2 INTERNET-DRAFT Kurt D. Zeilenga
3 Intended Category: Standard Track OpenLDAP Foundation
4 Expires in six months 17 October 2004
5 Obsoletes: RFC 2252, RFC 2256
8 LDAP X.509 Certificate Schema
9 <draft-zeilenga-ldap-x509-00.txt>
14 This document is intended to be, after appropriate review and
15 revision, submitted to the RFC Editor as an Standard Track document.
16 Distribution of this memo is unlimited. Technical discussion of this
17 document will take place on the IETF LDAP Extensions mailing list
18 <ldapext@ietf.org>. Please send editorial comments directly to the
19 author <Kurt@OpenLDAP.org>.
21 This document is intended to be published in conjunction to the
22 revised LDAP TS [Roadmap] when, in conjunction with this document,
23 obsoletes RFC 2252 and RFC 2256 in their entirety.
25 By submitting this Internet-Draft, I accept the provisions of Section
26 4 of RFC 3667. By submitting this Internet-Draft, I certify that any
27 applicable patent or other IPR claims of which I am aware have been
28 disclosed, or will be disclosed, and any of which I become aware will
29 be disclosed, in accordance with RFC 3668.
31 Internet-Drafts are working documents of the Internet Engineering Task
32 Force (IETF), its areas, and its working groups. Note that other
33 groups may also distribute working documents as Internet-Drafts.
35 Internet-Drafts are draft documents valid for a maximum of six months
36 and may be updated, replaced, or obsoleted by other documents at any
37 time. It is inappropriate to use Internet-Drafts as reference material
38 or to cite them other than as "work in progress."
40 The list of current Internet-Drafts can be accessed at
41 <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
42 Internet-Draft Shadow Directories can be accessed at
43 <http://www.ietf.org/shadow.html>.
45 Copyright (C) The Internet Society (2004). All Rights Reserved.
47 Please see the Full Copyright section near the end of this document
53 Zeilenga draft-zeilenga-ldap-x509-00 [Page 1]
55 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
60 This document describes schema for representing X.509 certificates,
61 X.521 security information, and related elements in directories
62 accessible using the Lightweight Directory Access Protocol (LDAP).
63 The LDAP definitions for these X.509 and X.521 schema elements
64 replaces those provided in RFC 2252 and RFC 2256.
67 1. Background and Intended Use
69 This document provides LDAP schema definitions for a subset of
70 elements specified in X.509 [X.509] and X.521 [X.521], including
71 attribute types for certificates, cross certificate pairs, and
72 certificate revocation lists; matching rules to be used with these
73 attribute types; and related object classes. LDAP syntax definitions
74 are also provided for associated assertion and attribute values.
76 As the semantics of these elements are as defined in X.509 and X.521,
77 knowledge of X.509 and X.521 is necessary to make use of the LDAP
78 schema definitions provided herein.
80 This document, together with [Roadmap], obsoletes RFC 2252 and RFC
81 2256 in their entirety. The changes made since RFC 2252 and RFC 2256
83 - addition of pkiUser, pkiCA, and deltaCRL classes;
84 - updated of attribute types to include equality matching rules in
85 accordance with their X.500 specifications;
86 - addition of certificate, certificate pair, certificate list, and
87 algorithm identifer matching rules; and
88 - addition of LDAP syntax for assertion syntaxes for these matching
91 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
92 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
93 document are to be interpreted as described in BCP 14 [RFC2119].
95 Schema definitions are provided using LDAP description formats
96 [Models]. Definitions provided here are formatted (line wrapped) for
102 This section describes various syntaxes used to transfer certificates
103 and related data types in LDAP.
109 Zeilenga draft-zeilenga-ldap-x509-00 [Page 2]
111 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
116 ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'X.509 Certificate' )
118 A value of this syntax is an X.509 Certificate [Section 7, X.509].
120 Due to changes made to the ASN.1 definition of a Certificate made
121 through time, no LDAP-specific encoding is defined for this syntax.
122 Values of this syntax are to encoded using DER [X.690] and MUST only
123 be transferred using the ;binary transfer option [Binary]. That is,
124 by requesting and returning values using attribute descriptions such
125 as "userCertificate;binary".
127 As values of this syntax contain digitally-signed data, values of this
128 syntax, and the form of the value, MUST be preserved as presented.
