Recommendation X.520 THE DIRECTORY - SELECTED ATTRIBUTE TYPES 1) (Melbourne, 1988) CONTENTS 0 Introduction 1 Scope and field of application 2 References 3 Definitions Fascicle VIII.8 - Rec. X.520 1 4 Notation SECTION 1 - Selected Attribute Types 5 Definition of Selected Attribute Types 5.1 System Attribute Types 5.2 Labelling Attribute Types 5.3 Geographical Attribute Types 5.4 Organizational Attribute Types 5.5 Explanatory Attribute Types 5.6 Postal Addressing Attribute Types 5.7 Telecommunications Addressing Attribute Types 5.8 Preferences Attribute Types 5.9 OSI Application Attribute Types 5.10 Relational Attribute Types 5.11 Security Attribute Types SECTION 2 - Attribute Syntaxes 6 Definition of Attribute Syntaxes 6.1 Attribute Syntaxes Used by the Directory 6.2 String Attribute Syntaxes 6.3 Miscellaneous Attribute Syntaxes Annex A - Selected Attribute Types in ASN.1 Annex B - Index of Attribute Types and Syntaxes Annex C - Upper Bounds 0 Introduction 0.1 This document, together with the others of the series, has been produced to facilitate the interconnection of information processing systems to provide directory services. The set of all such systems, together with the directory information which they hold, can be viewed as an integrated whole, called the Directory. The information held by the Directory, collectively known as the Directory Information Base (DIB), is typically used to facilitate communication between, with or about objects such as application entities, people, terminals, and distribution lists. 0.2 The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of technical agreement outside of the interconnection standards themselves, the interconnection of information processing systems: - from different manufacturers; - under different managements; - of different levels of complexity; and - of different ages. 0.3 This Recommendation defines a number of attribute types which may be found useful across a range of applications of the Directory. One particular use for many of the attributes defined herein is in the formation of names, particularly for the classes of object defined in Recommendation X.521. This Recommendation also defines a number of standard attribute syntaxes. 0.4 Annex A, which is part of this Recommendation, provides the ASN.1 notation for the complete module which defines 2 Fascicle VIII.8 - Rec. X.520 the attributes and attribute syntaxes. 0.5 Annex B, which is not part of this Recommendation, provides an alphabetical index of attribute types, for easy reference. Fascicle VIII.8 - Rec. X.520 3 1 Scope and field of application 1.1 This Recommendation defines a number of attribute types which may be found useful across a range of applications of the Directory. 1.2 Attribute types (and attribute syntaxes) fall into three categories, as described in  1.2.1 to 1.2.3. 1.2.1 Some attribute types (syntaxes) are used by a wide variety of applications or are understood and/or used by the Directory itself. Note - It is recommended that an attribute type (syntax) defined in this document be used, in preference to the generation of a new one, whenever it is appropriate for the application. 1.2.2 Some attribute types (syntaxes) are internationally-standardized, but are application-specific. These are defined in the standards associated with the application concerned. 1.2.3 Any administrative authority can define its own attribute types (syntaxes) for any purpose. These are not internationally standardized, and are available to others beyond the administrative authority which created them only by bilateral agreement. 2 References ISO 3166 - Codes for the representation of names of countries Recommendation X.121- International numbering plan for public data networks Recommendation X.208- Open Systems Interconnection - Specification of Abstract Syntax Notation (ASN.1) (see also ISO 8824) Recommendation X.501- The Directory - Models (see also ISO 9594-2) Recommendation X.521- The Directory - Selected Object Classes (see also ISO 9594-7) Recommendation E.123- Notation for National and International Telephone Numbers 3 Definitions This Recommendation makes use of the following definitions from Recommendation X.501: a) attribute type; b) attribute syntax; c) object class. 4 Notation Attribute types and attribute syntaxes are defined in this document by the use of special notation, defined as ASN.1 macros in Recommendation X.501. There are two such macros, ATTRIBUTE and ATTRIBUTE-SYNTAX. Two "generic" object identifiers (attributeType and attributeSyntax) are used in defining the object identifiers being allocated to attribute types and attribute syntaxes respectively. Their definitions can be found in Annex B of Recommendation X.501. Examples of the use of the attribute types are described using an informal notation, where attribute type and value pairs are represented by an acronym for the attribute type, followed by an equals sign ("="), followed by the example value for the attribute. SECTION 1 - Selected Attribute Types 5 Definition of Selected Attribute Types 4 Fascicle VIII.8 - Rec. X.520 This Recommendation defines a number of attribute types which may be found useful across a range of applications of the Directory. 