Dashboard > openOSI Object Identifier name space > ... > >
  openOSI Object Identifier name space Log In   View a printable version of the current page.
Added by Jose REMY, last edited by Jose REMY on Aug 01, 2007

( DESC 'acronyms' )

Definitions and acronyms

This object identifier (OID) describes openOSI policy administration.

ASN1 notation: {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0) introduction(1) acronyms(6)}
URN notation: urn:oid:
IETF DOT notation:
BNF notation (RFC822 Backus-Naur form): ( DESC 'acronyms' )
Description: Definitions and acronyms - ACRONYMS

This document identifies and introduces the set of provisions, and indicates the types of entities and applications for which this CP / CPS is targeted.

openOSI Certification authority (CA) acronyms

BPEL Business Process Execution Language
BPELWS Business Process Execution Language for web services
CA Certification Authority
CAPP Controlled Access Protection Profile
CARL Certificate Authority Revocation List
CP Certificate Policy
CPS Certification Practice Statement
CRL Certificate Revocation List
DN Distinguished Name
DSA Digital Signature Algorithm
EAL Common Criteria's Evaluation Assurance Level (1 to 7)
IETF Internet Engineering Task Force
ISO International Organization for Standardization
ITU International Telecommunications Union
ITU-T International Telecommunications Union - Telecommunications Sector
LSPP Labeled Security Protection Profile
OID Object Identifier
PIN Personal Identification Number
PKCS Public Key Certificate Standard
PKI Public Key Infrastructure
PKIX Public Key Infrastructure X.509
RA Registration Authority
RBAC Role Based Access Control
RFC Request For Comments
RSA Rivest-Shamir-Adleman (encryption algorithm)
SHA-1 Secure Hash Algorithm, Version 1
S/MIME Secure Multipurpose Internet Mail Extension
SSL Secure Sockets Layer
UPS Uninterrupted Power Supply
URI Uniform Resource Identifier (larger scope than URL which is deprecated)
URL Uniform Resource Locator
WS Web Service
WWW World Wide Web

openOSI Certification authority (CA) definitions

Business Process Execution Language

Business Process Execution Language (BPEL) is a business process modeling language that is executable.


Process of associating two related elements of information.


A physical or behavioral characteristic of a human being.


Cryptographic set of data following X509 ISO standard

Certification Authority (CA)

An authority trusted by one or more users to issue and manage X.509 Public Key Certificates and CARLs or CRLs.

Certification Authority Revocation List (CARL)

A signed, time-stamped list of serial numbers of CA public key certificates, including cross-certificates, that have been revoked.

Certificate Policy (CP)

A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.

Certification Practice Statement (CPS)

A statement of the practices that a CA employs in issuing, suspending, revoking and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this CP, or requirements specified in a contract for services).

Certificate Revocation List (CRL)

Lists maintained by a Certification Authority of the certificates which it has issued that are revoked prior to their stated expiration date.


Web Service Choreography (WS-Choreography) is a specification by the W3C defining a XML-based business process modeling language that describes collaboration protocols of cooperating Web Service participants, in which services act as peers, and interactions may be long-lived and stateful.

Common Criteria

Common Criteria is an internationally recognized set of guidelines (ISO/ISE 15408), which define a common infrastructure for IT security products. The standard consists of several predetermined assurance levels that the vendor can choose to be tested against, each one more stringent than the last. Common Criteria certifications are mutually accepted by 21 countries, including the United States government, regardless of what country the product was validated. Both IBM , Hewlett-Packard Co. Novell SUSE and Red Hat have succeeded in getting flavors of Linux evaluated under the Common Criteria's Controlled Access Protection Profile (i.e EAL 3+ for most HP servers with Linux). Red Hat SElinux (release V) is currently certified for EAL 4 , and is presented for EAL 4+ certification by IBM along with Red Hat. No other operating system has received more Common Criteria certificates than open source Linux.


Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.


