  countryCode  PrintableString(SIZE (1..ub-country-code)),
+  answerback   PrintableString(SIZE (1..ub-answerback))
+}
+
+ub-telex-number INTEGER ::= 14
+
+ub-country-code INTEGER ::= 4
+
+ub-answerback INTEGER ::= 8
+
+collectiveTelexNumber ATTRIBUTE ::= {
+  SUBTYPE OF  telexNumber
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveTelexNumber
+}
+
+facsimileTelephoneNumber ATTRIBUTE ::= {
+  WITH SYNTAX               FacsimileTelephoneNumber
+  EQUALITY MATCHING RULE    facsimileNumberMatch
+  SUBSTRINGS MATCHING RULE  facsimileNumberSubstringsMatch
+  ID                        id-at-facsimileTelephoneNumber
+}
+
+FacsimileTelephoneNumber ::= SEQUENCE {
+  telephoneNumber  TelephoneNumber,
+  parameters       G3FacsimileNonBasicParameters OPTIONAL
+}
+
+collectiveFacsimileTelephoneNumber ATTRIBUTE ::= {
+  SUBTYPE OF  facsimileTelephoneNumber
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveFacsimileTelephoneNumber
+}
+
+x121Address ATTRIBUTE ::= {
+  WITH SYNTAX               X121Address
+  EQUALITY MATCHING RULE    numericStringMatch
+  SUBSTRINGS MATCHING RULE  numericStringSubstringsMatch
+  ID                        id-at-x121Address
+}
+
+X121Address ::= NumericString(SIZE (1..ub-x121-address))
+
+-- String as defined by ITU-T Rec. X.121
+ub-x121-address INTEGER ::= 15
+
+internationalISDNNumber ATTRIBUTE ::= {
+  WITH SYNTAX               InternationalISDNNumber
+  EQUALITY MATCHING RULE    numericStringMatch
+  SUBSTRINGS MATCHING RULE  numericStringSubstringsMatch
+  ID                        id-at-internationalISDNNumber
+}
+
+InternationalISDNNumber ::=
+  NumericString(SIZE (1..ub-international-isdn-number))
+
+-- String complying with ITU-T Rec. E.164 only
+ub-international-isdn-number INTEGER ::=
+  16
+
+collectiveInternationalISDNNumber ATTRIBUTE ::= {
+  SUBTYPE OF  internationalISDNNumber
+  COLLECTIVE  TRUE
+  ID          id-at-collectiveInternationalISDNNumber
+}
+
+registeredAddress ATTRIBUTE ::= {
+  SUBTYPE OF   postalAddress
+  WITH SYNTAX  PostalAddress
+  ID           id-at-registeredAddress
+}
+
+destinationIndicator ATTRIBUTE ::= {
+  WITH SYNTAX               DestinationIndicator
+  EQUALITY MATCHING RULE    caseIgnoreMatch
+  SUBSTRINGS MATCHING RULE  caseIgnoreSubstringsMatch
+  ID                        id-at-destinationIndicator
+}
+
+DestinationIndicator ::= PrintableString(SIZE (1..MAX))
+
+-- alphabetical characters only
+communicationsService ATTRIBUTE ::= {
+  WITH SYNTAX             CommunicationsService
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-at-communicationsService
+}
+
+CommunicationsService ::= OBJECT IDENTIFIER
+
+communicationsNetwork ATTRIBUTE ::= {
+  WITH SYNTAX             CommunicationsNetwork
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  SINGLE VALUE            TRUE
+  ID                      id-at-communicationsNetwork
+}
+
+CommunicationsNetwork ::= OBJECT IDENTIFIER
+
+preferredDeliveryMethod ATTRIBUTE ::= {
+  WITH SYNTAX   PreferredDeliveryMethod
+  SINGLE VALUE  TRUE
+  ID            id-at-preferredDeliveryMethod
+}
+
+PreferredDeliveryMethod ::=
+  SEQUENCE OF
+    INTEGER {any-delivery-method(0), mhs-delivery(1), physical-delivery(2),
+             telex-delivery(3), teletex-delivery(4), g3-facsimile-delivery(5),
+             g4-facsimile-delivery(6), ia5-terminal-delivery(7),
+             videotex-delivery(8), telephone-delivery(9)}
+
+presentationAddress ATTRIBUTE ::= {
+  WITH SYNTAX             PresentationAddress
+  EQUALITY MATCHING RULE  presentationAddressMatch
+  SINGLE VALUE            TRUE
+  ID                      id-at-presentationAddress
+}
+
+PresentationAddress ::= SEQUENCE {
+  pSelector   [0]  OCTET STRING OPTIONAL,
+  sSelector   [1]  OCTET STRING OPTIONAL,
+  tSelector   [2]  OCTET STRING OPTIONAL,
+  nAddresses  [3]  SET SIZE (1..MAX) OF OCTET STRING
+}
+
+supportedApplicationContext ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-at-supportedApplicationContext
+}
+
+protocolInformation ATTRIBUTE ::= {
+  WITH SYNTAX             ProtocolInformation
+  EQUALITY MATCHING RULE  protocolInformationMatch
+  ID                      id-at-protocolInformation
+}
+
+ProtocolInformation ::= SEQUENCE {
+  nAddress  OCTET STRING,
+  profiles  SET OF OBJECT IDENTIFIER
+}
+
+distinguishedName ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  ID                      id-at-distinguishedName
+}
+
+member ATTRIBUTE ::= {SUBTYPE OF  distinguishedName
+                      ID          id-at-member
+}
+
+uniqueMember ATTRIBUTE ::= {
+  WITH SYNTAX             NameAndOptionalUID
+  EQUALITY MATCHING RULE  uniqueMemberMatch
+  ID                      id-at-uniqueMember
+}
+
+NameAndOptionalUID ::= SEQUENCE {
+  dn   DistinguishedName,
+  uid  UniqueIdentifier OPTIONAL
+}
+
+owner ATTRIBUTE ::= {SUBTYPE OF  distinguishedName
+                     ID          id-at-owner
+}
+
