INTERNET-DRAFT Kathy Dally Informational Draft The MITRE Corp. Expires 28 November 1999 28 May 1999 ACP 133 Common Content and LDAP STATUS OF THIS MEMO This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026 except that the right to produce derivative works is not granted. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. ABSTRACT In Allied Communications Publication (ACP) 133 [1], an X.500 directory user schema, called Common Content, is specified for the Allied Directory. In order to enable Lightweight Directory Access Protocol (LDAP) access to the Allied Directory and to enable the general use by others of elements from the Common Content, this document specifies the encoding of the Common Content using the LDAP notation from Request for Comments (RFC) 2252 [2]. DALLY Expires 28 November 1999 [Page 1] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 TABLE OF CONTENTS STATUS OF THIS MEMO....................................................1 ABSTRACT...............................................................1 TABLE OF CONTENTS......................................................2 1. INTRODUCTION.......................................................8 1.1 Background........................................................8 1.2 Purpose...........................................................8 2. OBJECT CLASSES.....................................................9 2.1 addressList Object Class..........................................9 2.2 aliasCommonName Object Class......................................9 2.3 aliasOrganizationalUnit Object Class.............................10 2.4 altSpellingACP127 Object Class...................................10 2.5 cadACP127 Object Class...........................................10 2.6 distributionCodeDescription Object Class.........................10 2.7 distributionCodesHandled Object Class............................11 2.8 messagingGateway Object Class....................................11 2.9 mhs-distribution-list Object Class...............................12 2.10 mhs-message-store Object Class...................................12 2.11 mhs-message-transfer-agent Object Class..........................13 2.12 mhs-user Object Class............................................13 2.13 mhs-user-agent Object Class......................................14 2.14 mLA Object Class.................................................14 2.15 mLAgent Object Class.............................................14 2.16 network Object Class.............................................15 2.17 networkInstructions Object Class.................................15 2.18 orgACP127 Object Class...........................................15 2.19 otherContactInformation Object Class.............................16 2.20 pkiCA Object Class...............................................16 2.21 pkiUser Object Class.............................................17 2.22 plaACP127 Object Class...........................................17 2.23 plaCollectiveACP127 Object Class.................................17 2.24 plaData Object Class.............................................18 2.25 plaUser Object Class.............................................18 2.26 releaseAuthorityPerson Object Class..............................18 2.27 releaseAuthorityPersonA Object Class.............................19 2.28 routingIndicator Object Class....................................19 2.29 secure-user Object Class.........................................19 2.30 securePkiUser Object Class.......................................20 2.31 sigintPLA Object Class...........................................20 2.32 sIPLA Object Class...............................................20 2.33 spotPLA Object Class.............................................21 2.34 taskForceACP127 Object Class.....................................21 2.35 tenantACP127 Object Class........................................21 2.36 ukms Object Class................................................22 3. ATTRIBUTE TYPES...................................................23 3.1 accessCodes Attribute............................................23 3.2 accessSchema Attribute...........................................23 3.3 accountingCode Attribute.........................................23 3.4 aCPMobileTelephoneNumber Attribute...............................23 3.5 aCPPagerTelephoneNumber Attribute................................23 DALLY Expires 28 November 1999 [Page 2] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.6 aCPPreferredDelivery Attribute...................................24 3.7 aCPTelephoneFaxNumber............................................24 3.8 actionAddressees Attribute.......................................25 3.9 additionalAddressees Attribute...................................25 