Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 5916                                          IECA
Category: Informational                                        June 2010
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 5916                                          IECA
Category: Informational                                        June 2010
ISSN: 2070-1721
        

Device Owner Attribute

设备所有者属性

Abstract

摘要

This document defines the Device Owner attribute. It indicates the entity (e.g., company, organization, department, agency) that owns the device. This attribute may be included in public key certificates and attribute certificates.

此文档定义设备所有者属性。它表示拥有设备的实体(如公司、组织、部门、机构)。此属性可以包含在公钥证书和属性证书中。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5916.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5916.

Copyright Notice

版权公告

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

1. Introduction
1. 介绍

This document specifies the Device Owner attribute. It indicates the entity (e.g., company, organization, department, agency) that owns the device. This attribute is intended to be used in public key certificates [RFC5280] and attribute certificates [RFC5755].

此文档指定设备所有者属性。它表示拥有设备的实体(如公司、组织、部门、机构)。此属性用于公钥证书[RFC5280]和属性证书[RFC5755]。

This attribute may be used in automated authorization decisions. For example, when two peers are deciding whether to communicate, each could check that the device owner present in the other device's certificate is on an "approved" list. This check is performed in addition to certification path validation [RFC5280]. The mechanism for managing the "approved" list is beyond the scope of this document.

此属性可用于自动授权决策。例如,当两个对等方决定是否通信时,每个对等方都可以检查另一个设备证书中的设备所有者是否在“已批准”列表中。此检查是在验证路径验证[RFC5280]之外执行的。管理“已批准”清单的机制超出了本文件的范围。

NOTE: This document does not provide an equivalent Lightweight Directory Access Protocol (LDAP) schema specification as this attribute is targeted at public key certificates [RFC5280] and attribute certificates [RFC5755]. Definition of an equivalent LDAP schema is left to a future specification.

注意:本文档未提供等效的轻型目录访问协议(LDAP)架构规范,因为此属性针对公钥证书[RFC5280]和属性证书[RFC5755]。等效LDAP模式的定义留待将来的规范决定。

1.1. Terminology
1.1. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

1.2. ASN.1 Syntax Notation
1.2. ASN.1语法表示法

The attribute is defined using ASN.1 [X.680], [X.681], [X.682], and [X.683].

该属性是使用ASN.1[X.680]、[X.681]、[X.682]和[X.683]定义的。

2. Device Owner
2. 设备所有者

The Device Owner attribute indicates the entity (e.g., company, organization, department, agency) that owns the device with which this attribute is associated. Device Owner is an object identifier.

设备所有者属性表示拥有与此属性关联的设备的实体(例如,公司、组织、部门、机构)。设备所有者是一个对象标识符。

The following object identifier identifies the Device Owner attribute:

以下对象标识符标识设备所有者属性:

      id-deviceOwner OBJECT IDENTIFIER ::= {
        joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
        dod(2) infosec(1) attributes(5) 69
      }
        
      id-deviceOwner OBJECT IDENTIFIER ::= {
        joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
        dod(2) infosec(1) attributes(5) 69
      }
        

The ASN.1 syntax for the Device Owner attribute is as follows:

设备所有者属性的ASN.1语法如下:

      at-deviceOwner ATTRIBUTE ::= {
        TYPE                    OBJECT IDENTIFIER
        EQUALITY MATCHING RULE  objectIdentifierMatch
        IDENTIFIED BY           id-deviceOwner
      }
        
      at-deviceOwner ATTRIBUTE ::= {
        TYPE                    OBJECT IDENTIFIER
        EQUALITY MATCHING RULE  objectIdentifierMatch
        IDENTIFIED BY           id-deviceOwner
      }
        

There MUST only be one value of Device Owner associated with a device. Distinct owners MUST be represented in separate certificates.

与设备关联的设备所有者只能有一个值。不同的所有者必须在单独的证书中表示。

3. Security Considerations
3. 安全考虑

If this attribute is used as part of an authorization process, the procedures employed by the entity that assigns each value must ensure that the correct value is applied. Including this attribute in a public key certificate or attribute certificate ensures the value for the device owner is integrity protected.

如果此属性用作授权过程的一部分,则分配每个值的实体所采用的程序必须确保应用了正确的值。在公钥证书或属性证书中包含此属性可确保设备所有者的值受到完整性保护。

4. Normative References
4. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.

[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。

[RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet Attribute Certificate Profile for Authorization", RFC 5755, January 2010.

