INTERNET-DRAFT Kathy Dally
Informational Draft The MITRE Corp.
Expires 22 March 2001 22 September 2000
ACP 133 Common Content and LDAP
<draft-dally-acp133-and-ldap-01.txt>
STATUS OF THIS MEMO
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026 except that the
right to produce derivative works is not granted. Internet-Drafts
are working documents of the Internet Engineering Task Force
(IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
ABSTRACT
In Allied Communications Publication (ACP) 133 [1], an X.500
directory user schema, called Common Content, is specified for the
Allied Directory. In order to enable Lightweight Directory Access
Protocol (LDAP) access to the Allied Directory and to enable the
general use by others of elements from the Common Content, this
document specifies the encoding of the Common Content using the
LDAP notation from Request for Comments (RFC) 2252 [2].
DALLY Expires 22 March 2001 [Page 1]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
TABLE OF CONTENTS
STATUS OF THIS MEMO....................................................1
ABSTRACT...............................................................1
TABLE OF CONTENTS......................................................2
1. INTRODUCTION.......................................................8
1.1 Background........................................................8
1.2 Purpose...........................................................8
2. OBJECT CLASSES.....................................................9
2.1 aCPNetworkEdB Object Class........................................9
2.2 aCPNetworkInstructionsEdB Object Class............................9
2.3 addressList Object Class..........................................9
2.4 aliasCommonName Object Class.....................................10
2.5 aliasOrganizationalUnit Object Class.............................10
2.6 altSpellingACP127 Object Class...................................10
2.7 cadACP127 Object Class...........................................11
2.8 distributionCodeDescription Object Class.........................11
2.9 distributionCodesHandled Object Class............................11
2.10 dSSCSPLA Object Class............................................11
2.11 messagingGateway Object Class....................................12
2.12 mhs-distribution-list Object Class...............................12
2.13 mhs-message-store Object Class...................................13
2.14 mhs-message-transfer-agent Object Class..........................13
2.15 mhs-user Object Class............................................14
2.16 mhs-user-agent Object Class......................................14
2.17 mLA Object Class.................................................14
2.18 mLAgent Object Class.............................................15
2.19 orgACP127 Object Class...........................................15
2.20 otherContactInformation Object Class.............................16
2.21 pkiCA Object Class...............................................16
2.22 pkiUser Object Class.............................................16
2.23 plaACP127 Object Class...........................................16
2.24 plaCollectiveACP127 Object Class.................................17
2.25 plaData Object Class.............................................17
2.26 plaUser Object Class.............................................17
2.27 releaseAuthorityPerson Object Class..............................18
2.28 releaseAuthorityPersonA Object Class.............................18
2.29 routingIndicator Object Class....................................18
2.30 secure-user Object Class.........................................18
2.31 securePkiUser Object Class.......................................19
2.32 sigintPLA Object Class...........................................19
2.33 sIPLA Object Class...............................................19
2.34 spotPLA Object Class.............................................20
2.35 taskForceACP127 Object Class.....................................20
2.36 tenantACP127 Object Class........................................20
2.37 ukms Object Class................................................21
3. ATTRIBUTE TYPES...................................................22
3.1 accessCodes Attribute............................................22
3.2 accountingCode Attribute.........................................22
3.3 aCPLegacyFormat Attribute........................................22
3.4 aCPMobileTelephoneNumber Attribute...............................22
3.5 aCPNetwAccessSchemaEdB Attribute.................................22
DALLY Expires 22 March 2001 [Page 2]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.6 aCPNetworkSchemaEdB Attribute....................................23
3.7 aCPPagerTelephoneNumber Attribute................................23
3.8 aCPPreferredDelivery Attribute...................................23
3.9 aCPTelephoneFaxNumber............................................23
3.10 actionAddressees Attribute.......................................24
3.11 additionalAddressees Attribute...................................25
3.12 additionalSecondPartyAddressees Attribute........................25
3.13 adminConversion Attribute........................................25
3.14 administrator Attribute..........................................25
3.15 aigsExpanded Attribute...........................................25
3.16 aLExemptedAddressProcessor Attribute.............................26
3.17 aliasPointer Attribute...........................................26
3.18 alid Attribute...................................................26
3.19 allowableOriginators Attribute...................................26
3.20 aLReceiptPolicy Attribute........................................26
3.21 alternateRecipient Attribute.....................................27
3.22 aLType Attribute.................................................27
3.23 aprUKMs Attribute................................................27
3.24 associatedAL Attribute...........................................27
3.25 associatedOrganization Attribute.................................27
3.26 associatedPLA Attribute..........................................28
3.27 augUKMs Attribute................................................28
3.28 buildingName Attribute...........................................28
3.29 cognizantAuthority Attribute.....................................28
3.30 collective-mhs-or-addresses Attribute............................29
3.31 collectiveMilitaryFacsimileNumber Attribute......................29
3.32 collectiveMilitaryTelephoneNumber Attribute......................29
3.33 collectiveNationality Attribute..................................29
3.34 collectiveSecureFacsimileNumber Attribute........................29
3.35 collectiveSecureTelephoneNumber Attribute........................29
3.36 community Attribute..............................................29
3.37 copyMember.......................................................30
3.38 decUKMs Attribute................................................30
3.39 deployed Attribute...............................................30
3.40 distributionCodeAction Attribute.................................30
3.41 distributionCodeInfo Attribute...................................31
3.42 dualRoute Attribute..............................................31
3.43 effectiveDate Attribute..........................................31
3.44 entryClassification Attribute....................................31
3.45 expirationDate Attribute.........................................31
3.46 febUKMs Attribute................................................32
3.47 garrison Attribute...............................................32
3.48 gatewayType Attribute............................................32
3.49 ghpType Attribute................................................32
3.50 guard Attribute..................................................33
3.51 host Attribute...................................................33
3.52 hostOrgACP127 Attribute..........................................33
3.53 infoAddressees Attribute.........................................33
3.54 janUKMs Attribute................................................33
3.55 julUKMs Attribute................................................34
3.56 junUKMs Attribute................................................34
3.57 lastRecapDate Attribute..........................................34
DALLY Expires 22 March 2001 [Page 3]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.58 listPointer Attribute............................................34
3.59 lmf Attribute....................................................34
3.60 longTitle Attribute..............................................35
3.61 mailDomains Attribute............................................35
3.62 marUKMs Attribute................................................35
3.63 mayUKMs Attribute................................................35
3.64 mhs-acceptable-eits Attribute....................................36
3.65 mhs-deliverable-classes Attribute................................36
3.66 mhs-deliverable-content-types Attribute..........................36
3.67 mhs-dl-archive-service Attribute.................................36
3.68 mhs-dl-members Attribute.........................................36
3.69 mhs-dl-policy Attribute..........................................37
3.70 mhs-dl-related-lists Attribute...................................37
3.71 mhs-dl-submit-permissions Attribute..............................37
3.72 mhs-dl-subscription-service Attribute............................37
3.73 mhs-exclusively-acceptable-eits Attribute........................37
3.74 mhs-maximum-content-length Attribute.............................38
3.75 mhs-message-store-dn Attribute...................................38
3.76 mhs-or-addresses Attribute.......................................38
3.77 mhs-or-addresses-with-capabilities Attribute.....................38
3.78 mhs-supported-attributes Attribute...............................39
3.79 mhs-supported-automatic-actions Attribute........................39
3.80 mhs-supported-content-types Attribute............................39
3.81 mhs-supported-matching-rules Attribute...........................40
3.82 mhs-unacceptable-eits Attribute..................................40
3.83 militaryFacsimileNumber Attribute................................40
3.84 militaryTelephoneNumber Attribute................................40
3.85 minimize Attribute...............................................41
3.86 minimizeOverride Attribute.......................................41
3.87 nameClassification Attribute.....................................41
3.88 nationality Attribute............................................41
3.89 networkDN Attribute..............................................41
3.90 novUKMs Attribute................................................42
3.91 octUKMs Attribute................................................42
3.92 onSupported Attribute............................................42
3.93 operationName Attribute..........................................42
3.94 plaAddressees Attribute..........................................43
3.95 plaNameACP127 Attribute..........................................43
3.96 plaReplace Attribute.............................................43
3.97 plasServed Attribute.............................................43
3.98 positionNumber Attribute.........................................44
3.99 primarySpellingACP127 Attribute..................................44
3.100 proprietaryMailboxes Attribute..................................44
3.101 publish Attribute...............................................44
3.102 rank Attribute..................................................44
3.103 recapDueDate Attribute..........................................45
3.104 releaseAuthorityName Attribute..................................45
3.105 remarks Attribute...............................................45
3.106 rfc822Mailbox Attribute.........................................45
3.107 rI Attribute....................................................45
3.108 rIClassification Attribute......................................46
3.109 rIInfo Attribute................................................46
DALLY Expires 22 March 2001 [Page 4]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.110 roomNumber Attribute............................................46
3.111 secondPartyAddressees Attribute.................................46
3.112 section Attribute...............................................47
3.113 secureFacsimileNumber Attribute.................................47
3.114 secureTelephoneNumber Attribute.................................47
3.115 sepUKMs Attribute...............................................47
3.116 serviceNumber Attribute.........................................47
3.117 serviceOrAgency Attribute.......................................48
3.118 sHD Attribute...................................................48
3.119 shortTitle Attribute............................................48
3.120 sigad Attribute.................................................48
3.121 spot Attribute..................................................49
3.122 tARE Attribute..................................................49
3.123 tCC Attribute...................................................49
3.124 tCCG Attribute..................................................49
3.125 transferStation Attribute.......................................49
3.126 tRC Attribute...................................................50
3.127 usdConversion Attribute.........................................50
4. NAME FORMS........................................................51
4.1 aCPNetworkEdBNameForm............................................51
4.2 aCPNetworkInstrEdBNameForm.......................................51
4.3 addressListNameForm..............................................51
4.4 aENameForm.......................................................51
4.5 aliasCNNameForm..................................................51
4.6 aliasOUNameForm..................................................51
4.7 applProcessNameForm..............................................51
4.8 alternateSpellingPLANameForm.....................................51
4.9 cadPLANameForm...................................................52
4.10 cRLDistPtNameForm................................................52
4.11 countryNameForm..................................................52
4.12 deviceNameForm...................................................52
4.13 distributionCodeDescriptionNameForm..............................52
4.14 dSANameForm......................................................52
4.15 dSSCSPLANameForm.................................................52
4.16 gONNameForm......................................................52
4.17 locNameForm......................................................53
4.18 messagingGatewayNameForm.........................................53
4.19 mhs-dLNameForm...................................................53
4.20 mLANameForm......................................................53
4.21 mLAgentNameForm..................................................53
4.22 mSNameForm.......................................................53
4.23 mTANameForm......................................................53
4.24 mUANameForm......................................................53
4.25 organizationalPLANameForm........................................54
4.26 organizationNameForm.............................................54
4.27 orgRNameForm.....................................................54
4.28 orgUNameForm.....................................................54
4.29 plaCollectiveNameForm............................................54
4.30 qualifiedOrgPersonNameForm.......................................54
4.31 releaseAuthorityPersonNameForm...................................54
4.32 releaseAuthorityPersonANameForm..................................54
4.33 routingIndicatorNameForm.........................................55
DALLY Expires 22 March 2001 [Page 5]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
4.34 sigintNameForm...................................................55
4.35 sIPLANameForm....................................................55
4.36 sOPNameForm......................................................55
4.37 spotPLANameForm..................................................55
4.38 taskForcePLANameForm.............................................55
4.39 tenantPLANameForm................................................55
5. MATCHING RULES....................................................56
5.1 addressCapabilitiesMatch Matching Rule...........................56
5.2 capabilityMatch Matching Rule....................................56
5.3 oRAddressMatch Matching Rule.....................................56
5.4 oRNameExactMatch Matching Rule...................................56
5.5 caseIgnoreListSubstringsMatch Matching Rule......................56
5.6 booleanMatch Matching Rule.......................................56
6. ATTRIBUTE SYNTAXES................................................57
6.1 aCPLegacyFormat Attribute Syntax.................................57
6.2 aCPPreferredDelivery Attribute Syntax for the
aCPPreferredDelivery Attribute...................................57
6.3 aCPTelephoneFaxNumber Attribute Syntax...........................57
6.4 AddressCapabilities Attribute Syntax from X.402..................58
6.5 addressees Attribute Syntax......................................58
6.6 addressListType Attribute Syntax for the aLType Attribute........58
6.7 Capability Attribute Syntax from X.402...........................59
6.8 Classification Attribute Syntax..................................59
6.9 Community Abstract Syntax for the community Attribute............60
6.10 DLPolicy Attribute Syntax from X.402.............................60
6.11 DLSubmitPermission Attribute Syntax from X.402...................62
6.12 MLReceiptPolicy Attribute Syntax.................................62
6.13 ORName Attribute Syntax from X.411...............................63
6.14 otherNotificationsSupported Abstract Syntax for the
onSupported Attribute............................................63
6.15 Remarks Attribute Syntax.........................................63
6.16 RIParameters Attribute Syntax....................................64
7. EXAMPLE CONTENT RULES.............................................65
7.1 aCPApplicationEntityRuleEdA Content Rule.........................65
7.2 aCPCRLDistributionPointRule Content Rule.........................65
7.3 aCPDeviceRuleEdA Content Rule....................................65
7.4 aCPDSARuleEdA Content Rule.......................................65
7.5 aCPGroupOfNamesRule Content Rule.................................65
7.6 aCPLocalityRule Content Rule.....................................66
7.7 aCPMhs-distribution-listRule Content Rule........................66
7.8 aCPMhs-message-storeRuleEdA Content Rule.........................66
7.9 aCPMhs-message-transfer-agentRuleEdA Content Rule................66
7.10 aCPMhs-user-agentRule Content Rule...............................66
7.11 aCPOrganizationalPersonRuleEdB Content Rule......................66
7.12 aCPOrganizationalRoleRuleEdB Content Rule........................67
7.13 aCPOrganizationalUnitRuleEdB Content Rule........................67
7.14 aCPOrganizationRuleEdB Content Rule..............................68
7.15 aCPRoutingIndicatorEdB Content Rule..............................68
7.16 addressListRuleEdA Content Rule..................................68
7.17 aliasCommonNameRule Content Rule.................................69
7.18 aliasOrganizationalUnitRule Content Rule.........................69
7.19 distributionCodeDescriptionRule Content Rule.....................69
DALLY Expires 22 March 2001 [Page 6]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
7.20 messagingGatewayRuleEdA Content Rule.............................69
7.21 mLAgentRule Content Rule.........................................69
7.22 networkEdBRule Content Rule......................................69
7.23 networkInstructionsRuleEdB Content Rule..........................70
7.24 rAPersonRuleEdA Content Rule.....................................70
7.25 sigintPLARule Content Rule.......................................70
7.26 spotPLARule Content Rule.........................................70
8. STRUCTURE RULES...................................................71
9. SECURITY CONSIDERATIONS...........................................71
10. REFERENCES........................................................72
11. ABBREVIATIONS.....................................................74
12. ACKNOWLEDGEMENTS..................................................76
13. AUTHOR'S ADDRESS..................................................76
DALLY Expires 22 March 2001 [Page 7]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
1. INTRODUCTION
1.1 Background
ACP 133(B) [1] is the specification, developed by the Combined
Communications-Electronics Board (CCEB), of the X.500-based Allied
Directory. One of the things specified in ACP 133(B) [1] is the
directory user schema, which is called Common Content. In the
Common Content are directory elements that support several
communications applications including electronic mail (e-mail),
Message Handling Systems (MHS), and telephony.
The CCEB is a five nation joint military communications-electronics
organization whose mission is the coordination of any military
communications information systems matters among the members. The
Member Nations of the CCEB are Australia, Canada, New Zealand, the
United Kingdom, and the United States.
ACP 133(B) [1] specifies access to the Allied Directory using the
X.500 Directory Access Protocol (DAP). Also, within the CCEB,
guidelines have been developed for the use of the Internet LDAP.