3.10 additionalSecondPartyAddressees Attribute........................25 3.11 administrator Attribute..........................................26 3.12 aigsExpanded Attribute...........................................26 3.13 aLExemptedAddressProcessor Attribute.............................26 3.14 aliasPointer Attribute...........................................26 3.15 alid Attribute...................................................26 3.16 allowableOriginators Attribute...................................27 3.17 aLReceiptPolicy Attribute........................................27 3.18 alternateRecipient Attribute.....................................27 3.19 aLType Attribute.................................................27 3.20 aprUKMs Attribute................................................28 3.21 associatedAL Attribute...........................................28 3.22 associatedOrganization Attribute.................................28 3.23 associatedPLA Attribute..........................................28 3.24 augUKMs Attribute................................................28 3.25 cognizantAuthority Attribute.....................................29 3.26 collective-mhs-or-addresses Attribute............................29 3.27 collectiveMilitaryFacsimileNumber Attribute......................29 3.28 collectiveMilitaryTelephoneNumber Attribute......................29 3.29 collectiveNationality Attribute..................................29 3.30 collectiveSecureFacsimileNumber Attribute........................30 3.31 collectiveSecureTelephoneNumber Attribute........................30 3.32 community Attribute..............................................30 3.33 copyMember.......................................................30 3.34 decUKMs Attribute................................................30 3.35 distributionCodeAction Attribute.................................31 3.36 distributionCodeInfo Attribute...................................31 3.37 dualRoute Attribute..............................................31 3.38 effectiveDate Attribute..........................................31 3.39 entryClassification Attribute....................................31 3.40 expirationDate Attribute.........................................32 3.41 febUKMs Attribute................................................32 3.42 gatewayType Attribute............................................32 3.43 ghpType Attribute................................................32 3.44 guard Attribute..................................................33 3.45 host Attribute...................................................33 3.46 hostOrgACP127 Attribute..........................................33 3.47 infoAddressees Attribute.........................................33 3.48 janUKMs Attribute................................................33 3.49 julUKMs Attribute................................................34 3.50 junUKMs Attribute................................................34 3.51 lastRecapDate Attribute..........................................34 3.52 listPointer Attribute............................................34 3.53 lmf Attribute....................................................35 3.54 longTitle Attribute..............................................35 3.55 mailDomains Attribute............................................35 3.56 marUKMs Attribute................................................35 DALLY Expires 28 November 1999 [Page 3] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.57 mayUKMs Attribute................................................36 3.58 mhs-acceptable-eits Attribute....................................36 3.59 mhs-deliverable-classes Attribute................................36 3.60 mhs-deliverable-content-types Attribute..........................36 3.61 mhs-dl-archive-service Attribute.................................36 3.62 mhs-dl-members Attribute.........................................37 3.63 mhs-dl-policy Attribute..........................................37 3.64 mhs-dl-related-lists Attribute...................................37 3.65 mhs-dl-submit-permissions Attribute..............................37 3.66 mhs-dl-subscription-service Attribute............................37 3.67 mhs-exclusively-acceptable-eits Attribute........................38 3.68 mhs-maximum-content-length Attribute.............................38 3.69 mhs-message-store-dn Attribute...................................38 3.70 mhs-or-addresses Attribute.......................................38 3.71 mhs-or-addresses-with-capabilities Attribute.....................39 3.72 mhs-supported-attributes Attribute...............................39 3.73 mhs-supported-automatic-actions Attribute........................39 3.74 mhs-supported-content-types