5.1 System Attribute Types These attribute types are concerned with information about objects known to the Directory. Fascicle VIII.8 - Rec. X.520 5 5.1.1 Object Class The Object Class attribute type, which is known to the Directory, is specified, except for the allocation of an object identifier, in Recommendation X.501. objectClass ObjectClass ::= {attributeType 0} 5.1.2 Aliased Object Name This attribute type is defined, except for the allocation of an object identifier, in Recommendation X.501. aliasedObjectName AliasedObjectName ::= {attributeType 1} 5.1.3 Knowledge information The Knowledge Information attribute type specifies a human readable accumulated description of knowledge mastered by a specific DSA. knowledgeInformation ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax ::= {attributeType 2} 5.2 Labelling Attribute Types These attribute types are concerned with information about objects which has been explicitly associated with the objects by a labelling process. 5.2.1 Common Name The Common Name attribute type specifies an identifier of an object. A Common Name is not a directory name; it is a (possibly ambiguous) name by which the object is commonly known in some limited scope (such as an organization) and conforms to the naming conventions of the country or culture with which it is associated. An attribute value for common name is a string chosen either by the person or organization it describes or the organization responsible for the object it describes for devices and application entities. For example, a typical name of a person in an English-speaking country comprises a personal title (e.g. Mr, Ms, Dr, Professor, Sir, Lord), a first name, middle name(s), last name, generational qualifier (if any, e.g. Jr.) and decorations and awards (if any, e.g. QC). Examples: CN = "Mr. Robin Lachlan McLeod BSc(Hons) CEng MIEE" CN = "Divisional Coordination Committee" CN = "High Speed Modem". Any variants should be associated with the named object as separate and alternative attribute values. Other common variants should also be admitted, e.g. use of a middle name as a preferred first name; use of "Bill" in place of "William", etc. commonName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-common-name)) ::= {attributeType 3} 5.2.2 Surname The Surname attribute type specifies the linguistic construct which normally is inherited by an individual from the 6 Fascicle VIII.8 - Rec. X.520 individual's parent or assumed by marriage, and by which the individual is commonly known. Fascicle VIII.8 - Rec. X.520 7 An attribute value for Surname is a string, e.g. "McLeod". surname ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-surname)) ::= {attributeType 4} 5.2.3 Serial Number The Serial Number attribute type specifies an identifier, the serial number of a device. An attribute value for Serial Number is a printable string. serialNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX printableStringSyntax (SIZE(1..ub-serial-number)) ::= (attributeType 5} 5.3 Geographical Attribute Types These attribute types are concerned with geographical positions or regions with which objects are associated. 5.3.1 Country Name The Country Name attribute type specifies a country. When used as a component of a directory name, it identifies the country in which the named object is physically located or with which it is associated in some other important way. An attribute value for country name is a string chosen from ISO 3166. countryName ATTRIBUTE WITH ATTRIBUTE-SYNTAX PrintableString (SIZE(2)) - IS 3166 codes only MATCHES FOR EQUALITY SINGLE VALUE ::= {attributeType 6} The matching rule for values of this type is the same as that for caseIgnoreStringSyntax. 5.3.2 Locality Name The Locality Name attribute type specifies a locality. When used as a component of a directory name, it identifies a geographical area or locality in which the named object is physically located or with which it is associated in some other important way. An attribute value for Locality Name is a string, e.g. L = "Edinburgh". localityName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-locality-name)) ::= {attributeType 7} 5.3.3 State or Province Name The State or Province Name attribute type specifies a state or province. When used as a component of a directory name, it identifies a geographical subdivision in which the named object is physically located or with which it is associated in some other important way. An attribute value for State or Province Name is a string, e.g. S = "Ohio". stateOrProvinceName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-state-name)) ::= {attributeType 8} 8 Fascicle VIII.8 - Rec. X.520 5.3.4 Street Address The Street Address attribute type specifies a site for the local distribution and physical delivery in a postal address, i.e. the street name, place, avenue, and the house number. When used as a component of a directory name, it identifies the street address at which the named object is located or with which it is associated in some other important way. An attribute value for Street Address is a string, e.g. "ArnulfstraYe 60". streetAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-street-address)) ::= {attributeType 9}. 5.4 Organizational Attribute Types These attribute types are concerned with organizations and can be used to describe objects in terms of organizations with which they are associated. 5.4.1 OrganizationName The Organization Name attribute type specifies an organization. When used as a component of a directory name it identifies an organization with which the named object is affiliated. An attribute value for OrganizationName is a string chosen by the organization (e.g. O = "Scottish Telecommunications plc"). Any variants should be associated with the named Organization as separate and alternative attribute values. organizationName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-organization-name)) ::= {attributeType 10}. 