1.2 Purpose
This document is meant to be informational. Its purpose is to
record an LDAP encoding of the Common Content, so that:
* elements from the Common Content can be applied generally to
applications and environments other than the Allied
Directory. For example, the name forms for components of
X.400 MHS could be used in any X.400/X.500 system. Likewise,
the addressList object class could be used in cases where
lists of recipients are processed differently than X.400
distribution lists.
* use of LDAP to access the Allied Directory is enabled
Since the Common Content is based on X.500, this document refers
to RFC 2252 [2] and RFC 2256 [3] for the X.500 schema elements
(e.g., localityName attribute, country object class). The
contents of this document are the specifications of all of the
rest of the schema elements in the Common Content (e.g.,
mLAgentNameForm name form, otherContactInformation object class).
For descriptions and procedures regarding the Common Content
schema elements, consult ACP 133(B) [1].
DALLY Expires 22 March 2001 [Page 8]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
2. OBJECT CLASSES
2.1 aCPNetworkEdB Object Class
The aCPNetworkEdB structural object class is used to define
directory entries representing interconnected communications
networks. A Network EdB entry can have subordinate entries that
define the access and instructions for reaching other networks.
( 2.16.840.1.101.2.2.3.68 NAME 'aCPNetworkEdB'
SUP 2.5.6.0 ; top
MUST 2.5.4.3 ; cn
MAY ( 2.5.4.13 $ ; description
2.16.840.1.101.2.2.1.147 $ ; aCPNetworkSchemaEdB
2.16.840.1.101.2.2.1.124 $ ; operationName
2.5.4.34 ) ) ; seeAlso
2.2 aCPNetworkInstructionsEdB Object Class
The aCPNetworkInstructionsEdB structural object class is used to
define a directory entry that provides the description of how to
reach the subject network from another network.
( 2.16.840.1.101.2.2.3.69 NAME 'aCPNetworkInstructionsEdB'
SUP 2.5.6.0 ; top
MUST 2.5.4.3 ; cn
MAY ( 2.16.840.1.101.2.2.1.106 $ ; accessCodes
2.16.840.1.101.2.2.1.146 $ ; aCPNetwAccessSchemaEdB
2.5.4.13 $ ; description
2.16.840.1.101.2.2.1.121 ) ) ; networkDN
2.3 addressList Object Class
The addressList (aL) object class is used to define directory
entries that represent address lists, in particular, the members
of the list. The sender of a message uses the address list name
to send to all of the members in the list. The replacement of
the address list name by the members of the list is performed by
the sending User Agent (UA) or a Mailing List Agent (MLA), instead
of the Message Transfer System (MTS).
( 2.16.840.1.101.2.2.3.57 NAME 'addressList'
SUP 2.5.6.0 ; top
MUST ( 2.5.4.3 $ ; cn
2.6.5.2.4 ) ; mhs-dl-submit-permissions
MAY ( 2.16.840.1.101.2.1.5.47 $ ; aLExemptedAddressProcessor
2.16.840.1.101.2.1.5.14 $ ; alid
2.16.840.1.101.2.2.1.135 $ ; aLReceiptPolicy
2.16.840.1.101.2.2.1.112 $ ; aLType
2.5.4.15 $ ; businessCategory
2.16.840.1.101.2.2.1.114 $ ; copyMember
2.5.4.13 $ ; description
2.5.4.31 $ ; member
DALLY Expires 22 March 2001 [Page 9]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
2.6.5.2.12 $ ; mhs-dl-archive-service
2.6.5.2.13 $ ; mhs-dl-policy
2.6.5.2.14 $ ; mhs-dl-related-lists
2.6.5.2.15 $ ; mhs-dl-subscription-service
2.5.4.11 $ ; ou
2.5.4.10 $ ; o
2.5.4.32 $ ; owner
2.16.840.1.101.2.2.1.76 $ ; remarks
2.5.4.34 ) ) ; seeAlso
2.4 aliasCommonName Object Class
The aliasCommonName object class is a subclass of alias where an
alias entry is named by commonName. It is useful when different
attributes are used for the Relative Distinguished Names (RDNs) of
aliases to different types of entries (e.g., commonName as alias
to a person entry and organizationalUnitName as alias to a
corporate department entry). See the aliasOrganizationalUnit
object class.
( 2.16.840.1.101.2.2.3.52 NAME 'aliasCommonName'
SUP 2.5.6.1 ; alias
MUST 2.5.4.3 ) ; cn
2.5 aliasOrganizationalUnit Object Class
The aliasOrganizationalUnit object class is a subclass of alias
where an alias entry is named by organizationalUnitName. It
is useful when different attributes are used for the RDNs of
aliases to different types of entries. See the aliasCommonName
object class definition and example.
( 2.16.840.1.101.2.2.3.53 NAME 'aliasOrganizationalUnit'
SUP 2.5.6.1 ; alias
MUST 2.5.4.11 ) ; ou
2.6 altSpellingACP127 Object Class
The altSpellingACP127 object class is used to represent a Plain
Language Address (PLA) that is an alternative spelling of another
PLA. An object from this class always contains a reference to the
PLA for which it provides the alternative spelling. This object
class is a subclass of the plaACP127 auxiliary object class.
( 2.16.840.1.101.2.2.3.58 NAME 'altSpellingACP127'
SUP 2.16.840.1.101.2.2.3.47 ; plaACP127
MUST ( 2.16.840.1.101.2.2.1.72 $ ; plaReplace
2.16.840.1.101.2.2.1.73 ) ) ; primarySpellingACP127
DALLY Expires 22 March 2001 [Page 10]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
2.7 cadACP127 Object Class
The cadACP127 (Collective Address Designator) object class is used
to represent an ACP 127/JANAP 128 (Joint Army, Navy, Air Force
Procedure) [4]/[5] distribution list. It is a subclass of the
plaACP127 auxiliary object class.
( 2.16.840.1.101.2.2.3.28 NAME 'cadACP127'
SUP 2.16.840.1.101.2.2.3.47 ; plaACP127
MUST 2.16.840.1.101.2.2.1.51 ; cognizantAuthority
MAY ( 2.16.840.1.101.2.2.1.113 $ ; associatedAL
2.16.840.1.101.2.2.1.56 $ ; entryClassification
2.16.840.1.101.2.2.1.75 $ ; recapDueDate
2.16.840.1.101.2.2.1.79 ) ) ; rIInfo
2.8 distributionCodeDescription Object Class
The distributionCodeDescription object class is used to define a
directory entry that represents a registered Distribution Code in
the directory and describes its meaning. See ACP 123 [6] for
specification of distribution codes. The distribution code is
held in the commonName attribute.
( 2.16.840.1.101.2.2.3.55 NAME 'distributionCodeDescription'
SUP 2.5.6.0 ; top
MUST 2.5.4.3 ; cn
MAY 2.5.4.13 ) ; description
2.9 distributionCodesHandled Object Class
The distributionCodesHandled object class provides for identifying
the distribution codes (e.g., Subject Indicator Codes (SIC) as
defined in NATO Subject Indicator System (NASIS) - publication 3
(NATO APP-3) [7] and supplements) which are handled, either for
action or information, by the object (e.g., organizational role,
organizational person, or organizational unit) represented by the
directory entry in which this auxiliary is included.
( 2.16.840.1.101.2.2.3.54 NAME 'distributionCodesHandled'
SUP 2.5.6.0 ; top
AUXILIARY
MAY ( 2.16.840.1.101.2.2.1.104 $ ; distributionCodeAction
2.16.840.1.101.2.2.1.105 ) ) ; distributionCodeInfo
2.10 dSSCSPLA Object Class
The dSSCSPLA object class is used to represent an Intelligence
Community (IC) Plain Language Address (PLA) organization that, in
the directory, is named using the plaNameACP127 attribute.
DALLY Expires 22 March 2001 [Page 11]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.2.3.67 NAME 'dSSCSPLA'
SUP 2.16.840.1.101.2.2.3.47 ; plaACP127
MUST ( 2.16.840.1.101.2.2.1.77 ; rI )
MAY ( 2.16.840.1.101.2.2.1.143 $ ; adminConversion
2.16.840.1.101.2.2.1.4 $ ; associatedOrganization
2.5.4.7 $ ; localityName
2.16.840.1.101.2.2.1.85 $ ; sigad
2.16.840.1.101.2.2.1.145 ) ) ; usdConversion
2.11 messagingGateway Object Class
The messagingGateway object class is used to store information
about an application entity which serves as an application layer
gateway between two mail systems. When a gateway performs
translation services, a messagingGateway object provides a
mechanism to address these translation services directly.
( 2.16.840.1.101.2.2.3.59 NAME 'messagingGateway'
SUP 2.6.5.1.2 ; mhs-message-transfer-agent
MAY ( 2.16.840.1.101.2.2.1.110 $ ; administrator
2.16.840.1.101.2.2.1.111 $ ; aigsExpanded
2.16.840.1.101.2.2.1.115 $ ; gatewayType
2.16.840.1.101.2.2.1.116 $ ; ghpType
0.9.2342.19200300.100.1.9 $ ; host
2.16.840.1.101.2.2.1.118 $ ; mailDomains
2.6.5.2.17 $ ; mhs-acceptable-eits
2.6.5.2.1 $ ; mhs-deliverable-content-types
2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits
2.6.5.2.5 $ ; mhs-message-store-dn
2.6.5.2.6 $ ; mhs-or-addresses
2.6.5.2.16 $ ; mhs-or-addresses-with-capabilities
2.6.5.2.18 $ ; mhs-unacceptable-eits
2.16.840.1.101.2.2.1.123 $ ; onSupported
2.16.840.1.101.2.2.1.70 $ ; plaNameACP127
2.16.840.1.101.2.2.1.79 ) ) ; rIInfo
2.12 mhs-distribution-list Object Class
The mhs-distribution-list object class is used to define a
directory entry that represents a distribution list (DL), that
is, an address list that is expanded by the MTS. The attributes
in the entry identify the distribution list name, submit
permissions, and OR-addresses and, to the extent that the relevant
attributes are present, describe the DL, identify its organization,
organizational units, and owner; cite related objects; identify
its maximum content length, deliverable content types, and
acceptable, exclusively acceptable, and unacceptable encoded
information types (EITs); and identify its expansion policy,
subscription addresses, archive addresses, related lists,
and members.
DALLY Expires 22 March 2001 [Page 12]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.6.5.1.0 NAME 'mhs-distribution-list'
SUP 2.5.6.0 ; top MUST ( 2.5.4.3 $ ; cn
2.6.5.2.4 $ ; mhs-dl-submit-permissions
2.6.5.2.6 ) ; mhs-or-addresses
MAY ( 2.5.4.13 $ ; description
2.5.4.10 $ ; o
2.5.4.11 $ ; ou
2.5.4.32 $ ; owner
2.5.4.34 $ ; seeAlso
2.6.5.2.0 $ ; mhs-maximum-content-length
2.6.5.2.1 $ ; mhs-deliverable-content-types
2.6.5.2.17 $ ; mhs-acceptable-eits
2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits
2.6.5.2.18 $ ; mhs-unacceptable-eits
2.6.5.2.13 $ ; mhs-dl-policy
2.6.5.2.15 $ ; mhs-dl-subscription-service
2.6.5.2.12 $ ; mhs-dl-archive-service
2.6.5.2.14 $ ; mhs-dl-related-lists
2.6.5.2.3 ) ) ; mhs-dl-members
2.13 mhs-message-store Object Class
The mhs-message-store object class is used to define directory
entries that represent application entities that implement the
MHS Message Store (MS) functionality. The attributes in an entry,
to the extent that they are present, describe the MS, identify its
owner, and enumerate the attributes, automatic actions, matching
rules, content types, and network protocols the MS supports.
( 2.6.5.1.1 NAME 'mhs-message-store'
SUP 2.5.6.12 ; applicationEntity
MAY (2.5.4.32 $ ; owner
$ 2.6.5.2.10 $ ; mhs-supported-attributes
$ 2.6.5.2.8 $ ; mhs-supported-automatic-actions
$ 2.6.5.2.11 $ ; mhs-supported-matching-rules
$ 2.6.5.2.9 $ ; mhs-supported-content-types
$ 2.5.4.48 ) ) ; protocolInformation
2.14 mhs-message-transfer-agent Object Class
The mhs-message-transfer-agent object class is used to define
directory entries that represent application entities that
implement the MHS Message Transfer Agent (MTA) functionality. The
attributes in an entry, to the extent that they are present,
describe the MTA and identify its owner, the maximum content
length it can handle, and its supported network protocols.
( 2.6.5.1.2 NAME 'mhs-message-transfer-agent'
SUP 2.5.6.12 ; applicationEntity
MAY ( 2.5.4.32 $ ; owner
2.6.5.2.0 $ ; mhs-maximum-content-length
2.5.4.48 ) ) ; protocolInformation
DALLY Expires 22 March 2001 [Page 13]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
2.15 mhs-user Object Class
The mhs-user object class is used in defining directory entries
representing MHS users. The attributes in an entry identify the
MHS user's OR-address and, to the extent that the relevant
attributes are present, identify the maximum content length,
content types, and EITs that can be handled by the user; its MS;
and its preferred delivery methods.
( 2.6.5.1.3 NAME 'mhs-user'
SUP 2.5.6.0 ; top
AUXILIARY
MUST 2.6.5.2.6 ; mhs-or-addresses
MAY ( 2.6.5.2.0 $ ; mhs-maximum-content-length
2.6.5.2.1 $ ; mhs-deliverable-content-types
2.6.5.2.17 $ ; mhs-acceptable-eits
2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits
2.6.5.2.18 $ ; mhs-unacceptable-eits
2.6.5.2.16 $ ; mhs-or-addresses-with-capabilities
2.6.5.2.5 ) ) ; mhs-message-store-dn
2.16 mhs-user-agent Object Class
The mhs-message-transfer-agent object class is used to define
directory entries that represent application entities that
implement the MHS MTA functionality. The attributes in an entry,
to the extent that they are present, describe the MTA and identify
its owner, the maximum content length it can handle, and its
supported network protocols.
( 2.6.5.1.4 NAME 'mhs-user-agent'
SUP 2.5.6.12 ; applicationEntity
MAY ( 2.5.4.32 $ ; owner
2.6.5.2.0 $ ; mhs-maximum-content-length
2.6.5.2.1 $ ; mhs-deliverable-content-types
2.6.5.2.17 $ ; mhs-acceptable-eits
2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits
2.6.5.2.18 $ ; mhs-unacceptable-eits
2.6.5.2.19 $ ; mhs-deliverable-classes
2.6.5.2.6 $ ; mhs-or-addresses
2.5.4.48 ) ) ; protocolInformation
2.17 mLA Object Class
The mLA object class is used to represent an application entity
that performs the functions of a Mail List Agent (MLA). This
object class is a subclass of applicationEntity and
strong-authentication-user.
Note that this object class may become obsolete, depending on the
resolution of Certificate Management Infrastructure (CMI) issues.
DALLY Expires 22 March 2001 [Page 14]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.2.3.31 NAME 'mLA'
SUP ( 2.5.6.12 $ ; applicationEntity
2.5.6.15 ) ; strongAuthenticationUser
MAY 2.5.4.52 ) ; supportedAlgorithms
2.18 mLAgent Object Class
The mLAgent object class is used to represent an application
entity that performs the functions of a MLA. This object class
is a subclass of applicationEntity and pkiUser.
( 2.16.840.1.101.2.2.3.64 NAME 'mLAgent'
SUP ( 2.5.6.12 $ ; applicationEntity
2.5.6.21 ; pkiUser )
MAY 2.5.4.52 ) ; supportedAlgorithms
2.19 orgACP127 Object Class
The orgACP127 object class is used to define the entry for a
single ACP 127/JANAP 128 [4]/[5] messaging user. This object
class is a subclass of the plaACP127 auxiliary object class.
