Dashboard > openOSI Object Identifier name space > ... > >
  openOSI Object Identifier name space Log In   View a printable version of the current page.
Added by Administrator, last edited by Jose REMY on Sep 17, 2007

( DESC 'basic' )

Basic certification practices statement of class 1

 This object identifier (OID) describes our basic certification practices statement of class 1.

ASN1 notation: {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) basic(1)}
URN notation: urn:oid:
IETF DOT notation:
BNF notation (RFC822 Backus-Naur form): ( DESC 'basic' )
Description:  Basic certification practices statement of class 1 - BASIC

Class1 Certification authority (CA) identification - "openosiCA1-DC"

openosiCA1-DC issues class 1 certificates with DN ( Distinguished Names) complying with DC scheme, that is using dc components instead of classical Organisation (o) and Country (c) components. This certificate practice statement (CPS) with OID defines a basic security framework for open source authentication of end entities. This OID is embedded in certificates issued by "openosiCA1-DC" which is a subordinate CA of our class 3 root certification authority "openosiCA3-EU"

The openOSI Basic certificate policy defines our set of rules for usage, extended usage, enrollment and issuance procedures, as well as corresponding liability issues of openosi class1 certificates. Our Basic certificate policy is independent of the certified entity (Virtual person) that is, there si no "name constraints". The enforcement of our certificate policy relies on software workers coming from the open source community as stated in OID . The level of assurance is achieved using Robot intelligence as follows:

  • Robot verification of virtual identity
  • Temporary credentials supplied in the request
  • Robot processing of an approved request

This Basic certification practices statement (basic) helps the user of an X.509 certificate to determine the level of trust that its organization or given services can put in the certificates that are issued by the openosiCA1-DC certification authority embedding this OID. For this basic level of assurance openOSI define several certificate profile. For each certificate profile there is an appropriate process for authentication with basic level of assurance.


With this OID, the aim of openOSI is to publish its certificate policy as a support service, and as a legal framework. It is also an enabling Internet2 service providing class 1 certificates. For other class (level of assurance) see OID

As an Identity provider openOSI is a certification authority providing free class 1 certificates, mainly for virtual persons. See also ([] DESC 'fees' )


The usage of certificate policy is to process an X.509 extension called "certificate policy" RFC3280. "Applications with specific policy requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in the certificate to that list".

NOTE: According RFC3280, if this extension is critical, the path validation software MUST be able to interpret this extension (including the optional qualifier), or MUST reject the certificate. Therefore openOSI always mark this extension as NON CRITICAL

XML format

	<asn1-notation>\{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) basic(1)\</asn1-notation>
	<description> Certificate policy with Basic certification practices statement </description>
	<information>More <i>information</i> can be found in <a href="http://www.openosi.org/openosi/display/oid/">openOSI basic CPS</a> </information>
</oid> (openOSI Object Identifier name space)

Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.2 Build:#703 Mar 12, 2007) - Bug/feature request - Contact Administrators