A certificate used to establish a trust relationship between two Certification Authorities

Digital signature

The result of a transformation of a message by means of a cryptographic system using keys such that a Relying Party can determine:

  1. whether the transformation was created using the private key that corresponds to the public key in the signer's digital certificate; and
  2. whether the message has been altered since the transformation was made

Encryption Certificate

A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes. Encrypted data can be decrypted using the private key corresponding to the encryption public certificate.

Intermediate CA

A CA that is subordinate to another CA, and has a CA subordinate to itself

Key Escrow

A deposit of the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber's private key for the benefit of the subscriber, an employer, or other party, upon provisions set forth in the agreement.

Key Exchange

The process of exchanging public keys in order to establish secure communications

Key Pair

Two mathematically related keys having the properties that (1) one key can be used to encrypt a message that can only be decrypted using the other key, and even knowing one key, it is computationally infeasible to discover the other key.


Assurance that the sender is provided with proof of delivery and that the recipient is provided with proof of the sender's identity so that neither can later deny having processed the data. [NS4009] Technical non-repudiation refers to the assurance a Relying Party has that if a public key is used to validate a digital signature, that signature had to have been made by the corresponding private signature key. Legal non-repudiation refers to how well possession or control of the private signature key can be established.

Object Identifier (OID)

A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the openOSI PKI they are used to uniquely identify each of the five policies and children certificate profiles with cryptographic algorithms supported.


Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services. In the frame of Web Services (WS), it relates to the process of coordinating an exchange of information through web service interactions.

Private key

  1. The key of a signature key pair used to create a digital signature.
  2. The key of an encryption key pair that is used to decrypt confidential information. In both cases, this key must be kept secret.

Public key

  1. The key of a signature key pair used to validate a digital signature
  2. The key of an encryption key pair that is used to encrypt confidential information. In both cases, this key is made publicly available normally in the form of a digital certificate.

Public Key Infrastructure (PKI)

A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.

Registration Authority (RA)

An entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates (i.e., a Registration Authority is delegated certain tasks on behalf of an authorized CA).

Re Key

To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key.

Relying party

A person or Entity who has received information that includes a certificate and a digital signature verifiable with reference to a public key listed in the certificate, and is in a position to rely on them.

Renew (a certificate)

The act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate.


A database containing information and data relating to certificates as specified in this CP; may also be referred to as a directory.

Revoke a Certificate

To prematurely end the operational period of a certificate effective at a specific date and time.


An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.

Risk Tolerance

The level of risk an entity is willing to assume in order to achieve a potential desired result.

Root CA

In a hierarchical PKI, the CA whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain.


A system entity that provides a service in response to requests from clients.

Signature Certificate

A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions.

Subordinate CA

In a hierarchical PKI, a CA whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA. (See superior CA).


A Subscriber is an entity that

  1. is the subject named or identified in a certificate issued to that entity,
  2. holds a private key that corresponds to the public key listed in the certificate, and
  3. does not itself issue certificates to another party.

Trust List

Collection of trusted certificates used by Relying Parties to authenticate other certificates.

Trusted agent

Entity authorized to act as a representative of an Entity in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities.

Trusted Certificate

A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a "trust anchor".

Trusted Timestamp

A digitally signed assertion by a trusted authority that a specific digital object existed at a particular time.

Trustworthy System

Computer hardware, software and procedures that:

  1. are reasonably secure from intrusion and misuse;
  2. provide a reasonable level of availability, reliability, and correct operation;
  3. are reasonably suited to performing their intended functions; and
  4. adhere to generally accepted security procedures.


A method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of the data.


The usage of this common certificate policy is to be a single point of reference for others openOSI CP/CPS OID. This OID can be used by anyone under an LGPL license if corresponding policy is enforced.

XML format

	<asn1-notation>{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0) introduction(1) acronyms(6)}</asn1-notation>
	<description> Common certification practices statement for definitions and acronyms</description>
	<information>More <i>information</i> can be found in <a href="http://openosi.org/osi/display/oid/">openOSI common CP/CPS for definition and acronyms</a> </information>

Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.2 Build:#703 Mar 12, 2007) - Bug/feature request - Contact Administrators