+roleOccupant ATTRIBUTE ::= {
+  SUBTYPE OF  distinguishedName
+  ID          id-at-roleOccupant
+}
+
+seeAlso ATTRIBUTE ::= {SUBTYPE OF  distinguishedName
+                       ID          id-at-seeAlso
+}
+
+dmdName ATTRIBUTE ::= {
+  SUBTYPE OF   name
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-dmdName
+}
+
+--  Attributes for tag-based identification
+tagOid ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  SINGLE VALUE            TRUE
+  ID                      id-at-tagOid
+}
+
+uiiFormat ATTRIBUTE ::= {
+  WITH SYNTAX   UnboundedDirectoryString
+  SINGLE VALUE  TRUE
+  ID            id-at-uiiFormat
+}
+
+uiiInUrn ATTRIBUTE ::= {
+  WITH SYNTAX             UTF8String
+  EQUALITY MATCHING RULE  caseExactMatch
+  SINGLE VALUE            TRUE
+  ID                      id-at-uiiInUrn
+}
+
+contentUri ATTRIBUTE ::= {
+  WITH SYNTAX  UnboundedDirectoryString
+  ID           id-at-contentUri
+}
+
+-- Notification attributes
+dSAProblem ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-not-dSAProblem
+}
+
+searchServiceProblem ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  SINGLE VALUE            TRUE
+  ID                      id-not-searchServiceProblem
+}
+
+serviceType ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  SINGLE VALUE            TRUE
+  ID                      id-not-serviceType
+}
+
+attributeTypeList ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-not-attributeTypeList
+}
+
+matchingRuleList ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-not-matchingRuleList
+}
+
+filterItem ATTRIBUTE ::= {
+  WITH SYNTAX  FilterItem
+  ID           id-not-filterItem
+}
+
+attributeCombinations ATTRIBUTE ::= {
+  WITH SYNTAX  AttributeCombination
+  ID           id-not-attributeCombinations
+}
+
+contextTypeList ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-not-contextTypeList
+}
+
+contextList ATTRIBUTE ::= {
+  WITH SYNTAX  ContextAssertion
+  ID           id-not-contextList
+}
+
+contextCombinations ATTRIBUTE ::= {
+  WITH SYNTAX  ContextCombination
+  ID           id-not-contextCombinations
+}
+
+hierarchySelectList ATTRIBUTE ::= {
+  WITH SYNTAX   HierarchySelections
+  SINGLE VALUE  TRUE
+  ID            id-not-hierarchySelectList
+}
+
+searchControlOptionsList ATTRIBUTE ::= {
+  WITH SYNTAX   SearchControlOptions
+  SINGLE VALUE  TRUE
+  ID            id-not-searchControlOptionsList
+}
+
+serviceControlOptionsList ATTRIBUTE ::= {
+  WITH SYNTAX   ServiceControlOptions
+  SINGLE VALUE  TRUE
+  ID            id-not-serviceControlOptionsList
+}
+
+multipleMatchingLocalities ATTRIBUTE ::= {
+  WITH SYNTAX  MultipleMatchingLocalities
+  ID           id-not-multipleMatchingLocalities
+}
+
+MultipleMatchingLocalities ::= SEQUENCE {
+  matchingRuleUsed  MATCHING-RULE.&id OPTIONAL,
+  attributeList     SEQUENCE OF AttributeValueAssertion
+}
+
+proposedRelaxation ATTRIBUTE ::= {
+  WITH SYNTAX  MRMappings
+  ID           id-not-proposedRelaxation
+}
+
+MRMappings ::= SEQUENCE OF MRMapping
+
+appliedRelaxation ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-not-appliedRelaxation
+}
+
+-- Matching rules
+caseExactMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-caseExactMatch
+}
+
+caseIgnoreMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-caseIgnoreMatch
+}
+
+caseExactOrderingMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-caseExactOrderingMatch
+}
+
+caseIgnoreOrderingMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-caseIgnoreOrderingMatch
+}
+
+caseExactSubstringsMatch MATCHING-RULE ::= {
+  SYNTAX  SubstringAssertion -- only the PrintableString choice
+  ID      id-mr-caseExactSubstringsMatch
+}
+
+caseIgnoreSubstringsMatch MATCHING-RULE ::= {
+  SYNTAX  SubstringAssertion
+  ID      id-mr-caseIgnoreSubstringsMatch
+}
+
+SubstringAssertion ::=
+  SEQUENCE OF
+    CHOICE {initial  [0]  UnboundedDirectoryString,
+            any      [1]  UnboundedDirectoryString,
+            final    [2]  UnboundedDirectoryString,
+            control  Attribute{{SupportedAttributes}}
+    } --  Used to specify interpretation of the following items
+
+-- at most one initial and one final component
+numericStringMatch MATCHING-RULE ::= {
+  SYNTAX  NumericString
+  ID      id-mr-numericStringMatch
+}
+
+numericStringOrderingMatch MATCHING-RULE ::= {
+  SYNTAX  NumericString
+  ID      id-mr-numericStringOrderingMatch
+}
+
+numericStringSubstringsMatch MATCHING-RULE ::= {
+  SYNTAX  SubstringAssertion
+  ID      id-mr-numericStringSubstringsMatch
+}
+
+caseIgnoreListMatch MATCHING-RULE ::= {
+  SYNTAX  CaseIgnoreList
+  ID      id-mr-caseIgnoreListMatch
+}
+
+CaseIgnoreList ::= SEQUENCE OF UnboundedDirectoryString
+
+caseIgnoreListSubstringsMatch MATCHING-RULE ::= {
+  SYNTAX  SubstringAssertion
+  ID      id-mr-caseIgnoreListSubstringsMatch
+}
+
+storedPrefixMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-storedPrefixMatch
