Object Identification and Registration William E Lyons USA

OidPres2 Introduction Information Objects An information object is a well-defined piece of information that requires a name in order to identify its use in an instance of communication. An Object Identifier  A value (distinguishable from all others) which is associated with an object.  Can identify anything (algorithm, business, file format, organization, policy, product, role, service, standard, address, schema, document version, device)  Infinite series of integers - { }  Globally unique  Called OIDs - ISO/IEC :1992 | X.660 ISO/IEC :1998 | X.680 Many standards require the assignment of object identifiers.  X9.57, X9.42, and X9.73  Most of the recent X9 security standards Object identifiers will facilitate the implementation most standards involving cryptography and/or electronic transactions  Industry, consumers, trade, governments, distributors.  organizations and individuals engaged in Electronic Commerce that use standardized transactions

OidPres3 Purpose Define a standard methodology for assigning and registering object identifiers in an automated manner that  Provides a working registration schema DomainCertificate { iso identified-organization tc68(133) country(16) x9(840) x9Standards(9) x9-68(68) modules(0) domainCertificate(1) }  Does not require any allocations to be made  Allows automatic allocation for standards  Can be modified or ignored by any member  Allows member arc to be used for other purposes  Identifies country with ISO 3166 code Single location to enter and obtain object registration information that provides easy access and searches  Reduce redundancy  Ensure uniqueness  Obtain identifiers easily and quickly  Facilitate dissemination of identifiers

OidPres4 Facilitate Use of Objects Owners How do inform potential users of my objects? How do publicize new objects? OID Database Users Where do I obtain information ? How do I reference objects? Which of the objects with similar names do I use? 2. Access 1. Enter 3. Contact

OidPres5 Identification Relationships Root RA Parent Page Links to Root Creates Child Page Child Page Links to Parent Creates Child Page Child Page Links to Parent Child Page Links to Parent Child Page Links to Parent Child Page Links to Root

OidPres6 Structure  Header  Parent Object  ID  Description  Short NameNumeric - Includes link to Higher Level Parent  Long NameNumeric with Alpha descriptors – Same information as above  Last UpdateDate  StatusActive, Inactive, Obsolete, or Suspect  Organization NameContact Information  Contact NameContact Information  Mailing AddressContact Information  Phone NumberContact Information  Fax NumberContact Information  AddressContact Information  URLContact Information  Detail  SuffixNumeric – 1 st digit is category, 2 nd digit is instance of category  CategoryCategory is owner defined keyword list that is shared  NameName of object (20 char or less)  StatusActive, Inactive, Obsolete, or Suspect  DescriptionDescription of object

OidPres7 Categories  Page Page owners propagate new page owners by using page as a category. The object definition shall then be entered on the propagated page.  Cat Defines an object category. Pick from drop down list or add new category which is added to drop down list. Drop list is shared with all object definitions. Typical user defined categories are shown below (this will be expanded with use).  Algorithm  Attribute  Business Identifier  Certificate Extension  Certificate Policy  Certificate Policy Element  Module  Organization  Standard

OidPres8 Status  Active (Default) Owner is actively maintaining the information related to object identified by the OID. This is the Default status.  Inactive (Set by Owner or RA) Owner is no longer maintaining the information related to Object identified by the OID.  Obsolete (Set by Owner) Object identified by the OID is obsolete.  Suspect (Set or removed by RA) Owner has been notified that information related to the Object identified by the OID is faulty and the fault has not been resolved. Upon resolution the status reverts to the status before the dispute.

OidPres9 Other  Pages Propagated pages inherit all properties of the parent page. If a page is deleted, then all definitions are then part of the parent page. All pages are password protected with the intent to use certificates in the future.  Withdrawal Object identifiers shall not be reissued, reused, or withdrawn after they have been made available to the public. Object identifiers shall be designated as obsolete.  Uniqueness No OID may identify more than one object. More than OID may identify the same object.  Maintenance Object owners are required to keep object page current, including all child pages.  Publication The list of registered OIDs will be freely available from a Website that facilitates browsing and searching.

OidPres10 Ownership  Owners may establish sub-authorities to register objects within their organizations.  Owner shall ensure that no duplicates OIDs are created within their own OID.  Ownership may be transferred with appropriate identification of the parties making the change.

OidPres11 Parent Page

OidPres12 Child Page with category field in object definition

OidPres13 Child Page without category fields in object definition

OidPres14 Registration Process  Registration  Organization applies to RA  RA establishes root OID  OID owner maintains OID information via a Web interface.  Error Correction  Person noting error contacts owner  Owner corrects errors  If owner fails to correct error in a timely manner  person noting error notifies RA  RA acknowledges receipt of error notification and formally notifies Owner of the alleged error and reminds the owner that discrepancies are to be resolved in 10 business days.  RA changes status of affected OIDs to Suspect  Owner resolves discrepancies and notifies RA of resolution  Upon verifying that the dispute has been resolved, the RA resets the status of the affected OIDs to the status prior the dispute.

OidPres15 Summary  Features  Owners create and update  Owners create new categories  Categories shared by all owners  Parent Page  Links to Registration Authority  Defines children pages  Does not have to have children pages  Child Page  Links to Parent  Created by use of Page Category in Parent  May define have children pages  Based upon Internet Technology  Easy access  Easy updating  Easy registration  Easy expansion

OidPres16 References ISO/IEC :1992 | X.660 : CCITT Recommendation X.660 (1991), Information Technology - Open Systems Interconnection – Systems Management Overview - Procedures for the Operation of OSI Registration Authorities: General Procedures ISO/IEC : 1999 | ITU-T Recommendation X.420 (1998), Information technology - Message Handling Systems (MHS) - Interpersonal messaging system. ISO/IEC :1998 | X.680 : ITU-T Recommendation X.680 (1997), Information Technology - Abstract Syntax Notation One (ASN.1): Specification of Basic Notation ISO/IEC :1998 | X.690 : ITU-T Recommendation X.690 (1997), Information Technology - ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) ISO/IEC : 2000 | ITU-T Recommendation X.509 (1999), Information technology - Open Systems Interconnection - The Directory: Public-Key and Attribute Certificate Frameworks. Borenstein, N., and N. Freed, "MIME (Multipurpose Internet Mail Extensions): Mechanisms for Specifying and Describing the Format of Internet Message Bodies," RFC 1341, June, ASN.1 Complete by Professor John Larmouth 1999, Morgan Kaufmann, ISBN: ASN.1 - Communication entre systèmes hétérogènes par Olivier Dubuisson © 1999, Springer Verlag et France Télécom, ISBN :