5.4.2 Organizational Unit Name The Organizational Unit Name attribute type specifies an organizational unit. When used as a component of a directory name it identifies an organizational unit with which the named object is affiliated. The designated organizational unit is understood to be part of an organization designated by an OrganizationalName attribute. It follows that if an Organizational Unit Name attribute is used in a directory name, it must be associated with an OrganizationName attribute. An attribute value for Organizational Unit Name is a string chosen by the organization of which it is part (e.g. OU = "Technology Division"). Note that the commonly used abbreviation "TD" would be a separate and alternative attribute value. Examples: O = "Scottel",OU = "TD" organizationalUnitName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-organizational-unit-name)) ::= {attributeType 11}. 5.4.3 Title The Title attribute type specifies the designated position or function of the object within an organization. An attribute value for Title is a string. Example: T = "Manager,Distributed Applications" Fascicle VIII.8 - Rec. X.520 9 title ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-title)) ::= {attributeType 12}. 5.5 Explanatory Attribute Types These attribute types are concerned with explanations (e.g. in a natural language) of something about an object. 5.5.1 Description The Description attribute type specifies text which describes the associated object. For example, the object "Standards Interest" might have the associated description "distribution list for exchange of information about intra-company standards development". An attribute value for Description is a string. description ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-description)) ::= {attributeType 13}. 5.5.2 Search Guide The Search Guide attribute type specifies information of suggested search criteria which may be included in some entries expected to be a convenient base-object for the search operation, e.g. country or organization. Search criteria consists of an optional identifier for the class of object sought and combinations of attribute types and logical operators to be used in the construction of a filter. It is possible to specify for each search criteria item the matching level, e.g. approximate match. The Search Guide attribute may recur to reflect the various types of requests, e.g. search for a Residential Person or an Organizational Person, which may be fulfilled from the given base-object where the Search Guide is read. searchGuide ATTRIBUTE WITH ATTRIBUTE-SYNTAX Guide ::= {attributeType 14} Guide ::= SET { objectClass[0] OBJECT-CLASS OPTIONAL, criteria [1] Criteria} Criteria ::= CHOICE{ Type [0] CriteriaItem, and [1] SET OF Criteria, or [2] SET OF Criteria, not [3] Criteria CriteriaItem CHOICE { equality [0] AttributeType, substrings [1] AttributeType, greaterOrEqual [2] AttributeType, lessOrEqual [3] AttributeType, approximateMatch [4] AttributeType} Example: The following is a potential value of the Search Guide attribute that could be stored in entries of object- class Locality to indicate how entries of object-class Residential Person might be found. 10 Fascicle VIII.8 - Rec. X.520 residential-person-guide Guide ::= { objectClass residentialPerson, criteria and { type substrings commonName, type substrings streetAddress }} The construction of a Filter from this value of Guide is straightforward. Step (1) produces the intermediate Filter value: intermediate-filter Filter ::= and { item substrings { type commonName, strings {any T61String "Dubois" }}, - value supplied for Common Name item substrings { type streetAddress strings {any T61String "Hugo" }}} - value supplied for Street Address Step (2) produces a filter for matching Residential Person entries in the subtree: residential-person-filter Filter ::= { and { item equality { objectClass, OBJECT-CLASS residentialPerson }, intermediate-filter }} 5.5.3 Business Category The Business Category attribute type specifies information concerning the occupation of some common objects, e.g. people. For example, this attribute provides the facility to interrogate the Directory about people sharing the same occupation. businessCategory ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-business-category)) ::= {attributeType 15)) 5.6 Postal Addressing Attribute Types These attribute types are concerned with information required for physical postal delivery to an object. 5.6.1 Postal address The Postal Address attribute type specifies the address information required for the physical delivery of postal messages by the postal authority to the named object. An attribute value for Postal Address will be typically composed of selected attributes from MHS Unformatted Postal O/R Address version 1 according to Recommendation F.401 and limited to 6 lines of 30 characters each, including a Postal Country Name. Normally the information contained in such an address could include an addressee's name, street address, city, state or province, postal code and possibly a Post Office Box number depending on the specific requirements of the named object. postalAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX PostalAddress MATCHES FOR EQUALITY ::= {attributeType 16} PostalAddress ::= SEQUENCE SIZE(1..ub-postal-line) OF CHOICE { T61String (SIZE(1..ub-postal-string)), Fascicle VIII.8 - Rec. X.520 11 PrintableString (SIZE(1..ub-postal-string))} The matching rule for values of this type is the same as that for caseIgnoreListSyntax. 