Wiki source code of 1.3.6.1.4.1.27630.1.0

Last modified by Network Administrator on 2021/02/10 15:46
Show last authors
1 (% class="box" %)
2 (((
3 **(1.3.6.1.4.1.27630.1.0 DESC 'common' )**
4 )))
5
6
7 === Common certificate practice statements ===
8
9 //This object identifier (OID) describes our common certification practices statement.//
10
11 (% class="box infomessage" %)
12 (((
13 ASN1 notation: \{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0)\}
14 URN notation: urn:oid:1.3.6.1.4.1.27630.1.0
15 IETF DOT notation: 1.3.6.1.4.1.27630.1.0
16 BNF notation (RFC822 Backus-Naur form): ( 1.3.6.1.4.1.27630.1.0 DESC 'common' )
17 Description: Common certification practices statement - COMMON
18
19 )))
20
21 This document identifies and introduces the set of provisions, and indicates the types of entities and applications for which this CP / CPS is targeted.
22
23
24 === openOSI Certification authority (CA) - Common Certificate policy ===
25
26 The openOSI *_Common certificate policy_* defines our common set of rules for usage, extended usage, enrollment and issuance procedures, as well as corresponding liability issues of openosi certificates. Our Common certificate policy is independent of the certified entity (Virtual person, Host or software service) that is, there si no "name constraints". The enforcement of our certificate policy relies on _software workers_ coming from the open source community. These are mainly:
27
28 * J2EE public key infrastructure (ejbca, wildfly)
29 * LDAP directory (openldap)
30 * SMTP mail system (sendmail, exim, postfix)
31 * HTTP software (apache)
32 * Database software (mariadb)
33 * IP geolocalisation (concurrent use of: javainetlocator, InetAddressLocator, hostip)
34
35 This *_Common certification practices statement_* (common) helps the user of an X.509 certificate to determine the level of trust that its organization or given services can put in the certificates that are issued by openOSI certification authorities. The enforcement of our certificate practice statements relies on core openOSI business process using following provisions.
36
37 * Operating system security relying on [SElinux|http:~/~/fedoraproject.org/wiki/SELinux]
38 * Network security management provided by [SECUR.NET|http:~/~/www.secur.net] framework including PKI
39 * Web HTTP firewall using open source software [mod_security|http:~/~/www.modsecurity.org/]
40 * openOSI X400 messaging integrated with openOSI LDAP directories and openOSI PKI
41 * openOSI security business processs
42 * openOSI PKI business process
43
44 *openOSI* common CPS follows the framework defined inĀ [[RFC 3647>>http://ietfreport.isoc.org/idref/rfc3647/]] . The following nodes refine the common CPS.
45
46 Documents Name and Identification
47
48 * Name space for openOSI CP/CPS OID ([1.3.6.1.4.1.27630.1] DESC 'cps' )
49 * Common CP/CPS OID ([1.3.6.1.4.1.27630.1.0] DESC 'common' )
50 * CP/CPS OID (indicated in BNF notation - RFC822 Backus-Naur form)
51
52 * Introduction ( [1.3.6.1.4.1.27630.1.0.1] DESC 'introduction' )
53
54 1. Overview OID ( [1.3.6.1.4.1.27630.1.0.1.1] DESC 'overview' )
55 1. Document Name and Identification OID ([1.3.6.1.4.1.27630.1.0.1.2] DESC 'identification' )