( 2.16.840.1.101.2.2.3.34 NAME 'orgACP127'
SUP 2.16.840.1.101.2.2.3.47 ; plaACP127
MAY ( 2.16.840.1.101.2.2.1.53 $ ; accountingCode
2.16.840.1.101.2.2.1.4 $ ; associatedOrganization
2.5.4.6 $ ; c
2.16.840.1.101.2.2.1.54 $ ; dualRoute
2.16.840.1.101.2.2.1.56 $ ; entryClassification
2.5.4.7 $ ; l
2.16.840.1.101.2.2.1.63 $ ; longTitle
2.16.840.1.101.2.2.1.64 $ ; minimize
2.16.840.1.101.2.2.1.65 $ ; minimizeOverride
2.16.840.1.101.2.2.1.67 $ ; nameClassification
2.16.840.1.101.2.2.1.77 $ ; rI
2.16.840.1.101.2.2.1.79 $ ; rIInfo
2.16.840.1.101.2.2.1.81 $ ; section
2.5.4.8 $ ; st
2.16.840.1.101.2.2.1.87 ) ) ; tARE
2.20 otherContactInformation Object Class
The otherContactInformation object class provides for additional
telephone, location, and mailbox information in directory entries.
( 2.16.840.1.101.2.2.3.62 NAME 'otherContactInformation'
SUP 2.5.6.0 ; top
AUXILIARY
MAY ( 2.16.840.1.101.2.2.1.94 $ ; aCPMobileTelephoneNumber
2.16.840.1.101.2.2.1.95 $ ; aCPPagerTelephoneNumber
2.16.840.1.101.2.2.1.108 $ ; aCPPreferredDelivery
2.16.840.1.101.2.2.1.118 $ ; mailDomains
DALLY Expires 22 March 2001 [Page 15]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
2.16.840.1.101.2.2.1.119 $ ; militaryFacsimileNumber
2.16.840.1.101.2.2.1.120 $ ; militaryTelephoneNumber
2.16.840.1.101.2.2.1.126 $ ; proprietaryMailboxes
0.9.2342.19200300.100.1.6 $ ; roomNumber
2.16.840.1.101.2.2.1.127 $ ; secureFacsimileNumber
2.16.840.1.101.2.2.1.128 ) ) ; secureTelephoneNumber
2.21 pkiCA Object Class
The pkiCA object class is used to represent Certification Authorities.
( 2.5.6.22 NAME 'pkiCA'
SUP 2.5.6.0 ; top
AUXILIARY
MAY ( 2.5.4.37 $ ; cACertificate
2.5.4.39 $ ; certificateRevocationList
2.5.4.38 $ ; authorityRevocationList
2.5.4.40 ) ) ; crossCertificatePair
2.22 pkiUser Object Class
The pkiUser object class is used to represent certificate
subjects. A certificate subject is a human or other type of
directory user to which a certificate has been issued.
( 2.5.6.21 NAME 'pkiUser'
SUP 2.5.6.0 ; top
AUXILIARY
MAY 2.5.4.36 ) ; userCertificate
2.23 plaACP127 Object Class
The plaACP127 object class provides for the general PLA attributes
common to general service (GENSER) PLA entries, all of which
inherit this class.
( 2.16.840.1.101.2.2.3.47 NAME 'plaACP127'
SUP 2.5.6.0 ; top
AUXILIARY
MUST 2.16.840.1.101.2.2.1.70 ; plaNameACP127
MAY ( 2.16.840.1.101.2.2.1.52 $ ; community
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 $ ; expirationDate
2.16.840.1.101.2.2.1.68 $ ; nationality
2.16.840.1.101.2.2.1.74 $ ; publish
2.16.840.1.101.2.2.1.76 $ ; remarks
2.16.840.1.101.2.2.1.82 ) ) ; serviceOrAgency
DALLY Expires 22 March 2001 [Page 16]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
2.24 plaCollectiveACP127 Object Class
The plaCollectiveACP127 object class is used to define the entry
for an ACP 127/JANAP 128 [4]/[5] Address Indicator Group (AIG)
distribution list or Type distribution list. This object class is
a subclass of the plaACP127 auxiliary object class.
( 2.16.840.1.101.2.2.3.35 NAME 'plaCollectiveACP127'
SUP 2.16.840.1.101.2.2.3.47 ; plaACP127
MUST 2.16.840.1.101.2.2.1.51 ; cognizantAuthority
MAY ( 2.16.840.1.101.2.2.1.46 $ ; actionAddressees
2.16.840.1.101.2.2.1.50 $ ; allowableOriginators
2.16.840.1.101.2.2.1.113 $ ; associatedAL
2.5.4.13 $ ; description
2.16.840.1.101.2.2.1.56 $ ; entryClassification
2.16.840.1.101.2.2.1.59 $ ; infoAddressees
2.16.840.1.101.2.2.1.60 $ ; lastRecapDate
2.16.840.1.101.2.2.1.75 ) ) ; recapDueDate
2.25 plaData Object Class
The plaData object class contains attributes common to Special
Intelligence (SI) PLAs.
( 2.16.840.1.101.2.2.3.26 NAME 'plaData'
SUP 2.5.6.0 ; top
AUXILIARY
MAY ( 2.16.840.1.101.2.2.1.52 $ ; community
2.5.4.13 $ ; description
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
2.26 plaUser Object Class
The plaUser object class contains the name of a PLA's directory
entry and, optionally, Routing Indicator (RI) for addressing
that PLA.
( 2.16.840.1.101.2.2.3.56 NAME 'plaUser'
SUP 2.5.6.0 ; top
AUXILIARY
MUST 2.16.840.1.101.2.2.1.70 ; plaNameACP127
MAY 2.16.840.1.101.2.2.1.79 ) ; rIInfo
2.27 releaseAuthorityPerson Object Class
The releaseAuthorityPerson object class is used to define the
entry for a role of release authority who releases organizational
messages on behalf of an organization. Whereas organizations
originate their organizational messages, it is the job of the
release authority to sign the messages. Release authorities do
not send individual messages and do not receive messages.
DALLY Expires 22 March 2001 [Page 17]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
Note that this object class may become obsolete, depending on the
resolution of CMI issues.
( 2.16.840.1.101.2.2.3.63 NAME 'releaseAuthorityPerson'
SUP.2.16.840.1.101.2.1.4.13 ; secure-user
MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName
2.28 releaseAuthorityPersonA Object Class
The releaseAuthorityPersonA object class is used to define the
entry for a role of release authority who releases organizational
messages on behalf of an organization. Whereas organizations
originate their organizational messages, it is the job of the
release authority to sign the messages. Release authorities do
not send individual messages and do not receive messages.
( 2.16.840.1.101.2.2.3.65 NAME 'releaseAuthorityPersonA'
SUP.2.16.840.1.101.2.2.3.66 ; securePkiUser
MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName
2.29 routingIndicator Object Class
The routingIndicator object class is used to define an entry for
a RI and is a subclass of the plaData auxiliary object class.
( 2.16.840.1.101.2.2.3.37 NAME 'routingIndicator'
SUP 2.16.840.1.101.2.2.3.26 ; plaData
MUST 2.16.840.1.101.2.2.1.77 ; rI
MAY ( 2.16.840.1.101.2.2.1.62 $ ; lmf
2.6.5.2.0 $ ; mhs-maximum-content-length
2.16.840.1.101.2.2.1.68 $ ; nationality
2.16.840.1.101.2.2.1.74 $ ; publish
2.16.840.1.101.2.2.1.78 $ ; rIClassification
2.16.840.1.101.2.2.1.83 $ ; sHD
2.16.840.1.101.2.2.1.96 $ ; tCC
2.16.840.1.101.2.2.1.69 $ ; transferStation
2.16.840.1.101.2.2.1.97 ) ) ; tRC
2.30 secure-user Object Class
The secure-user object class is used in defining directory entries
that include credentials for users. It is a subclass of the
strongAuthenticationUser object class, defined in X.521 [8], which
provides for a user certificate.
Note that this object class may become obsolete, depending on the
resolution of CMI issues.
( 2.16.840.1.101.2.1.4.13 NAME 'secure-user'
SUP 2.5.6.15 ; strongAuthenticationUser
AUXILIARY
DALLY Expires 22 March 2001 [Page 18]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
MAY ( 2.5.6.58 $ ; attributeCertificate
2.5.4.52 ) ) ; supportedAlgorithms
2.31 securePkiUser Object Class
The securePkiUser (Public Key Infrastructure) object class is used
in defining directory entries that include credentials for ACP 123
[6] users. It is a subclass of the pkiUser object class, defined
in RFC 2587 [9], which provides for a user certificate.
( 2.16.840.1.101.2.2.3.66 NAME 'securePkiUser'
SUP 2.5.6.21 ; pkiUser
AUXILIARY
MAY ( 2.5.6.58 $ ; attributeCertificate
2.5.4.52 ) ) ; supportedAlgorithms
2.32 sigintPLA Object Class
The sigintPLA (Signal Intelligence) object class is used to
represent sensitive SI PLAs. This object class is a subclass of
the plaData auxiliary object class.
( 2.16.840.1.101.2.2.3.38 NAME 'sigintPLA'
SUP 2.16.840.1.101.2.2.3.26 ; plaData
MUST 2.16.840.1.101.2.2.1.85 ; sigad
MAY ( 2.5.4.7 $ ; l
2.16.840.1.101.2.2.1.68 $ ; nationality
2.16.840.1.101.2.2.1.74 $ ; publish
2.16.840.1.101.2.2.1.76 $ ; remarks
2.16.840.1.101.2.2.1.77 $ ; rI
2.16.840.1.101.2.2.1.84 ) ) ; shortTitle
2.33 sIPLA Object Class
The sIPLA object class is used to define the entry for a single
Special Intelligence (SI) messaging user. This object class is a
subclass of the plaData auxiliary object class.
( 2.16.840.1.101.2.2.3.39 NAME 'sIPLA'
SUP 2.16.840.1.101.2.2.3.26 ; plaData
MUST 2.16.840.1.101.2.2.1.63 ; longTitle
MAY ( 2.5.4.7 $ ; l
2.16.840.1.101.2.2.1.68 $ ; nationality
2.16.840.1.101.2.2.1.74 $ ; publish
2.16.840.1.101.2.2.1.76 $ ;remarks
2.16.840.1.101.2.2.1.77 $ ; rI
2.16.840.1.101.2.2.1.84 $ ; shortTitle
2.16.840.1.101.2.2.1.85 ) ) ; sigad
DALLY Expires 22 March 2001 [Page 19]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
2.34 spotPLA Object Class
The spotPLA object class is used to define an entry for a special
products distribution list. This object class is a subclass of
the plaData auxiliary object class.
( 2.16.840.1.101.2.2.3.40 NAME 'spotPLA'
SUP 2.16.840.1.101.2.2.3.26 ; plaData
MUST 2.16.840.1.101.2.2.1.86 ; spot
MAY ( 2.16.840.1.101.2.2.1.46 $ ; actionAddressees
2.16.840.1.101.2.2.1.47 $ ; additionalAddressees
2.16.840.1.101.2.2.1.48 $ ; additionalSecondPartyAddressees
2.6.5.2.4 $ ; mhs-dl-submit-permissions
2.16.840.1.101.2.2.1.76 $ ; remarks
2.16.840.1.101.2.2.1.80 ) ) ; secondPartyAddressees
2.35 taskForceACP127 Object Class
The taskForceACP127 object class is used to define a directory
entry for an ACP 127/JANAP 128 [4]/[5] task force distribution
list. This object class is a subclass of the plaACP127 auxiliary
object class.
( 2.16.840.1.101.2.2.3.41 NAME 'taskForceACP127'
SUP 2.16.840.1.101.2.2.3.47 ; plaACP127
MUST ( 2.16.840.1.101.2.2.1.51 $ ; cognizantAuthority
2.16.840.1.101.2.2.1.60 $ ; lastRecapDate
2.16.840.1.101.2.2.1.75 ; recapDueDate)
MAY ( 2.16.840.1.101.2.2.1.113 $ ; associatedAL
2.16.840.1.101.2.2.1.56 $ ; entryClassification
2.16.840.1.101.2.2.1.71 ) ) ; plaAddressees
2.36 tenantACP127 Object Class
The tenantACP127 object class is used to define a directory entry
that represents a tenant PLA. This object class is a subclass of
the plaACP127 auxiliary object class.
( 2.16.840.1.101.2.2.3.42 NAME 'tenantACP127'
SUP 2.16.840.1.101.2.2.3.47 ; plaACP127
MUST 2.16.840.1.101.2.2.1.58 ; hostOrgACP127
MAY ( 2.16.840.1.101.2.2.1.56 $ ; entryClassification
2.16.840.1.101.2.2.1.87 ) ) ; tARE
2.37 ukms Object Class
The ukms object class contains the monthly values of user keying
material (UKM) used in the construction of selected CCEB symmetric
confidentiality algorithms.
DALLY Expires 22 March 2001 [Page 20]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.1.4.16 NAME 'ukms'
SUP 2.5.6.0 ; top
AUXILIARY
MAY ( 2.16.840.1.101.2.1.5.20 $ ; janUKMs
2.16.840.1.101.2.1.5.21 $ ; febUKMs
2.16.840.1.101.2.1.5.22 $ ; marUKMs
2.16.840.1.101.2.1.5.23 $ ; aprUKMs
2.16.840.1.101.2.1.5.24 $ ; mayUKMs
2.16.840.1.101.2.1.5.25 $ ; junUKMs
2.16.840.1.101.2.1.5.26 $ ; julUKMs
2.16.840.1.101.2.1.5.27 $ ; augUKMs
2.16.840.1.101.2.1.5.28 $ ; sepUKMs
2.16.840.1.101.2.1.5.29 $ ; octUKMs
2.16.840.1.101.2.1.5.30 $ ; novUKMs
2.16.840.1.101.2.1.5.31 ) ) ; decUKMs
DALLY Expires 22 March 2001 [Page 21]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3. ATTRIBUTE TYPES
3.1 accessCodes Attribute
The accessCodes attribute value gives the coding of how to reach
one network from another. Additional instructions for the use of
this access code are contained in a description attribute in the
same entry. For example, in a private telephone network, the user
could be required to dial "8" to reach other users in a different
city or to dial "9" to exit the private network.
( 2.16.840.1.101.2.2.1.106 NAME 'accessCodes'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) ; Printable String
3.2 accountingCode Attribute
The accountingCode attribute value is a character string used in
logistics applications to identify an organization uniquely. One
example is the U.S. Department of Defense Activity Accounting Code
(DODAAC).
( 2.16.840.1.101.2.2.1.53 NAME 'accountingCode'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{7} ) ; Printable String
3.3 aCPLegacyFormat Attribute
The aCPLegacyFormat provides the specific message format type used
when the value of the aCPPreferredDelivery attribute is ACP127(1).
( 2.16.840.1.101.2.2.1.142 NAME 'aCPLegacyFormat'
SYNTAX 2.16.840.1.101.2.2.2.17 ; ACPLegacyFormat
SINGLE-VALUE )
3.4 aCPMobileTelephoneNumber Attribute
The aCPMobileTelephoneNumber attribute value identifies a mobile
telephone number for the object represented by the directory entry
that contains this attribute.
( 2.16.840.1.101.2.2.1.94 NAME 'aCPMobileTelephoneNumber'
SUP 2.5.4.20 ) ; telephoneNumber
3.5 aCPNetwAccessSchemaEdB Attribute
The aCPNetwAccessSchemaEdB attribute value is a schematic representation
used to complete the access information from one network to
another in the case of a complex connection. (Many connections
are not complex enough to need such a description and in that case
the attribute would not be populated.)
DALLY Expires 22 March 2001 [Page 22]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.2.1.146 NAME 'aCPNetwAccessSchemaEdB'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) ; JPEG
3.6 aCPNetworkSchemaEdB Attribute
The aCPNetworkSchemaEdB attribute value is a graphical
representation of a network. It describes the structure of the
network and details any rules associated with that network.
( 2.16.840.1.101.2.2.1.147 NAME 'aCPNetworkSchemaEdB'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) ; JPEG
3.7 aCPPagerTelephoneNumber Attribute
The aCPPagerTelephoneNumber attribute identifies a telephone
number for a pager associated with the object represented by the
directory entry.
( 2.16.840.1.101.2.2.1.95 NAME 'aCPPagerTelephoneNumber'
SUP 2.5.4.20 ) ; telephoneNumber
3.8 aCPPreferredDelivery Attribute
The aCPPreferredDelivery attribute value is used to determine the
messaging system a user, represented by the directory entry,
prefers for message delivery. The possible values are:
"ACP 127", "SMTP" or "MHS". "MHS" signifies either standard X.400
(1984 or 1988) or ACP 123-compliant X.400.