12 Fascicle VIII.8 - Rec. X.520 5.6.2 Postal Code The Postal Code attribute type specifies the postal code of the named object. If this attribute value is present it will be part of the object's postal address. An attribute value for Postal Code is a string. postalCode ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-postal-code)) ::= {attributeType 17} 5.6.3 Post Office Box The Post Office Box attribute type specifies the Post Office Box by which the object will receive physical postal delivery. If present, the attribute value is part of the object's postal address. postOfficeBox ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-post-office-box)) ::= {attributeType 18} 5.6.4 Physical Delivery Office Name The Physical Delivery Office Name attribute type specifies the name of the city, village, etc. where a physical delivery office is situated. An attribute value for Physical Delivery Office Name is a string. physicalDeliveryOfficeName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-physical-office-name)) ::= (attributeType 19}. 5.7 Telecommunications Addressing Attribute Types These attribute types are concerned with addressing information needed to communicate with the object using telecommunication means. 5.7.1 Telephone Number The Telephone Number attribute type specifies a telephone number associated with an object. An attribute value for Telephone Number is a string that complies with the internationally agreed format for showing international telephone numbers. Recommendation E.123 (e.g. "+44 582 10101"). telephoneNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax ::= {attributeType 20} 5.7.2 Telex Number The Telex Number attribute type specifies the telex number, country code, and answerback code of a telex terminal associated with an object. telexNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX TelexNumber Fascicle VIII.8 - Rec. X.520 13 ::= {attributeType 21} 14 Fascicle VIII.8 - Rec. X.520 TelexNumber ::= SEQUENCE{ telexNumber PrintableString, (SIZE(1..ub-telex-number)), countryCode PrintableString, (SIZE(1..ub-country-code)), answerback PrintableString, (SIZE(1..ub-answerback))} 5.7.3 Teletex Terminal Identifier The Teletex Terminal Identifier attribute type specifies the Teletex terminal identifier (and optionally parameters) for a teletex terminal associated with an object. An attribute value for Teletex Terminal Identifier is a string which complies with CCITT Recommendation F.200 and an optional set whose components are according to Recommendation T.62. teletexTerminalIdentifier ATTRIBUTE WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier ::= {attributeType 22} TeletexTerminalIdentifier ::= SEQUENCE { teletexTerminal PrintableString (SIZE(1..ub-teletex-terminal-id)), parameters TeletexNonBasicParameters OPTIONAL} 5.7.4 Facsimile Telephone Number The Facsimile Telephone Number attribute type specifies a telephone number for a facsimile terminal (and optionally its parameters) associated with an object. An attribute value for the facsimile telephone number is a string that complies with the internationally agreed format for showing international telephone numbers, Recommendation E.1xx (e.g. "+81 3 347 7418") and an optional bit string (formatted according to Recommendation T.30). facsimileTelephoneNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX Facsimile TelephoneNumber ::= {attributeType 23} FacsimileTelephoneNumber ::= SEQUENCE{ telephoneNumber PrintableString (SIZE(1..ub-telephone-number)), parameters G3FacsimileNonBasicParameters OPTIONAL} 5.7.5 X.121 Address The X.121 Address attribute type specifies an address as defined by CCITT Recommendation X.121 associated with an object. x121Address ATTRIBUTE WITH ATTRIBUTE-SYNTAX NumericString (SIZE(1..ub-x121-address)) MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeType 24} Fascicle VIII.8 - Rec. X.520 15 The matching rules for values of this type are the same as those for numericStringSyntax. 5.7.6 International ISDN Number The International ISDN Number attribute type specifies an International ISDN Number associated with an object. 16 Fascicle VIII.8 - Rec. X.520 An attribute value for International ISDN Number is a string which complies with the internationally agreed format for ISDN addresses given in CCITT Recommendation E.164. internationalISDNNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX NumericString (SIZE(1..ub-isdn-address)) ::= {attributeType 25} The matching rule for values of this type is the same as that for numericStringSyntax. 5.7.7 Registered Address The Registered Address attribute type specifies a mnemonic for an address associated with an object at a particular city location. The mnemonic is registered in the country in which the city is located and is used in the provision of the Public Telegram Service (according to Recommendation F.1). registeredAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX PostalAddress ::= {attributeType 26}. 5.7.8 Destination Indicator The Destination Indicator attribute type specifies (according to Recommendations F.1 and F.3) the country and city associated with the object (the addressee) needed to provide the Public Telegram Service. An attribute value for Destination Indicator is a string. destinationIndicator ATTRIBUTE WITH ATTRIBUTE-SYNTAX PrintableString (SIZE(1..ub-destination-indicator)) - alphabetical characters only MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeType 27} The matching rules for values of this type are the same as those for caseIgnoreStringSyntax. 