Clearance Sponsor Attribute
RFC 5917

Document Type RFC - Informational (June 2010; Errata)
Was draft-turner-clearancesponsor-attribute (individual in sec area)
Author Sean Turner 
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5917 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Tim Polk
Send notices to
Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 5917                                          IECA
Category: Informational                                        June 2010
ISSN: 2070-1721

                      Clearance Sponsor Attribute


   This document defines the clearance sponsor attribute.  It indicates
   the entity that sponsored (i.e., granted) the clearance.  This
   attribute is intended for use in public key certificates and
   attribute certificates that also include the clearance attribute.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any
   errata, and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Turner                        Informational                     [Page 1]
RFC 5917               Clearance Sponsor Attribute             June 2010

1.  Introduction

   This document specifies the clearance sponsor attribute.  It is
   included in public key certificates [RFC5280] and attribute
   certificates [RFC5755].  This attribute is only meaningful as a
   companion of the clearance attribute [RFC5755] [RFC5912].  The
   clearance sponsor is the entity (e.g., agency, department, or
   organization) that granted the clearance to the subject named in the
   certificate.  For example, the clearance sponsor for a subject
   asserting the Amoco clearance values [RFC3114] could be

   This attribute may be used in automated authorization decisions.  For
   example, a web server deciding whether to allow a user access could
   check that the clearance sponsor present in the user's certificate is
   on an "approved" list.  This check is performed in addition to
   certification path validation [RFC5280].  The mechanism for managing
   the "approved" list is beyond the scope of this document.

   NOTE: This document does not provide an equivalent Lightweight
   Directory Access Protocol (LDAP) schema specification as this
   attribute is initially targeted at public key certificates [RFC5280]
   and attribute certificates [RFC5755].  Definition of an equivalent
   LDAP schema is left to a future specification.

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

1.2.  ASN.1 Syntax Notation

   The attribute is defined using ASN.1 [X.680], [X.681], [X.682], and

2.  Clearance Sponsor

   The clearance sponsor attribute, which is only meaningful if the
   clearance attribute [RFC5755] [RFC5912] is also present, indicates
   the sponsor of the clearance of the subject with which this attribute
   is associated.  The clearance sponsor attribute is a DirectoryString
   [RFC5280], which MUST use the UTF8String CHOICE, with a minimum size
   of 1 character and a maximum of 64 characters.

Turner                        Informational                     [Page 2]
RFC 5917               Clearance Sponsor Attribute             June 2010

   The following object identifier identifies the sponsor attribute:

   id-clearanceSponsor OBJECT IDENTIFIER ::= {
     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
     dod(2) infosec(1) attributes(5) 68

   The ASN.1 syntax for the clearance sponsor attribute is as follows:

   at-clearanceSponsor ATTRIBUTE ::= {
     TYPE                   DirectoryString { ub-clearance-sponsor }
                            ( WITH COMPONENTS { utf8String PRESENT } )
     IDENTIFIED BY          id-clearanceSponsor

   ub-clearance-sponsor INTEGER ::= 64

   There MUST only be one value of clearanceSponsor associated with a
Show full document text