+}
+
+booleanMatch MATCHING-RULE ::= {SYNTAX  BOOLEAN
+                                ID      id-mr-booleanMatch
+}
+
+integerMatch MATCHING-RULE ::= {SYNTAX  INTEGER
+                                ID      id-mr-integerMatch
+}
+
+integerOrderingMatch MATCHING-RULE ::= {
+  SYNTAX  INTEGER
+  ID      id-mr-integerOrderingMatch
+}
+
+bitStringMatch MATCHING-RULE ::= {
+  SYNTAX  BIT STRING
+  ID      id-mr-bitStringMatch
+}
+
+octetStringMatch MATCHING-RULE ::= {
+  SYNTAX  OCTET STRING
+  ID      id-mr-octetStringMatch
+}
+
+octetStringOrderingMatch MATCHING-RULE ::= {
+  SYNTAX  OCTET STRING
+  ID      id-mr-octetStringOrderingMatch
+}
+
+octetStringSubstringsMatch MATCHING-RULE ::= {
+  SYNTAX  OctetSubstringAssertion
+  ID      id-mr-octetStringSubstringsMatch
+}
+
+OctetSubstringAssertion ::=
+  SEQUENCE OF
+    CHOICE {initial  [0]  OCTET STRING,
+            any      [1]  OCTET STRING,
+            final    [2]  OCTET STRING}
+
+-- at most one initial and one final component
+telephoneNumberMatch MATCHING-RULE ::= {
+  SYNTAX  TelephoneNumber
+  ID      id-mr-telephoneNumberMatch
+}
+
+telephoneNumberSubstringsMatch MATCHING-RULE ::= {
+  SYNTAX  SubstringAssertion
+  ID      id-mr-telephoneNumberSubstringsMatch
+}
+
+presentationAddressMatch MATCHING-RULE ::= {
+  SYNTAX  PresentationAddress
+  ID      id-mr-presentationAddressMatch
+}
+
+uniqueMemberMatch MATCHING-RULE ::= {
+  SYNTAX  NameAndOptionalUID
+  ID      id-mr-uniqueMemberMatch
+}
+
+protocolInformationMatch MATCHING-RULE ::= {
+  SYNTAX  OCTET STRING
+  ID      id-mr-protocolInformationMatch
+}
+
+facsimileNumberMatch MATCHING-RULE ::= {
+  SYNTAX  TelephoneNumber
+  ID      id-mr-facsimileNumberMatch
+}
+
+facsimileNumberSubstringsMatch MATCHING-RULE ::= {
+  SYNTAX  SubstringAssertion
+  ID      id-mr-facsimileNumberSubstringsMatch
+}
+
+uUIDPairMatch MATCHING-RULE ::= {SYNTAX  UUIDPair
+                                 ID      id-mr-uuidpairmatch
+}
+
+uTCTimeMatch MATCHING-RULE ::= {SYNTAX  UTCTime
+                                ID      id-mr-uTCTimeMatch
+}
+
+uTCTimeOrderingMatch MATCHING-RULE ::= {
+  SYNTAX  UTCTime
+  ID      id-mr-uTCTimeOrderingMatch
+}
+
+generalizedTimeMatch MATCHING-RULE ::= {
+  SYNTAX  GeneralizedTime
+  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+  ID      id-mr-generalizedTimeMatch
+}
+
+generalizedTimeOrderingMatch MATCHING-RULE ::= {
+  SYNTAX  GeneralizedTime
+  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+  ID      id-mr-generalizedTimeOrderingMatch
+}
+
+systemProposedMatch MATCHING-RULE ::= {ID  id-mr-systemProposedMatch
+}
+
+integerFirstComponentMatch MATCHING-RULE ::= {
+  SYNTAX  INTEGER
+  ID      id-mr-integerFirstComponentMatch
+}
+
+objectIdentifierFirstComponentMatch MATCHING-RULE ::= {
+  SYNTAX  OBJECT IDENTIFIER
+  ID      id-mr-objectIdentifierFirstComponentMatch
+}
+
+directoryStringFirstComponentMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-directoryStringFirstComponentMatch
+}
+
+wordMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-wordMatch
+}
+
+keywordMatch MATCHING-RULE ::= {
+  SYNTAX  UnboundedDirectoryString
+  ID      id-mr-keywordMatch
+}
+
+generalWordMatch MATCHING-RULE ::= {
+  SYNTAX  SubstringAssertion
+  ID      id-mr-generalWordMatch
+}
+
+sequenceMatchType ATTRIBUTE ::= {
+  WITH SYNTAX   SequenceMatchType
+  SINGLE VALUE  TRUE
+  ID            id-cat-sequenceMatchType
+} -- defaulting to sequenceExact
+
+SequenceMatchType ::= ENUMERATED {
+  sequenceExact(0), sequenceDeletion(1), sequenceRestrictedDeletion(2),
+  sequencePermutation(3), sequencePermutationAndDeletion(4),
+  sequenceProviderDefined(5)}
+
+wordMatchTypes ATTRIBUTE ::= {
+  WITH SYNTAX   WordMatchTypes
+  SINGLE VALUE  TRUE
+  ID            id-cat-wordMatchType
+} -- defaulting to wordExact
+
+WordMatchTypes ::= ENUMERATED {
+  wordExact(0), wordTruncated(1), wordPhonetic(2), wordProviderDefined(3)
+}
+
+characterMatchTypes ATTRIBUTE ::= {
+  WITH SYNTAX   CharacterMatchTypes
+  SINGLE VALUE  TRUE
+  ID            id-cat-characterMatchTypes
+}
+
+CharacterMatchTypes ::= ENUMERATED {
+  characterExact(0), characterCaseIgnore(1), characterMapped(2)}
+
+selectedContexts ATTRIBUTE ::= {
+  WITH SYNTAX  ContextAssertion
+  ID           id-cat-selectedContexts
+}
+
+approximateStringMatch MATCHING-RULE ::= {ID  id-mr-approximateStringMatch
+}
+
+ignoreIfAbsentMatch MATCHING-RULE ::= {ID  id-mr-ignoreIfAbsentMatch
+}
+
+nullMatch MATCHING-RULE ::= {ID  id-mr-nullMatch
+}
+
+ZONAL-MATCHING ::=
+  MAPPING-BASED-MATCHING{ZonalSelect, TRUE, ZonalResult, zonalMatch.&id}
+
+ZonalSelect ::= SEQUENCE OF AttributeType
+
+ZonalResult ::= ENUMERATED {
+  cannot-select-mapping(0), zero-mappings(2), multiple-mappings(3)}
+
+zonalMatch MATCHING-RULE ::= {
+  UNIQUE-MATCH-INDICATOR  multipleMatchingLocalities
+  ID                      id-mr-zonalMatch
+}
+
+-- Contexts
