idnits 2.17.1 draft-turner-deviceowner-attribute-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Unrecognized Status in 'Intended Status: Informational Track', assuming Proposed Standard (Expected one of 'Standards Track', 'Full Standard', 'Draft Standard', 'Proposed Standard', 'Best Current Practice', 'Informational', 'Experimental', 'Informational', 'Historic'.) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 1, 2010) is 5191 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-08) exists of draft-ietf-pkix-new-asn1-07 ** Downref: Normative reference to an Informational draft: draft-ietf-pkix-new-asn1 (ref. 'RFCTBD') Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Sean Turner, IECA 2 Internet Draft February 1, 2010 3 Intended Status: Informational Track 4 Expires: August 1, 2010 6 Device Owner Attribute 7 draft-turner-deviceowner-attribute-03.txt 9 Abstract 11 This document defines the Device Owner attribute. It indicates the 12 entity (e.g., company, organization, department, agency) that owns 13 the device. This attribute may be included in public key 14 certificates and attribute certificates. 16 Status of this Memo 18 This Internet-Draft is submitted to IETF in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/ietf/1id-abstracts.txt 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html 37 This Internet-Draft will expire on August 1, 2010. 39 Copyright Notice 41 Copyright (c) 2010 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 1. Introduction 56 This document specifies the Device Owner attribute. It indicates the 57 entity (e.g., company, organization, department, agency) that owns 58 the device. This attribute is intended to be used in public key 59 certificates [RFC5280] and attribute certificates [RFC5755]. 61 This attribute may be used in automated authorization decisions. For 62 example, when two peers are deciding whether to communicate each 63 could check that the device owner present in the other device's 64 certificate is on an "approved" list. This check is performed in 65 addition to certification path validation [RFC5280]. The mechanism 66 for managing the "approved" list is beyond the scope of this 67 document. 69 NOTE: This document does not provide an equivalent LDAP schema 70 specification as this attribute is targeted at public key 71 certificates [RFC5280] and attribute certificates [RFC5755]. 72 Definition of an equivalent LDAP schema is left to a future 73 specification. 75 1.1. Terminology 77 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 78 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 79 document are to be interpreted as described in [RFC2119]. 81 1.2. ASN.1 Syntax Notation 83 The attribute is defined using ASN.1 [X.680] through [X.683]. 85 2. Device Owner 87 The Device Owner attribute indicates the entity (e.g., company, 88 organization, department, agency) that owns the Device with which 89 this attribute is associated. Device Owner is an object identifier. 91 The following object identifier identifies the Device Owner 92 attribute: 94 id-deviceOwner OBJECT IDENTIFIER ::= { 95 joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) 96 dod(2) infosec(1) attributes(5) 69 97 } 99 The ASN.1 syntax for the Device Owner attribute is as follows: 101 at-deviceOwner ATTRIBUTE ::= { 102 TYPE OBJECT IDENTIFIER 103 EQUALITY MATCHING RULE objectIdentifierMatch 104 IDENTIFIED BY id-deviceOwner 105 } 107 There MUST only be one value of Device Owner associated with a 108 device. Distinct owners MUST be represented in separate 109 certificates. 111 3. Security Considerations 113 If this attribute is used as part of an authorization process, the 114 procedures employed by the entity that assigns each value must ensure 115 that the correct value is applied. Including this attribute in a 116 public key certificate or attribute certificate ensures the value for 117 the device owner is integrity protected. 119 4. IANA Considerations 121 None: All identifiers are already registered. Please remove this 122 section prior to publication as an RFC. 124 5. References 126 5.1. Normative References 128 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 129 Requirement Levels", BCP 14, RFC 2119, March 1997. 131 [RFC5280] Cooper, D., et. al., "Internet X.509 Public Key 132 Infrastructure Certificate and Certification Revocation 133 List (CRL) Profile", RFC 5280, May 2008. 135 [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet 136 Attribute Certificate Profile for Authorization", RFC 137 5755, January 2010. 139 [RFCTBD] Schaad, J., and P. Hoffman, "New ASN.1 Modules for 140 PKIX", draft-ietf-pkix-new-asn1-07.txt, work-in- 141 progress. 143 /** 144 RFC Editor: Please replace "RFCTBD" with "RFC####" where #### is the 145 number of the published RFC. Please do this in both the references 146 and the text. 147 **/ 149 [X.501] ITU-T Recommendation X.520 (2002) | ISO/IEC 9594- 150 2:2002, Information technology - The Directory: Models. 152 [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- 153 1:2002, Information technology - Abstract Syntax 154 Notation One (ASN.1): Specification of basic notation. 156 [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824- 157 2:2002. Information Technology - Abstract Syntax 158 Notation One: Information Object Specification. 160 [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824- 161 3:2002. Information Technology - Abstract Syntax 162 Notation One: Constraint Specification. 164 [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824- 165 4:2002. Information Technology - Abstract Syntax 166 Notation One: Parameterization of ASN.1 Specifications. 168 5.2. Informative References 170 None 172 Appendix A. ASN.1 Module 174 This appendix provides the normative ASN.1 [X.680] definitions for 175 the structures described in this specification using ASN.1 as defined 176 in [X.680] through [X.683]. 178 DeviceOwnerAttribute-2008 179 { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) 180 dod(2) infosec(1) module(0) id-deviceOwnerAttribute-2008(34) } 182 DEFINITIONS IMPLICIT TAGS ::= 184 BEGIN 186 -- EXPORTS ALL -- 188 IMPORTS 190 -- IMPORTS from New PKIX ASN.1 [RFCTBD] 192 ATTRIBUTE 193 FROM PKIX-CommonTypes-2009 194 { iso(1) identified-organization(3) dod(6) internet(1) 195 security(5) mechanisms(5) pkix(7) id-mod(0) 196 id-mod-pkixCommon-02(57) } 198 -- Imports from ITU-T X.501 [X.501] 200 objectIdentifierMatch 201 FROM InformationFramework 202 { joint-iso-itu-t ds(5) module(1) informationFramework(1) 4 } 204 ; 206 -- device owner attribute OID and syntax 208 id-deviceOwner OBJECT IDENTIFIER ::= { 209 joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) 210 dod(2) infosec(1) attributes(5) 69 211 } 213 at-deviceOwner ATTRIBUTE ::= { 214 TYPE OBJECT IDENTIFIER 215 EQUALITY MATCHING RULE objectIdentifierMatch 216 IDENTIFIED BY id-deviceOwner 217 } 218 END 220 Author's Address 222 Sean Turner 223 IECA, Inc. 224 3057 Nutley Street, Suite 106 225 Fairfax, VA 22031 226 USA 228 EMail: turners@ieca.com