Attribute............................40 3.75 mhs-supported-matching-rules Attribute...........................40 3.76 mhs-unacceptable-eits Attribute..................................40 3.77 militaryFacsimileNumber Attribute................................40 3.78 militaryTelephoneNumber Attribute................................41 3.79 minimize Attribute...............................................41 3.80 minimizeOverride Attribute.......................................41 3.81 nameClassification Attribute.....................................41 3.82 nationality Attribute............................................41 3.83 networkDN Attribute..............................................42 3.84 networkSchema Attribute..........................................42 3.85 novUKMs Attribute................................................42 3.86 octUKMs Attribute................................................42 3.87 onSupported Attribute............................................43 3.88 operationName Attribute..........................................43 3.89 plaAddressees Attribute..........................................43 3.90 plaNameACP127 Attribute..........................................43 3.91 plaReplace Attribute.............................................44 3.92 plasServed Attribute.............................................44 3.93 positionNumber Attribute.........................................44 3.94 primarySpellingACP127 Attribute..................................44 3.95 proprietaryMailboxes Attribute...................................44 3.96 publish Attribute................................................45 3.97 rank Attribute...................................................45 3.98 recapDueDate Attribute...........................................45 3.99 releaseAuthorityName Attribute...................................45 3.100 remarks Attribute...............................................45 3.101 rfc822Mailbox Attribute.........................................46 3.102 rI Attribute....................................................47 3.103 rIClassification Attribute......................................47 3.104 rIInfo Attribute................................................47 3.105 roomNumber Attribute............................................47 3.106 secondPartyAddressees Attribute.................................47 3.107 section Attribute...............................................48 DALLY Expires 28 November 1999 [Page 4] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.108 secureFacsimileNumber Attribute.................................48 3.109 secureTelephoneNumber Attribute.................................48 3.110 sepUKMs Attribute...............................................48 3.111 serviceNumber Attribute.........................................49 3.112 serviceOrAgency Attribute.......................................49 3.113 sHD Attribute...................................................49 3.114 shortTitle Attribute............................................49 3.115 sigad Attribute.................................................49 3.116 spot Attribute..................................................50 3.117 tARE Attribute..................................................50 3.118 tCC Attribute...................................................50 3.119 transferStation Attribute.......................................50 3.120 tRC Attribute...................................................51 4. NAME FORMS........................................................52 4.1 cRLDistPtNameForm................................................52 4.2 countryNameForm..................................................52 4.3 locNameForm......................................................52 4.4 sOPNameForm......................................................52 4.5 gONNameForm......................................................52 4.6 applProcessNameForm..............................................52 4.7 dSANameForm......................................................52 4.8 deviceNameForm...................................................52 4.9 addressListNameForm..............................................53 4.10 aENameForm.......................................................53 4.11 aliasCNNameForm..................................................53 4.12 aliasOUNameForm..................................................53 4.13 alternateSpellingPLANameForm.....................................53 4.14 cadPLANameForm...................................................53 4.15 distributionCodeDescriptionNameForm..............................53 4.16 messagingGatewayNameForm.........................................53 4.17 mhs-dLNameForm...................................................54 4.18 mLANameForm......................................................54 