( 2.16.840.1.101.2.2.1.108 NAME 'aCPPreferredDelivery'
SYNTAX 2.16.840.1.101.2.2.2.6 ; ACP Preferred Delivery syntax
SINGLE-VALUE )
3.9 aCPTelephoneFaxNumber ATTRIBUTE
The aCPTelephoneFaxNumber attribute is defined for use as a
supertype in defining the attributes:
militaryFacsimileNumber
militaryTelephoneNumber
secureFacsimileNumber
secureTelephoneNumber
A value of the aCPTelephoneFaxNumber attribute and the attributes
defined as its subtypes is a telephone number that is used for
military purposes and is associated with an object represented by
the directory entry. For example, a person may have a telephone,
equipped with a STU III (Secure Telephone Unit) device, on the
Public Switched Telephone Network (PSTN).
DALLY Expires 22 March 2001 [Page 23]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.2.1.109 NAME 'aCPTelephoneFaxNumber'
EQUALITY 2.5.13.20 ; telephoneNumberMatch
SUBSTR 2.5.13.21 ; telephoneNumberSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.1 ) ; ACPTelephoneFaxNumberSyntax
The attribute value for an ACP telephone number contains the
following substrings which are separated by commas (i.e., ","):
network or site identifier
telephone number
security device identifier
The maximum size of the network or site identifier substring is
six characters. In the example, the string "PSTN" would be the
value of this identifier.
For the telephone number substring, if the network is the PSTN,
then the format shall be as for a Telephone Number as defined in
X.520 [10] (i.e., CCITT E.123). Extension numbers shall be
preceded by "ext." or other nationally defined equivalent. The
maximum length of this substring is 32 characters. In the
example, the string "+1 555 222 ext. 34" could be the value of
the telephone number.
The maximum size of the security device identifier substring is
eight characters. In the example, the string "STU III" would be
the value of this identifier.
The complete example value would be "PSTN, +1 555 222 ext. 34,
STU III".
The security device (and preceding substring separator ",") is
present only if the military telephone number is secured (i.e.,
attribute subtypes secureTelephoneNumber or secureFacsimileNumber).
Note that the equality and substring matching rule for this
attribute is not case sensitive and the substring matching rule is
case sensitive. Thus, it is recommended that the network/site
identifier and security device identifier are in upper case.
3.10 actionAddressees Attribute
An actionAddressees attribute value is the list of action
addressees of an ACP 127/JANAP 128 [4]/[5] collective, for
example, an AIG. An action addressee is expected to take action
appropriate on the message content, whereas an information
addressee receives the message for informational purposes only.
( 2.16.840.1.101.2.2.1.46 NAME 'actionAddressees'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax
DALLY Expires 22 March 2001 [Page 24]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.11 additionalAddressees Attribute
The additionalAddressees attribute value is a list of addressees
to be added to the actionAddressees list (value of the
actionAddressees attribute) under circumstances identified in the
remarks attribute in the same directory entry.
( 2.16.840.1.101.2.2.1.47 NAME 'additionalAddressees'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax
3.12 additionalSecondPartyAddressees Attribute
The additionalSecondPartyAddressees attribute value is a list of
addressees to be added to the secondPartyAddressees list (value
of the secondPartyAddressees attribute) under circumstances
identified in the remarks attribute in the same directory entry.
( 2.16.840.1.101.2.2.1.48 NAME 'additionalSecondPartyAddressees'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax
3.13 adminConversion ATTRIBUTE
The adminConversion attribute provides for using an abbreviation
of the organization's administrative title as an administrative
message address.
( 2.16.840.1.101.2.2.1.143 NAME 'adminConversion'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ; DirectoryString
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ) ; caseIgnoreSubstringsMatch
3.14 administrator Attribute
The administrator attribute value represents the entity
responsible for the operation of a component when it is different
from the owner of the component. For example, the owner may be
a domain.
( 2.16.840.1.101.2.2.1.110 NAME 'administrator'
SUP 2.5.4.49 ) ; distinguishedName
3.15 aigsExpanded Attribute
The aigsExpanded attribute values are the names of the AIGs
expanded by a messaging gateway.
( 2.16.840.1.101.2.2.1.111 NAME 'aigsExpanded'
SUP 2.5.4.49 ) ; distinguishedName
DALLY Expires 22 March 2001 [Page 25]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.16 aLExemptedAddressProcessor Attribute
The aLExemptedAddressProcessor attribute value is the ORName of
the address list processor for the address list where exempted
addresses are removed.
( 2.16.840.1.101.2.1.5.47 'aLExemptedAddressProcessor'
SYNTAX 2.16.840.1.101.2.2.2.10 ; O/R Name syntax
SINGLE-VALUE )
3.17 aliasPointer Attribute
The aliasPointer attribute type value points to alias directory
entries which might have to be modified if the directory entry
containing this attribute is modified. It is intended to be used
to maintain data consistency in the Directory Information
Base (DIB).
( 2.16.840.1.101.2.2.1.49 NAME 'aliasPointer'
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) ; DN
3.18 alid Attribute
The alid attribute value is the AL key material identifier.
( 2.16.840.1.101.2.1.5.14 NAME 'alid'
EQUALITY 2.5.13.17 ; octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) ; Kmid = Octet String
3.19 allowableOriginators Attribute
The allowableOriginators attribute value is the name of an
ACP 127/JANAP 128 [4]/[5] collective that contains the list of
PLAs that are allowed to originate messages to this list.
( 2.16.840.1.101.2.2.1.50 NAME 'allowableOriginators'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax
3.20 aLReceiptPolicy Attribute
The aLReceiptPolicy attribute value indicates address list's
signed receipt policy. This receipt policy supersedes the
originator's request for signed receipts (see ACP 120 [11]).
( 2.16.840.1.101.2.2.1.135 NAME 'aLReceiptPolicy'
SYNTAX 2.16.840.1.101.2.2.2.9 ; MLReceiptPolicy
SINGLE-VALUE )
DALLY Expires 22 March 2001 [Page 26]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.21 alternateRecipient Attribute
The alternateRecipient attribute is used to designate an X.400
alternate recipient for a messaging user. It could be used by an
X.400 message originator to create an originator-assigned alternate
recipient address to be used by the MTS, if delivery to the
addressed recipient fails.
( 2.16.840.1.101.2.2.1.3 NAME 'alternateRecipient'
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
3.22 aLType Attribute
The aLType attribute value indicates the type of an address list
from these possibilities: AIG (Address Indicator Group), Type
Organization Collective, CAD (Collective Address Designator), and
Task Force.
( 2.16.840.1.101.2.2.1.112 NAME 'aLType'
EQUALITY 2.5.13.14 ; integerMatch
SYNTAX 2.16.840.1.101.2.2.2.8 ; Address List Type syntax
SINGLE-VALUE )
3.23 aprUKMs Attribute
The aprUKMs (User Key Materials) attribute value is used in the
construction of selected symmetric confidentiality algorithms
for the month of April.
( 2.16.840.1.101.2.1.5.23 NAME 'aprUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.24 associatedAL Attribute
The associatedAL attribute value points to the address list object
which replaces the ACP 127/JANAP 128 [4]/[5] task force PLA. It
assists in the transition from ACP 127/JANAP 128 [4]/[5] to X.400
addressing and the associated transition from the use of ACP 127/
JANAP 128 [4]/[5] collectives to the use of address lists.
( 2.16.840.1.101.2.2.1.113 NAME 'associatedAL'
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
3.25 associatedOrganization Attribute
The associatedOrganization attribute value points to the
organizationalUnit directory entry which represents the same
DALLY Expires 22 March 2001 [Page 27]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
organizational messaging entity as the PLA directory entry
containing this attribute.
( 2.16.840.1.101.2.2.1.4 NAME 'associatedOrganization'
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
3.26 associatedPLA Attribute
The associatedPLA attribute value points to the ACP 127/JANAP 128
[4]/[5] directory entry for the same messaging entity as
represented by the Organizational Unit directory entry containing
this attribute.
( 2.16.840.1.101.2.2.1.6 NAME 'associatedPLA'
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
3.27 augUKMs Attribute
The augUKMs attribute value is used in the construction of selected
symmetric confidentiality algorithms for the month of August.
( 2.16.840.1.101.2.1.5.27 NAME 'augUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.28 buildingName Attribute
A buildingName attribute value specifies the name of the building
where an organization or organizational unit is based. This
attribute was originally defined in RFC 1274 [13].
( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
; directoryString, minimum length is one.
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch )
3.29 cognizantAuthority Attribute
The cognizantAuthority attribute value indicates the administrator
for an ACP 127/JANAP 128 [4]/[5] collective.
( 2.16.840.1.101.2.2.1.51 NAME 'cognizantAuthority'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} ; Printable String
SINGLE-VALUE )
DALLY Expires 22 March 2001 [Page 28]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.30 collective-mhs-or-addresses Attribute
The collective-mhs-or-addresses attribute value is a value of
mhs-or-addresses that is applied at an administrative point.
( 2.16.840.1.101.2.2.1.134.1 NAME 'collective-mhs-or-addresses'
SUP 2.6.5.2.6 ) ; mhs-or-addresses
3.31 collectiveMilitaryFacsimileNumber Attribute
The collectiveMilitaryFacsimileNumber attribute value is a value of
militaryFacsimileNumber that is applied at an administrative point.
( 2.16.840.1.101.2.2.1.119.1 NAME 'collectiveMilitaryFacsimileNumber'
SUP 2.16.840.1.101.2.2.1.119 ) ; militaryFacsimileNumber
3.32 collectiveMilitaryTelephoneNumber Attribute
The collectiveMilitaryTelephoneNumber attribute value is a value of
militaryTelephoneNumber that is applied at an administrative point.
( 2.16.840.1.101.2.2.1.120.1 NAME 'collectiveMilitaryTelephoneNumber'
SUP 2.16.840.1.101.2.2.1.120 ) ; militaryTelephoneNumber
3.33 collectiveNationality Attribute
The collectiveNationality attribute value is a value of nationality
that is applied at an administrative point.
( 2.16.840.1.101.2.2.1.68.1 NAME 'collectiveNationality'
SUP 2.16.840.1.101.2.2.1.68 ) ; nationality
3.34 collectiveSecureFacsimileNumber Attribute
The collectiveSecureFacsimileNumber attribute value is a value of
secureFacsimileNumber that is applied at an administrative point.
( 2.16.840.1.101.2.2.1.127.1 NAME 'collectiveSecureFacsimileNumber'
SUP 2.16.840.1.101.2.2.1.127 ) ; secureFacsimileNumber
3.35 collectiveSecureTelephoneNumber ATTRIBUTE
The collectiveSecureTelephoneNumber attribute value is a value of
secureTelephoneNumber that is applied at an administrative point.
( 2.16.840.1.101.2.2.1.128.1 NAME 'collectiveSecureTelephoneNumber'
SUP 2.16.840.1.101.2.2.1.128 ) ; secureTelephoneNumber
3.36 community Attribute
The community attribute value indicates whether an object belongs
to the GENSER (R) or SI (Y) community or both (R/Y).
DALLY Expires 22 March 2001 [Page 29]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.2.1.52 NAME 'community'
SYNTAX 2.16.840.1.101.2.2.2.5 ; Community syntax
SINGLE-VALUE )
3.37 copyMember Attribute
The copyMember attribute value specifies a group of names
associated with the object represented by the directory entry.
In an address list directory entry, this attribute indicates the
"copy" or "info" members of the list as opposed to "primary" or
"action" members.
( 2.16.840.1.101.2.2.1.114 NAME 'copyMember'
SUP 2.5.4.31 ) ; member
3.38 decUKMs Attribute
The decUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of December.
( 2.16.840.1.101.2.1.5.31 NAME 'decUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE)
3.39 deployed ATTRIBUTE
The deployed attribute value contains distinguished names of other
directory entries that represent the same real world object in the
field. See the garrison attribute.
( 2.16.840.1.101.2.2.1.139 NAME 'deployed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ; DistinguishedName
EQUALITY 2.5.13.1 ) ; distinguishedNameMatch
3.40 distributionCodeAction Attribute
The distributionCodeAction attribute values identify the
distribution codes (including Subject Indicator Codes (SICs)) for
which an organization, person, or role handles messages for action.
( 2.16.840.1.101.2.2.1.104 NAME 'distributionCodeAction'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) ; DistributionCode =
; PrintableString
DALLY Expires 22 March 2001 [Page 30]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.41 distributionCodeInfo Attribute
The distributionCodeInfo attribute values identify the
distribution codes (including SICs) for which an organization,
person, or role handles messages for information.
( 2.16.840.1.101.2.2.1.105 NAME 'distributionCodeInfo'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) ; DistributionCode =
; PrintableString
3.42 dualRoute Attribute
The dualRoute attribute value indicates whether delivery of
messages for an organization to both the home and deployed sites
is required. If set to TRUE, dual delivery is required.
( 2.16.840.1.101.2.2.1.54 NAME 'dualRoute'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ;
SINGLE-VALUE )
3.43 effectiveDate Attribute
The effectiveDate attribute value indicates when the directory
entry is to become valid.
( 2.16.840.1.101.2.2.1.55 NAME 'effectiveDate'
EQUALITY 2.5.13.27 ; generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ; GeneralizedTime
SINGLE-VALUE )
3.44 entryClassification Attribute
The entryClassification attribute value indicates the
classification of the directory entry that contains this
attribute. The possible values are: unmarked, unclassified,
restricted, confidential, secret, and top secret.
( 2.16.840.1.101.2.2.1.56 NAME 'entryClassification'
SYNTAX 2.16.840.1.101.2.2.2.4) ; Classification syntax
3.45 expirationDate Attribute
The expirationDate attribute value indicates the time at which the
directory entry becomes invalid.
( 2.16.840.1.101.2.2.1.57 NAME 'expirationDate'
EQUALITY 2.5.13.27 ; generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ; GeneralizedTime
SINGLE-VALUE )
DALLY Expires 22 March 2001 [Page 31]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.46 febUKMs Attribute
The febUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of February.
( 2.16.840.1.101.2.1.5.21 NAME 'febUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.47 garrison ATTRIBUTE
The garrison attribute value contains distinguished names of other
directory entries that represent the same real world object in
garrison. See the deployed attribute.
( 2.16.840.1.101.2.2.1.140 NAME 'garrison'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ; DistinguishedName
EQUALITY 2.5.13.1 ) ; distinguishedNameMatch
3.48 gatewayType Attribute
The gatewayType attribute value is used to indicate the
translations a messaging gateway is capable of performing. The
translations that can be indicated are:
acp120-acp127-gateway
acp120-janap128-gateway
acp120-mhs-gateway
acp120-mmhs-gateway
acp120-rfc822-gateway
boundary MTA
mmhs-mhs-gateway
mmhs-rfc822-gateway
mta-acp127-gateway
( 2.16.840.1.101.2.2.1.115 NAME 'gatewayType'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
3.49 ghpType Attribute
The ghpType attribute value is used to indicate the gateway
handling policy of an mta-acp127-gateway defined in
STANAG 4406 [12].
( 2.16.840.1.101.2.2.1.116 NAME 'ghpType'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
DALLY Expires 22 March 2001 [Page 32]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.50 guard Attribute
The guard attribute value indicates the Name(s) of the
Guard Gateway.
( 2.16.840.1.101.2.2.1.117 NAME 'guard'
SUP 2.5.4.49 ) ; distinguishedName
3.51 host Attribute
The host attribute value gives an identifier for a host computer,
as defined in the COSINE and Internet X.500 Schema, RFC 1274 [13].
( 0.9.2342.19200300.100.1.9 NAME 'host'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) ; DirectoryString
; limited to TeletexString or PrintableString
3.52 hostOrgACP127 Attribute
The hostOrgACP127 attribute value of a tenant PLA identifies the
PLA for the organization which accepts traffic for a tenant.