+languageContext CONTEXT ::= {
+  WITH SYNTAX  LanguageContextSyntax
+  ID           id-avc-language
+}
+
+LanguageContextSyntax ::= PrintableString(SIZE (2..3)) -- ISO 639-2 codes only
+
+
+temporalContext CONTEXT ::= {
+  WITH SYNTAX  TimeSpecification
+  ASSERTED AS  TimeAssertion
+  ID           id-avc-temporal
+}
+
+TimeSpecification ::= SEQUENCE {
+  time
+    CHOICE {absolute
+              SEQUENCE {startTime  [0]  GeneralizedTime OPTIONAL,
+                        endTime    [1]  GeneralizedTime OPTIONAL},
+            periodic  SET SIZE (1..MAX) OF Period},
+  notThisTime  BOOLEAN DEFAULT FALSE,
+  timeZone     TimeZone OPTIONAL
+}
+
+Period ::= SEQUENCE {
+  timesOfDay  [0]  SET SIZE (1..MAX) OF DayTimeBand OPTIONAL,
+  days
+    [1]  CHOICE {intDay  SET OF INTEGER,
+                 bitDay
+                   BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3),
+                               thursday(4), friday(5), saturday(6)},
+                 dayOf   XDayOf} OPTIONAL,
+  weeks
+    [2]  CHOICE {allWeeks  NULL,
+                 intWeek   SET OF INTEGER,
+                 bitWeek
+                   BIT STRING {week1(0), week2(1), week3(2), week4(3), week5(4)}
+  } OPTIONAL,
+  months
+    [3]  CHOICE {allMonths  NULL,
+                 intMonth   SET OF INTEGER,
+                 bitMonth
+                   BIT STRING {january(0), february(1), march(2), april(3),
+                               may(4), june(5), july(6), august(7),
+                               september(8), october(9), november(10),
+                               december(11)}} OPTIONAL,
+  years       [4]  SET OF INTEGER(1000..MAX) OPTIONAL
+}
+
+XDayOf ::= CHOICE {
+  first   [1]  NamedDay,
+  second  [2]  NamedDay,
+  third   [3]  NamedDay,
+  fourth  [4]  NamedDay,
+  fifth   [5]  NamedDay
+}
+
+NamedDay ::= CHOICE {
+  intNamedDays
+    ENUMERATED {sunday(1), monday(2), tuesday(3), wednesday(4), thursday(5),
+                friday(6), saturday(7)},
+  bitNamedDays
+    BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4),
+                friday(5), saturday(6)}
+}
+
+DayTimeBand ::= SEQUENCE {
+  startDayTime  [0]  DayTime DEFAULT {hour 0},
+  endDayTime    [1]  DayTime DEFAULT {hour 23, minute 59, second 59}
+}
+
+DayTime ::= SEQUENCE {
+  hour    [0]  INTEGER(0..23),
+  minute  [1]  INTEGER(0..59) DEFAULT 0,
+  second  [2]  INTEGER(0..59) DEFAULT 0
+}
+
+TimeZone ::= INTEGER(-12..12)
+
+TimeAssertion ::= CHOICE {
+  now      NULL,
+  at       GeneralizedTime,
+  between
+    SEQUENCE {startTime  [0]  GeneralizedTime,
+              endTime    [1]  GeneralizedTime OPTIONAL,
+              entirely   BOOLEAN DEFAULT FALSE}
+}
+
+localeContext CONTEXT ::= {
+  WITH SYNTAX  LocaleContextSyntax
+  ID           id-avc-locale
+}
+
+LocaleContextSyntax ::= CHOICE {
+  localeID1  OBJECT IDENTIFIER,
+  localeID2  UnboundedDirectoryString
+}
+
+ldapAttributeOptionContext CONTEXT ::= {
+  WITH SYNTAX   AttributeOptionList
+  ASSERTED AS   AttributeOptionList
+  ABSENT-MATCH  FALSE
+  ID            id-avc-ldapAttributeOption
+}
+
+AttributeOptionList ::= SEQUENCE OF UTF8String
+
+-- Object identifier assignments
+-- object identifiers assigned in other modules are shown in comments
+-- Attributes
+-- id-at-objectClass							OBJECT IDENTIFIER	::=	{id-at 0}
+-- id-at-aliasedEntryName					OBJECT IDENTIFIER	::=	{id-at 1}
+-- id-at-encryptedAliasedEntryName				OBJECT IDENTIFIER	::=	{id-at 1 2}
+id-at-knowledgeInformation OBJECT IDENTIFIER ::=
+  {id-at 2}
+
+id-at-commonName OBJECT IDENTIFIER ::= {id-at 3}
+
+-- id-at-encryptedCommonName 				OBJECT IDENTIFIER	::=	{id-at 3 2}
+id-at-surname OBJECT IDENTIFIER ::=
+  {id-at 4}
+
+-- id-at-encryptedSurname 					OBJECT IDENTIFIER	::=	{id-at 4 2}
+id-at-serialNumber OBJECT IDENTIFIER ::=
+  {id-at 5}
+
+-- id-at-encryptedSerialNumbe   r				OBJECT IDENTIFIER	::=	{id-at 5 2}
+id-at-countryName OBJECT IDENTIFIER ::=
+  {id-at 6}
+
+-- id-at-encryptedCountryName   				OBJECT IDENTIFIER	::=	{id-at 6 2}
+id-at-localityName OBJECT IDENTIFIER ::=
+  {id-at 7}
+
+-- id-at-encryptedLocalityName    	 			OBJECT IDENTIFIER	::=	{id-at 7 2}
+id-at-collectiveLocalityName OBJECT IDENTIFIER ::=
+  {id-at 7 1}
+
+-- id-at-encryptedCollectiveLocalityName			OBJECT IDENTIFIER	::=	{id-at 7 1 2}
+id-at-stateOrProvinceName OBJECT IDENTIFIER ::=
+  {id-at 8}
+
+-- id-at-encryptedStateOrProvinceName			OBJECT IDENTIFIER	::=	{id-at 8 2}
+id-at-collectiveStateOrProvinceName OBJECT IDENTIFIER ::=
+  {id-at 8 1}
+
+-- id-at-encryptedCollectiveStateOrProvinceName   	OBJECT IDENTIFIER	::=	{id-at 8 1 2}
+id-at-streetAddress OBJECT IDENTIFIER ::=
+  {id-at 9}
+
+-- id-at-encryptedStreetAddress    				OBJECT IDENTIFIER	::=	{id-at 9 2}
+id-at-collectiveStreetAddress OBJECT IDENTIFIER ::=
+  {id-at 9 1}
+
+-- id-at-encryptedCollectiveStreetAddress			OBJECT IDENTIFIER	::=	{id-at 9 1 2}