133 ( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'X.509 Certificate List' )
135 A value of this syntax is an X.509 CertificateList [Section 7.3,
138 Due to changes made to the ASN.1 definition of a CertificateList made
139 through time, no LDAP-specific encoding is defined for this syntax.
140 Values of this syntax are to encoded using DER [X.690] and MUST only
141 be transferred using the ;binary transfer option [Binary]. That is,
142 by requesting and returning values using attribute descriptions such
143 as "certificateRevocationList;binary".
145 As values of this syntax contain digitally-signed data, values of this
146 syntax, and the form of the value, MUST be preserved as presented.
151 ( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'X.509 Certificate Pair' )
153 A value of this syntax is an X.509 CertificatePair [Section 11.2.3,
156 Due to changes made to the ASN.1 definition of an X.509
157 CertificatePair made through time, no LDAP-specific encoding is
158 defined for this syntax. Values of this syntax are to encoded using
159 DER [X.690] and MUST only be transferred using the ;binary transfer
160 option [Binary]. That is, by requesting and returning values using
161 attribute descriptions such as "crossCertificatePair;binary".
165 Zeilenga draft-zeilenga-ldap-x509-00 [Page 3]
167 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
170 As values of this syntax contain digitally-signed data, values of this
171 syntax, and the form of the value, MUST be preserved as presented.
173 2.4 SupportedAlgorithm
175 ( 1.3.6.1.4.1.1466.115.121.1.49
176 DESC 'X.508 Supported Algorithm' )
178 A value of this syntax is an X.509 SupportedAlgorithm [Section 11.2.7,
181 Due to changes made to the ASN.1 definition of an X.509
182 SupportedAlgorithm made through time, no LDAP-specific encoding is
183 defined for this syntax. Values of this syntax are to encoded using
184 DER [X.690] and MUST only be transferred using the ;binary transfer
185 option [Binary]. That is, by requesting and returning values using
186 attribute descriptions such as "supportedAlgorithms;binary".
188 As values of this syntax contain digitally-signed data, values of this
189 syntax, and the form of the value, MUST be preserved as presented.
192 2.5. CertificateExactAssertion
194 ( IANA-ASSIGNED-OID.1 DESC 'X.509 Certificate Exact Assertion' )
196 A value of this syntax is an X.509 CertificateExactAssertion [Section
199 The LDAP-specific encoding used for this syntax is described by the
200 following ABNF [RFC2234]:
202 certificateExactAssertion = serialNumber DOLLAR issuer
203 serialNumber = number
204 issuer = distinguishedName
206 where <number> and <DOLLAR> are as given in [Models] and
207 <distinguishedName> is as given in [LDAPDN].
209 Example: 10$cn=Example$CA,dc=example,dc=com
211 Note: DOLLAR ('$') characters may appear in the <issuer> production.
214 2.6. CertificateAssertion
216 ( IANA-ASSIGNED-OID.2 DESC 'X.509 Certificate Assertion' )
221 Zeilenga draft-zeilenga-ldap-x509-00 [Page 4]
223 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
226 A value of this syntax is an X.509 CertificateAssertion [Section
229 Values of this syntax are to be encoded using GSER [RFC3641].
230 Appendix A.1 provides an equivalent ABNF grammar for this syntax.
233 2.7. CertificatePairExactAssertion
235 ( IANA-ASSIGNED-OID.3
236 DESC 'X.509 Certificate Pair Exact Assertion' )
238 A value of this syntax is an X.509 CertificatePairExactAssertion
239 [Section 11.3.3, X.509].
241 Values of this syntax are to be encoded using GSER [RFC3641].
242 Appendix A.2 provides an equivalent ABNF grammar for this syntax.
245 2.8. CertificatePairAssertion
247 ( IANA-ASSIGNED-OID.4 DESC 'X.509 Certificate Pair Assertion' )
249 A value of this syntax is an X.509 CertificatePairAssertion [Section
252 Values of this syntax are to be encoded using GSER [RFC3641].
253 Appendix A.3 provides an equivalent ABNF grammar for this syntax.
256 2.9. CertificateListExactAssertion
258 ( IANA-ASSIGNED-OID.5
259 DESC 'X.509 Certificate List Exact Assertion' )
261 A value of this syntax is an X.509 CertificateListExactAssertion
262 [Section 11.3.5, X.509].
