(1.3.6.1.4.1.27630.1.0 DESC 'common' )

Common certificate practice statements

This object identifier (OID) describes our common certification practices statement.

ASN1 notation: \{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0)\}
URN notation: urn:oid:1.3.6.1.4.1.27630.1.0
IETF DOT notation: 1.3.6.1.4.1.27630.1.0
BNF notation (RFC822 Backus-Naur form): ( 1.3.6.1.4.1.27630.1.0 DESC 'common' )
Description: Common certification practices statement - COMMON
 

This document identifies and introduces the set of provisions, and indicates the types of entities and applications for which this CP / CPS is targeted.

openOSI Certification authority (CA) - Common Certificate policy

The openOSI *_Common certificate policy_* defines our common set of rules for usage, extended usage, enrollment and issuance procedures, as well as corresponding liability issues of openosi certificates. Our Common certificate policy is independent of the certified entity (Virtual person, Host or software service) that is, there si no "name constraints". The enforcement of our certificate policy relies on _software workers_ coming from the open source community. These are mainly:

  • J2EE public key infrastructure (ejbca, wildfly)
  • LDAP directory (openldap)
  • SMTP mail system (sendmail, exim, postfix)
  • HTTP software (apache)
  • Database software (mariadb)
  • IP geolocalisation (concurrent use of: javainetlocator, InetAddressLocator, hostip)

This *_Common certification practices statement_* (common) helps the user of an X.509 certificate to determine the level of trust that its organization or given services can put in the certificates that are issued by openOSI certification authorities. The enforcement of our certificate practice statements relies on core openOSI business process using following provisions.

  • Operating system security relying on [SElinux|http://fedoraproject.org/wiki/SELinux]
  • Network security management provided by [SECUR.NET|http://www.secur.net] framework including PKI
  • Web HTTP firewall using open source software [mod_security|http://www.modsecurity.org/]
  • openOSI X400 messaging integrated with openOSI LDAP directories and openOSI PKI
  • openOSI security business processs
  • openOSI PKI business process

*openOSI* common CPS follows the framework defined inĀ RFC 3647 . The following nodes refine the common CPS.