4.19 mLAgentNameForm..................................................54 4.20 mSNameForm.......................................................54 4.21 mTANameForm......................................................54 4.22 mUANameForm......................................................54 4.23 networkNameForm..................................................54 4.24 networkInstructionsNameForm......................................54 4.25 organizationalPLANameForm........................................55 4.26 organizationNameForm.............................................55 4.27 orgRNameForm.....................................................55 4.28 orgUNameForm.....................................................55 4.29 plaCollectiveNameForm............................................55 4.30 qualifiedOrgPersonNameForm.......................................55 4.31 releaseAuthorityPersonNameForm...................................55 4.32 releaseAuthorityPersonANameForm..................................56 4.33 routingIndicatorNameForm.........................................56 4.34 sigintNameForm...................................................56 4.35 sIPLANameForm....................................................56 4.36 spotPLANameForm..................................................56 DALLY Expires 28 November 1999 [Page 5] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 4.37 taskForcePLANameForm.............................................56 4.38 tenantPLANameForm................................................56 5. MATCHING RULES....................................................57 5.1 addressCapabilitiesMatch Matching Rule...........................57 5.2 capabilityMatch Matching Rule....................................57 5.3 oRAddressMatch Matching Rule.....................................57 5.4 oRNameExactMatch Matching Rule...................................57 5.5 caseIgnoreListSubstringsMatch Matching Rule......................57 5.6 booleanMatch Matching Rule.......................................57 6. ATTRIBUTE SYNTAXES................................................58 6.1 aCPTelephoneFaxNumber Attribute Syntax...........................58 6.2 addressees Attribute Syntax......................................58 6.3 otherNotificationsSupported Abstract Syntax for the onSupported Attribute............................................58 6.4 Classification Attribute Syntax..................................59 6.5 community Abstract Syntax for the community Attribute............59 6.6 aCPPreferredDelivery Attribute Syntax for the aCPPreferredDelivery Attribute...................................59 6.7 GraphicString Attribute Syntax...................................59 6.8 addressListType Attribute Syntax for the aLType Attribute........59 6.9 MLReceiptPolicy Attribute Syntax.................................60 6.10 ORName Attribute Syntax from X.411...............................61 6.11 Remarks Attribute Syntax.........................................61 6.12 RIParameters Attribute Syntax....................................61 6.13 Capability Attribute Syntax from X.402...........................62 6.14 DLPolicy Attribute Syntax from X.402.............................62 6.15 DLSubmitPermission Attribute Syntax from X.402...................64 6.16 AddressCapabilities Attribute Syntax from X.402..................64 7. EXAMPLE CONTENT RULES.............................................65 7.1 aCPApplicationEntityRuleEdA Content Rule.........................65 7.2 aCPCRLDistributionPointRule Content Rule.........................65 7.3 aCPDeviceRuleEdA Content Rule....................................65 7.4 aCPDSARuleEdA Content Rule.......................................65 7.5 aCPGroupOfNamesRule Content Rule.................................65 7.6 aCPLocalityRule Content Rule.....................................66 7.7 aCPMhs-distribution-listRule Content Rule........................66 7.8 aCPMhs-message-storeRule Content RuleEdA.........................66 7.9 aCPMhs-message-transfer-agentRuleEdA Content Rule................66 7.10 aCPMhs-user-agentRule Content Rule...............................66 7.11 aCPOrganizationalPersonRuleEdA Content Rule......................66 7.12 aCPOrganizationalRoleRuleEdA Content Rule........................67 7.13 aCPOrganizationalUnitRuleEdA Content Rule........................67 7.14 aCPOrganizationRuleEdA Content Rule..............................68 7.15 addressListRuleEdA Content Rule..................................68 7.16 aliasCommonNameRule Content Rule.................................68 7.17 aliasOrganizationalUnitRule Content Rule.........................68 7.18 distributionCodeDescriptionRule Content Rule.....................69 7.19 messagingGatewayRuleEdA