+id-at-organizationName OBJECT IDENTIFIER ::=
+  {id-at 10}
+
+-- id-at-encryptedOrganizationName				OBJECT IDENTIFIER	::=	{id-at 10 2}
+id-at-collectiveOrganizationName OBJECT IDENTIFIER ::=
+  {id-at 10 1}
+
+-- id-at-encryptedCollectiveOrganizationName		OBJECT IDENTIFIER	::=	{id-at 10 1 2}
+id-at-organizationalUnitName OBJECT IDENTIFIER ::=
+  {id-at 11}
+
+-- id-at-encryptedOrganizationalUnitName			OBJECT IDENTIFIER	::=	{id-at 11 2}
+id-at-collectiveOrganizationalUnitName OBJECT IDENTIFIER ::=
+  {id-at 11 1}
+
+-- id-at-encryptedCollectiveOrganizationalUnitNam    	OBJECT IDENTIFIER	::=	{id-at 11 1 2}
+id-at-title OBJECT IDENTIFIER ::=
+  {id-at 12}
+
+-- id-at-encryptedTitle						OBJECT IDENTIFIER	::=	{id-at 12 2}
+id-at-description OBJECT IDENTIFIER ::=
+  {id-at 13}
+
+-- id-at-encryptedDescription					OBJECT IDENTIFIER	::=	{id-at 13 2}
+id-at-searchGuide OBJECT IDENTIFIER ::=
+  {id-at 14}
+
+-- id-at-encryptedSearchGuide					OBJECT IDENTIFIER	::=	{id-at 14 2}
+id-at-businessCategory OBJECT IDENTIFIER ::=
+  {id-at 15}
+
+-- id-at-encryptedBusinessCategory				OBJECT IDENTIFIER	::=	{id-at 15 2}
+id-at-postalAddress OBJECT IDENTIFIER ::=
+  {id-at 16}
+
+-- id-at-encryptedPostalAddress					OBJECT IDENTIFIER	::=	{id-at 16 2}
+id-at-collectivePostalAddress OBJECT IDENTIFIER ::=
+  {id-at 16 1}
+
+-- id-at-encryptedCollectivePostalAddress			OBJECT IDENTIFIER	::=	{id-at 16 1 2}
+id-at-postalCode OBJECT IDENTIFIER ::=
+  {id-at 17}
+
+-- id-at-encryptedPostalCode					OBJECT IDENTIFIER	::=	{id-at 17 2}
+id-at-collectivePostalCode OBJECT IDENTIFIER ::=
+  {id-at 17 1}
+
+-- id-at-encryptedCollectivePostalCode			OBJECT IDENTIFIER	::=	{id-at 17 1 2}
+id-at-postOfficeBox OBJECT IDENTIFIER ::=
+  {id-at 18}
+
+id-at-collectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1}
+
+-- id-at-encryptedPostOfficeBox   				OBJECT IDENTIFIER	::=	{id-at 18 2}
+-- id-at-encryptedCollectivePostOfficeBox			OBJECT IDENTIFIER	::=	{id-at 18 1 2}
+id-at-physicalDeliveryOfficeName OBJECT IDENTIFIER ::=
+  {id-at 19}
+
+id-at-collectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 1}
+
+-- id-at-encryptedPhysicalDeliveryOfficeName		OBJECT IDENTIFIER	::=	{id-at 19 2}
+-- id-at-encryptedCollectivePhysicalDeliveryOfficeName	OBJECT IDENTIFIER	::=	{id-at 19 1 2}
+id-at-telephoneNumber OBJECT IDENTIFIER ::=
+  {id-at 20}
+
+-- id-at-encryptedTelephoneNumber				OBJECT IDENTIFIER	::=	{id-at 20 2}
+id-at-collectiveTelephoneNumber OBJECT IDENTIFIER ::=
+  {id-at 20 1}
+
+-- id-at-encryptedCollectiveTelephoneNumber		OBJECT IDENTIFIER	::=	{id-at 20 1 2}
+id-at-telexNumber OBJECT IDENTIFIER ::=
+  {id-at 21}
+
+-- id-at-encryptedTelexNumber					OBJECT IDENTIFIER	::=	{id-at 21 2}
+id-at-collectiveTelexNumber OBJECT IDENTIFIER ::=
+  {id-at 21 1}
+
+-- id-at-encryptedCollectiveTelexNumber			OBJECT IDENTIFIER	::=	{id-at 21 1 2}
+-- id-at-teletexTerminalIdentifier   				OBJECT IDENTIFIER	::=	{id-at 22}
+-- id-at-encryptedTeletexTerminalIdentifier			OBJECT IDENTIFIER	::=	{id-at 22 2}
+-- id-at-collectiveTeletexTerminalIdentifier			OBJECT IDENTIFIER	::=	{id-at 22 1}
+-- id-at-encryptedCollectiveTeletexTerminalIdentifier	OBJECT IDENTIFIER	::=	{id-at 22 1 2}
+id-at-facsimileTelephoneNumber OBJECT IDENTIFIER ::=
+  {id-at 23}
+
+-- id-at-encryptedFacsimileTelephoneNumber		OBJECT IDENTIFIER	::=	{id-at 23 2}
+id-at-collectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::=
+  {id-at 23 1}
+
+-- id-at-encryptedCollectiveFacsimileTelephoneNumber	OBJECT IDENTIFIER	::=	{id-at 23 1 2}
+id-at-x121Address OBJECT IDENTIFIER ::=
+  {id-at 24}
+
+-- id-at-encryptedX121Address    	 			OBJECT IDENTIFIER	::=	{id-at 24 2}
+id-at-internationalISDNNumber OBJECT IDENTIFIER ::=
+  {id-at 25}
+
+-- id-at-encryptedInternationalISDNNumber			OBJECT IDENTIFIER	::=	{id-at 25 2}
+id-at-collectiveInternationalISDNNumber OBJECT IDENTIFIER ::=
+  {id-at 25 1}
+
+-- id-at-encryptedCollectiveInternationalISDNNumber	OBJECT IDENTIFIER	::=	{id-at 25 1 2}
+id-at-registeredAddress OBJECT IDENTIFIER ::=
+  {id-at 26}
+
+-- id-at-encryptedRegisteredAddress				OBJECT IDENTIFIER	::=	{id-at 26 2}
+id-at-destinationIndicator OBJECT IDENTIFIER ::=
+  {id-at 27}
+
+-- id-at-encryptedDestinationIndicator   			OBJECT IDENTIFIER	::=	{id-at 27 2}
+id-at-preferredDeliveryMethod OBJECT IDENTIFIER ::=
+  {id-at 28}
+
+-- id-at-encryptedPreferredDeliveryMethod			OBJECT IDENTIFIER	::=	{id-at 28 2}
+id-at-presentationAddress OBJECT IDENTIFIER ::=
+  {id-at 29}
+
+-- id-at-encryptedPresentationAddress				OBJECT IDENTIFIER	::=	{id-at 29 2}
+id-at-supportedApplicationContext OBJECT IDENTIFIER ::=
+  {id-at 30}
+
+-- id-at-encryptedSupportedApplicationContext		OBJECT IDENTIFIER	::=	{id-at 30 2}
+id-at-member OBJECT IDENTIFIER ::=
+  {id-at 31}
+
+-- id-at-encryptedMember						OBJECT IDENTIFIER	::=	{id-at 31 2}
+id-at-owner OBJECT IDENTIFIER ::=
+  {id-at 32}
+