264 Values of this syntax are to be encoded using GSER [RFC3641].
265 Appendix A.4 provides an equivalent ABNF grammar for this syntax.
268 2.10. CertificateListAssertion
270 ( IANA-ASSIGNED-OID.6 DESC 'X.509 Certificate List Assertion' )
272 A value of this syntax is an X.509 CertificateListAssertion [Section
277 Zeilenga draft-zeilenga-ldap-x509-00 [Page 5]
279 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
282 Values of this syntax are to be encoded using GSER [RFC3641].
283 Appendix A.5 provides an equivalent ABNF grammar for this syntax.
286 2.11 AlgorithmIdentifier
288 ( IANA-ASSIGNED-OID.7 DESC 'X.509 Algorithm Identifier' )
290 A value of this syntax is an X.509 AlgorithmIdentifier [Section 7,
293 Values of this syntax are to be encoded using GSER [RFC3641].
294 Appendix A.6 provides an equivalent ABNF grammar for this syntax.
299 This section introduces a set of certificate and related matching
300 rules for use in LDAP. These rules are intended to act in accordance
301 with their X.500 counterparts.
304 3.1. certificateExactMatch
306 The certificateExactMatch matching rule compares the presented
307 certificate exact assertion value with an attribute value of the
308 certificate syntax as described in Section 11.3.1 of [X.509].
310 ( 2.5.13.34 NAME 'certificateExactMatch'
311 DESC 'X.509 Certificate Exact Match'
312 SYNTAX IANA-ASSIGNED-OID.1 )
315 3.2. certificateMatch
317 The certificateMatch matching rule compares the presented certificate
318 assertion value with an attribute value of the certificate syntax as
319 described in Section 11.3.2 of [X.509].
321 ( 2.5.13.35 NAME 'certificateMatch'
322 DESC 'X.509 Certificate Match'
323 SYNTAX IANA-ASSIGNED-OID.2 )
326 3.3. certificatePairExactMatch
328 The certificatePairExactMatch matching rule compares the presented
329 certificate pair exact assertion value with an attribute value of the
333 Zeilenga draft-zeilenga-ldap-x509-00 [Page 6]
335 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
338 certificate pair syntax as described in Section 11.3.3 of [X.509].
340 ( 2.5.13.36 NAME 'certificatePairExactMatch'
341 DESC 'X.509 Certificate Pair Exact Match'
342 SYNTAX IANA-ASSIGNED-OID.3 )
345 3.4. certificatePairMatch
347 The certificatePairMatch matching rule compares the presented
348 certificate pair assertion value with an attribute value of the
349 certificate pair syntax as described in Section 11.3.4 of [X.509].
351 ( 2.5.13.37 NAME 'certificatePairMatch'
352 DESC 'X.509 Certificate Pair Match'
353 SYNTAX IANA-ASSIGNED-OID.4 )
356 3.5. certificateListExactMatch
358 The certificateListExactMatch matching rule compares the presented
359 certificate list exact assertion value with an attribute value of the
360 certificate pair syntax as described in Section 11.3.5 of [X.509].
362 ( 2.5.13.38 NAME 'certificateListExactMatch'
363 DESC 'X.509 Certificate List Exact Match'
364 SYNTAX IANA-ASSIGNED-OID.5 )
367 3.6. certificateListMatch
369 The certificateListMatch matching rule compares the presented
370 certificate list assertion value with an attribute value of the
371 certificate pair syntax as described in Section 11.3.6 of [X.509].
373 ( 2.5.13.39 NAME 'certificateListMatch'
374 DESC 'X.509 Certificate List Match'
375 SYNTAX IANA-ASSIGNED-OID.6 )
378 3.7. algorithmIdentifierMatch
380 The algorithmIdentifierMatch mating rule compares a presented
381 algorithm identifier with an attribute value of supported algorithm as
382 described in Section 11.3.7 of [X.509].
