Corrections made to the ASN.1 modules of X.501 TC1 (08/1997)

· Module EnhancedSecurity:

1. Replacement of:

SecurityLabel, SecurityCategory FROM MTSAbstractService 
  { joint-iso-itu-t mhs(6) mts(3) modules(0) mts-abstract-service(1) version-1994(0)}

with:

SecurityLabel, SecurityCategory FROM MTSAbstractService 
  { joint-iso-itu-t mhs(6) mts(3) modules(0) mts-abstract-service(1) version-1999(1)}

2. In the definition of encrypted, the parameter of genEncryptedTransform{} is missing. In order to compile, it was replaced by "{...}".

3. Addition of the definitions of dirqop and example-protection-mapping:

dirqop DIRQOP ::= { 
	DIRQOP-ID					{ 1 2 3 }
	DIRECTORYBINDERROR-QOP				example-protection-mapping 
	DIRERRORS-QOP					example-protection-mapping 
	DAPREADARG-QOP					example-protection-mapping 
	DAPREADRES-QOP 					example-protection-mapping 
	DAPCOMPAREARG-QOP				example-protection-mapping 
	DAPCOMPARERES-QOP 				example-protection-mapping 
	DAPLISTARG-QOP					example-protection-mapping 
	DAPLISTRES-QOP 					example-protection-mapping 
	DAPSEARCHARG-QOP   				example-protection-mapping 
	DAPSEARCHRES-QOP 				example-protection-mapping 
	DAPABANDONARG-QOP	  			example-protection-mapping 
	DAPABANDONRES-QOP 				example-protection-mapping 
	DAPADDENTRYARG-QOP	  			example-protection-mapping 
	DAPADDENTRYRES-QOP 				example-protection-mapping 
	DAPREMOVEENTRYARG-QOP	  			example-protection-mapping 
	DAPREMOVEENTRYRES-QOP 				example-protection-mapping 
	DAPMODIFYENTRYARG-QOP 				example-protection-mapping 
	DAPMODIFYENTRYRES-QOP 				example-protection-mapping 
  	DAPMODIFYDNARG-QOP 				example-protection-mapping 
	DAPMODIFYDNRES-QOP 				example-protection-mapping 
  	DSPCHAINEDOP-QOP 				example-protection-mapping 
	DISPSHADOWAGREEINFO-QOP 			example-protection-mapping 
  	DISPCOORSHADOWARG-QOP 				example-protection-mapping 
	DISPCOORSHADOWRES-QOP 				example-protection-mapping 
  	DISPUPDATESHADOWARG-QOP 			example-protection-mapping 
	DISPUPDATESHADOWRES-QOP 			example-protection-mapping 
  	DISPREQUESTSHADOWUPDATEARG-QOP 			example-protection-mapping 
	DISPREQUESTSHADOWUPDATERES-QOP	  		example-protection-mapping 
	DOPESTABLISHOPBINDARG-QOP 			example-protection-mapping 
  	DOPESTABLISHOPBINDRES-QOP 			example-protection-mapping 
	DOPMODIFYOPBINDARG-QOP	  			example-protection-mapping 
	DOPMODIFYOPBINDRES-QOP 				example-protection-mapping 
  	DOPTERMINATEOPBINDARG-QOP 			example-protection-mapping 
	DOPTERMINATEOPBINDRES-QOP 			example-protection-mapping 
	DSAREFERRAL-QOP 				example-protection-mapping } 

example-protection-mapping PROTECTION-MAPPING ::= {
  						SECURITY-TRANSFORMATION {{IDENTIFIER {1 2 4}
			    			XFORMED-DATA-TYPE NULL}} }

4. Addition of the definition of genEncryption{}. This definition is based on the definition of genEncryptedTransform{}.

-- This definition is missing in the base document; to be changed --
genEncryption {KEY-INFORMATION:SupportedKIClasses} SECURITY-TRANSFORMATION  ::= {
		IDENTIFIER			{1 2 3} 
		XFORMED-DATA-TYPE 	SEQUENCE {	
								initEncRules OBJECT IDENTIFIER DEFAULT {joint-iso-itu-t asn1(1) ber(1)},
 								encAlgorithm AlgorithmIdentifier OPTIONAL,
 								keyInformation	SEQUENCE { 
										kiClass KEY-INFORMATION.&kiClass ({SupportedKIClasses}), 
  										keyInfo KEY-INFORMATION.&KiType ({SupportedKIClasses} {@.kiClass}) } OPTIONAL, 
  								encData BIT STRING ( CONSTRAINED BY { 	-- the encData value must be generated following 
																-- the procedure specified in 15.3.1-- }) } }

5. In the definition of keyProtection, the parameter of genEncryption{} is missing. In order to compile, it was replaced by "{...}".

6. Replacement of:

AttribsHash ::=
  HASH
    {SEQUENCE {subject              Name,
               protectedAttributes  SEQUENCE OF ProtectedAttributes}}
with: 
AttribsHash ::= HASH{SEQUENCE SIZE (1..MAX) OF Attribute}

· Module OperationalBindingManagement:

1. Replacement of:

OPTIONALLY-PROTECTED, DIRQOP FROM EnhancedSecurity enhancedSecurity

with:

OPTIONALLY-PROTECTED{}, dirqop FROM EnhancedSecurity enhancedSecurity

2. Replacement of all occurences of DIRQOP with dirqop and suppression of all occurences of {@dirqop}.

3. Replacement of all occurences of SEQUENCE containing WITH COMPONENTS OF CommonResults with SET, because CommonResults is a SET.

· Module InformationFramework:

1. In the definition of OutputValues, suppression of {@attributeType}.

2. In the definition of ResultAttribute, replacement of OutputValues with:

CHOICE {
	selectedValues     SEQUENCE SIZE (1..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}), 
    matchedValuesOnly  NULL}