This topic presents the additional attribute types defined in the standards that are to be used with the SAP. Each attribute type has an object identifier, which is the value of the OM attribute DS_ATTRIBUTE_TYPE. These object identifiers are represented in the interface by constants with the same name as the directory attribute, and they are prefixed with DS_A_ so that they can be easily identified.
This topic contains two tables that are used to indicate the object identifiers for SAP attribute types (see the first following table), and the values for SAP attribute types (see the second following table), respectively. Following these two tables is a brief description of each attribute. (See Basic Directory Contents Package for information on general matching rules).
Note: The third and fourth columns of the following table contain the contents octets of the BER encoding of the object identifier. All these object identifiers stem from the root {joint-iso-ccitt(2) ds(5) attributeType(4)}.
Object Identifiers for SAP Attribute Types
Object Identifier BER |
Package | Attribute Type | Decimal | Hexadecimal |
SAP | DS_A_AUTHORITY_ REVOC_LIST |
85, 4, 38 | \x55\x04\x26 |
SAP | DS_A_CA_CERT | 85, 4, 37 | \x55\x04\x25 |
SAP | DS_A_CERT_ REVOC_LIST |
85, 4, 39 | \x55\x04\x27 |
SAP | DS_A_CROSS_ CERT_PAIR |
85, 4, 40 | \x55\x04\x28 |
SAP | DS_A_USER_CERT | 85, 4, 36 | \x55\x04\x24 |
Attribute Type |
OM Value Syntax |
Value Length | Multi- valued | Matching Rules |
DS_A_AUTHORITY_ REVOC_LIST |
Object(DS_C_ CERT_LIST) |
- | yes | |
DS_A_CA_CERT | Object(DS_C_CERT) | - | yes | |
DS_A_CERT_ REVOC_LIST |
Object(DS_C_ CERT_LIST) |
- | yes | |
DS_A_CROSS_ CERT_PAIR |
Object(DS_C_ CERT_PAIR) |
- | yes | |
DS_A_USER_CERT | Object(DS_C_CERT) | - | yes |
· DS_A_AUTHORITY_REVOC_LIST
This attribute occurs only in entries that describe a certification authority (CA). It lists all the certificates issued to any of the CAs known to this CA, and later revoked. Each value of this OM attribute is signed by the CA.
· DS_A_CA_CERT
This attribute specifies the certificates assigned to the object, which is a CA.
· DS_A_CERT_REVOC_LIST
This attribute occurs only in entries that describe a CA. It lists the certificates issued by this CA and later revoked. Each value of this OM attribute is signed by the CA.
· DS_A_CROSS_CERT_PAIR
This attribute specifies One or two certificates, held in the entry of a CA. The first certificate is that of one CA, guaranteed by a second CA; whereas, the second certificate is that of the second CA, guaranteed by the first CA.
· DS_A_USER_CERT
This attribute specifies the user certificates assigned to the object, which may be any user certificate including a CA certificate.