384 ( 2.5.13.40 NAME 'algorithmIdentifier'
385 DESC 'X.509 Algorithm Identifier Match'
389 Zeilenga draft-zeilenga-ldap-x509-00 [Page 7]
391 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
394 SYNTAX IANA-ASSIGNED-OID.7 )
399 This section details a set of certificate and related attribute types
405 The userCertificate attribute holds the X.509 certificates issued to
406 the user by one or more certificate authorities, as discussed in
407 Section 11.2.1 of [X.509].
409 ( 2.5.4.36 NAME 'userCertificate'
410 DESC 'X.509 user certificate'
411 EQUALITY certificateExactMatch
412 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
414 As required by this attribute type's syntax, values of this attribute
415 are requested and transferred using the attribute description
416 "userCertificate;binary".
421 The cACertificate attribute holds the X.509 certificates issued to the
422 certificate authority (CA), as discussed in Section 11.2.2 of [X.509].
424 ( 2.5.4.37 NAME 'cACertificate'
425 DESC 'X.509 CA certificate'
426 EQUALITY certificateExactMatch
427 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
429 As required by this attribute type's syntax, values of this attribute
430 are requested and transferred using the attribute description
431 "cACertificate;binary".
434 4.3. crossCertificatePair
436 The crossCertificatePair attribute holds an X.509 certificate pair, as
437 discussed in Section 11.2.3 of [X.509].
439 ( 2.5.4.40 NAME 'crossCertificatePair'
440 DESC 'X.509 cross certificate pair'
441 EQUALITY certificatePairExactMatch
445 Zeilenga draft-zeilenga-ldap-x509-00 [Page 8]
447 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
450 SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
452 As required by this attribute type's syntax, values of this attribute
453 are requested and transferred using the attribute description
454 "crossCertificatePair;binary".
457 4.4. certificateRevocationList
459 The certificateRevocationList attribute holds certificate lists, as
460 discussed in 11.2.4 of [X.509].
462 ( 2.5.4.39 NAME 'certificateRevocationList'
463 DESC 'X.509 certificate revocation list'
464 EQUALITY certificateListExactMatch
465 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
467 As required by this attribute type's syntax, values of this attribute
468 are requested and transferred using the attribute description
469 "certificateRevocationList;binary".
472 4.5. authorityRevocationList
474 The authorityRevocationList attribute holds certificate lists, as
475 discussed in 11.2.5 of [X.509].
477 ( 2.5.4.38 NAME 'authorityRevocationList'
478 DESC 'X.509 authority revocation list'
479 EQUALITY certificateListExactMatch
480 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
482 As required by this attribute type's syntax, values of this attribute
483 are requested and transferred using the attribute description
484 "authorityRevocationList;binary".
487 4.6. deltaRevocationList
489 The deltaRevocationList attribute holds certificate lists, as
490 discussed in 11.2.6 of [X.509].
492 ( 2.5.4.53 NAME 'deltaRevocationList'
493 DESC 'X.509 delta revocation list'
494 EQUALITY certificateListExactMatch
495 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
497 As required by this attribute type's syntax, values of this attribute
501 Zeilenga draft-zeilenga-ldap-x509-00 [Page 9]
503 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
506 MUST be requested and transferred using the attribute description
507 "deltaRevocationList;binary".
510 4.7. supportedAlgorithms
512 The supportedAlgorithms attribute holds supported algorithms, as
513 discussed in 11.2.7 of [X.509].
515 ( 2.5.4.52 NAME 'supportedAlgorithms'
516 DESC 'X.509 supported algorithms'
517 EQUALITY algorithmIdentifierMatch
518 SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
520 As required by this attribute type's syntax, values of this attribute
521 MUST be requested and transferred using the attribute description
522 "supportedAlgorithms;binary".
527 This section details a set of certificate-related object classes for
533 This object class is used in augment entries for objects that may be
534 subject to certificates, as defined in Section 11.1.1 of [X.509].
536 ( 2.5.6.21 NAME 'pkiUser'
537 DESC 'X.509 PKI User'
539 MAY userCertificate )
544 This object class is used to augment entries for objects which act as
545 certificate authorities, as defined in Section 11.1.2 of [X.509]
547 ( 2.5.6.22 NAME 'pkiCA'
548 DESC 'X.509 PKI Certificate Authority'
550 MAY ( cACertificate $ certificateRevocationList $
551 authorityRevocationList $ crossCertificatePair ) )
557 Zeilenga draft-zeilenga-ldap-x509-00 [Page 10]
559 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
562 5.3. cRLDistributionPoint
564 This class is used to represent objects which act as CRL distribution
565 points, as discussed in Section 11.1.3 of [X.509].