5.8 Preference Attribute Types These attribute types are concerned with the preferences of an object. 5.8.1 Preferred Delivery Method The Preferred Delivery Method attribute type specifies the object's priority order regarding the method to be used for communicating with it. preferredDeliveryMethod ATTRIBUTE WITH ATTRIBUTE-SYNTAX SEQUENCE OF INTEGER { any-delivery-method (0), mhs-delivery (1), physical-delivery (2), telex-delivery (3), teletex-delivery (4), g3-facsimile-delivery (5), g4-facsimile-delivery (6), ia5-terminal-delivery (7), videotex-delivery (8), telephone-delivery (9)} SINGLE VALUE ::= {attributeType 28} Fascicle VIII.8 - Rec. X.520 17 5.9 OSI Application Attribute Types These attribute types are concerned with information regarding objects in the OSI Application Layer. 5.9.1 Presentation Address The Presentation Address attribute type specifies a presentation address associated with an object representing an OSI application entity. An attribute value for Presentation Address is a presentation address as defined in Recommendation X.200. presentationAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX PresentationAddress MATCHES FOR EQUALITY SINGLE VALUE ::= {attributeType 29} PresentationAddress::= SEQUENCE pSelector [0] OCTET STRING OPTIONAL, sSelector [1] OCTET STRING OPTIONAL, tSelector [2] OCTET STRING OPTIONAL, nAddresses[3] SET SIZE(1..MAX) OF OCTET STRING} The matching rule for values of this type is that a presented Presentation Address matches a stored one if and only if the selectors are equal and the presented nAddresses are a subset of the stored ones. 5.9.2 Supported Application Context The Supported Application Context attribute type specifies the object identifier(s) of application context(s) that the object (an OSI application entity) supports. supportedApplicationContext ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax ::= {attributeType 30} 5.10 Relational Attribute Types These attribute types are concerned with information regarding the objects which are related to a particular object in certain ways. 5.10.1 Member The Member attribute type specifies a group of names associated with the object. An attribute value for Member is a distinguished name. member ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax ::= {attributeType 31} 5.10.2 Owner The Owner attribute type specifies the name of some object which has some responsibility for the associated object. An attribute value for Owner is a distinguished name (which could represent a group of names) and can recur. owner ATTRIBUTE WITH ATTRIBUTE-SYNTAX 18 Fascicle VIII.8 - Rec. X.520 distinguishedNameSyntax ::= {attributeType 32} Fascicle VIII.8 - Rec. X.520 19 5.10.3 Role Occupant The Role Occupant attribute type specifies the name of an object which fulfills an organizational role. An attribute value for Role Occupant is a distinguished name. roleOccupant ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax ::= {attributeType 33} 5.10.4 See Alsow The See Also attribute type specifies names of other Directory objects which may be other aspects (in some sense) of the same real world object. An attribute value for See Also is a distinguished name. seeAlso ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax ::= {attributeType 34} 5.11 Security Attribute Types These attribute types are concerned with the security or security privileges of an object. These attribute types are specified, except for the allocation of an object identifier, in Recommendation X.509. 5.11.1 User Password userPassword UserPassword ::= {attributeType 35} 5.11.2 User Certificate userCertificate UserCertificate ::= {attributeType 36} 5.11.3 CA Certificate cACertificate CACertificate ::= {attributeType 37} 5.11.4 Authority Revocation List authorityRevocationList AuthorityRevocationList ::= {attributeType 38} 5.11.5 Certificate Revocation List certificateRevocationList CertificateRevocationList ::= {attributeType 39} 5.11.6 Cross Certificate Pair crossCertificatePair CrossCertificatePair ::= {attributeType 40} SECTION 2 - Attribute Syntaxes 20 Fascicle VIII.8 - Rec. X.520 6 Definition of Attribute Syntaxes 6.1 Attribute Syntaxes used by the Directory Fascicle VIII.8 - Rec. X.520 21 6.1.1 Undefined The Undefinedw attribute syntax is intended for attributes whose values are not expected to be compared by the Directory. Specifying this attribute syntax for an attribute is equivalent to specifying the data type ANY and no matching rules in the ATTRIBUTE macro for the attribute. undefined ATTRIBUTE-SYNTAX ANY ::= {attributeSyntax 0} 6.1.2 Distinguished Name The Distinguished Name attribute syntax is intended for attributes whose values are distinguished names. It is defined, except for the allocation of an object identifier, in Recommendation X.501. distinguishedNameSyntax DistinguishedNameSyntax ::= {attributeSyntax 1} 6.1.3 Object Identifier The Object Identifier attribute syntax is intended for attributes whose values are object identifiers. It is defined, except for the allocation of an object identifier, in Recommendation X.501. objectIdentifierSyntax ObjectIdentifierSyntax ::= {attributeSyntax 2} 6.2 String Attribute Syntaxes In the syntaxes specified in  6.2.1 to 6.2.4, the following spaces are regarded as not significant: - leading spaces (i.e. those preceding the first printing character); - trailing spaces (i.e. those following the last printing character); - multiple consecutive internal spaces (these are taken as equivalent to a single space character). Attributes conforming to these syntaxes shall be matched in a form which omits those spaces which are not significant according to these rules. 