( 2.16.840.1.101.2.2.1.58 NAME 'hostOrgACP127'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} ; PrintableString
SINGLE-VALUE )
3.53 infoAddressees Attribute
The infoAddressees attribute value of an ACP 127/JANAP 128 [4]/[5]
collective contains the list of information addressees of
the collective.
( 2.16.840.1.101.2.2.1.59 NAME 'infoAddressees'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax
3.54 janUKMs Attribute
The janUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of January.
( 2.16.840.1.101.2.1.5.20 NAME 'janUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
DALLY Expires 22 March 2001 [Page 33]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.55 julUKMs Attribute
The julUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of July.
( 2.16.840.1.101.2.1.5.26 NAME 'julUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.56 junUKMs ATTRIBUTE
The junUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of June.
( 2.16.840.1.101.2.1.5.25 NAME 'junUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.57 lastRecapDate Attribute
The lastRecapDate attribute value indicates when a list was last
recapped or validated.
( 2.16.840.1.101.2.2.1.60 NAME 'lastRecapDate'
EQUALITY 2.5.13.27 ; generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ; GeneralizedTime
SINGLE-VALUE )
3.58 listPointer Attribute
The listPointer attribute value is used to point to address list
directory entries which might have to be modified if the entry
containing this attribute is modified. It is intended to be used
to maintain data consistency in the DIB.
( 2.16.840.1.101.2.2.1.61 NAME 'listPointer'
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) ; DistinguishedName
3.59 lmf Attribute
The lmf (Language and Media Format) attribute value indicates the
language and media format that can be accepted between the two
communicating end-systems. Possible values include:
DALLY Expires 22 March 2001 [Page 34]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
T tape
A ASCII (American Standard Code for Information
Interchange)
C card, etc.
( 2.16.840.1.101.2.2.1.62 NAME 'lmf'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{1}
SINGLE-VALUE )
3.60 longTitle Attribute
The longTitle attribute value is the expanded form of an
organization's PLA.
( 2.16.840.1.101.2.2.1.63 NAME 'longTitle'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{255} ; PrintableString
SINGLE-VALUE )
3.61 mailDomains Attribute
The mailDomains attribute value is a string, which provides
information on the domains that the messaging gateway will bridge.
( 2.16.840.1.101.2.2.1.118 NAME 'mailDomains'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ; DirectoryString
3.62 marUKMs Attribute
The marUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of May.
( 2.16.840.1.101.2.1.5.22 NAME 'marUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.63 mayUKMs Attribute
The mayUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of May.
( 2.16.840.1.101.2.1.5.24 NAME 'mayUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
DALLY Expires 22 March 2001 [Page 35]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
; MonthlyUKMs
SINGLE-VALUE )
3.64 mhs-acceptable-eits Attribute
The mhs-acceptable-eits attribute value identifies a set of EITs
for messages. The user or distribution list, represented by the
directory entry, will accept delivery of or expand a message in
which any one of these eits is present.
( 2.6.5.2.17 NAME 'mhs-acceptable-eits'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
; ExtendedEncodedInformationType = object identifier
3.65 mhs-deliverable-classes Attribute
The mhs-deliverable-classes attribute value identifies the classes
of messages whose delivery a UA, represented by the directory
entry, will accept.
( 2.6.5.2.19 NAME 'mhs-deliverable-classes'
EQUALITY 2.6.5.4.2 ; capabilityMatch
SYNTAX 2.16.840.1.101.2.2.2.13 ) ; Capability syntax
3.66 mhs-deliverable-content-types Attribute
The mhs-deliverable-content-types attribute values identify the
content types of the messages whose delivery the user, represented
by the directory entry, will accept.
( 2.6.5.2.1 NAME 'mhs-deliverable-content-types'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.4.1.4.1.1466.115.121.1.38 ) ; ExtendedContentType
; = object identifier
3.67 mhs-dl-archive-service Attribute
The mhs-dl-archive-service attribute value identifies a service
from which a user may request copies of messages previously
distributed by the address list represented by the directory entry.
( 2.6.5.2.12 NAME 'mhs-dl-archive-service'
EQUALITY 2.6.5.4.0 ; oRNameExactMatch
SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax
3.68 mhs-dl-members Attribute
The mhs-dl-members attribute value is an OR-name which identifies
a member of the DL. This attribute may have multiple values each
of which identifies one member of the DL. When a DL is expanded,
DALLY Expires 22 March 2001 [Page 36]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
each of the values of this attribute becomes a recipient of
the message.
( 2.6.5.2.3 NAME 'mhs-dl-members'
EQUALITY 2.6.5.4.0 ; oRNameExactMatch
SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax
3.69 mhs-dl-policy Attribute
The mhs-dl-policy attribute value identifies the choice of policy
options to be applied when expanding the address list represented
by the directory entry.
( 2.6.5.2.13 NAME 'mhs-dl-policy'
SYNTAX 2.16.840.1.101.2.2.2.14 ; DLPolicy syntax
SINGLE-VALUE )
3.70 mhs-dl-related-lists Attribute
The mhs-dl-related-lists attribute value identifies other address
lists which are, in some unspecified way, related to the address
list represented by the directory entry.
( 2.6.5.2.14 NAME 'mhs-dl-related-lists'
SUP 2.5.4.49 ; DistinguishedName
EQUALITY 2.5.13.1 ; distinguishedNameMatch )
3.71 mhs-dl-submit-permissions Attribute
The mhs-dl-submit-permissions attribute values identify the users
and address lists that may submit messages to the address list
represented by the directory entry.
( 2.6.5.2.4 NAME 'mhs-dl-submit-permissions'
SYNTAX 2.16.840.1.101.2.2.2.15 ) ; DLSubmitPermission syntax
3.72 mhs-dl-subscription-service Attribute
The mhs-dl-subscription-service attribute value identifies a
service of which a user may request changes to the membership of
the address list represented by the directory entry, (e.g., for a
user to request to be added to the address list).
( 2.6.5.2.15 NAME 'mhs-dl-subscription-service'
EQUALITY 2.6.5.4.0 ; oRNameExactMatch
SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax
3.73 mhs-exclusively-acceptable-eits Attribute
The mhs-exclusively-acceptable-eits attribute value identifies a
set of EITs for messages. The user or distribution list,
represented by the directory entry, will accept delivery of or
DALLY Expires 22 March 2001 [Page 37]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
expand a message in which all of these EITs
are present.
( 2.6.5.2.2 NAME 'mhs-exclusively-acceptable-eits'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
; ExtendedEncodedInformationType = object identifier
3.74 mhs-maximum-content-length Attribute
The mhs-maximum-content-length attribute value identifies the
maximum content length of the messages that can be handled by the
object represented by the directory entry. The object is a user
to whom the message would be delivered, an address list for which
expansion would be performed on the message, or an MTA to which
the message would be acceptable.
( 2.6.5.2.0 NAME 'mhs-maximum-content-length'
EQUALITY 2.5.13.14 ; integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ; ContentLength = INTEGER
SINGLE-VALUE )
3.75 mhs-message-store-dn Attribute
The mhs-message-store-dn attribute value identifies by directory
name the message store of the user represented by the
directory entry.
( 2.6.5.2.5 NAME 'mhs-message-store-dn'
SUP 2.5.4.49 ; distinguishedName
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SINGLE-VALUE )
3.76 mhs-or-addresses Attribute
The mhs-or-addresses attribute values specify the O/R addresses of
the user or address list represented by the directory entry.
( 2.6.5.2.6 NAME 'mhs-or-addresses'
EQUALITY 2.6.4.8.14 ; oRAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.33 ) ; MHS OR Address syntax
3.77 mhs-or-addresses-with-capabilities Attribute
The mhs-or-addresses-with-capabilities attribute values specify
the O/R addresses and the messaging capabilities associated with
each address of the user or address list represented by the
directory entry.
Recognized security labels are identified in ACP 123 [6].
DALLY Expires 22 March 2001 [Page 38]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
Information about availability and nationality will be included
in the description.
If the address is served by a foreign nation, the International
Standard Organization 3166 [14] code of the country shall be
entered first.
If an OR-address is not operational on a 24 by 7 basis, the normal
daily schedule shall be given in start and stop times for each day
of operation. Planned down time also shall be given in start and
stop time.
( 2.6.5.2.16 NAME 'mhs-or-addresses-with-capabilities'
EQUALITY 2.6.5.4.1 ; addressCapabilitiesMatch
SYNTAX 2.16.840.1.101.2.2.2.16 ) ; AddressCapabilities syntax
3.78 mhs-supported-attributes Attribute
The mhs-supported-attributes attribute values identify the
attributes that the message store, represented by the directory
entry, fully supports.
( 2.6.5.2.10 NAME 'mhs-supported-attributes'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
; MS-ATTRIBUTE.&id ({AttributeTable}) = object identifier
3.79 mhs-supported-automatic-actions Attribute
The mhs-supported-automatic-actions attribute values identify the
automatic actions that the message store, represented by the
directory entry, supports.
( 2.6.5.2.8 NAME 'mhs-supported-automatic-actions'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
; AUTO-ACTION.&id ({AutoActionTable}) = object identifier
3.80 mhs-supported-content-types Attribute
The mhs-supported-content-types attribute values identify the
content types of the messages whose syntax and semantics the
message store, represented by the directory entry, supports.
( 2.6.5.2.9 NAME 'mhs-supported-content-types'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
; ExtendedContentType = object identifier
DALLY Expires 22 March 2001 [Page 39]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.81 mhs-supported-matching-rules Attribute
The mhs-supported-matching-rules attribute values identify the
matching rules that the message store, represented by the
directory entry, fully supports.
( 2.6.5.2.11 NAME 'mhs-supported-matching-rules'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
; MATCHING-RULE.&id ({MatchingRuleTable}) = object
; identifier
3.82 mhs-unacceptable-eits Attribute
The mhs-undeliverable-eits attribute value identifies the encoded
information types of a message which would make a user not accept
delivery, or which would prevent an address list from doing
expansion on the message. The absence of this attribute indicates
that there are no EITs which are unacceptable. The presence of
the special value "id-eit-all" indicates that all EITs are
unacceptable except for those EITs identified by the
mhs-acceptable-eits or mhs-exclusively-acceptable-eits attributes.
( 2.6.5.2.18 NAME 'mhs-unacceptable-eits'
EQUALITY 2.5.13.0 ; objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; OID
; ExtendedEncodedInformationType = object identifier
3.83 militaryFacsimileNumber Attribute
The militaryFacsimileNumber attribute value identifies a military
facsimile number, such as a Defense Switched Network (DSN) number
or Defence Fixed Telecommunications Service (DFTS) number, which
is associated with the object represented by the directory entry.
This attribute is a subtype of aCPTelephoneFaxNumber. An example
of a militaryFacsimileNumber value is "DFTS, 555 1111 ext 25".
( 2.16.840.1.101.2.2.1.119 NAME 'militaryFacsimileNumber'
SUP 2.16.840.1.101.2.2.1.94 ) ; aCPTelephoneFaxNumber
3.84 militaryTelephoneNumber Attribute
The militaryTelephoneNumber attribute value identifies a military
telephone number, such as a DSN number, which is associated with
the object represented by the directory entry.
This attribute is a subtype of aCPTelephoneFaxNumber. An example
of a militaryTelephoneNumber value is "DSN, 555-333".
( 2.16.840.1.101.2.2.1.120 NAME 'militaryTelephoneNumber'
SUP 2.16.840.1.101.2.2.1.94 ) ; aCPTelephoneFaxNumber
DALLY Expires 22 March 2001 [Page 40]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.85 minimize Attribute
The minimize attribute value indicates whether an organization,
person, or role, represented by the directory entry, is under the
MINIMIZE condition. If so, the message originators are
responsible for not sending unnecessary messages to the recipient.
( 2.16.840.1.101.2.2.1.64 NAME 'minimize'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ; BOOLEAN
SINGLE-VALUE )
3.86 minimizeOverride Attribute
The minimizeOverride attribute value is used by the Message
Conversion System (MCS) to determine whether the MINIMIZE
condition will be enforced when a message is originated by this
PLA. If the value is FALSE, override does not occur and MINIMIZE
is enforced. If the value is TRUE, MINIMIZE is not enforced.
( 2.16.840.1.101.2.2.1.65 NAME 'minimizeOverride'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
3.87 nameClassification Attribute
The nameClassification attribute value indicates the security
classification of the name of the directory entry itself.
( 2.16.840.1.101.2.2.1.67 NAME 'nameClassification'
SYNTAX 2.16.840.1.101.2.2.2.4 ) ; Classification
3.88 nationality Attribute
The nationality attribute value names the country which "owns" an
entity. For an individual, it would be the nationality of the
person. The standard Country Name attribute is used to denote the
location of the entity.
( 2.16.840.1.101.2.2.1.68 NAME 'nationality'
SUP 2.5.4.41 ; name
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{2} ; PrintableString
; exactly 2 characters
SINGLE-VALUE )
3.89 networkDN Attribute
The networkDN attribute value contains the full DN of a network
and may be used to reference the entry for the network from
another entry (e.g., used in the Network Instructions entry to
reference the entry for the accessed network).
DALLY Expires 22 March 2001 [Page 41]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.2.1.121 NAME 'networkDN'
EQUALITY 2.5.13.1 ; distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) ; DistinguishedName
3.90 novUKMs Attribute
The novUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of November.
( 2.16.840.1.101.2.1.5.30 NAME 'novUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.91 octUKMs Attribute
The octUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of October.
( 2.16.840.1.101.2.1.5.29 NAME 'octUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.92 onSupported Attribute
The onSupported attribute value indicates the types of
notifications, besides MHS notifications, generated by an
mta-acp127-type of gateway. The gateway may generate all or none
of the notifications. If the attribute is absent, the gateway
does none of the notifications.
( 2.16.840.1.101.2.2.1.123 NAME 'onSupported'
EQUALITY 2.5.13.16 ; bitStringMatch
SYNTAX 2.16.840.1.101.2.2.2.3 ; otherNotificationsSupported
SINGLE-VALUE )
3.93 operationName Attribute
The operationName attribute value is the name of an official
military operation. For example, when used in the definition of
a network (i.e., in a Network directory entry), it could be the
TURQUOISE operation which develops a RITA network.
DALLY Expires 22 March 2001 [Page 42]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
( 2.16.840.1.101.2.2.1.124 NAME 'operationName'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ; DirectoryString
3.94 plaAddressees Attribute
The plaAddressees attribute value of an ACP 127/JANAP 128 [4]/[5]
collective contains the list of action and information addressees
of the collective. It is used for some types of collectives
instead of separating action and information addressees.
( 2.16.840.1.101.2.2.1.71 NAME 'plaAddressees'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax
3.95 plaNameACP127 Attribute
The plaNameACP127 attribute value is the object's (represented by
the directory entry) ACP 127/JANAP 128 [4]/[5] PLA. A PLA is
sometimes called the Signal Message Address or registered PLA.
The long form of the PLA name is represented in the ACP 133 [1]
by the longTitle attribute.
( 2.16.840.1.101.2.2.1.70 NAME 'plaNameACP127'
SUP 2.5.4.41 ; name
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} ; PrintableString
SINGLE-VALUE )
3.96 plaReplace Attribute
The plaReplace attribute value is used by ACP 127/JANAP 128
[4]/[5]. When an "alternate spelling" PLA is addressed on a
message, the MCS will look at the value of this attribute in the
PLA's directory entry. If set, the alternate spelling on the
message will be replaced with the "primary" or correct spelling.
(Each alternate spelling has a pointer to the primary PLA.)
( 2.16.840.1.101.2.2.1.72 NAME 'plaReplace'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ; BOOLEAN
SINGLE-VALUE )
3.97 plasServed Attribute
The plasServed attribute value is a list of the PLAs accessible
through a gateway.
( 2.16.840.1.101.2.2.1.138 NAME 'plasServed'
SUP 2.5.4.41 ) ; name
DALLY Expires 22 March 2001 [Page 43]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.98 positionNumber Attribute
The position number attribute value is used by government and
Defense agencies to identify uniquely each individual's position,
and possibly role and duties, within the organization.