567 ( 2.5.6.19 NAME 'cRLDistributionPoint'
568 DESC 'X.509 CRL distribution point'
571 MAY ( certificateRevocationList $
572 authorityRevocationList $ deltaRevocationList ) )
577 The deltaCRL object class is used to augment entries no hold delta
578 revocation lists, as discussed in Section 11.1.4 of [X.509].
580 ( 2.5.6.23 NAME 'deltaCRL'
581 DESC 'X.509 delta CRL'
583 MAY deltaRevocationList )
586 5.5. strongAuthenticationUser
588 This object class is used to augment entries for objects participating
589 in certificate-based authentication, as defined in Section 6.15 of
590 [X.521]. This object class is deprecated in favor of pkiUser.
592 ( 2.5.6.15 NAME 'strongAuthenticationUser'
593 DESC 'X.521 strong authentication user'
595 MUST userCertificate )
598 5.6. userSecurityInformation
600 This object class is used to augment entries with needed additional
601 associated security information, as defined in Section 6.16 of
604 ( 2.5.6.18 NAME 'userSecurityInformation'
605 DESC 'X.521 user security information'
607 MAY ( supportedAlgorithms ) )
613 Zeilenga draft-zeilenga-ldap-x509-00 [Page 11]
615 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
618 5.7. certificationAuthority
620 This object class is used to augment entries for objects which act as
621 certificate authorities, as defined in Section 6.17 of [X.521]. This
622 object class is deprecated in favor of pkiCA.
624 ( 2.5.6.16 NAME 'certificationAuthority'
625 DESC 'X.509 certificate authority'
627 MUST ( authorityRevocationList $
628 certificateRevocationList $ cACertificate )
629 MAY crossCertificatePair )
632 5.8. certificationAuthority-V2
634 This object class is used to augment entries for objects which act as
635 certificate authorities, as defined in Section 6.18 of [X.521]. This
636 object class is deprecated in favor of pkiCA.
638 ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
639 DESC 'X.509 certificate authority, version 2'
640 SUP certificationAuthority AUXILIARY
641 MAY deltaRevocationList )
644 6. Security Considerations
646 The directory administrator is to use the server's access control
647 facilities to restrict access as desired.
649 General LDAP security considerations [Roadmap] apply.
652 7. IANA Considerations
654 7.1. Object Identifier Registration
656 It is requested that IANA register upon Standards Action an LDAP
657 Object Identifier for use in this technical specification.
659 Subject: Request for LDAP OID Registration
660 Person & email address to contact for further information:
661 Kurt Zeilenga <kurt@OpenLDAP.org>
662 Specification: RFC XXXX
663 Author/Change Controller: IESG
665 Identifies the LDAP X.509 Certificate schema elements
669 Zeilenga draft-zeilenga-ldap-x509-00 [Page 12]
671 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
674 7.2. Registration of the descriptor
676 It is requested that IANA update upon Standards Action the LDAP
677 Descriptor registry as indicated below.
679 Subject: Request for LDAP Descriptor Registration
680 Descriptor (short name): see table
681 Object Identifier: see table
682 Person & email address to contact for further information:
683 Kurt Zeilenga <kurt@OpenLDAP.org>
685 Specification: RFC XXXX
686 Author/Change Controller: IESG
688 algorithmIdentifierMatch R 2.5.13.40
689 authorityRevocationList A 2.5.4.38 *
690 cACertificate A 2.5.4.37 *
691 cRLDistributionPoint O 2.5.6.19 *
692 certificateExactMatch R 2.5.13.34
693 certificateListExactMatch R 2.5.13.38
694 certificateListMatch R 2.5.13.39
695 certificateMatch R 2.5.13.35
696 certificatePairExactMatch R 2.5.13.36
697 certificatePairMatch R 2.5.13.37
698 certificateRevocationList A 2.5.4.39 *
699 certificationAuthority O 2.5.6.16 *
700 certificationAuthority-V2 O 2.5.6.16.2 *
701 crossCertificatePair A 2.5.4.40 *
703 deltaRevocationList A 2.5.4.53 *
706 strongAuthenticationUser O 2.5.6.15 *
707 supportedAlgorithms A 2.5.4.52 *
708 userCertificate A 2.5.4.36 *
709 userSecurityInformation O 2.5.6.18 *
711 * Updates previous registration
716 This document is based upon X.509, a product of the ITU-T. A number
717 of LDAP schema definitions were based on those found RFC 2252 and RFC
718 2256, both products of the IETF ASID WG.