Content Rule.............................69 7.20 mLAgentRule Content Rule.........................................69 7.21 networkRule Content Rule.........................................69 7.22 networkInstructionsRule Content Rule.............................69 DALLY Expires 28 November 1999 [Page 6] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 7.23 rAPersonRuleEdA Content Rule.....................................69 7.24 sigintPLARule Content Rule.......................................70 7.25 spotPLARule Content Rule.........................................70 8. STRUCTURE RULES...................................................70 9. SECURITY CONSIDERATIONS...........................................70 10. COPYRIGHT.........................................................70 11. REFERENCES........................................................71 12. ABBREVIATIONS.....................................................73 13. ACKNOWLEDGEMENTS..................................................74 14. AUTHOR'S ADDRESS..................................................75 DALLY Expires 28 November 1999 [Page 7] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 1. INTRODUCTION 1.1 Background ACP 133 [1] is the specification, developed by the Combined Communications-Electronics Board (CCEB), of the X.500-based Allied Directory. One of the things specified in ACP 133 [1] is the directory user schema, which is called Common Content. In the Common Content are directory elements that support several communications applications including electronic mail (e-mail), Message Handling Systems (MHS), and telephony. The CCEB is a five nation joint military communications-electronics organization whose mission is the coordination of any military communications information systems matters among the members. The Member Nations of the CCEB are Australia, Canada, New Zealand, the United Kingdom, and the United States. ACP 133 [1] specifies access to the Allied Directory using the X.500 Directory Access Protocol (DAP). Also, within the CCEB, guidelines are being developed for the use of the Internet LDAP. 1.2 Purpose This document is meant to be informational. Its purpose is to record an LDAP encoding of the Common Content, so that: * elements from the Common Content can be applied generally to applications and environments other than the Allied Directory. For example, the name forms for components of X.400 MHS could be used in any X.400/X.500 system. Likewise, the addressList object class could be used in cases where lists of recipients are processed differently than X.400 distribution lists. * use of LDAP to access the Allied Directory is enabled Since the Common Content is based on X.500, this document refers to RFC 2252 [2] and RFC 2256 [3] for the X.500 schema elements (e.g., locality attribute, country object class). The contents of this document are the specifications of all of the rest of the schema elements in the Common Content (e.g., mLAgentNameForm name form, otherContactInformation object class). For descriptions and procedures regarding the Common Content schema elements, consult ACP 133 [1]. DALLY Expires 28 November 1999 [Page 8] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2. OBJECT CLASSES 2.1 addressList Object Class The addressList (aL) object class is used to define directory entries that represent address lists, in particular, the members of the list. The sender of a message uses the address list name to send to all of the members in the list. The replacement of the address list name by the members of the list is performed by the sending User Agent (UA) or a Mailing List Agent (MLA), instead of the Message Transfer System (MTS). ( 2.16.840.1.101.2.2.3.57 NAME 'addressList' SUP 2.5.6.0 ; top MUST ( 2.5.4.3 $ ; cn 2.6.5.2.4 ) ; mhs-dl-submit-permissions MAY ( 2.16.840.1.101.2.1.5.47 $ ; aLExemptedAddressProcessor 2.16.840.1.101.2.1.5.14 $ ; alid 2.16.840.1.101.2.2.1.135 $ ; aLReceiptPolicy 2.16.840.1.101.2.2.1.112 $ ; aLType 2.5.4.15 $ ; businessCategory 2.16.840.1.101.2.2.1.114 $ ; copyMember 2.5.4.13 $ ; description 2.5.4.31 $ ; member 2.6.5.2.12 $ ; mhs-dl-archive-service 2.6.5.2.13 $ ; mhs-dl-policy 2.6.5.2.14 $ ; mhs-dl-related-lists 2.6.5.2.15 $ ; mhs-dl-subscription-service 2.5.4.11 $ ; ou 2.5.4.10 $ ; o 2.5.4.32 $ ; owner 2.16.840.1.101.2.2.1.76 $ ; remarks 2.5.4.34 ) ) ; seeAlso 2.2 aliasCommonName Object Class The aliasCommonName object class is a subclass of alias where an alias entry is named by commonName. It is useful when different attributes are used for the Relative Distinguished Names (RDNs) of aliases to different types of entries (e.g., commonName as alias to a person entry and organizationalUnitName as alias to a corporate department entry). See the aliasOrganizationalUnit object class. ( 2.16.840.1.101.2.2.3.52 