( 2.16.840.1.101.2.2.1.125 NAME 'positionNumber'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ; DirectoryString
3.99 primarySpellingACP127
The primarySpellingACP127 attribute value of an Alternate
Spelling PLA directory entry is the object's correct PLA spelling.
( 2.16.840.1.101.2.2.1.73 NAME 'primarySpellingACP127'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} ; PrintableString
SINGLE-VALUE )
3.100 proprietaryMailboxes Attribute
The proprietaryMailboxes attribute value identifies a mailbox
identifier that can be used to address mail within the local
proprietary domain, such as cc:mail.
( 2.16.840.1.101.2.2.1.126 NAME 'proprietaryMailboxes'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ; DirectoryString
3.101 publish Attribute
The publish attribute value indicates whether this PLA should be
published in the Message Address Directory or the ACP 117 [15].
Access controls may be set based on this attribute.
( 2.16.840.1.101.2.2.1.74 NAME 'publish'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ; BOOLEAN
SINGLE-VALUE )
3.102 rank Attribute
The value of the rank attribute type contains the military or
civilian rank of an individual such as Major or civilian grade.
( 2.16.840.1.101.2.2.1.133 NAME 'rank'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
DALLY Expires 22 March 2001 [Page 44]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ; DirectoryString
3.103 recapDueDate Attribute
The recapDueDate attribute value indicates when a list is expected
to be recapped or validated.
( 2.16.840.1.101.2.2.1.75 NAME 'recapDueDate'
EQUALITY 2.5.13.27 ; generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ; GeneralizedTime
SINGLE-VALUE )
3.104 releaseAuthorityName Attribute
The releaseAuthorityName attribute value is a relative
distinguished name of a release authority for an organization.
( 2.16.840.1.101.2.2.1.45 NAME 'releaseAuthorityName'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) ; DirectoryString
3.105 remarks Attribute
The remarks attribute value is textual information associated
with a PLA's directory entry. These remarks may be instructions
rather than a description of the entity.
( 2.16.840.1.101.2.2.1.76 NAME 'remarks'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SYNTAX 2.16.840.1.101.2.2.2.11 ) ; Remarks
3.106 rfc822Mailbox Attribute
As defined in the COSINE/Internet schema, RFC 1274 [13], the
rfc822Mailbox attribute value is an electronic mailbox identifier
following the syntax in RFC 822 [16]. An example for a user on a
military network is "user@host.Service.mil". This attribute and
the caseIgnoreIA5SubstringsMatch are defined in RFC 2798 [19]. The
attribute is included here for readability.
( 0.9.2342.19200300.100.1.3 NAME 'mail'
EQUALITY 1.3.6.1.4.1.1466.109.114.2 ; caseIgnoreIA5Match
SUBSTR 1.3.6.1.4.1.1466.109.114.3
; caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) ; IA5String
3.107 rI Attribute
The rI (Routing Indicator) attribute value is the information
mapped to in ACP 127/JANAP 128 [4]/[5] from a user's PLA name.
DALLY Expires 22 March 2001 [Page 45]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
Users are named by their PLA names and delivered to by their
routing indicator values, analogous to Directory Names and O/R
Addresses for X.400 users.
( 2.16.840.1.101.2.2.1.77 NAME 'rI'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) ; PrintableString
; exactly 7 characters
3.108 rIClassification Attribute
The rIClassification attribute value indicates the highest
classification of data allowed to be processed by a
specified device.
( 2.16.840.1.101.2.2.1.78 NAME 'rIClassification'
SYNTAX 2.16.840.1.101.2.2.2.4 ) ; Classification
3.109 rIInfo Attribute
The rIInfo attribute value is RI values with the associated
properties of each RI.
( 2.16.840.1.101.2.2.1.79 NAME 'rIInfo'
SYNTAX 2.16.840.1.101.2.2.2.12 ) ; RIParameters
3.110 roomNumber Attribute
The roomNumber attribute value identifies a room number, as
defined in the COSINE/Internet schema, RFC 1274 [13].
( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) ; DirectoryString
; limited to TeletexString or PrintableString
3.111 secondPartyAddressees Attribute
The secondPartyAddressees attribute value is a list of second
party action PLAs.
( 2.16.840.1.101.2.2.1.80 NAME 'secondPartyAddressees'
EQUALITY 2.5.13.11 ; caseIgnoreListMatch
SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch
SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees
DALLY Expires 22 March 2001 [Page 46]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.112 section Attribute
The section attribute value is set to TRUE if the receiving PLA
requires message sectioning to be performed. This is required to
transition users with slow-speed terminals.
( 2.16.840.1.101.2.2.1.81 NAME 'section'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ; BOOLEAN
SINGLE-VALUE )
3.113 secureFacsimileNumber Attribute
The secureFacsimileNumber attribute value is a facsimile number
that is used for secure communication with the object represented
by the directory entry.
This attribute is a subtype of aCPTelephoneFaxNumber. An example
of a secureFacsimileNumber value is "DSN, 555-333".
( 2.16.840.1.101.2.2.1.127 NAME 'secureFacsimileNumber'
SUP 2.16.840.1.101.2.2.1.94 ) ; aCPTelephoneFaxNumber
3.114 secureTelephoneNumber Attribute
The secureTelephoneNumber attribute value is a telephone number
of a secure device, such as STU II or STU III, that is used for
secure communication with the object represented by the directory
entry.
This attribute is a subtype of aCPTelephoneFaxNumber. An example
of a secureTelephoneNumber value is "PSTN, +1 555 222, STU III".
( 2.16.840.1.101.2.2.1.128 NAME 'secureTelephoneNumber'
SUP 2.16.840.1.101.2.2.1.94 ; aCPTelephoneFaxNumber )
3.115 sepUKMs Attribute
The sepUKMs attribute value is used in the construction of
selected CCEB symmetric confidentiality algorithms for the month
of November.
( 2.16.840.1.101.2.1.5.28 NAME 'sepUKMs'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax
; encapsulating
; MonthlyUKMs
SINGLE-VALUE )
3.116 serviceNumber Attribute
The serviceNumber attribute value is the staff identifier number
used by government and defense agencies for purposes such as
DALLY Expires 22 March 2001 [Page 47]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
payroll references, medical records, human resources, and
duty rosters.
( 2.16.840.1.101.2.2.1.129 NAME 'serviceNumber'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ; DirectoryString
3.117 serviceOrAgency Attribute
The serviceOrAgency attribute value is an identifier of the
Service or agency to which the PLA belongs.
( 2.16.840.1.101.2.2.1.82 NAME 'serviceOrAgency'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{4} ; PrintableString
SINGLE-VALUE )
3.118 sHD Attribute
The sHD (specialHandlingDesignator) attribute value is a string
containing the special handling designator which an entity,
address, or routing indicator can support.
( 2.16.840.1.101.2.2.1.83 NAME 'sHD'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) ; PrintableString
3.119 shortTitle Attribute
The shortTitle attribute value is a PLA name used for Signal
Intelligence (SIGINT) related communications.
( 2.16.840.1.101.2.2.1.84 NAME 'shortTitle'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} ; PrintableString
SINGLE-VALUE )
3.120 sigad Attribute
The sigad (SIGINT Address) attribute value is a PLA name used for
sensitive SIGINT related communications.
( 2.16.840.1.101.2.2.1.85 NAME 'sigad'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{8} ; PrintableString
; 5 - 8 characters
SINGLE-VALUE )
DALLY Expires 22 March 2001 [Page 48]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
3.121 spot Attribute
The spot attribute value identifies a special project address
list or collective.
( 2.16.840.1.101.2.2.1.86 NAME 'spot'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} ; PrintableString
SINGLE-VALUE )
3.122 tARE Attribute
The tARE (Telegraph Automatic Relay Equipment) attribute value is
a flag that specifies delivery responsibility for a message that
is received by an intermediary. The flag is set in the directory
entry for the intended recipient.
( 2.16.840.1.101.2.2.1.87 NAME 'tARE'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ; BOOLEAN
SINGLE-VALUE )
3.123 tCC Attribute
The tCC (Transmission Control Code) attribute value specifies a
message handling instruction used in the RI.
( 2.16.840.1.101.2.2.1.96 NAME 'tCC'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ; PrintableString
; exactly 3 characters
SINGLE-VALUE )
3.124 tCCG ATTRIBUTE
The tCCG (Transmission Control Code Group) attribute value
specifies a group of message handling instructions used in the
routing indicator.
( 2.16.840.1.101.2.2.1.144 NAME 'tCCG'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ; PrintableString
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ) ; caseIgnoreSubstringsMatch
3.125 transferStation Attribute
The transferStation attribute value indicates whether a message
for the entity should be sent to a communications processing and
routing system, called a transfer station. For example, a Naval
Communications Processing and Routing System (NAVCOMPARS) is a
DALLY Expires 22 March 2001 [Page 49]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
transfer station. If this attribute is TRUE, traffic should be
routed to a transfer station.
( 2.16.840.1.101.2.2.1.69 NAME 'transferStation'
EQUALITY 2.5.13.13 ; booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ; BOOLEAN
SINGLE-VALUE )
3.126 tRC Attribute
The tRC (Transmission Release Code) attribute value is the
classification of data used in the routing indicator. Possible
values include:
A Australia
B British Commonwealth less Canada, Australia, and
New Zealand
C Canada
U US
X Belgium, Denmark, France, Germany, Greece, Italy,
Netherlands, Norway, Portugal, Turkey, NATO
Z New Zealand
( 2.16.840.1.101.2.2.1.97 NAME 'tRC'
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ; PrintableString
SINGLE-VALUE )
3.127 usdConversion ATTRIBUTE
The usdConversion attribute value is an organizational address
that is used when other types of address are not appropriate.
( 2.16.840.1.101.2.2.1.145 NAME 'usdConversion'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ; DirectoryString
EQUALITY 2.5.13.2 ; caseIgnoreMatch
SUBSTR 2.5.13.4 ) ; caseIgnoreSubstringsMatch
DALLY Expires 22 March 2001 [Page 50]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
4. NAME FORMS
4.1 aCPNetworkEdBNameForm
( 2.16.840.1.101.2.2.4.42 NAME 'aCPNetworkEdBNameForm'
OC 2.16.840.1.101.2.2.3.68 ; aCPNetworkEdB
MUST 2.5.4.3 ) ; cn
4.2 aCPNetworkInstrEdBNameForm
( 2.16.840.1.101.2.2.4.43 NAME 'aCPNetworkInstrEdBNameForm'
OC 2. ; aCPNetworkInstructionsEdB
MUST 2.5.4.3 ) ; cn
4.3 addressListNameForm
( 2.16.840.1.101.2.2.4.27 NAME 'addressListNameForm'
OC 2.16.840.1.101.2.2.3.57 ; addressList
MUST 2.5.4.3 ) ; cn
4.4 aENameForm
( 2.16.840.1.101.2.2.4.34 NAME 'aENameForm'
OC 2.5.6.12 ; applicationEntity
MUST 2.5.4.3 ; cn
MAY 2.5.4.46 ) ; dnQualifier
4.5 aliasCNNameForm
( 2.16.840.1.101.2.2.4.21 NAME 'aliasCNNameForm'
OC 2.16.840.1.101.2.2.3.52 ; aliasCommonName
MUST 2.5.4.3 ) ; cn
4.6 aliasOUNameForm
( 2.16.840.1.101.2.2.4.22 NAME 'aliasOUNameForm'
OC 2.16.840.1.101.2.2.3.53 ; aliasOrganizationalUnit
MUST 2.5.4.11 ) ; ou
4.7 applProcessNameForm
( 2.5.15.10 NAME 'applProcessNameForm'
OC 2.5.6.11 ; applicationProcess
MUST 2.5.4.3 ) ; cn
4.8 alternateSpellingPLANameForm
( 2.16.840.1.101.2.2.4.4 NAME 'alternateSpellingPLANameForm'
OC 2.16.840.1.101.2.2.3.58 ; altSpellingACP127
MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127
DALLY Expires 22 March 2001 [Page 51]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
4.9 cadPLANameForm
( 2.16.840.1.101.2.2.4.6 NAME 'cadPLANameForm'
OC 2.16.840.1.101.2.2.3.28 ; cadACP127
MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127
4.10 cRLDistPtNameForm
( 2.5.15.14 NAME 'cRLDistPtNameForm'
OC 2.5.6.19 ; cRLDistributionPoint
MUST 2.5.4.3 ) ; cn
4.11 countryNameForm
( 2.5.15.0 NAME 'countryNameForm'
OC 2.5.6.2 ; country
MUST 2.5.4.6 ) ; countryName
4.12 deviceNameForm
( 2.5.15.13 NAME 'deviceNameForm'
OC 2.5.6.14 ; device
MUST 2.5.4.3 ) ; cn
4.13 distributionCodeDescriptionNameForm
( 2.16.840.1.101.2.2.4.23 NAME 'distributionCodeDescriptionNameForm'
OC 2.16.840.1.101.2.2.3.55 ; distributionCodeDescription
MUST 2.5.4.3 ) ; cn
4.14 dSANameForm
( 2.5.15.12 NAME 'dSANameForm'
OC 2.5.6.13 ; dSA
MUST 2.5.4.3 ) ; cn
4.15 dSSCSPLANameForm
( 2.16.840.1.101.2.2.4.41 NAME 'dSSCSPLANameForm'
OC 2.16.840.1.101.2.2.3.67 ; dSSCSPLA
MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127
4.16 gONNameForm
( 2.5.15.8 NAME 'gONNameForm'
OC 2.5.6.9 ; groupOfNames
MUST 2.5.4.3 ) ; cn
DALLY Expires 22 March 2001 [Page 52]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
4.17 locNameForm
( 2.5.15.1 NAME 'locNameForm'
OC 2.5.6.3 ; locality
MUST 2.5.4.7 ) ; localityName
4.18 messagingGatewayNameForm
( 2.16.840.1.101.2.2.4.28 NAME 'messagingGatewayNameForm'
OC 2.16.840.1.101.2.2.4.59 ; messagingGateway
MUST 2.5.4.3 ) ; cn
4.19 mhs-dLNameForm
( 2.16.840.1.101.2.2.4.29 NAME 'mhs-dLNameForm'
OC 2.6.5.1.0 ; mhs-distribution-list
MUST 2.5.4.3 ) ; cn
4.20 mLANameForm
( 2.16.840.1.101.2.2.4.9 NAME 'mLANameForm'
OC 2.16.840.1.101.2.2.3.31 ; mLA
MUST 2.5.4.3 ) ; cn
4.21 mLAgentNameForm
( 2.16.840.1.101.2.2.4.40 NAME 'mLAgentNameForm'
OC 2.16.840.1.101.2.2.3.64 ; mLAgent
MUST 2.5.4.3 ) ; cn
4.22 mSNameForm
( 2.16.840.1.101.2.2.4.24 NAME 'mSNameForm'
OC 2.6.5.1.1 ; mhs-message-store
MUST 2.5.4.3 ) ; cn
4.23 mTANameForm
( 2.16.840.1.101.2.2.4.25 NAME 'mTANameForm'
OC 2.6.5.1.2 ; mhs-message-transfer-agent
MUST 2.5.4.3 ) ; cn
4.24 mUANameForm
( 2.16.840.1.101.2.2.4.26 NAME 'mUANameForm'
OC 2.6.5.1.4 ; mhs-user-agent
MUST 2.5.4.3 ) ; cn
DALLY Expires 22 March 2001 [Page 53]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
4.25 organizationalPLANameForm
( 2.16.840.1.101.2.2.4.12 NAME 'organizationalPLANameForm'
OC 2.16.840.1.101.2.2.3.34 ; orgACP127
MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127
4.26 organizationNameForm
( 2.16.840.1.101.2.2.4.35 NAME 'organizationNameForm'
OC 2.5.6.4 ; organization
MUST 2.5.4.10 ; organizationName
MAY 2.5.4.46 ) ; dnQualifier
4.27 orgRNameForm
( 2.16.840.1.101.2.2.4.37 NAME 'orgRNameForm'
OC 2.5.6.8 ; organizationalRole
MUST 2.5.4.3 ; cn
MAY 2.5.4.46 ) ; dnQualifier
4.28 orgUNameForm