720 Additional material was borrowed from prior works by David Chadwick
721 and/or Steven Legg to refine LDAP X.509 Schema.
725 Zeilenga draft-zeilenga-ldap-x509-00 [Page 13]
727 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
735 Email: Kurt@OpenLDAP.org
738 10. Normative References
740 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
741 Requirement Levels", BCP 14 (also RFC 2119), March 1997.
743 [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
744 Specifications: ABNF", RFC 2234, November 1997.
746 [RFC3641] Legg, S., "Generic String Encoding Rules for ASN.1
747 Types", RFC 3641, October 2003.
749 [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
750 Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
753 [Models] Zeilenga, K. (editor), "LDAP: Directory Information
754 Models", draft-ietf-ldapbis-models-xx.txt, a work in
757 [Binary] Legg, S., "Lightweight Directory Access Protocol (LDAP):
758 The Binary Encoding Option",
759 draft-legg-ldap-binary-xx.txt, a work in progress.
761 [X.509] International Telecommunication Union -
762 Telecommunication Standardization Sector, "The
763 Directory: Authentication Framework", X.509(2000).
765 [X.521] International Telecommunication Union -
766 Telecommunication Standardization Sector, "The
767 Directory: Selected Object Classes", X.521(2000).
769 [X.680] International Telecommunication Union -
770 Telecommunication Standardization Sector, "Abstract
771 Syntax Notation One (ASN.1) - Specification of Basic
772 Notation", X.680(1997) (also ISO/IEC 8824-1:1998).
774 [X.690] International Telecommunication Union -
775 Telecommunication Standardization Sector, "Specification
776 of ASN.1 encoding rules: Basic Encoding Rules (BER),
777 Canonical Encoding Rules (CER), and Distinguished
781 Zeilenga draft-zeilenga-ldap-x509-00 [Page 14]
783 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
786 Encoding Rules (DER)", X.690(1997) (also ISO/IEC
790 11. Informative References
792 [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64
793 (also RFC 3383), September 2002.
795 [RFC3642] Legg, S., "Common Elements of GSER Encodings", RFC 3642,
798 [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
799 draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
804 This appendix is informative.
806 This appendix, once written, will provide ABNF [RFC2234] grammars for
807 GSER-based LDAP-specific encodings specified in this document. These
808 grammars where produced using, and rely on, Common Elements for GSER
813 Intellectual Property Rights
815 The IETF takes no position regarding the validity or scope of any
816 Intellectual Property Rights or other rights that might be claimed to
817 pertain to the implementation or use of the technology described in
818 this document or the extent to which any license under such rights
819 might or might not be available; nor does it represent that it has
820 made any independent effort to identify any such rights. Information
821 on the procedures with respect to rights in RFC documents can be found
822 in BCP 78 and BCP 79.
824 Copies of IPR disclosures made to the IETF Secretariat and any
825 assurances of licenses to be made available, or the result of an
826 attempt made to obtain a general license or permission for the use of
827 such proprietary rights by implementers or users of this specification
828 can be obtained from the IETF on-line IPR repository at
829 http://www.ietf.org/ipr.
831 The IETF invites any interested party to bring to its attention any
832 copyrights, patents or patent applications, or other proprietary
833 rights that may cover technology that may be required to implement
837 Zeilenga draft-zeilenga-ldap-x509-00 [Page 15]
839 INTERNET-DRAFT LDAP X.509 Schema 17 October 2004
842 this standard. Please address the information to the IETF at
849 Copyright (C) The Internet Society (2004). This document is subject
850 to the rights, licenses and restrictions contained in BCP 78, and
851 except as set forth therein, the authors retain all their rights.
853 This document and the information contained herein are provided on an
854 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
855 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
856 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
857 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
858 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
859 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
893 Zeilenga draft-zeilenga-ldap-x509-00 [Page 16]