Movatterモバイル変換

Internet Engineering Task Force (IETF)                         S. TurnerRequest for Comments: 5916                                          IECACategory: Informational                                        June 2010ISSN: 2070-1721Device Owner AttributeAbstract   This document defines the Device Owner attribute.  It indicates the   entity (e.g., company, organization, department, agency) that owns   the device.  This attribute may be included in public key   certificates and attribute certificates.Status of This Memo   This document is not an Internet Standards Track specification; it is   published for informational purposes.   This document is a product of the Internet Engineering Task Force   (IETF).  It represents the consensus of the IETF community.  It has   received public review and has been approved for publication by the   Internet Engineering Steering Group (IESG).  Not all documents   approved by the IESG are a candidate for any level of Internet   Standard; seeSection 2 of RFC 5741.   Information about the current status of this document, any   errata, and how to provide feedback on it may be obtained athttp://www.rfc-editor.org/info/rfc5916.Copyright Notice   Copyright (c) 2010 IETF Trust and the persons identified as the   document authors.  All rights reserved.   This document is subject toBCP 78 and the IETF Trust's Legal   Provisions Relating to IETF Documents   (http://trustee.ietf.org/license-info) in effect on the date of   publication of this document.  Please review these documents   carefully, as they describe your rights and restrictions with respect   to this document.  Code Components extracted from this document must   include Simplified BSD License text as described in Section 4.e of   the Trust Legal Provisions and are provided without warranty as   described in the Simplified BSD License.Turner                        Informational                     [Page 1]

RFC 5916                 Device Owner Attribute                June 20101.  Introduction   This document specifies the Device Owner attribute.  It indicates the   entity (e.g., company, organization, department, agency) that owns   the device.  This attribute is intended to be used in public key   certificates [RFC5280] and attribute certificates [RFC5755].   This attribute may be used in automated authorization decisions.  For   example, when two peers are deciding whether to communicate, each   could check that the device owner present in the other device's   certificate is on an "approved" list.  This check is performed in   addition to certification path validation [RFC5280].  The mechanism   for managing the "approved" list is beyond the scope of this   document.   NOTE: This document does not provide an equivalent Lightweight   Directory Access Protocol (LDAP) schema specification as this   attribute is targeted at public key certificates [RFC5280] and   attribute certificates [RFC5755].  Definition of an equivalent LDAP   schema is left to a future specification.1.1.  Terminology   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this   document are to be interpreted as described in [RFC2119].1.2.  ASN.1 Syntax Notation   The attribute is defined using ASN.1 [X.680], [X.681], [X.682], and   [X.683].2.  Device Owner   The Device Owner attribute indicates the entity (e.g., company,   organization, department, agency) that owns the device with which   this attribute is associated.  Device Owner is an object identifier.   The following object identifier identifies the Device Owner   attribute:      id-deviceOwner OBJECT IDENTIFIER ::= {        joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)        dod(2) infosec(1) attributes(5) 69      }Turner                        Informational                     [Page 2]

RFC 5916                 Device Owner Attribute                June 2010   The ASN.1 syntax for the Device Owner attribute is as follows:      at-deviceOwner ATTRIBUTE ::= {        TYPE                    OBJECT IDENTIFIER        EQUALITY MATCHING RULE  objectIdentifierMatch        IDENTIFIED BY           id-deviceOwner      }   There MUST only be one value of Device Owner associated with a   device.  Distinct owners MUST be represented in separate   certificates.3. Security Considerations   If this attribute is used as part of an authorization process, the   procedures employed by the entity that assigns each value must ensure   that the correct value is applied.  Including this attribute in a   public key certificate or attribute certificate ensures the value for   the device owner is integrity protected.4.  Normative References   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate              Requirement Levels",BCP 14,RFC 2119, March 1997.   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,              Housley, R., and W. Polk, "Internet X.509 Public Key              Infrastructure Certificate and Certificate Revocation List              (CRL) Profile",RFC 5280, May 2008.   [RFC5755]  Farrell, S., Housley, R., and S. Turner, "An Internet              Attribute Certificate Profile for Authorization",RFC5755, January 2010.   [RFC5912]  Schaad, J. and P. Hoffman, "New ASN.1 Modules for the              Public Key Infrastructure Using X.509 (PKIX)",RFC 5912,              June 2010.   [X.501]    ITU-T Recommendation X.520 (2002) | ISO/IEC 9594-2:2002,              Information technology - The Directory: Models.   [X.680]    ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002,              Information technology - Abstract Syntax Notation One              (ASN.1): Specification of basic notation.   [X.681]    ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002,              Information Technology - Abstract Syntax Notation One:              Information Object Specification.Turner                        Informational                     [Page 3]

RFC 5916                 Device Owner Attribute                June 2010   [X.682]    ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002,              Information Technology - Abstract Syntax Notation One:              Constraint Specification.   [X.683]    ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002,              Information Technology - Abstract Syntax Notation One:              Parameterization of ASN.1 Specifications.Turner                        Informational                     [Page 4]

RFC 5916                 Device Owner Attribute                June 2010Appendix A.  ASN.1 Module   This appendix provides the normative ASN.1 [X.680] definitions for   the structures described in this specification using ASN.1 as defined   in [X.680], [X.681], [X.682], and [X.683].   DeviceOwnerAttribute-2008     { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)       dod(2) infosec(1) module(0) id-deviceOwnerAttribute-2008(34) }   DEFINITIONS IMPLICIT TAGS ::=   BEGIN   -- EXPORTS ALL --   IMPORTS   -- IMPORTS from New PKIX ASN.1 [RFC5912]     ATTRIBUTE       FROM PKIX-CommonTypes-2009         { iso(1) identified-organization(3) dod(6) internet(1)           security(5) mechanisms(5) pkix(7) id-mod(0)           id-mod-pkixCommon-02(57) }   -- Imports from ITU-T X.501 [X.501]     objectIdentifierMatch       FROM InformationFramework         { joint-iso-itu-t ds(5) module(1) informationFramework(1) 4 }   ;   -- device owner attribute OID and syntax   id-deviceOwner OBJECT IDENTIFIER ::= {     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)     dod(2) infosec(1) attributes(5) 69   }   at-deviceOwner ATTRIBUTE ::= {     TYPE                     OBJECT IDENTIFIER     EQUALITY MATCHING RULE   objectIdentifierMatch     IDENTIFIED BY            id-deviceOwner   }   ENDTurner                        Informational                     [Page 5]

RFC 5916                 Device Owner Attribute                June 2010Author's Address   Sean Turner   IECA, Inc.   3057 Nutley Street, Suite 106   Fairfax, VA 22031   USA   EMail: turners@ieca.comTurner                        Informational                     [Page 6]