File: BasicAccessControl.asn

package info (click to toggle)
erlang 1%3A27.3.4.1%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 225,000 kB
  • sloc: erlang: 1,658,966; ansic: 405,769; cpp: 177,850; xml: 82,435; makefile: 15,031; sh: 14,401; lisp: 9,812; java: 8,603; asm: 6,541; perl: 5,836; python: 5,484; sed: 72
file content (184 lines) | stat: -rw-r--r-- 6,414 bytes parent folder | download | duplicates (30) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
 
-- Module BasicAccessControl (X.501:08/1997)
BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 3}
DEFINITIONS ::=
BEGIN

-- EXPORTS All 
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 
-- within the Directory Specifications, and for the use of other applications which will use them to access 
-- Directory services. Other applications may use them for their own purposes, but this will not constrain
-- extensions and modifications needed to maintain or improve the Directory service.
IMPORTS
  id-aca, id-acScheme, informationFramework, upperBounds,
    selectedAttributeTypes, directoryAbstractService
    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
      usefulDefinitions(0) 3}
  ATTRIBUTE, AttributeType, DistinguishedName, ContextAssertion,
    SubtreeSpecification, SupportedAttributes, MATCHING-RULE,
    objectIdentifierMatch, Refinement
    FROM InformationFramework informationFramework
  Filter
    FROM DirectoryAbstractService directoryAbstractService
  ub-tag
    FROM UpperBounds upperBounds
  NameAndOptionalUID, directoryStringFirstComponentMatch, DirectoryString{}
    FROM SelectedAttributeTypes selectedAttributeTypes;

-- types 
ACIItem ::= SEQUENCE {
  identificationTag    DirectoryString{ub-tag},
  precedence           Precedence,
  authenticationLevel  AuthenticationLevel,
  itemOrUserFirst
    CHOICE {itemFirst
              [0]  SEQUENCE {protectedItems   ProtectedItems,
                             itemPermissions  SET OF ItemPermission},
            userFirst
              [1]  SEQUENCE {userClasses      UserClasses,
                             userPermissions  SET OF UserPermission}}
}

Precedence ::= INTEGER(0..255)

ProtectedItems ::= SEQUENCE {
  entry                           [0]  NULL OPTIONAL,
  allUserAttributeTypes           [1]  NULL OPTIONAL,
  attributeType
    [2]  SET SIZE (1..MAX) OF AttributeType OPTIONAL,
  allAttributeValues
    [3]  SET SIZE (1..MAX) OF AttributeType OPTIONAL,
  allUserAttributeTypesAndValues  [4]  NULL OPTIONAL,
  attributeValue
    [5]  SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL,
  selfValue
    [6]  SET SIZE (1..MAX) OF AttributeType OPTIONAL,
  rangeOfValues                   [7]  Filter OPTIONAL,
  maxValueCount
    [8]  SET SIZE (1..MAX) OF MaxValueCount OPTIONAL,
  maxImmSub                       [9]  INTEGER OPTIONAL,
  restrictedBy
    [10]  SET SIZE (1..MAX) OF RestrictedValue OPTIONAL,
  contexts
    [11]  SET SIZE (1..MAX) OF ContextAssertion OPTIONAL,
  classes                         [12]  Refinement OPTIONAL
}

MaxValueCount ::= SEQUENCE {type      AttributeType,
                            maxCount  INTEGER
}

RestrictedValue ::= SEQUENCE {type      AttributeType,
                              valuesIn  AttributeType
}

UserClasses ::= SEQUENCE {
  allUsers   [0]  NULL OPTIONAL,
  thisEntry  [1]  NULL OPTIONAL,
  name       [2]  SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
  userGroup  [3]  SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
  -- dn component must be the name of an
  -- entry of GroupOfUniqueNames 
  subtree    [4]  SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL
}

ItemPermission ::= SEQUENCE {
  precedence        Precedence OPTIONAL,
  -- defaults to precedence in ACIItem
  userClasses       UserClasses,
  grantsAndDenials  GrantsAndDenials
}

UserPermission ::= SEQUENCE {
  precedence        Precedence OPTIONAL,
  -- defaults to precedence in ACIItem
  protectedItems    ProtectedItems,
  grantsAndDenials  GrantsAndDenials
}

AuthenticationLevel ::= CHOICE {
  basicLevels
    SEQUENCE {level           ENUMERATED {none(0), simple(1), strong(2)},
              localQualifier  INTEGER OPTIONAL,
              signed          BOOLEAN DEFAULT FALSE},
  other        EXTERNAL
}

GrantsAndDenials ::= BIT STRING {
  -- permissions that may be used in conjunction
  -- with any component of ProtectedItems 
  grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
  grantRead(4), denyRead(5), grantRemove(6),
  denyRemove(7),
  -- permissions that may be used only in conjunction
  -- with the entry component
  grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
  grantImport(12), denyImport(13), grantModify(14), denyModify(15),
  grantRename(16), denyRename(17), grantReturnDN(18),
  denyReturnDN(19),
  -- permissions that may be used in conjunction
  -- with any component, except entry, of ProtectedItems
  grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
  grantInvoke(24), denyInvoke(25)}

AttributeTypeAndValue ::= SEQUENCE {
  type   ATTRIBUTE.&id({SupportedAttributes}),
  value  ATTRIBUTE.&Type({SupportedAttributes}{@type})
}

-- attributes 
accessControlScheme ATTRIBUTE ::= {
  WITH SYNTAX             OBJECT IDENTIFIER
  EQUALITY MATCHING RULE  objectIdentifierMatch
  SINGLE VALUE            TRUE
  USAGE                   directoryOperation
  ID                      id-aca-accessControlScheme
}

prescriptiveACI ATTRIBUTE ::= {
  WITH SYNTAX             ACIItem
  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
  USAGE                   directoryOperation
  ID                      id-aca-prescriptiveACI
}

entryACI ATTRIBUTE ::= {
  WITH SYNTAX             ACIItem
  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
  USAGE                   directoryOperation
  ID                      id-aca-entryACI
}

subentryACI ATTRIBUTE ::= {
  WITH SYNTAX             ACIItem
  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
  USAGE                   directoryOperation
  ID                      id-aca-subentryACI
}

-- object identifier assignments 
-- attributes 
id-aca-accessControlScheme OBJECT IDENTIFIER ::=
  {id-aca 1}

id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}

id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}

id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}

-- access control schemes -
basicAccessControlScheme OBJECT IDENTIFIER ::=
  {id-acScheme 1}

simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}

rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}

rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}

rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}

END -- BasicAccessControl

-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D