( 2.16.840.1.101.2.2.4.38 NAME 'orgUNameForm'
OC 2.5.6.5 ; organizationalUnit
MUST 2.5.4.11 ; organizationalUnitName
MAY 2.5.4.46 ) ; dnQualifier
4.29 plaCollectiveNameForm
( 2.16.840.1.101.2.2.4.13 NAME 'plaCollectiveNameForm'
OC 2.16.840.1.101.2.2.3.35 ; plaCollectiveACP127
MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127
4.30 qualifiedOrgPersonNameForm
( 2.16.840.1.101.2.2.4.36 NAME 'qualifiedOrgPersonNameForm'
OC 2.5.6.7 ; organizationalPerson
MUST 2.5.4.3 ; cn
MAY ( 2.5.4.46 ; dnQualifier
$ 2.5.4.11 ) ; organizationalUnitName
4.31 releaseAuthorityPersonNameForm
( 2.16.840.1.101.2.2.4.32 NAME 'releaseAuthorityPersonNameForm'
OC 2.16.840.1.101.2.2.3.63 ; releaseAuthorityPerson
MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName
4.32 releaseAuthorityPersonANameForm
( 2.16.840.1.101.2.2.4.39 NAME 'releaseAuthorityPersonANameForm'
OC 2.16.840.1.101.2.2.3.65 ; releaseAuthorityPersonA
MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName
DALLY Expires 22 March 2001 [Page 54]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
4.33 routingIndicatorNameForm
( 2.16.840.1.101.2.2.4.15 NAME 'routingIndicatorNameForm'
OC 2.16.840.1.101.2.2.3.37 ; routingIndicator
MUST 2.16.840.1.101.2.2.1.77 ) ; rI
4.34 sigintPLANameForm
( 2.16.840.1.101.2.2.4.16 NAME 'sigintPLANameForm'
OC 2.16.840.1.101.2.2.3.38 ; sigintPLA
MUST 2.16.840.1.101.2.2.1.85 ) ; sigad
4.35 sIPLANameForm
( 2.16.840.1.101.2.2.4.17 NAME 'sIPLANameForm'
OC 2.16.840.1.101.2.2.3.39 ; sIPLA
MUST 2.16.840.1.101.2.2.1.63 ) ; longTitle
4.36 sOPNameForm
( 2.5.15.2 NAME 'sOPNameForm'
OC 2.5.6.3 ; locality
MUST 2.5.4.8 ) ; stateOrProvinceName
4.37 spotPLANameForm
( 2.16.840.1.101.2.2.4.18 NAME 'spotPLANameForm'
OC 2.16.840.1.101.2.2.3.40 ; spotPLA
MUST 2.16.840.1.101.2.2.1.86 ) ; spot
4.38 taskForcePLANameForm
( 2.16.840.1.101.2.2.4.19 NAME 'taskForcePLANameForm'
OC 2.16.840.1.101.2.2.3.41 ; taskForceACP127
MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127
4.39 tenantPLANameForm
( 2.16.840.1.101.2.2.4.20 NAME 'tenantPLANameForm'
OC 2.16.840.1.101.2.2.3.42 ; tenantACP127
MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127
DALLY Expires 22 March 2001 [Page 55]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
5. MATCHING RULES
5.1 addressCapabilitiesMatch Matching Rule
( 2.6.5.4.1 NAME 'addressCapabilitiesMatch'
SYNTAX 2.16.840.1.101.2.2.2.16 ) ; Address Capabilities syntax
5.2 capabilityMatch Matching Rule
( 2.6.5.4.2 NAME 'capabilityMatch'
SYNTAX 2.16.840.1.101.2.2.2.13 ) ; Capability syntax
5.3 oRAddressMatch Matching Rule
( 2.6.4.8.14 NAME 'oRAddressMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.33 )
5.4 oRNameExactMatch Matching Rule
( 2.6.5.4.0 NAME 'oRNameExactMatch'
SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax
5.5 caseIgnoreListSubstringsMatch Matching Rule
( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) ; Substring Assertion
5.6 booleanMatch Matching Rule
( 2.5.13.13 NAME 'booleanMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) ; BOOLEAN
DALLY Expires 22 March 2001 [Page 56]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
6. ATTRIBUTE SYNTAXES
6.1 aCPLegacyFormat Attribute Syntax
( 2.16.840.1.101.2.2.2.17 DESC 'aCPLegacyFormat syntax' )
The encoding of a value in this syntax is any one of the INTEGER
values: 0 - 15 or 32 - 48 where:
0 means JANAP128,
1 means ACP126,
2 means DOI103,
3 means DOI103Special,
4 means ACP127,
5 means ACP127Converted,
(6 means Reserved1),
7 means ACP127State,
8 means ACP127Modified,
9 means SOCOMMSpecial,
10 means SOCOMMNarrative,
(11 means Reserved2),
12 means SOCOMMNarrativeSpecial,
13 means SOCOMMData,
14 means SOCOMMInternal,
15 means SOCOMMExternal, and
32 - 48 means national or bilateral use.
6.2 aCPPreferredDelivery Attribute Syntax for the
aCPPreferredDelivery Attribute
( 2.16.840.1.101.2.2.2.6 DESC 'aCPPreferredDelivery syntax' )
The encoding of a value in this syntax is any one of the INTEGER
values: 0, 1, or 2, where:
0 means SMTP,
1 means ACP 127, and
2 means MHS
6.3 aCPTelephoneFaxNumber Attribute Syntax
( 2.16.840.1.101.2.2.2.1 DESC 'aCPTelephoneFaxNumber syntax' )
Values in this syntax are encoded according to the following BNF:
aCPTelephoneFaxNumber = netid ", " telephonenum [ ", "
securedevid ]
nocommap = a /d / """ / "(" / ")" / "+" / "-" / "." / "/" /
":" / "?" / " "
netid = 1*6nocommap
DALLY Expires 22 March 2001 [Page 57]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
telephonenum = 1*32nocommap
securdevid = 1*8p
For more information, see ACP 133 [1], Annex B, clause 24.
6.4 AddressCapabilities Attribute Syntax from X.402 [17]
( 2.16.840.1.101.2.2.2.16 DESC 'AddressCapabilities' )
Values in this syntax are encoded according to the following BNF:
addresscapabilities = [ "description=" generalstring ]
"address=" oraddress
"capabilities=" [ capability *( "$"capability ) ]
generalstring = ; The encoding of a value in this element
; of the syntax is the string value itself.
oraddress = ; MHS OR Address syntax
; 1.3.6.1.4.1.1466.115.121.1.33
capability = ; capability syntax 2.16.840.1.101.2.2.2.13
6.5 Addressees Attribute Syntax
( 2.16.840.1.101.2.2.2.2 DESC 'Addressees' )
Values in this syntax are encoded according to the following BNF:
addressees = [ 1*55p *( "$" 1*55p ) ]
That is, if the Addressees value is an empty sequence, the result
is the empty or zero length string. Otherwise, the output consists
of the PrintableString encoding of each element in the sequence,
in the same order as in the sequence with "$" between the elements.
6.6 addressListType Attribute Syntax for the aLType Attribute
( 2.16.840.1.101.2.2.2.8 DESC 'addressListType' )
Values in this syntax are encoded according to the following BNF:
addressListType = [ "-" ] numericstring ; an INTEGER, where:
; 0 means AIG,
; 1 means TYPE,
; 2 means CAD, and
; 3 means TASKFORCE
Note that future definitions of this syntax may assign a standard
meaning to another integer value, e.g., 4 means XXX.
DALLY Expires 22 March 2001 [Page 58]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
6.7 Capability Attribute Syntax from X.402 [17]
( 2.16.840.1.101.2.2.2.13 DESC 'Capability' )
Values in this syntax are encoded according to the following BNF:
capability = [ "content-types="
[numericoid *( ", " numericoid) ] ]
[ "maximum-content-length=" numericstring ]
; an INTEGER in the range 0 - 2147483647
[ "encoded-information-types-constraints="
[ "unaccept eits" unacceptable-eits ]
[ "accept eits" acceptable-eits ]
[ "only eits"
exclusively-acceptable-eits ] ]
[ "security-labels=" securitycontext ]
unacceptable-eits = extendedencodedeits
acceptable-eits = extendedencodedeits
exclusively-acceptable-eits = extendedencodedeits
extendedencodedeits = numericoid *1023( ", "numericoid )
securitycontext = securitylabel *255securitylabel
securitylabel = [ "security-policy-id=" numericoid ]
[ "security-classification=" numericstring ]
; an INTEGER in the range 0 - 256, where
; 0 means Unmarked,
; 1 means Unclassified,
; 2 means Restricted,
; 3 means Confidential,
; 4 means Secret, and
; 5 means Top Secret
[ "privacy-mark=" 1*128p ]
[ "security-categories=" securitycategories ]
securitycategories = ; the BER encoding of the set of type
; and value pairs for the instances of any
; data types that are specified to be
; SECURITY-CATEGORY types
6.8 Classification Attribute Syntax
( 2.16.840.1.101.2.2.2.4 DESC 'Classification' )
DALLY Expires 22 March 2001 [Page 59]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
The encoding of a value in this syntax is any one of the INTEGER
values: 0, 1, 2, 3, 4, or 5, where:
0 means unmarked,
1 means unclassified,
2 means restricted,
3 means confidential,
4 means secret, and
5 means top secret
6.9 Community Abstract Syntax for the community Attribute
( 2.16.840.1.101.2.2.2.5 DESC 'Community syntax' )
The encoding of a value in this syntax is any one of the INTEGER
values: 0, 1, or 2, where:
0 means GENSER,
1 means SI, and
2 means both
6.10 DLPolicy Attribute Syntax from X.402 [17]
( 2.16.840.1.101.2.2.2.14 DESC 'DLPolicy' )
Values in this syntax are encoded according to the following BNF:
dlpolicy = [ "report-propagation=" [ "-" ] numericstring ]
; where 0 means previous-dl-or-originator,
; 1 means dl-owner, and
; 2 means both
[ "report-from-dl=" [ "-" ] numericstring ]
; where 0 means whenever-requested and
; 1 means when-no-propagation
[ "originating-MTA-report=" [ "-" ] numericstring ]
; where 0 means unchanged,
; 2 means report,
; 3 means non-delivery-report, and
; 4 means audited-report
[ "originator-report=" [ "-" ] numericstring ]
; where 0 means unchanged,
; 1 means no-report,
; 2 means report, and
; 3 means non-delivery-report
[ "return-of-content=" numericstring ]
; an INTEGER in the range 0 - 2, where
; 0 means unchanged,
; 1 means content-return-not-requested,
; and 2 means content-return-requested
[ "priority=" [ "-" ] numericstring ] ; where
; 0 means unchanged,
; 1 means normal,
DALLY Expires 22 March 2001 [Page 60]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
; 2 means non-urgent, and
; 3 means urgent
[ "disclosure-of-other-recipients=" numericstring ]
; an INTEGER in the range 0 - 2, where
; 0 means unchanged,
; 1 means disclosure-of-other-recipients-prohibited,
; and 2 means disclosure-of-other-recipients-allowed
[ "implicit-conversion-prohibited=" numericstring ]
; an INTEGER in the range 0 - 2, where
; 0 means unchanged,
; 1 means implicit-conversion-allowed, and
; 2 means implicit-conversion-prohibited
[ "conversion-with-loss-prohibited=" numericstring ]
; an INTEGER in the range 0 - 2, where
; 0 means unchanged,
; 1 means conversion-with-loss-allowed, and
; 2 means conversion-with-loss-prohibited
[ "further-dl-expansion-allowed=" ( "TRUE" /
"FALSE") ]
[ "originator-requested-alternate-recipient-removed="
( "TRUE" / "FALSE" ) ]
[ "proof-of-delivery=" [ "-" ] numericstring ]
; where 0 means dl-expansion-point,
; 1 means dl-members,
; 2 means both, and
; 3 means neither
[ "requested-delivery-method=" ( "unchanged" /
"removed" /
( "replaced: " requested-delivery-method ) ) ]
requested-delivery-method = [ delivery-methods
*( ", " delivery-methods ) ]
delivery-methods = numericstring ; an INTEGER in the range
; 0 - 256, where
; 0 means any-delivery-method, 1 means
; mhs-delivery, 2 means physical-delivery,
; 3 means telex-delivery,
; 4 means teletex-delivery,
; 5 means g3-facsimile-delivery,
; 6 means g4-facsimile-delivery,
; 7 means ia5-terminal-delivery,
; 8 means videotex-delivery, and
; 9 means telephone-delivery
DALLY Expires 22 March 2001 [Page 61]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
6.11 DLSubmitPermission Attribute Syntax from X.402 [17]
( 2.16.840.1.101.2.2.2.15 DESC 'DLSubmitPermission' )
Values in this syntax are encoded according to the following BNF:
dlsubmitpermission = ( "individual=" orname ) /
("member-of-dl=" orname ) /
("pattern-match=" orname ) /
( "member-of-group=" name )
orname = ; O/R Name syntax 2.16.840.1.101.2.2.2.10
name = ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12
6.12 MLReceiptPolicy Attribute Syntax
( 2.16.840.1.101.2.2.2.9 DESC 'MLReceiptPolicy' )
Values in this syntax are encoded according to the following BNF:
mLReceiptPolicy = none / insteadof / inadditionto
none = "none"
insteadof = "instead of" generalnames *15( "$" generalnames )
inadditionto = "in addition to" generalnames
*15( "$" generalnames )
generalnames = generalname *( "%" generalname )
generalname = ( "otherName = " othername ) /
( "rfc822Name = " ia5string ) /
( "dNSName = " ia5string ) /
( "x400Address = " oraddress ) /
( "directoryName = " name ) /
( "ediPartyName = "
[ "nameAssigner:" directorystring ]
"partyName:" directorystring ) /
( "uniformResourceIdentifier = " ia5string ) /
( "iPAddress = " octetstring ) /
( "registeredID = " numericoid )
othername = ; the BER encoding of the type and value pair
; for an instance of any data type that is
; specified to be an OTHER-NAME type.
ia5string = ; IA5 String syntax 1.3.6.1.4.1.1466.115.121.1.26
oraddress = ; MHS OR Address syntax
; 1.3.6.1.4.1.1466.115.121.1.33
DALLY Expires 22 March 2001 [Page 62]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
name = ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12
directorystring = ; Directory String syntax
; 1.3.6.1.4.1.1466.115.121.1.15
octetstring = ; Octet String syntax
; 1.3.6.1.4.1.1466.115.121.1.40
6.13 ORName Attribute Syntax from X.411 [18]
( 2.16.840.1.101.2.2.2.10 DESC 'ORName' )
Values in this syntax are encoded according to the following BNF:
oRName = oraddress [ "|" name ]
oraddress = ; MHS OR Address syntax
; 1.3.6.1.4.1.1466.115.121.1.33
name = ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12
6.14 otherNotificationsSupported Abstract Syntax for the onSupported
Attribute
( 2.16.840.1.101.2.2.2.3 DESC 'otherNotificationsSupported' )
Values in this syntax are encoded according to the following BNF:
otherNotificationsSupported = namedbits / bitstring
namedbits = "{" [ namedbit *( "," namedbit ) ] "}"
namedbit = "acp127-nn" / "acp127-pn" / "acp127-tn"
bitstring = "'" *binary-digit "'B"
binary-digit = "0" / "1"
The presence of the name of a namedbit in the namedbits
alternative means that the value of the bit is 1. The value of
an absent namedbit is 0.
6.15 Remarks Attribute Syntax
( 2.16.840.1.101.2.2.2.11 DESC 'Remarks syntax' )
Values in this syntax are encoded according to the following BNF:
remarks = [ *p *( "$" *p ) ]
DALLY Expires 22 March 2001 [Page 63]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
6.16 RIParameters Attribute Syntax
( 2.16.840.1.101.2.2.2.12 DESC 'RIParameters' )
Values in this syntax are encoded according to the following BNF:
rIParameters = "rI=" *p whsp
"rIType=" numericstring whsp ; an INTEGER in
; the range 0 - 2, where
; 0 means normal,
; 1 means off-line, and
; 2 means partTimeTerminal
"minimize=FALSE" whsp ; not used anymore
"sHD=" *p whsp
"classification=" numericstring ; an INTEGER
; in the range 0 - 5, where
; 0 means unmarked,
; 1 means unclassified,
; 2 means restricted,
; 3 means confidential,
; 4 means secret, and
; 5 means top secret
DALLY Expires 22 March 2001 [Page 64]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
7. EXAMPLE CONTENT RULES
The content rules given in ACP 133(B) [1] are examples, not
requirements. The rules included in this document are examples
to aid in the specification of similar content rules, especially
those derived from these examples.