6.2.1 Case Exact String The Case Exact String attribute syntax is intended for attributes whose values are strings (either T.61 Strings or Printable Strings), where the case (upper or lower) is significant for comparison purposes (e.g. "Dundee" and "DUNDEE" do not match). caseExactString ATTRIBUTE-SYNTAX CHOICE {T61String, PrintableString} MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 3} For two strings having this syntax to match for equality, the strings must be the same length and corresponding characters must be identical. A Printable String can be compared with a T.61 String: where the corresponding characters are both in the Printable String character set then comparison proceeds as normal. However if the character in the T.61 String is not in the Printable String character set then matching fails. 6.2.2 Case Ignore String The Case Ignore String attribute syntax is intended for attributes whose values are strings (either T.61 Strings or Printable Strings), but where the case (upper or lower) is not significant for comparison purposes (e.g. "Dundee" and "DUNDEE" match). 22 Fascicle VIII.8 - Rec. X.520 caseIgnoreStringSyntax ATTRIBUTE-SYNTAX CHOICE {T61String, PrintableString} MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 4} The rules for matching are identical to those for the Case Exact String attribute syntax, except that characters that differ only in their case are considered identical. 6.2.3 Printable String The Printable String attribute syntax is intended for attributes whose values are Printable Strings. printableStringSyntax ATTRIBUTE-SYNTAX PrintableString MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 5} The rules for matching are identical to those for the Case Exact String attribute syntax. 6.2.4 Numeric String The Numeric String attribute syntax is intended for attributes whose values are Numeric Strings. numericStringSyntax ATTRIBUTE-SYNTAX NumericString MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 6} The rules for matching are identical to those for the Case Exact String attribute syntax, except that all space characters are skipped during comparison. 6.2.5 Case Ignore List The Case Ignore List attribute syntax is intended for attributes whose values are sequences of strings (either T.61 Strings or Printable Strings), but where the case (upper or lower) is not significant for comparison purposes. caseIgnoreListSyntax ATTRIBUTE-SYNTAX SEQUENCE OF CHOICE {T61String, PrintableString} MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 7} Two Case Ignore Lists match for equality if and only if the number of strings in each is the same, and corresponding strings match. The latter matching is as for Case Ignore String attribute syntax ( 6.1.3). 6.3 Miscellaneous Attribute Syntaxes 6.3.1 Boolean The Boolean attribute syntax is intended for attributes whose values are Boolean (i.e. represent true or false). booleanSyntax ATTRIBUTE-SYNTAX BOOLEAN MATCHES FOR EQUALITY ::= {attributeSyntax 8} Two attribute values of this syntax match for equality if they are both true or both false. Fascicle VIII.8 - Rec. X.520 23 6.3.2 Integer The Integer attribute syntax is intended for attributes whose values are integers. integerSyntax ATTRIBUTE-SYNTAX INTEGER MATCHES FOR EQUALITY ORDERING ::= {attributeSyntax 9} Two attribute values of this syntax match for equality if the integers are the same. The ordering rules for integers apply. 6.3.3 Octet String The Octet String attribute syntax is intended for attributes whose values are Octet Strings. octetStringSyntax ATTRIBUTE-SYNTAX OCTET STRING MATCHES FOR EQUALITY SUBSTRINGS ORDERING ::= {attributeSyntax 10} For two strings having this attribute syntax to match, the strings must be the same length and corresponding octets must be identical. Ordering is determined by the ordering relation between the first octets to differ on comparing the strings from the beginning. 6.3.4 UTC Time The UTC Timew attribute syntax is intended for attributes whose values represent absolute time. uTCTimeSyntax ATTRIBUTE-SYNTAX UTCTime MATCHES FOR EQUALITY ORDERING ::= {attributeSyntax 11} Two attribute values of this syntax match for equality if they represent the same time. An earlier time is considered "less" than a later time. 6.3.5 Telephone Number The Telephone Number attribute syntax is intended for attributes whose values are telephone numbers. telephoneNumberSyntax ATTRIBUTE-SYNTAX PrintableString (SIZE{1..ub-telephone-number)) MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 12} The rules for matching are identical to those for the Case Exact attribute syntax, except that all space and "-" characters are skipped during the comparison. ANNEX A (to Recommendation X.520) Selected Attribute Types in ASN.1 This Annex is part of the Recommendation. 