+-- id-at-encryptedOwner						OBJECT IDENTIFIER	::=	{id-at 32 2}
+id-at-roleOccupant OBJECT IDENTIFIER ::=
+  {id-at 33}
+
+-- id-at-encryptedRoleOccupant   				OBJECT IDENTIFIER	::=	{id-at 33 2}
+id-at-seeAlso OBJECT IDENTIFIER ::=
+  {id-at 34}
+
+-- id-at-encryptedSeeAlso	 					OBJECT IDENTIFIER	::=	{id-at 34 2}
+-- id-at-userPassword						OBJECT IDENTIFIER	::=	{id-at 35}	X.509|Part8
+-- id-at-encryptedUserPassword					OBJECT IDENTIFIER	::=	{id-at 35 2}
+-- id-at-userCertificate						OBJECT IDENTIFIER	::=	{id-at 36} 	X.509|Part8
+-- id-at-encryptedUserCertificate				OBJECT IDENTIFIER	::=	{id-at 36 2}
+-- id-at-cACertificate						OBJECT IDENTIFIER	::=	{id-at 37} 	X.509|Part8
+-- id-at-encryptedCACertificate    	 			OBJECT IDENTIFIER	::=	{id-at 37 2}
+-- id-at-authorityRevocationList    				OBJECT IDENTIFIER	::=	{id-at 38} 	X.509|Part8
+-- id-at-encryptedAuthorityRevocationList			OBJECT IDENTIFIER	::=	{id-at 38 2}
+-- id-at-certificateRevocationList   				OBJECT IDENTIFIER	::=	{id-at 39} 	X.509|Part8
+-- id-at-encryptedCertificateRevocationList	 		OBJECT IDENTIFIER	::=	{id-at 39 2}
+-- id-at-crossCertificatePair					OBJECT IDENTIFIER	::=	{id-at 40} 	X.509|Part8
+-- id-at-encryptedCrossCertificatePair   			OBJECT IDENTIFIER	::=	{id-at 40 2}
+id-at-name OBJECT IDENTIFIER ::=
+  {id-at 41}
+
+id-at-givenName OBJECT IDENTIFIER ::= {id-at 42}
+
+-- id-at-encryptedGivenName					OBJECT IDENTIFIER	::=	{id-at 42 2}
+id-at-initials OBJECT IDENTIFIER ::=
+  {id-at 43}
+
+-- id-at-encryptedInitials						OBJECT IDENTIFIER	::=	{id-at 43 2}
+id-at-generationQualifier OBJECT IDENTIFIER ::=
+  {id-at 44}
+
+-- id-at-encryptedGenerationQualifier    	 		OBJECT IDENTIFIER	::=	{id-at 44 2}
+id-at-uniqueIdentifier OBJECT IDENTIFIER ::=
+  {id-at 45}
+
+-- id-at-encryptedUniqueIdentifier				OBJECT IDENTIFIER	::=	{id-at 45 2}
+id-at-dnQualifier OBJECT IDENTIFIER ::=
+  {id-at 46}
+
+-- id-at-encryptedDnQualifier					OBJECT IDENTIFIER	::=	{id-at 46 2}
+id-at-enhancedSearchGuide OBJECT IDENTIFIER ::=
+  {id-at 47}
+
+-- id-at-encryptedEnhancedSearchGuide			OBJECT IDENTIFIER	::=	{id-at 47 2}
+id-at-protocolInformation OBJECT IDENTIFIER ::=
+  {id-at 48}
+
+-- id-at-encryptedProtocolInformation				OBJECT IDENTIFIER	::=	{id-at 48 2}
+id-at-distinguishedName OBJECT IDENTIFIER ::=
+  {id-at 49}
+
+-- id-at-encryptedDistinguishedName   			OBJECT IDENTIFIER	::=	{id-at 49 2}
+id-at-uniqueMember OBJECT IDENTIFIER ::=
+  {id-at 50}
+
+-- id-at-encryptedUniqueMember				OBJECT IDENTIFIER	::=	{id-at 50 2}
+id-at-houseIdentifier OBJECT IDENTIFIER ::=
+  {id-at 51}
+
+-- id-at-encryptedHouseIdentifier				OBJECT IDENTIFIER	::=	{id-at 51 2}
+-- id-at-supportedAlgorithms					OBJECT IDENTIFIER	::=	{id-at 52} 	X.509|Part8
+-- id-at-encryptedSupportedAlgorithms				OBJECT IDENTIFIER	::=	{id-at 52 2}
+-- id-at-deltaRevocationList					OBJECT IDENTIFIER	::=	{id-at 53} 	X.509|Part8
+-- id-at-encryptedDeltaRevocationList    			OBJECT IDENTIFIER	::=	{id-at 53 2}
+id-at-dmdName OBJECT IDENTIFIER ::=
+  {id-at 54}
+
+-- id-at-encryptedDmdName					OBJECT IDENTIFIER	::=	{id-at 54 2}
+-- id-at-clearance	 						OBJECT IDENTIFIER	::=	{id-at 55}
+-- id-at-encryptedClearance					OBJECT IDENTIFIER	::=	{id-at 55 2}
+-- id-at-defaultDirQop						OBJECT IDENTIFIER	::=	{id-at 56}
+-- id-at-encryptedDefaultDirQop   				OBJECT IDENTIFIER	::=	{id-at 56 2}
+-- id-at-attributeIntegrityInfo					OBJECT IDENTIFIER	::=	{id-at 57}
+-- id-at-encryptedAttributeIntegrityInfo   			OBJECT IDENTIFIER	::=	{id-at 57 2}
+-- id-at-attributeCertificate						OBJECT IDENTIFIER	::=	{id-at 58} 	X.509|Part8
+-- id-at-encryptedAttributeCertificate				OBJECT IDENTIFIER	::=	{id-at 58 2}
+-- id-at-attributeCertificateRevocationList			OBJECT IDENTIFIER	::=	{id-at 59} 	X.509|Part8
+-- id-at-encryptedAttributeCertificateRevocationList   	OBJECT IDENTIFIER	::=	{id-at 59 2}
+-- id-at-confKeyInfo							OBJECT IDENTIFIER	::=	{id-at 60}
+-- id-at-encryptedConfKeyInfo					OBJECT IDENTIFIER	::=	{id-at 60 2}
+-- id-at-aACertificate						OBJECT IDENTIFIER	::=	{id-at 61} 	X.509|Part8
+-- id-at-attributeDescriptorCertificate				OBJECT IDENTIFIER	::=	{id-at 62} 	X.509|Part8
+-- id-at-attributeAuthorityRevocationList			OBJECT IDENTIFIER	::=	{id-at 63} 	X.509|Part8
+-- id-at-family-information	 					OBJECT IDENTIFIER	::=	{id-at 64}
+id-at-pseudonym OBJECT IDENTIFIER ::=
+  {id-at 65}
+
+id-at-communicationsService OBJECT IDENTIFIER ::= {id-at 66}
+
+id-at-communicationsNetwork OBJECT IDENTIFIER ::= {id-at 67}
+
+-- id-at-certificationPracticeStmt   				OBJECT IDENTIFIER	::=	{id-at 68} 	X.509|Part8
+-- id-at-certificatePolicy						OBJECT IDENTIFIER	::=	{id-at 69} 	X.509|Part8
+-- id-at-pkiPath							OBJECT IDENTIFIER	::=	{id-at 70} 	X.509|Part8
+-- id-at-privPolicy							OBJECT IDENTIFIER	::=	{id-at 71} 	X.509|Part8
+-- id-at-role    							OBJECT IDENTIFIER	::=	{id-at 72} 	X.509|Part8
+-- id-at-delegationPath						OBJECT IDENTIFIER	::=	{id-at 73} 	X.509|Part8