7.1 aCPApplicationEntityRuleEdA Content Rule
( 2.5.6.12 NAME 'aCPApplicationEntityRuleEdA'
; applicationEntity object class
AUX ( 2.5.6.22 $ ; pkiCA
2.16.840.1.101.2.2.3.66 ) ; securePkiUser
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.5.4.46 $ ; dnQualifier
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.2 aCPCRLDistributionPointRule Content Rule
( 2.5.6.19 NAME 'aCPCRLDistributionPointRule'
; cRLDistributionPoint object class
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.3 aCPDeviceRuleEdA Content Rule
( 2.5.6.14 NAME 'aCPDeviceRuleEdA' ; device object class
AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.4 aCPDSARuleEdA Content Rule
( 2.5.6.13 NAME 'aCPDSARuleEdA' ; dSA object class
AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.5 aCPGroupOfNamesRule Content Rule
( 2.5.6.9 NAME 'aCPGroupOfNamesRule'
; groupOfNames object class
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
DALLY Expires 22 March 2001 [Page 65]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
7.6 aCPLocalityRule Content Rule
( 2.5.6.3 NAME 'aCPLocalityRule'
; locality object class
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.7 aCPMhs-distribution-listRule Content Rule
( 2.6.5.1.0 NAME 'aCPMhs-distribution-listRule'
; mhs-distribution-list object class
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.8 aCPMhs-message-storeRuleEdA Content Rule
( 2.6.5.1.1 NAME 'aCPMhs-message-storeRuleEdA'
; mhs-message-store object class
AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.9 aCPMhs-message-transfer-agentRuleEdA Content Rule
( 2.6.5.1.2 NAME 'aCPMhs-message-transfer-agentRuleEdA'
; mhs-message-transfer-agent object class
AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.10 aCPMhs-user-agentRule Content Rule
( 2.6.5.1.4 NAME 'aCPMhs-user-agentRule'
; mhs-user-agent object class
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.11 aCPOrganizationalPersonRuleEdB Content Rule
( 2.5.6.7 NAME 'aCPOrganizationalPersonRuleEdB'
; organizationalPerson object class
AUX ( 2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled
2.6.5.1.3 $ ; mhs-user
2.16.840.1.101.2.2.3.62 $ ; otherContactInformation
2.16.840.1.101.2.2.3.66 $ ; securePkiUser
2.16.840.1.101.2.1.4.16 ) ; ukms
DALLY Expires 22 March 2001 [Page 66]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
MAY ( 2.16.840.1.101.2.2.1.142 $ ; aCPLegacyFormat
2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.3 $ ; alternateRecipient
2.5.4.15 $ ; businessCategory
2.16.840.1.101.2.2.1.139 $ ; deployed
2.5.4.46 $ ; dnQualifier
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 $ ; expirationDate
2.16.840.1.101.2.2.1.140 $ ; garrison
2.16.840.1.101.2.2.1.117 $ ; guard
2.16.840.1.101.2.2.1.61 $ ; listPointer
2.16.840.1.101.2.2.1.68 $ ; nationality
2.16.840.1.101.2.2.1.125 $ ; positionNumber
2.16.840.1.101.2.2.1.133 $ ; rank
0.9.2342.19200300.100.1.3 $ ; rfc822Mailbox
2.16.840.1.101.2.2.1.129 ) ) ; serviceNumber
7.12 aCPOrganizationalRoleRuleEdB Content Rule
( 2.5.6.8 NAME 'aCPOrganizationalRoleRuleEdB'
; organizationalRole object class
AUX ( 2.5.6.22 $ ; pkiCA
2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled
2.6.5.1.3 $ ; mhs-user
2.16.840.1.101.2.2.3.62 $ ; otherContactInformation
2.16.840.1.101.2.2.3.66 $ ; securePkiUser
2.16.840.1.101.2.1.4.16 ) ; ukms
MAY ( 2.16.840.1.101.2.2.1.142 $ ; aCPLegacyFormat
2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.3 $ ; alternateRecipient
2.5.4.15 $ ; businessCategory
2.16.840.1.101.2.2.1.139 $ ; deployed
2.5.4.46 $ ; dnQualifier
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 $ ; expirationDate
2.16.840.1.101.2.2.1.140 $ ; garrison
2.16.840.1.101.2.2.1.117 $ ; guard
2.16.840.1.101.2.2.1.61 $ ; listPointer
2.16.840.1.101.2.2.1.68 $ ; nationality
0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox
7.13 aCPOrganizationalUnitRuleEdB Content Rule
( 2.5.6.5 NAME 'aCPOrganizationalUnitRuleEdB'
; organizationalUnit object class
AUX ( 2.5.6.22 $ ; pkiCA
2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled
2.6.5.1.3 $ ; mhs-user
2.16.840.1.101.2.2.3.62 $ ; otherContactInformation
2.16.840.1.101.2.2.3.56 $ ; plaUser
2.16.840.1.101.2.2.3.66 $ ; securePkiUser
2.16.840.1.101.2.1.4.16 ) ; ukms
DALLY Expires 22 March 2001 [Page 67]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
MAY ( 2.16.840.1.101.2.2.1.142 $ ; aCPLegacyFormat
2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.3 $ ; alternateRecipient
2.16.840.1.101.2.2.1.6 $ ; associatedPLA
2.16.840.1.101.2.2.1.139 $ ; deployed
2.5.4.46 $ ; dnQualifier
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 $ ; expirationDate
2.16.840.1.101.2.2.1.140 $ ; garrison
2.16.840.1.101.2.2.1.117 $ ; guard
2.16.840.1.101.2.2.1.61 $ ; listPointer
2.16.840.1.101.2.2.1.68 $ ; nationality
0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox
7.14 aCPOrganizationRuleEdB Content Rule
( 2.5.6.4 NAME 'aCPOrganizationRuleEdB'
; organization object class
AUX ( 2.5.6.22 $ ; pkiCA
2.16.840.1.101.2.2.3.62 ) ; otherContactInformation
MAY ( 2.16.840.1.101.2.2.1.142 $ ; aCPLegacyFormat
2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.5.4.46 $ ; dnQualifier
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.15 aCPRoutingIndicatorRuleEdB Content Rule
( 2.16.840.1.101.2.2.3.37 NAME 'aCPRoutingIndicatorRuleEdB'
; routingIndicator
MAY ( 2.16.840.1.101.2.2.1.144 $ ; tCCG
2.16.840.1.101.2.2.1.76 ) ) ; remarks
7.16 addressListRuleEdA Content Rule
( 2.16.840.1.101.2.2.3.57 NAME 'addressListRuleEdA'
; addressList object class
AUX ( 2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled
2.6.5.1.3 $ ; mhs-user
2.16.840.1.101.2.2.3.56 $ ; plaUser
2.16.840.1.101.2.2.3.66 $ ; securePkiUser
2.16.840.1.101.2.1.4.16 ) ; ukms
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.3 $ ; alternateRecipient
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 $ ; expirationDate
2.16.840.1.101.2.2.1.117 $ ; guard
2.16.840.1.101.2.2.1.61 $ ; listPointer
0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox
DALLY Expires 22 March 2001 [Page 68]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
7.17 aliasCommonNameRule Content Rule
( 2.16.840.1.101.2.2.3.52 NAME 'aliasCommonNameRule'
; aliasCommonName object class
MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.18 aliasOrganizationalUnitRule Content Rule
( 2.16.840.1.101.2.2.3.53 NAME 'aliasOrganizationalUnitRule'
; aliasOrganizationalUnit object class
MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.19 distributionCodeDescriptionRule Content Rule
( 2.16.840.1.101.2.2.3.55 NAME 'distributionCodeDescriptionRule'
; distributionCodeDescription object class
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.20 messagingGatewayRuleEdA Content Rule
( 2.16.840.1.101.2.2.3.59 NAME 'messagingGatewayRuleEdA'
; messagingGateway object class
AUX ( 2.16.840.1.101.2.2.3.66 $ ; securePkiUser
2.16.840.1.101.2.1.4.16 ) ; ukms
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 $ ; expirationDate
2.16.840.1.101.2.2.1.117 $ ; guard
2.16.840.1.101.2.2.1.138 $ ; plasServed
0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox
7.21 mLAgentRule Content Rule
( 2.16.840.1.101.2.2.3.64 NAME 'mLAgentRule'
; mLAgent object class
MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer
2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.22 networkEdBRule Content Rule
( 2.16.840.1.101.2.2.3.68 NAME 'networkEdBRule'
; aCPNetworkEdB object class
MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
DALLY Expires 22 March 2001 [Page 69]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
7.23 networkInstructionsEdBRule Content Rule
( 2.16.840.1.101.2.2.3.69 NAME 'networkInstructionsEdBRule'
; aCPNetworkInstructionsEdB object class
MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.24 rAPersonRuleEdA Content Rule
( 2.16.840.1.101.2.2.3.65 NAME 'rAPersonRuleEdA'
; releaseAuthorityPersonA object class
MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate
2.16.840.1.101.2.2.1.57 ) ) ; expirationDate
7.25 sigintPLARule Content Rule
( 2.16.840.1.101.2.2.3.38 NAME 'sigintPLARule'
; sigintPLA object class
MAY 2.16.840.1.101.2.2.1.4 ) ; associatedOrganization
7.26 spotPLARule Content Rule
( 2.16.840.1.101.2.2.3.40 NAME 'spotPLARule'
; spotPLA object class
MAY 2.16.840.1.101.2.2.1.113 ) ; associatedAL
DALLY Expires 22 March 2001 [Page 70]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
8. STRUCTURE RULES
There are no structure rules defined in ACP 133(B) [1]
9. SECURITY CONSIDERATIONS
Attributes of directory entries are used to provide descriptive
information about the real-world objects they represent, which can
be people, organizations or devices. Most countries have privacy
laws regarding the publication of information about people.
Some of the object classes and attributes in this document support
the use of a directory as part of a PKI. This schema also holds
information so that components of a variety of network
applications, including the directory service, can be strongly
authenticated to one another and with users.
DALLY Expires 22 March 2001 [Page 71]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
10. REFERENCES
[1] Common Directory Services and Procedures, ACP 133 Edition B,
March 2000
[2] Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight
X.500 Directory Access Protocol (v3): Attribute Syntax
Definitions", RFC 2252, December 1997
[3] Wahl, M., "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC 2256, December 1997
[4] ACP 127, "Communications Instructions - Tape Relay Procedures"
[5] JANAP 128(I), Joint Chiefs of Staff, May 1983, Automatic
Digital Network (AUTODIN) Operating Procedures
[6] ACP 123, "Common Messaging Strategy and Procedures",
November, 1994
[7] NATO APP-3, "NATO Subject Indicator System (NASIS) -
publication 3", Oct. 1982
[8] ITU-T Recommendation X.521 (1993 & 1997) | ISO/IEC 9594-7:
1995 & 1997, "Information technology - Open Systems
Interconnection - The Directory: Selected object classes"
[9] RFC 2587, "Internet X.509 Public Key Infrastructure
LDAPv2 Schema", June 1999
[10] ITU-T Recommendation X.520 (1993 & 1997) | ISO/IEC 9594-6:
1995 & 1997, "Information technology - Open Systems
Interconnection - The Directory: Selected attribute types"
[11] ACP 120, "Common Security Protocol (CSP)", final draft
[12] STANAG 4406, "NATO Reference Model for Open Systems
Interconnection -Military Message Handling Systems"
[13] Barker, P. and Kille, S., "The COSINE and Internet X.500
Schema", RFC 1274, November 1991
[14] ISO 3166-1: 1997, "Codes for the representation of names of
countries and their subdivsions - part 1: Country codes"
[15] ACP 117, "Allied Routing Indicator Book"
[16] RFC 822, "STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT
MESSAGES", August 13, 1982
DALLY Expires 22 March 2001 [Page 72]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
[17] ITU-T Recommendation X.402 (1995)/ISO/IEC 10021-2: 1996,
"Information Technology - Message Handling Systems (MHS) -
Overall Architecture"
[18] ITU-T Recommendation X.411 (1995)/ISO/IEC 10021-4: 1996,
"Information Technology - Message Handling Systems (MHS) -
Message Transfer System: Abstract Service Definition
and Procedure"
[19] Smith, M., "Definition of the inetOrgPerson LDAP Object
Class", RFC 2798, April 2000
DALLY Expires 22 March 2001 [Page 73]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
11. ABBREVIATIONS
ACP Allied Communications Publication
AE Application Entity
AIG Address Indicator Group
AL Address List
ALID AL Identifier
ASN.1 Abstract Syntax Notation One
AUTODIN Automatic Digital Network
BER Basic Encoding Rules
BNF Backus-Naur Form
C Country
CA Certification Authority
CAD Collective Address Designator
CCEB Combined Communications Electronics Board
CCITT The International Telegraph and Telephone
Consultative Committee
CMI Certificate Management Infrastructure
CN Common Name
CRL Certificate Revocation List
DAP Directory Access Protocol
DFTS Defence Fixed Telecommunications Service
DIB Directory Information Base
DL Distribution List
DN Distinguished Name
DODAAC Department of Defense Activity Accounting Code
DSA Directory System Agent
DSN Defense Switched Network (DSN)
EIT Encoded Information Type
FAX Facsimile
GENSER General Service
GHP Gateway Handling Policy
GON Group of Names
IA5 International Alphabet Number 5
IEC International Electrotechnical Commission
IETF Internet Engineering Task Force
ISDN Integrated Services Digital Network
ISO International Organization for Standardization
ITU-T International Telecommunication Union-
Telecommunication Standardization Sector
JANAP Joint Army, Navy, Air Force Procedure
L Locality
LDAP Lightweight Directory Access Protocol
LMF Language and Media Format
LOC Locality
MCS Message Conversion System
MHS Message Handling System
ML Mail List
MLA Mail List Agent
MMHS Military Message Handling System
MS Message Store
MTA Message Transfer Agent
DALLY Expires 22 March 2001 [Page 74]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
MTS Message Transfer System
MUA Messaging User Agent
NASIS NATO Subject Indicator System
NAVCOMPARS Naval Communications Processing and Routing System
O Organization
ON Other Notification
O/R, OR Originator/Recipient
ORG Organizational
OU Organizational Unit
PKI Public Key Infrastructure
PLA Plain Language Address
PSTN Public Switched Telephone Network
R Role
RA Release Authority
RAN Release Authority Name
RDN Relative Distinguished Name
RFC Request for Comments
RI Routing Indicator
SHD Special Handling Designator
SI Special Intelligence
SIC Subject Indicator Code
SIGAD SIGINT Address
SIGINT Signal Intelligence
SMTP Simple Mail Transfer Protocol
SOP State or Province
ST State or Province Name
STU Secure Telephone Unit
TARE Telegraph Automatic Relay Equipment
TCC Transmission Control Code
TRC Transmission Release Code
U Unit
UA User Agent
UKM User Key Material
DALLY Expires 22 March 2001 [Page 75]
INTERNET-DRAFT ACP 133 Common Content and LDAP 22 September 2000
12. ACKNOWLEDGEMENTS
This document was prepared with the help and advice of
two organizations:
CCEB ACP 133 Task Force
IETF LDAP Extensions Working Group
Thanks to thanks to the members of these groups for their
criticism, corrections, and feedback.
13. AUTHOR'S ADDRESS
Kathy Dally
The MITRE Corp.
1820 Dolley Madison Blvd.
McLean, VA 22102
USA
e-mail: kdally@mitre.org
telephone: +1 703 883 6058
fax: +1 703 883 7142
DALLY Expires 22 March 2001 [Page 76]