Documents Name and Identification

  • Name space for openOSI CP/CPS OID ([1.3.6.1.4.1.27630.1] DESC 'cps' )
  • Common CP/CPS OID ([1.3.6.1.4.1.27630.1.0] DESC 'common' )
  • CP/CPS OID (indicated in BNF notation - RFC822 Backus-Naur form)
  • Introduction ( [1.3.6.1.4.1.27630.1.0.1] DESC 'introduction' )
  1. Overview OID ( [1.3.6.1.4.1.27630.1.0.1.1] DESC 'overview' )
  2. Document Name and Identification OID ([1.3.6.1.4.1.27630.1.0.1.2] DESC 'identification' )
  3. PKI Participants OID ([1.3.6.1.4.1.27630.1.0.1.3] DESC 'participants' )
  4. Certificate Usage ([1.3.6.1.4.1.27630.1.0.1.4] DESC 'usage' )
  5. Policy Administration ([1.3.6.1.4.1.27630.1.0.1.5] DESC 'administration' )
  6. Definitions and Acronyms ([1.3.6.1.4.1.27630.1.0.1.6] DESC 'acronyms' )
  • Publication and Repository Responsibilities ([1.3.6.1.4.1.27630.1.0.2] DESC 'repositories' )
  • Identification and Authentication (I&A) ([1.3.6.1.4.1.27630.1.0.3] DESC 'authentication' )
  1. Naming ([1.3.6.1.4.1.27630.1.0.3.1] DESC 'naming' )
  2. Initial Identity Validation ([1.3.6.1.4.1.27630.1.0.3.2] DESC 'validation' )
  3. I&A for Re-key Requests ([1.3.6.1.4.1.27630.1.0.3.3] DESC 'auth-re-key' )
  4. I&A for Revocation Requests ([1.3.6.1.4.1.27630.1.0.3.4] DESC 'auth-revocation' )
  • Certificate Life-Cycle Operational Requirements ([1.3.6.1.4.1.27630.1.0.4] DESC 'life-cycle' )
  1. Certificate Application ([1.3.6.1.4.1.27630.1.0.4.1] DESC 'application' )
  2. Certificate Application Processing ([1.3.6.1.4.1.27630.1.0.4.2] DESC 'processing' )
  3. Certificate Issuance ([1.3.6.1.4.1.27630.1.0.4.3] DESC 'issuance' )
  4. Certificate Acceptance ([1.3.6.1.4.1.27630.1.0.4.4] DESC 'acceptance' )
  5. Key Pair and Certificate Usage ([1.3.6.1.4.1.27630.1.0.4.5] DESC 'keypair' )
  6. Certificate Renewal ([1.3.6.1.4.1.27630.1.0.4.6] DESC 'renewal' )
  7. Certificate Re-key ([1.3.6.1.4.1.27630.1.0.4.7] DESC 're-key' )
  8. Certificate Modification ([1.3.6.1.4.1.27630.1.0.4.8] DESC 'modification' )
  9. Certificate Revocation and Suspension ([1.3.6.1.4.1.27630.1.0.4.9] DESC 'suspension' )
  10. Certificate Status Services ([1.3.6.1.4.1.27630.1.0.4.10] DESC 'status' )
  11. End of Subscription ([1.3.6.1.4.1.27630.1.0.4.11] DESC 'end' )
  12. Key Escrow and Recovery ([1.3.6.1.4.1.27630.1.0.4.12] DESC 'escrow' )
  • Facility, Management, and Operational Controls ([1.3.6.1.4.1.27630.1.0.5] DESC 'management' )
  1. Physical Security Controls ([1.3.6.1.4.1.27630.1.0.5.1] DESC 'physical' )
  2. Procedural Controls ([1.3.6.1.4.1.27630.1.0.5.2] DESC 'procedural' )
  3. Personnel Controls ([1.3.6.1.4.1.27630.1.0.5.3] DESC 'personnel' )
  4. Audit Logging Procedures ([1.3.6.1.4.1.27630.1.0.5.4] DESC 'audit' )
  5. Records Archival ([1.3.6.1.4.1.27630.1.0.5.5] DESC 'archival' )
  6. Key Changeover ([1.3.6.1.4.1.27630.1.0.5.6] DESC 'changeover' )
  7. Compromise and Disaster Recovery ([1.3.6.1.4.1.27630.1.0.5.7] DESC 'disaster' )
  8. CA or RA Termination ([1.3.6.1.4.1.27630.1.0.5.1] DESC 'termination' )
  • Technical Security Controls ([1.3.6.1.4.1.27630.1.0.6] DESC 'technical' )
  1. Key Pair Generation and Installation ([1.3.6.1.4.1.27630.1.0.6.1] DESC 'generation' )
  2. Private Key Protection and Cryptographic Module Engineering Controls ([1.3.6.1.4.1.27630.1.0.6.2] DESC 'hsm' )