+-- id-at-protPrivPolicy						OBJECT IDENTIFIER	::=	{id-at 74} 	X.509|Part8
+-- id-at-xMLPrivilegeInfo 						OBJECT IDENTIFIER	::=	{id-at 75} 	X.509|Part8
+-- id-at-xmlPrivPolicy						OBJECT IDENTIFIER	::=	{id-at 76} 	X.509|Part8
+id-at-uuidpair OBJECT IDENTIFIER ::=
+  {id-at 77}
+
+id-at-tagOid OBJECT IDENTIFIER ::= {id-at 78}
+
+id-at-uiiFormat OBJECT IDENTIFIER ::= {id-at 79}
+
+id-at-uiiInUrn OBJECT IDENTIFIER ::= {id-at 80}
+
+id-at-contentUri OBJECT IDENTIFIER ::= {id-at 81}
+
+-- id-at-permission   						OBJECT IDENTIFIER	::=	{id-at 82} 	X.509|Part8
+-- Control  attributes
+id-cat-sequenceMatchType OBJECT IDENTIFIER ::=
+  {id-cat 1}
+
+id-cat-wordMatchType OBJECT IDENTIFIER ::= {id-cat 2}
+
+id-cat-characterMatchTypes OBJECT IDENTIFIER ::= {id-cat 3}
+
+id-cat-selectedContexts OBJECT IDENTIFIER ::= {id-cat 4}
+
+-- Notification attributes
+id-not-dSAProblem OBJECT IDENTIFIER ::= {id-not 0}
+
+id-not-searchServiceProblem OBJECT IDENTIFIER ::= {id-not 1}
+
+id-not-serviceType OBJECT IDENTIFIER ::= {id-not 2}
+
+id-not-attributeTypeList OBJECT IDENTIFIER ::= {id-not 3}
+
+id-not-matchingRuleList OBJECT IDENTIFIER ::= {id-not 4}
+
+id-not-filterItem OBJECT IDENTIFIER ::= {id-not 5}
+
+id-not-attributeCombinations OBJECT IDENTIFIER ::= {id-not 6}
+
+id-not-contextTypeList OBJECT IDENTIFIER ::= {id-not 7}
+
+id-not-contextList OBJECT IDENTIFIER ::= {id-not 8}
+
+id-not-contextCombinations OBJECT IDENTIFIER ::= {id-not 9}
+
+id-not-hierarchySelectList OBJECT IDENTIFIER ::= {id-not 10}
+
+id-not-searchControlOptionsList OBJECT IDENTIFIER ::= {id-not 11}
+
+id-not-serviceControlOptionsList OBJECT IDENTIFIER ::= {id-not 12}
+
+id-not-multipleMatchingLocalities OBJECT IDENTIFIER ::= {id-not 13}
+
+id-not-proposedRelaxation OBJECT IDENTIFIER ::= {id-not 14}
+
+id-not-appliedRelaxation OBJECT IDENTIFIER ::= {id-not 15}
+
+-- Problem definitions
+id-pr-targetDsaUnavailable OBJECT IDENTIFIER ::=
+  {id-pr 1}
+
+id-pr-dataSourceUnavailable OBJECT IDENTIFIER ::= {id-pr 2}
+
+id-pr-unidentifiedOperation OBJECT IDENTIFIER ::= {id-pr 3}
+
+id-pr-unavailableOperation OBJECT IDENTIFIER ::= {id-pr 4}
+
+id-pr-searchAttributeViolation OBJECT IDENTIFIER ::= {id-pr 5}
+
+id-pr-searchAttributeCombinationViolation OBJECT IDENTIFIER ::= {id-pr 6}
+
+id-pr-searchValueNotAllowed OBJECT IDENTIFIER ::= {id-pr 7}
+
+id-pr-missingSearchAttribute OBJECT IDENTIFIER ::= {id-pr 8}
+
+id-pr-searchValueViolation OBJECT IDENTIFIER ::= {id-pr 9}
+
+id-pr-attributeNegationViolation OBJECT IDENTIFIER ::= {id-pr 10}
+
+id-pr-searchValueRequired OBJECT IDENTIFIER ::= {id-pr 11}
+
+id-pr-invalidSearchValue OBJECT IDENTIFIER ::= {id-pr 12}
+
+id-pr-searchContextViolation OBJECT IDENTIFIER ::= {id-pr 13}
+
+id-pr-searchContextCombinationViolation OBJECT IDENTIFIER ::= {id-pr 14}
+
+id-pr-missingSearchContext OBJECT IDENTIFIER ::= {id-pr 15}
+
+id-pr-searchContextValueViolation OBJECT IDENTIFIER ::= {id-pr 16}
+
+id-pr-searchContextValueRequired OBJECT IDENTIFIER ::= {id-pr 17}
+
+id-pr-invalidContextSearchValue OBJECT IDENTIFIER ::= {id-pr 18}
+
+id-pr-unsupportedMatchingRule OBJECT IDENTIFIER ::= {id-pr 19}
+
+id-pr-attributeMatchingViolation OBJECT IDENTIFIER ::= {id-pr 20}
+
+id-pr-unsupportedMatchingUse OBJECT IDENTIFIER ::= {id-pr 21}
+
+id-pr-matchingUseViolation OBJECT IDENTIFIER ::= {id-pr 22}
+
+id-pr-hierarchySelectForbidden OBJECT IDENTIFIER ::= {id-pr 23}
+
+id-pr-invalidHierarchySelect OBJECT IDENTIFIER ::= {id-pr 24}
+
+id-pr-unavailableHierarchySelect OBJECT IDENTIFIER ::= {id-pr 25}
+
+id-pr-invalidSearchControlOptions OBJECT IDENTIFIER ::= {id-pr 26}
+
+id-pr-invalidServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 27}
+
+id-pr-searchSubsetViolation OBJECT IDENTIFIER ::= {id-pr 28}
+
+id-pr-unmatchedKeyAttributes OBJECT IDENTIFIER ::= {id-pr 29}
+
+id-pr-ambiguousKeyAttributes OBJECT IDENTIFIER ::= {id-pr 30}
+
+id-pr-unavailableRelaxationLevel OBJECT IDENTIFIER ::= {id-pr 31}
+
+id-pr-emptyHierarchySelection OBJECT IDENTIFIER ::= {id-pr 32}
+
+id-pr-administratorImposedLimit OBJECT IDENTIFIER ::= {id-pr 33}
+
+id-pr-permanentRestriction OBJECT IDENTIFIER ::= {id-pr 34}
+
+id-pr-temporaryRestriction OBJECT IDENTIFIER ::= {id-pr 35}
+
+id-pr-relaxationNotSupported OBJECT IDENTIFIER ::= {id-pr 36}
+
+-- Matching rules
+-- id-mr-objectIdentifierMatch 					OBJECT IDENTIFIER	::=	{id-mr 0} 	X.501|Part2
+-- id-mr-distinguishedNameMatch				OBJECT IDENTIFIER	::=	{id-mr 1} 	X.501|Part2
+id-mr-caseIgnoreMatch OBJECT IDENTIFIER ::=
+  {id-mr 2}
+
+id-mr-caseIgnoreOrderingMatch OBJECT IDENTIFIER ::= {id-mr 3}
+
+id-mr-caseIgnoreSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 4}
+
+id-mr-caseExactMatch OBJECT IDENTIFIER ::= {id-mr 5}
+
+id-mr-caseExactOrderingMatch OBJECT IDENTIFIER ::= {id-mr 6}
+
+id-mr-caseExactSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 7}
+
