-- Module DirectorySecurityExchanges (X.519:08/1997)
-- See also ITU-T X.519 (08/1997)
-- See also the index of all ASN.1 assignments needed in this document
DirectorySecurityExchanges {joint-iso-itu-t ds(5) module(1)
directorySecurityExchanges(29) 1} DEFINITIONS ::=
BEGIN
-- EXPORTS All
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
-- within the Directory. Other applications may use them for their own purposes, but this will not constrain
-- extensions and modifications needed to maintain or improve the Directory service.
IMPORTS
SECURITY-EXCHANGE, SE-ERROR, SEC-EXCHG-ITEM
FROM Notation {joint-iso-itu-t genericULS(20) modules(1) notation(1)}
dirAuthenticationTwoWay
FROM GulsSecurityExchanges {joint-iso-itu-t genericULS(20) modules(1)
gulsSecurityExchanges(2)}
SESEapdus{}, NoInvocationId
FROM SeseAPDUs {joint-iso-itu-t genericULS(20) modules(1) seseAPDUs(6)}
DistinguishedName
FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
informationFramework(1) 3}
CertificationPath, SIGNED{}, SIGNATURE{}, AlgorithmIdentifier
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
authenticationFramework(7) 3}
SecurityProblem
FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
directoryAbstractService(2) 3}
APPLICATION-CONTEXT
FROM Remote-Operations-Information-Objects-extensions {joint-iso-itu-t
remote-operations(4) informationObjects-extensions(8) version1(0)}
SPKM-REQ, SPKM-REP-IT, SPKM-ERROR, SPKM-REP-TI
FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) spkm(1) spkmGssTokens(10)}
id-as-2or3se, id-se-threewayse, id-se-spkmthreewayse
FROM ProtocolObjectIdentifiers {joint-iso-itu-t ds(5) module(1)
protocolObjectIdentifiers(4) 3}
dirqop
FROM EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28)
1};
-- Directory Authentication Exchange (Three-way)
dirAuthenticationThreeWay SECURITY-EXCHANGE ::= {
SE-ITEMS {firstCredentials | secondCredentials | thirdCredentials}
IDENTIFIER global:{id-se-threewayse}
}
firstCredentials SEC-EXCHG-ITEM ::= {
ITEM-TYPE ThreeWayCredentials
ITEM-ID 1
ERRORS {authenticationFailure}
}
secondCredentials SEC-EXCHG-ITEM ::= {
ITEM-TYPE ThreeWayCredentials
ITEM-ID 2
ERRORS {authenticationFailure}
}
thirdCredentials SEC-EXCHG-ITEM ::= {
ITEM-TYPE ThreeWayCredentials
ITEM-ID 3
}
authenticationFailure SE-ERROR ::= {
PARAMETER DirectoryAbstractService.SecurityProblem
ERROR-CODE local:1
}
ThreeWayCredentials ::= SET {
certification-path [0] CertificationPath OPTIONAL,
token [1] ThreeWayToken,
name [2] DistinguishedName OPTIONAL
}
ThreeWayToken ::=
SIGNED
{SEQUENCE {algorithm [0] AlgorithmIdentifier,
name [1] DistinguishedName,
time [2] UTCTime OPTIONAL,
random [3] BIT STRING,
response [4] BIT STRING OPTIONAL,
dirqop [5] OBJECT IDENTIFIER OPTIONAL}}
-- Directory Authentication Exchange (SPKM Three-way)
spkmThreeWay SECURITY-EXCHANGE ::= {
SE-ITEMS
{spkmFirstCredentials | spkmSecondCredentials | spkmThirdCredentials}
IDENTIFIER global:{id-se-spkmthreewayse}
}
spkmFirstCredentials SEC-EXCHG-ITEM ::= {
ITEM-TYPE SPKM-REQ ITEM-ID 1
ERRORS {spkmFailure}
}
spkmSecondCredentials SEC-EXCHG-ITEM ::= {
ITEM-TYPE SPKM-REP-TI ITEM-ID 2
ERRORS {spkmFailure}
}
spkmThirdCredentials SEC-EXCHG-ITEM ::= {
ITEM-TYPE SPKM-REP-IT ITEM-ID 3
ERRORS {spkmFailure}
}
spkmFailure SE-ERROR ::= {PARAMETER SPKM-ERROR ERROR-CODE local:1
}
-- Definition of Abstract Syntax of SESE with two or three-way authentication
dir2or3se ABSTRACT-SYNTAX ::= {
SESEapdus
{{dirAuthenticationTwoWay | dirAuthenticationThreeWay | spkmThreeWay},
{NoInvocationId}}
IDENTIFIED BY {id-as-2or3se}
}
END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D