56 1. PKI Participants OID ([1.3.6.1.4.1.27630.1.0.1.3] DESC 'participants' )
57 1. Certificate Usage ([1.3.6.1.4.1.27630.1.0.1.4] DESC 'usage' )
58 1. Policy Administration ([1.3.6.1.4.1.27630.1.0.1.5] DESC 'administration' )
59 1. Definitions and Acronyms ([1.3.6.1.4.1.27630.1.0.1.6] DESC 'acronyms' )
60
61 * Publication and Repository Responsibilities ([1.3.6.1.4.1.27630.1.0.2] DESC 'repositories' )
62 * Identification and Authentication (I&A) ([1.3.6.1.4.1.27630.1.0.3] DESC 'authentication' )
63
64 1. Naming ([1.3.6.1.4.1.27630.1.0.3.1] DESC 'naming' )
65 1. Initial Identity Validation ([1.3.6.1.4.1.27630.1.0.3.2] DESC 'validation' )
66 1. I&A for Re-key Requests ([1.3.6.1.4.1.27630.1.0.3.3] DESC 'auth-re-key' )
67 1. I&A for Revocation Requests ([1.3.6.1.4.1.27630.1.0.3.4] DESC 'auth-revocation' )
68
69 * Certificate Life-Cycle Operational Requirements ([1.3.6.1.4.1.27630.1.0.4] DESC 'life-cycle' )
70
71 1. Certificate Application ([1.3.6.1.4.1.27630.1.0.4.1] DESC 'application' )
72 1. Certificate Application Processing ([1.3.6.1.4.1.27630.1.0.4.2] DESC 'processing' )
73 1. Certificate Issuance ([1.3.6.1.4.1.27630.1.0.4.3] DESC 'issuance' )
74 1. Certificate Acceptance ([1.3.6.1.4.1.27630.1.0.4.4] DESC 'acceptance' )
75 1. Key Pair and Certificate Usage ([1.3.6.1.4.1.27630.1.0.4.5] DESC 'keypair' )
76 1. Certificate Renewal ([1.3.6.1.4.1.27630.1.0.4.6] DESC 'renewal' )
77 1. Certificate Re-key ([1.3.6.1.4.1.27630.1.0.4.7] DESC 're-key' )
78 1. Certificate Modification ([1.3.6.1.4.1.27630.1.0.4.8] DESC 'modification' )
79 1. Certificate Revocation and Suspension ([1.3.6.1.4.1.27630.1.0.4.9] DESC 'suspension' )
80 1. Certificate Status Services ([1.3.6.1.4.1.27630.1.0.4.10] DESC 'status' )
81 1. End of Subscription ([1.3.6.1.4.1.27630.1.0.4.11] DESC 'end' )
82 1. Key Escrow and Recovery ([1.3.6.1.4.1.27630.1.0.4.12] DESC 'escrow' )
83
84 * Facility, Management, and Operational Controls ([1.3.6.1.4.1.27630.1.0.5] DESC 'management' )
85
86 1. Physical Security Controls ([1.3.6.1.4.1.27630.1.0.5.1] DESC 'physical' )
87 1. Procedural Controls ([1.3.6.1.4.1.27630.1.0.5.2] DESC 'procedural' )
88 1. Personnel Controls ([1.3.6.1.4.1.27630.1.0.5.3] DESC 'personnel' )
89 1. Audit Logging Procedures ([1.3.6.1.4.1.27630.1.0.5.4] DESC 'audit' )
90 1. Records Archival ([1.3.6.1.4.1.27630.1.0.5.5] DESC 'archival' )
91 1. Key Changeover ([1.3.6.1.4.1.27630.1.0.5.6] DESC 'changeover' )
92 1. Compromise and Disaster Recovery ([1.3.6.1.4.1.27630.1.0.5.7] DESC 'disaster' )
93 1. CA or RA Termination ([1.3.6.1.4.1.27630.1.0.5.1] DESC 'termination' )
94
95 * Technical Security Controls ([1.3.6.1.4.1.27630.1.0.6] DESC 'technical' )
96
97 1. Key Pair Generation and Installation ([1.3.6.1.4.1.27630.1.0.6.1] DESC 'generation' )
98 1. Private Key Protection and Cryptographic Module Engineering Controls ([1.3.6.1.4.1.27630.1.0.6.2] DESC 'hsm' )
99 1. Other Aspects of Key Pair Management ([1.3.6.1.4.1.27630.1.0.6.3] DESC 'other' )
100 1. Activation Data ([1.3.6.1.4.1.27630.1.0.6.4] DESC 'activation' )
101 1. Computer Security Controls ([1.3.6.1.4.1.27630.1.0.6.5] DESC 'computer' )
102 1. Life Cycle Security Controls ([1.3.6.1.4.1.27630.1.0.6.6] DESC 'lifecycle-control' )