[RFC5755]Farrell,S.,Housley,R.,和S.Turner,“用于授权的互联网属性证书配置文件”,RFC 57552010年1月。

[RFC5912] Schaad, J. and P. Hoffman, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, June 2010.

[RFC5912]Schaad,J.和P.Hoffman,“使用X.509(PKIX)的公钥基础设施的新ASN.1模块”,RFC 5912,2010年6月。

[X.501] ITU-T Recommendation X.520 (2002) | ISO/IEC 9594-2:2002, Information technology - The Directory: Models.

[X.501]ITU-T建议X.520(2002)| ISO/IEC 9594-2:2002,信息技术-目录:型号。

[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002, Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation.

[X.680]ITU-T建议X.680(2002)| ISO/IEC 8824-1:2002,信息技术-抽象语法符号1(ASN.1):基本符号规范。

[X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002, Information Technology - Abstract Syntax Notation One: Information Object Specification.

[X.681]ITU-T建议X.681(2002)| ISO/IEC 8824-2:2002,信息技术-抽象语法符号1:信息对象规范。

[X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002, Information Technology - Abstract Syntax Notation One: Constraint Specification.

[X.682]ITU-T建议X.682(2002)| ISO/IEC 8824-3:2002,信息技术-抽象语法符号1:约束规范。

[X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002, Information Technology - Abstract Syntax Notation One: Parameterization of ASN.1 Specifications.

[X.683]ITU-T建议X.683(2002)| ISO/IEC 8824-4:2002,信息技术-抽象语法符号1:ASN.1规范的参数化。

Appendix A. ASN.1 Module
附录A.ASN.1模块

This appendix provides the normative ASN.1 [X.680] definitions for the structures described in this specification using ASN.1 as defined in [X.680], [X.681], [X.682], and [X.683].

本附录使用[X.680]、[X.681]、[X.682]和[X.683]中定义的ASN.1为本规范中描述的结构提供了规范性ASN.1[X.680]定义。

   DeviceOwnerAttribute-2008
     { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) module(0) id-deviceOwnerAttribute-2008(34) }
        
   DeviceOwnerAttribute-2008
     { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) module(0) id-deviceOwnerAttribute-2008(34) }
        
   DEFINITIONS IMPLICIT TAGS ::=
        
   DEFINITIONS IMPLICIT TAGS ::=
        

BEGIN

开始

-- EXPORTS ALL --

--全部出口--

IMPORTS

进口

-- IMPORTS from New PKIX ASN.1 [RFC5912]

--从新PKIX ASN.1导入[RFC5912]

     ATTRIBUTE
       FROM PKIX-CommonTypes-2009
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-mod-pkixCommon-02(57) }
        
     ATTRIBUTE
       FROM PKIX-CommonTypes-2009
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-mod-pkixCommon-02(57) }
        

-- Imports from ITU-T X.501 [X.501]

--从ITU-T X.501[X.501]进口

     objectIdentifierMatch
       FROM InformationFramework
         { joint-iso-itu-t ds(5) module(1) informationFramework(1) 4 }
        
     objectIdentifierMatch
       FROM InformationFramework
         { joint-iso-itu-t ds(5) module(1) informationFramework(1) 4 }
        

;

;

-- device owner attribute OID and syntax

--设备所有者属性OID和语法

   id-deviceOwner OBJECT IDENTIFIER ::= {
     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
     dod(2) infosec(1) attributes(5) 69
   }
        
   id-deviceOwner OBJECT IDENTIFIER ::= {
     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
     dod(2) infosec(1) attributes(5) 69
   }
        
   at-deviceOwner ATTRIBUTE ::= {
     TYPE                     OBJECT IDENTIFIER
     EQUALITY MATCHING RULE   objectIdentifierMatch
     IDENTIFIED BY            id-deviceOwner
   }
        
   at-deviceOwner ATTRIBUTE ::= {
     TYPE                     OBJECT IDENTIFIER
     EQUALITY MATCHING RULE   objectIdentifierMatch
     IDENTIFIED BY            id-deviceOwner
   }
        

END

终止

Author's Address

作者地址

Sean Turner IECA, Inc. 3057 Nutley Street, Suite 106 Fairfax, VA 22031 USA

Sean Turner IECA,Inc.美国弗吉尼亚州费尔法克斯市努特利街3057号106室,邮编22031

   EMail: turners@ieca.com
        
   EMail: turners@ieca.com