24 Fascicle VIII.8 - Rec. X.520 This Annex includes all of the ASN.1 type and value definitions contained in this Recommendation in the form of the ASN.1 module SelectedAttributeTypes. SelectedAttributeTypes {joint-iso-ccitt ds(5) modules(1) selectedAttributeTypes(5)} DEFINITIONS ::= BEGIN -- Exports everything -- IMPORTS informationFramework, authenticationFramework, attributeType, upperBounds FROM UsefulDefinitions{joint-ISO-CCITT ds(5) modules(1) usefulDefinitions(0) }, ATTRIBUTE, ATTRIBUTE-SYNTAX, AttributeType, OBJECT-CLASS, ObjectClass, AliasedObjectName, DistinguishedNameSyntax, ObjectIdentifierSyntax FROM InformationFramework informationFramework G3FacsimileNonBasicParameters, TeletexNonBasicParameters FROM MTSAbstractService {joint-ISO-CCITT mhs-motis(6) mts(3) modules(0) mts-abstract-service(1)} UserCertificate, CACertificate, CrossCertificatePair, CertificateRevocationList, AuthorityRevocationList, UserPassword FROM AuthenticationFramework, authenticationFramework ub-answerback, ub-common-name, ub-surname, ub-serial-number, ub-locality-name, ub-state-name, ub-street-address, ub-organization-name, ub-organizational-unit-name, ub-title, ub-description, ub-business-category, ub-postal-line, ub-postal-string, ub-postal-code, ub-post-office-box, ub-physical-office-name, ub-telex-number, ub-country-code, ub-teletex-terminal-id, ub-telephone-number, ub-x121-address, ub-international-isdn-number, ub-destination-indicator, ub-user-password FROM UpperBounds upperBounds; -- attribute types -- objectClass ObjectClass ::= {attributeType 0} aliasedObjectName AliasedObjectName ::= {attributeType 1} knowledgeInformation ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax ::= {attributeType 2} commonName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-common-name)) ::= {attributeType 3} surname ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-surname)) ::= {attributeType 4} serialNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX printableStringSyntax Fascicle VIII.8 - Rec. X.520 25 (SIZE(1..ub-serial-number)) ::= {attributeType 5} 26 Fascicle VIII.8 - Rec. X.520 countryName ATTRIBUTE WITH ATTRIBUTE-SYNTAX PrintableString (SIZE(2)) -- IS 3166 codes only MATCHES FOR EQUALITY SINGLE VALUE ::= {attributeType 6} localityName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-locality-name)) ::= {attributeType 7} stateOrProvinceName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-state-name)) ::= {attributeType 8} streetAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-street-address)) ::= {attributeType 9} organizationName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-organization-Name)) ::= {attributeType 10} organizationalUnitName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-organizational-unit-name)) ::= {attributeType 11} title ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-title)) ::= {attributeType 12} description ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-description)) ::= {attributeType 13} searchGuide ATTRIBUTE WITH ATTRIBUTE-SYNTAX Criteria ::= {attributeType 14} Guide ::= SET { objectClass [0] OBJECT-CLASS OPTIONAL, criteria [1] Criteria } Criteria ::= CHOICE { type [0] CriteriaItem, and [1] SET OF Criteria or [2] SET OF Criteria not [3] Criteria} CriteriaItem ::= CHOICE { equality [0] AttributeType substrings [1] AttributeType Fascicle VIII.8 - Rec. X.520 27 greaterOrEqual [2] AttributeType lessOrEqual [3] AttributeType approximateMatch [4] AttributeType 28 Fascicle VIII.8 - Rec. X.520 businessCategory ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-business-category)) ::= {attributeType 15} postalAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX PostalAddress MATCHES FOR EQUALITY ::= {attributeType 16} PostalAddress ::= SEQUENCE SIZE(1..ub-postal-line) OF CHOICE { T61String (SIZE(1..ub-postal-string)), PrintableString (SIZE(1..ub-postal-string))} postalCode ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-postal-code)) ::= {attributeType 17} postOfficeBox ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-post-office-box)) ::= {attributeType 18} physicalDeliveryOfficeName ATTRIBUTE WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax (SIZE(1..ub-physical-office-name)) ::= {attributeType 19} telephoneNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax ::= {attributeType 20} telexNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX TelexNumber ::= {attributeType 21} TelexNumber ::= SEQUENCE { telexNumber PrintableString (SIZE(1..ub-telex-number)), countryCode PrintableString, (SIZE(1..ub-country-code)), answerback PrintableString (SIZE(1..ub-answerback))} teletexTerminalIdentifier ATTRIBUTE WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier ::= {attributeType 22} TeletexTerminalIdentifier ::= SEQUENCE { teletexTerminalPrintableString (SIZE(1..ub-teletex-terminal-id)), parameters TeletexNonBasicParameters OPTIONAL} facsimileTelephoneNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber ::= {attributeType 23} FacsimileTelephoneNumber ::= SEQUENCE { telephoneNumber PrintableString Fascicle VIII.8 - Rec. X.520 29 (SIZE(1..ub-telephone-number)), parameters G3FacsimileNonBasicParameters OPTIONAL} 30 Fascicle VIII.8 - Rec. X.520 x121Address ATTRIBUTE WITH ATTRIBUTE-SYNTAX NumericString (SIZE(1..ub-x121-address)) MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeType 24} internationalISDNNumber ATTRIBUTE WITH ATTRIBUTE-SYNTAX NumericString (SIZE(1..ub-isdn-address)) ::= {attributeType 25} registeredAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX PostalAddress ::= {attributeType 26} destinationIndicator ATTRIBUTE WITH ATTRIBUTE-SYNTAX PrintableString (SIZE(1..ub-destination-indicator)) - alphabetical characters only MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeType 27} preferredDeliveryMethod ATTRIBUTE WITH ATTRIBUTE-SYNTAX SEQUENCE OF INTEGER { any-delivery-method (0), mhs-delivery (1), physical-delivery (2), telex-delivery (3), teletex-delivery (4), g3-facsimile-delivery (5), g4-facsimile-delivery (6), ia5-terminal-delivery (7), videotex-delivery (8), telephone-delivery (9)} SINGLE VALUE ::= {attributeType 28} presentationAddress ATTRIBUTE WITH ATTRIBUTE-SYNTAX PresentationAddress MATCHES FOR EQUALITY SINGLE