103 1. Network Security Controls ([1.3.6.1.4.1.27630.1.0.6.7] DESC 'network' )
104 1. Timestamping ([1.3.6.1.4.1.27630.1.0.6.8] DESC 'timestamping' )
105
106 * Certificate, CRL, and OCSP Profiless ([1.3.6.1.4.1.27630.1.0.7] DESC 'profiles' )
107
108 1. Certificate Profile ([1.3.6.1.4.1.27630.1.0.7.1] DESC 'certificate-profile' )
109 1. CRL Profile ([1.3.6.1.4.1.27630.1.0.7.2] DESC 'crl-profile' )
110 1. OCSP Profile ([1.3.6.1.4.1.27630.1.0.7.3] DESC 'ocsp-profile' )
111
112 * Compliance Audit and Other Assessment ([1.3.6.1.4.1.27630.1.0.8] DESC 'compliance' )
113 * Other Business and Legal Matters ([1.3.6.1.4.1.27630.1.0.9] DESC 'legal' )
114
115 1. Fees ([1.3.6.1.4.1.27630.1.0.9.1] DESC 'fees' )
116 1. Financial Responsibility ([1.3.6.1.4.1.27630.1.0.9.2] DESC 'responsibility' )
117 1. Confidentiality of Business Information ([1.3.6.1.4.1.27630.1.0.9.3] DESC 'confidentiality' )
118 1. Privacy of Personal Information ([1.3.6.1.4.1.27630.1.0.9.4] DESC 'privacy' )
119 1. Intellectual Property Rights ([1.3.6.1.4.1.27630.1.0.9.5] DESC 'ipr' )
120 1. Representations and Warranties ([1.3.6.1.4.1.27630.1.0.9.6] DESC 'warranties' )
121 1. Disclaimers of Warranties ([1.3.6.1.4.1.27630.1.0.9.7] DESC 'disclaimer' )
122 1. Limitations of Liability ([1.3.6.1.4.1.27630.1.0.9.8] DESC 'liability' )
123 1. Indemnities ([1.3.6.1.4.1.27630.1.0.9.9] DESC 'indemnities' )
124 1. Term and Termination ([1.3.6.1.4.1.27630.1.0.9.10] DESC 'term' )
125 1. Individual notices and communications with participants ([1.3.6.1.4.1.27630.1.0.9.11] DESC 'communication' )
126 1. Amendments ([1.3.6.1.4.1.27630.1.0.9.12] DESC 'amendments' )
127 1. Dispute Resolution Procedures ([1.3.6.1.4.1.27630.1.0.9.13] DESC 'dispute' )
128 1. Governing Law ([1.3.6.1.4.1.27630.1.0.9.14] DESC 'law' )
129 1. Compliance with Applicable Law ([1.3.6.1.4.1.27630.1.0.9.15] DESC 'lawcompliance' )
130 1. Miscellaneous Provisions ([1.3.6.1.4.1.27630.1.0.9.16] DESC 'misc' )
131 1. Other Provisions ([1.3.6.1.4.1.27630.1.0.9.17] DESC 'otherprovision' )
132
133 Each of these common OID may be refined by children of the following OID when appropriate, that is when the level of assurance add constraints to the common policy.
134
135 * Class 1 level of assurance OID [1.3.6.1.4.1.27630.1.1]
136 * Class 2 level of assurance OID [1.3.6.1.4.1.27630.1.2]
137 * Class 3 level of assurance OID [1.3.6.1.4.1.27630.1.3]
138 * Class 4 level of assurance OID [1.3.6.1.4.1.27630.1.4]
139
140 ===
141 Objective ===
142
143 With this OID, the aim of openOSI is to publish its certificate policy common statements that are inherited by the following OID:
144
145 * Class 1 level of assurance OID [1.3.6.1.4.1.27630.1.1]
146 * Class 2 level of assurance OID [1.3.6.1.4.1.27630.1.2]
147 * Class 3 level of assurance OID [1.3.6.1.4.1.27630.1.3]
148 * Class 4 level of assurance OID [1.3.6.1.4.1.27630.1.4]
149
150
151 === Usage ===
152
153 The usage of this common certificate policy is to be a single point of reference for others openOSI CP/CPS OID. These OID can be used by anyone under an LGPL license if corresponding policy is enforced.
154
155
156 === Documents ===
157
158 {{children/}}
159
160