+id-mr-numericStringMatch OBJECT IDENTIFIER ::= {id-mr 8}
+
+id-mr-numericStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 9}
+
+id-mr-numericStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 10}
+
+id-mr-caseIgnoreListMatch OBJECT IDENTIFIER ::= {id-mr 11}
+
+id-mr-caseIgnoreListSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 12}
+
+id-mr-booleanMatch OBJECT IDENTIFIER ::= {id-mr 13}
+
+id-mr-integerMatch OBJECT IDENTIFIER ::= {id-mr 14}
+
+id-mr-integerOrderingMatch OBJECT IDENTIFIER ::= {id-mr 15}
+
+id-mr-bitStringMatch OBJECT IDENTIFIER ::= {id-mr 16}
+
+id-mr-octetStringMatch OBJECT IDENTIFIER ::= {id-mr 17}
+
+id-mr-octetStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 18}
+
+id-mr-octetStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 19}
+
+id-mr-telephoneNumberMatch OBJECT IDENTIFIER ::= {id-mr 20}
+
+id-mr-telephoneNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 21}
+
+id-mr-presentationAddressMatch OBJECT IDENTIFIER ::= {id-mr 22}
+
+id-mr-uniqueMemberMatch OBJECT IDENTIFIER ::= {id-mr 23}
+
+id-mr-protocolInformationMatch OBJECT IDENTIFIER ::= {id-mr 24}
+
+id-mr-uTCTimeMatch OBJECT IDENTIFIER ::= {id-mr 25}
+
+id-mr-uTCTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 26}
+
+id-mr-generalizedTimeMatch OBJECT IDENTIFIER ::= {id-mr 27}
+
+id-mr-generalizedTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 28}
+
+id-mr-integerFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 29}
+
+id-mr-objectIdentifierFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 30}
+
+id-mr-directoryStringFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 31}
+
+id-mr-wordMatch OBJECT IDENTIFIER ::= {id-mr 32}
+
+id-mr-keywordMatch OBJECT IDENTIFIER ::= {id-mr 33}
+
+-- id-mr-certificateExactMatch					OBJECT IDENTIFIER	::=	{id-mr 34} 	X.509|Part8
+-- id-mr-certificateMatch						OBJECT IDENTIFIER	::=	{id-mr 35} 	X.509|Part8
+-- id-mr-certificatePairExactMatch				OBJECT IDENTIFIER	::=	{id-mr 36} 	X.509|Part8
+-- id-mr-certificatePairMatch					OBJECT IDENTIFIER	::=	{id-mr 37} 	X.509|Part8
+-- id-mr-certificateListExactMatch				OBJECT IDENTIFIER	::=	{id-mr 38} 	X.509|Part8
+-- id-mr-certificateListMatch					OBJECT IDENTIFIER	::=	{id-mr 39} 	X.509|Part8
+-- id-mr-algorithmIdentifierMatch				OBJECT IDENTIFIER	::=	{id-mr 40} 	X.509|Part8
+id-mr-storedPrefixMatch OBJECT IDENTIFIER ::=
+  {id-mr 41}
+
+-- id-mr-attributeCertificateMatch				OBJECT IDENTIFIER	::=	{id-mr 42} 	X.509|Part8
+-- id-mr-readerAndKeyIDMatch   				OBJECT IDENTIFIER	::=	{id-mr 43}
+-- id-mr-attributeIntegrityMatch					OBJECT IDENTIFIER	::=	{id-mr 44}
+-- id-mr-attributeCertificateExactMatch   			OBJECT IDENTIFIER	::=	{id-mr 45} 	X.509|Part8
+-- id-mr-holderIssuerMatch					OBJECT IDENTIFIER	::=	{id-mr 46} 	X.509|Part8
+id-mr-systemProposedMatch OBJECT IDENTIFIER ::=
+  {id-mr 47}
+
+id-mr-generalWordMatch OBJECT IDENTIFIER ::= {id-mr 48}
+
+id-mr-approximateStringMatch OBJECT IDENTIFIER ::= {id-mr 49}
+
+id-mr-ignoreIfAbsentMatch OBJECT IDENTIFIER ::= {id-mr 50}
+
+id-mr-nullMatch OBJECT IDENTIFIER ::= {id-mr 51}
+
+id-mr-zonalMatch OBJECT IDENTIFIER ::= {id-mr 52}
+
+-- id-mr-authAttIdMatch						OBJECT IDENTIFIER	::=	{id-mr 53} 	X.509|Part8
+-- id-mr-roleSpecCertIdMatch					OBJECT IDENTIFIER	::=	{id-mr 54} 	X.509|Part8
+-- id-mr-basicAttConstraintsMatch				OBJECT IDENTIFIER	::=	{id-mr 55} 	X.509|Part8
+-- id-mr-delegatedNameConstraintsMatch			OBJECT IDENTIFIER	::=	{id-mr 56} 	X.509|Part8
+-- id-mr-timeSpecMatch						OBJECT IDENTIFIER	::=	{id-mr 57} 	X.509|Part8
+-- id-mr-attDescriptorMatch					OBJECT IDENTIFIER	::=	{id-mr 58} 	X.509|Part8
+-- id-mr-acceptableCertPoliciesMatch    			OBJECT IDENTIFIER	::=	{id-mr 59} 	X.509|Part8
+-- id-mr-policyMatch						OBJECT IDENTIFIER	::=	{id-mr 60} 	X.509|Part8
+-- id-mr-delegationPathMatch					OBJECT IDENTIFIER	::=	{id-mr 61} 	X.509|Part8
+-- id-mr-pkiPathMatch						OBJECT IDENTIFIER	::=	{id-mr 62} 	X.509|Part8
+id-mr-facsimileNumberMatch OBJECT IDENTIFIER ::=
+  {id-mr 63}
+
+id-mr-facsimileNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 64}
+
+-- id-mr-enhancedCertificateMatch				OBJECT IDENTIFIER	::=	{id-mr 65} 	X.509|Part8
+-- id-mr-sOAIdentifierMatch					OBJECT IDENTIFIER	::=	{id-mr 66} 	X.509|Part8
+-- id-mr-extensionPresenceMatch				OBJECT IDENTIFIER	::=	{id-mr 67} 	X.509|Part8
+id-mr-uuidpairmatch OBJECT IDENTIFIER ::=
+  {id-mr 68}
+
+-- id-mr-dualStringMatch   					OBJECT IDENTIFIER	::=	{id-mr 69} 	X.509|Part8
+-- contexts
+id-avc-language OBJECT IDENTIFIER ::=
+  {id-avc 0}
+
+id-avc-temporal OBJECT IDENTIFIER ::= {id-avc 1}
+
+id-avc-locale OBJECT IDENTIFIER ::= {id-avc 2}
+
+-- id-avc-attributeValueSecurityLabelContext 		OBJECT IDENTIFIER	::=	{id-avc 3}
+-- id-avc-attributeValueIntegrityInfoContext			OBJECT IDENTIFIER	::=	{id-avc 4}
+id-avc-ldapAttributeOption OBJECT IDENTIFIER ::=
+  {id-avc 5}
+
+END -- SelectedAttributeTypes