VALUE ::= {attributeType 29} PresentationAddress::= SEQUENCE { pSelector [0] OCTET STRING OPTIONAL, sSelector [1] OCTET STRING OPTIONAL, tSelector [2] OCTET STRING OPTIONAL, nAddresses[3] SET SIZE(1..MAX) OF OCTET STRING} supportedApplicationContext ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax ::= {attributeType 30} member ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax ::= {attributeType 31} owner ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax Fascicle VIII.8 - Rec. X.520 31 ::= {attributeType 32} 32 Fascicle VIII.8 - Rec. X.520 roleOccupant ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax ::= {attributeType 33} seeAlso ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax ::= {attributeType 34} userPassword UserPassword ::= {attributeType 35} userCertificate UserCertificate ::= {attributeType 36} cACertificate CACertificate ::= {attributeType 37} authorityRevocationList AuthorityRevocationList ::= {attributeType 38} certificateRevocationList CertificateRevocationList ::= {attributeType 39} CrossCertificatePair CrossCertificatePair ::= {attributeType 40} -- attribute syntaxes -- undefined ATTRIBUTE-SYNTAX ANY ::= {attributeSyntax 0} distinguishedNameSyntax DistinguishedNameSyntax ::= {attributeSyntax 1} objectIdentifierSyntax ObjectIdentifierSyntax ::= {attributeSyntax 2} caseExactStringSyntax ATTRIBUTE-SYNTAX CHOICE {T61String, PrintableString} MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 3} caseIgnoreSyntax ATTRIBUTE-SYNTAX CHOICE {T61String, PrintableString} MATCHES FOR EQUALITY SUBSTRINGS ::= {atrributeSyntax 4} printableStringSyntax ATTRIBUTE-SYNTAX PrintableString MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 5} numericStringSyntax ATTRIBUTE-SYNTAX NumericString MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 6} caseIgnoreListSyntax ATTRIBUTE-SYNTAX SEQUENCE OF CHOICE {T61String, PrintableString} MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 7} booleanSyntax ATTRIBUTE-SYNTAX Fascicle VIII.8 - Rec. X.520 33 BOOLEAN MATCHES FOR EQUALITY ::= {attributeSyntax 8} 34 Fascicle VIII.8 - Rec. X.520 integerSyntax ATTRIBUTE-SYNTAX INTEGER MATCHES FOR EQUALITY ORDERING ::= {attributeSyntax 9} octetStringSyntax ATTRIBUTE-SYNTAX OCTET STRING MATCHES FOR EQUALITY SUBSTRINGS ORDERING ::= {attributeSyntax 10} uTCTimeSyntax ATTRIBUTE-SYNTAX UTCTime MATCHES FOR EQUALITY ORDERING ::= {attributeSyntax 11} telephoneNumberSyntax ATTRIBUTE-SYNTAX PrintableString (SIZE(1..ub-telephone-number)) MATCHES FOR EQUALITY SUBSTRINGS ::= {attributeSyntax 12} ANNEX B (to Recommendation X.520) Index of Attribute Types and Syntaxes ATTRIBUTE TYPES ATTRIBUTE SYNTAXES A Aliased Object Name *  5.1.2 B Boolean 6.3.1 Authority Revocation List  5.11.4 C Case Exact String  6.2.1 B Business Category  5.5.3 Case Ignore List 6.2.5 Case Ignore String  6.2.3 C CA Certificate  5.11.3 Certificate Revocation List  5.11.5 D Distinguished Name * 6.1.2 Common Name  5.2.1 Country Name  5.3.1 I Integer 6.3.2 Cross Certificate Pair  5.11.6 N Numeric String 6.2.4 D Description  5.5.1 Destination Indicator  5.7.8 O Object Identifier * 6.1.3 Object String 6.3.2 F Facsimile Telephone Number  5.7.4 P Printable String 6.2.3 I International ISDN Number  5.7.6 T Telephone Number  6.3.5 K Knowledge Information  5.1.3 U UTC Time 6.3.4 L Locality Name  5.3.2 Undefined 6.1.1 M Member  5.10.1 O Object Class *  5.1.1 Organization Name  5.4.1 Organizational Unit Name  5.4.2 Fascicle VIII.8 - Rec. X.520 35 Owner  5.10.2 ÄÄÄÄÄÄÄ * Known to and used by the Directory itself. 36 Fascicle VIII.8 - Rec. X.520 ATTRIBUTE TYPES ATTRIBUTE SYNTAXES P Physical Delivery Office Name 5.6.4 Post Office Box  5.6.3 Postal Address  5.6.1 Postal Code  5.6.2 Preferred Delivery Method  5.8.1 Presentation Address  5.9.1 R Registered Address  5.7.7 Role Occupant  5.10.3 S Search Guide  5.5.2 See Also  5.10.4 Serial Number  5.2.3 State or Province Name  5.3.2 Street Address  5.3.4 Supported Application Context 5.9.2 Surname  5.2.2 T Telephone Number  5.7.1 Teletex Terminal Identifier  5.7.3 Telex Number  5.7.2 Title  5.4.3 U User Certificate  5.11.2 User Password  5.11.1 X X.121 Address  5.7.5 ÄÄÄÄÄÄ * Known to and used by the Directory itself. ANNEX C (to Recommendation X.520) Upper Bounds This Annex is part of the Recommendation. UpperBounds {joint-ISO-CCITT ds(5) modules(1) upperBounds(10)} DEFINITIONS ::= BEGIN -- Exports everything -- ub-answerback INTEGER ::= 8 ub-common-name INTEGER ::= 64 ub-surname INTEGER ::= 64 ub-serial-number INTEGER ::= 64 ub-locality-name INTEGER ::= 128 ub-state-name INTEGER ::= 128 ub-street-address INTEGER ::= 128 ub-organization-name INTEGER ::= 64 Fascicle VIII.8 - Rec. X.520 37 ub-organizational-unit-name INTEGER ::= 64 ub-title INTEGER ::= 64 38 Fascicle VIII.8 - Rec. X.520 ub-description INTEGER ::= 1024 ub-business-category INTEGER ::= 128 ub-postal-line INTEGER ::= 6 ub-postal-string INTEGER ::= 30 ub-postal-code INTEGER ::= 40 ub-post-office-box INTEGER ::= 40 ub-physical-office-name INTEGER ::= 128 ub-telex-number INTEGER ::= 14 ub-country-code INTEGER ::= 4 ub-teletex-terminal-id INTEGER ::= 24 ub-telephone-number INTEGER ::= 32 ub-x121-address INTEGER ::= 15 ub-international-isdn-number INTEGER ::= 16 ub-destination-indicator INTEGER ::= 128 ub-user-password INTEGER ::= 128 END ) Recommendation X.520 and ISO 9594-6, Information Processing Systems - Open Systems Fascicle VIII.8 - Rec. X.520 39 Interconnection - The Directory - Selected attribute types, were developed in close collaboration and are technically aligned. 40 Fascicle VIII.8 - Rec. X.520