Dashboard > openOSI Object Identifier name space > ... > >
  openOSI Object Identifier name space Log In   View a printable version of the current page.
Added by Jose REMY, last edited by Jose REMY on Aug 01, 2007

( DESC 'participants' )

PKI participants

This object identifier (OID) describes openOSI PKI participants.

ASN1 notation: {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0) introduction(1) participants(3)}
URN notation: urn:oid:
IETF DOT notation:
BNF notation (RFC822 Backus-Naur form): ( DESC 'participants' )
Description: PKI participants - PARTICIPANTS

This document identifies and introduces the set of provisions, and indicates the types of entities and applications for which this CP / CPS is targeted.

PKI participants to openOSI Certification authority (CA)

  • Certification authorities: The openOSI certification authority is openOSI as defined by OID
  • Registration authorities: The RA collects and verifies each Subscriber's identity and information for inclusion in the Subscriber's public key certificate. This process is mainly undertaken by "software workers", that is pieces of software running on openOSI computers. In some cases (level of assurance 3 and 4), the registration authority is the same as the Certification authority authorized staff. Few certificates of class 3 and 4 are delivered, mainly for cooperation purposes or for internal staff. RA pieces of software come from open source community and from development from openOSI Certification authority authorized staff.
  • Subscribers: They are mainly members of the open source community, but it could be anyone. Limitation apply for some countries, based on law concerning counter terrorism and fight against organized crime. Detailed procedures are defined in validation []. When a country is at risk (records of terrorism or organized crime activity) no class 1 and class 2 certificates may be delivered, only class 3 and 4 which rely on strong identification procedures. It means that free certificates are not available for citizen located in a country at risk. A country is considered at risk by openOSI if listed so by European Union, United States of America, Canada, Russia, China, India or Japan. In addition all countries under civil war or mass crimes circumstances are considered at risk. Localization of a subscriber relies on scores of several open source geo IP software and data bases. When a subscriber is located behind a proxy registration may be refused depending on this proxy policy. It is on the roadmap to check geographical location of mail server (MX records) for e-mail addresses.
  • Relying parties: A Relying Party uses a Subscriber's certificate to verify the integrity of a digitally signed message, to identify the creator of a message, or to establish confidential communications with the Subscriber. The Relying Party is responsible for deciding whether or how to check the validity of the certificate by checking the appropriate certificate status information. A Relying Party may use information in the certificate (such as certificate policy identifiers) to determine the suitability of the certificate for a particular use. This CP makes no assumptions or limitations regarding the identity of Relying Parties. While Relying Parties are generally Subscribers, Relying Parties are not required to have an established relationship with openOSI. Relying parties should also check
    • [] warranties
    • [] disclaimer
    • [] liability
    • [] indemnities
  • Other participants are mainly others Certification authorities that use cross certification with openOSI CA. When a cross certification authorithy trust an openOSI CA, it should map accepted openOSI policy to its own corresponding policy. When openOSI CA trust an other certification authority it will map accepted foreign policy to its own corresponding policy.


The objective is to help building a web of trust, and to facilitate Internet2 services implementation by the participants.


The usage of this common certificate policy is to be a single point of reference for others openOSI CP/CPS OID. This OID can be used by anyone under an LGPL license if corresponding policy is enforced.

XML format

	<asn1-notation>{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0) introduction(1) participants(3)}</asn1-notation>
	<description> PKI participants </description>
	<information>More <i>information</i> can be found in <a href="http://openosi.org/osi/display/oid/">PKI participants</a> </information>

Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.2 Build:#703 Mar 12, 2007) - Bug/feature request - Contact Administrators