  3. Other Aspects of Key Pair Management ([1.3.6.1.4.1.27630.1.0.6.3] DESC 'other' )
  4. Activation Data ([1.3.6.1.4.1.27630.1.0.6.4] DESC 'activation' )
  5. Computer Security Controls ([1.3.6.1.4.1.27630.1.0.6.5] DESC 'computer' )
  6. Life Cycle Security Controls ([1.3.6.1.4.1.27630.1.0.6.6] DESC 'lifecycle-control' )
  7. Network Security Controls ([1.3.6.1.4.1.27630.1.0.6.7] DESC 'network' )
  8. Timestamping ([1.3.6.1.4.1.27630.1.0.6.8] DESC 'timestamping' )
  • Certificate, CRL, and OCSP Profiless ([1.3.6.1.4.1.27630.1.0.7] DESC 'profiles' )
  1. Certificate Profile ([1.3.6.1.4.1.27630.1.0.7.1] DESC 'certificate-profile' )
  2. CRL Profile ([1.3.6.1.4.1.27630.1.0.7.2] DESC 'crl-profile' )
  3. OCSP Profile ([1.3.6.1.4.1.27630.1.0.7.3] DESC 'ocsp-profile' )
  • Compliance Audit and Other Assessment ([1.3.6.1.4.1.27630.1.0.8] DESC 'compliance' )
  • Other Business and Legal Matters ([1.3.6.1.4.1.27630.1.0.9] DESC 'legal' )
  1. Fees ([1.3.6.1.4.1.27630.1.0.9.1] DESC 'fees' )
  2. Financial Responsibility ([1.3.6.1.4.1.27630.1.0.9.2] DESC 'responsibility' )
  3. Confidentiality of Business Information ([1.3.6.1.4.1.27630.1.0.9.3] DESC 'confidentiality' )
  4. Privacy of Personal Information ([1.3.6.1.4.1.27630.1.0.9.4] DESC 'privacy' )
  5. Intellectual Property Rights ([1.3.6.1.4.1.27630.1.0.9.5] DESC 'ipr' )
  6. Representations and Warranties ([1.3.6.1.4.1.27630.1.0.9.6] DESC 'warranties' )
  7. Disclaimers of Warranties ([1.3.6.1.4.1.27630.1.0.9.7] DESC 'disclaimer' )
  8. Limitations of Liability ([1.3.6.1.4.1.27630.1.0.9.8] DESC 'liability' )
  9. Indemnities ([1.3.6.1.4.1.27630.1.0.9.9] DESC 'indemnities' )
  10. Term and Termination ([1.3.6.1.4.1.27630.1.0.9.10] DESC 'term' )
  11. Individual notices and communications with participants ([1.3.6.1.4.1.27630.1.0.9.11] DESC 'communication' )
  12. Amendments ([1.3.6.1.4.1.27630.1.0.9.12] DESC 'amendments' )
  13. Dispute Resolution Procedures ([1.3.6.1.4.1.27630.1.0.9.13] DESC 'dispute' )
  14. Governing Law ([1.3.6.1.4.1.27630.1.0.9.14] DESC 'law' )
  15. Compliance with Applicable Law ([1.3.6.1.4.1.27630.1.0.9.15] DESC 'lawcompliance' )
  16. Miscellaneous Provisions ([1.3.6.1.4.1.27630.1.0.9.16] DESC 'misc' )
  17. Other Provisions ([1.3.6.1.4.1.27630.1.0.9.17] DESC 'otherprovision' )

Each of these common OID may be refined by children of the following OID when appropriate, that is when the level of assurance add constraints to the common policy.

  • Class 1 level of assurance OID [1.3.6.1.4.1.27630.1.1]
  • Class 2 level of assurance OID [1.3.6.1.4.1.27630.1.2]
  • Class 3 level of assurance OID [1.3.6.1.4.1.27630.1.3]
  • Class 4 level of assurance OID [1.3.6.1.4.1.27630.1.4]


Objective

With this OID, the aim of openOSI is to publish its certificate policy common statements that are inherited by the following OID:

  • Class 1 level of assurance OID [1.3.6.1.4.1.27630.1.1]
  • Class 2 level of assurance OID [1.3.6.1.4.1.27630.1.2]
  • Class 3 level of assurance OID [1.3.6.1.4.1.27630.1.3]
  • Class 4 level of assurance OID [1.3.6.1.4.1.27630.1.4]
     

Usage

The usage of this common certificate policy is to be a single point of reference for others openOSI CP/CPS OID. These OID can be used by anyone under an LGPL license if corresponding policy is enforced.

Documents

 

Tags:
Created by Network Administrator on 2021/02/08 09:46