An Internet Attribute Certificate Profile for Authorization
RFC 3281
Document | Type |
RFC - Proposed Standard
(May 2002; Errata)
Obsoleted by RFC 5755
|
|
---|---|---|---|
Authors | Russ Housley , Stephen Farrell | ||
Last updated | 2020-01-21 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3281 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group S. Farrell Request for Comments: 3281 Baltimore Technologies Category: Standards Track R. Housley RSA Laboratories April 2002 An Internet Attribute Certificate Profile for Authorization Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This specification defines a profile for the use of X.509 Attribute Certificates in Internet Protocols. Attribute certificates may be used in a wide range of applications and environments covering a broad spectrum of interoperability goals and a broader spectrum of operational and assurance requirements. The goal of this document is to establish a common baseline for generic applications requiring broad interoperability as well as limited special purpose requirements. The profile places emphasis on attribute certificate support for Internet electronic mail, IPSec, and WWW security applications. Table of Contents 1. Introduction................................................. 2 1.1 Delegation and AC chains............................... 4 1.2 Attribute Certificate Distribution ("push" vs. "pull"). 4 1.3 Document Structure..................................... 6 2. Terminology.................................................. 6 3. Requirements................................................. 7 4. Attribute Certificate Profile................................ 7 4.1 X.509 Attribute Certificate Definition................. 8 4.2 Profile of Standard Fields............................. 10 4.2.1 Version.......................................... 10 4.2.2 Holder........................................... 11 Farrell & Housley Standards Track [Page 1] RFC 3281 An Internet Attribute Certificate April 2002 4.2.3 Issuer........................................... 12 4.2.4 Signature........................................ 12 4.2.5 Serial Number.................................... 12 4.2.6 Validity Period.................................. 13 4.2.7 Attributes....................................... 13 4.2.8 Issuer Unique Identifier......................... 14 4.2.9 Extensions....................................... 14 4.3 Extensions............................................. 14 4.3.1 Audit Identity................................... 14 4.3.2 AC Targeting..................................... 15 4.3.3 Authority Key Identifier......................... 17 4.3.4 Authority Information Access..................... 17 4.3.5 CRL Distribution Points.......................... 17 4.3.6 No Revocation Available.......................... 18 4.4 Attribute Types........................................ 18 4.4.1 Service Authentication Information............... 19 4.4.2 Access Identity.................................. 19 4.4.3 Charging Identity................................ 20 4.4.4 Group............................................ 20 4.4.5 Role............................................. 20 4.4.6 Clearance........................................ 21 4.5 Profile of AC issuer's PKC............................. 22 5. Attribute Certificate Validation............................. 23 6. Revocation................................................... 24 7. Optional Features............................................ 25 7.1 Attribute Encryption................................... 25 7.2 Proxying............................................... 27 7.3 Use of ObjectDigestInfo................................ 28 7.4 AA Controls............................................ 29 8. Security Considerations...................................... 30 9. IANA Considerations.......................................... 32 10. References.................................................. 32 Appendix A: Object Identifiers.................................. 34 Appendix B: ASN.1 Module........................................ 35 Author's Addresses.............................................. 39Show full document text