NAME 'aliasCommonName' SUP 2.5.6.1 ; alias MUST 2.5.4.3 ) ; cn DALLY Expires 28 November 1999 [Page 9] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.3 aliasOrganizationalUnit Object Class The aliasOrganizationalUnit object class is a subclass of alias where an alias entry is named by organizationalUnitName. It is useful when different attributes are used for the RDNs of aliases to different types of entries. See the aliasCommonName object class definition and example. ( 2.16.840.1.101.2.2.3.53 NAME 'aliasOrganizationalUnit' SUP 2.5.6.1 ; alias MUST 2.5.4.11 ) ; ou 2.4 altSpellingACP127 Object Class The altSpellingACP127 object class is used to represent a Plain Language Address (PLA) that is an alternative spelling of another PLA. An object from this class always contains a reference to the PLA for which it provides the alternative spelling. This object class is a subclass of the plaACP127 auxiliary object class. ( 2.16.840.1.101.2.2.3.58 NAME 'altSpellingACP127' SUP 2.16.840.1.101.2.2.3.47 ; plaACP127 MUST ( 2.16.840.1.101.2.2.1.72 $ ; plaReplace 2.16.840.1.101.2.2.1.73 ) ) ; primarySpellingACP127 2.5 cadACP127 Object Class The cadACP127 (Collective Address Designator) object class is used to represent an ACP 127/JANAP 128 (Joint Army, Navy, Air Force Procedure) [4]/[5] distribution list. It is a subclass of the plaACP127 auxiliary object class. ( 2.16.840.1.101.2.2.3.28 NAME 'cadACP127' SUP 2.16.840.1.101.2.2.3.47 ; plaACP127 MUST 2.16.840.1.101.2.2.1.51 ; cognizantAuthority MAY ( 2.16.840.1.101.2.2.1.113 $ ; associatedAL 2.16.840.1.101.2.2.1.56 $ ; entryClassification 2.16.840.1.101.2.2.1.75 $ ; recapDueDate 2.16.840.1.101.2.2.1.79 ) ) ; rIInfo 2.6 distributionCodeDescription Object Class The distributionCodeDescription object class is used to define a directory entry that represents a registered Distribution Code in the directory and describes its meaning. See ACP 123 [6] for specification of distribution codes. The distribution code is held in the commonName attribute. DALLY Expires 28 November 1999 [Page 10] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.3.55 NAME 'distributionCodeDescription' SUP 2.5.6.0 ; top MUST 2.5.4.3 ; cn MAY 2.5.4.13 ) ; description 2.7 distributionCodesHandled Object Class The distributionCodesHandled object class provides for identifying the distribution codes (e.g., Subject Indicator Codes (SIC) as defined in NATO Subject Indicator System (NASIS) - publication 3 (NATO APP-3) [7] and supplements) which are handled, either for action or information, by the object (e.g., organizational role, organizational person, or organizational unit) represented by the directory entry in which this auxiliary is included. ( 2.16.840.1.101.2.2.3.54 NAME 'distributionCodesHandled' SUP 2.5.6.0 ; top AUXILIARY MAY ( 2.16.840.1.101.2.2.1.104 $ ; distributionCodeAction 2.16.840.1.101.2.2.1.105 ) ) ; distributionCodeInfo 2.8 messagingGateway Object Class The messagingGateway object class is used to store information about an application entity which serves as an application layer gateway between two mail systems. When a gateway performs translation services, a messagingGateway object provides a mechanism to address these translation services directly. ( 2.16.840.1.101.2.2.3.59 NAME 'messagingGateway' SUP 2.6.5.1.2 ; mhs-message-transfer-agent MAY ( 2.16.840.1.101.2.2.1.110 $ ; administrator 2.16.840.1.101.2.2.1.111 $ ; aigsExpanded 2.16.840.1.101.2.2.1.115 $ ; gatewayType 2.16.840.1.101.2.2.1.116 $ ; ghpType 0.9.2342.19200300.100.1.9 $ ; host 2.16.840.1.101.2.2.1.118 $ ; mailDomains 2.6.5.2.17 $ ; mhs-acceptable-eits 2.6.5.2.1 $ ; mhs-deliverable-content-types 2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits 2.6.5.2.5 $ ; mhs-message-store-dn 2.6.5.2.6 $ ; mhs-or-addresses 2.6.5.2.16 $ ; mhs-or-addresses-with-capabilities 2.6.5.2.18 $ ; mhs-unacceptable-eits 2.16.840.1.101.2.2.1.123 $ ; onSupported 2.16.840.1.101.2.2.1.70 $ ; plaNameACP127 2.16.840.1.101.2.2.1.79 ) ) ; rIInfo DALLY Expires 28 November 1999 [Page 11] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.9 mhs-distribution-list Object Class The mhs-distribution-list object class is used to define a directory entry that represents a distribution list (DL), that is, an address list that is expanded by the MTS. The attributes in the entry identify the distribution list name, submit permissions, and OR-addresses and, to the extent that the relevant attributes are present, describe the DL, identify its organization, organizational units, and owner; cite related objects; identify its maximum content length, deliverable content types, and acceptable, exclusively acceptable, and unacceptable encoded information types (EITs); and identify its expansion policy, subscription addresses, archive addresses, related lists, and members. ( 2.6.5.1.0 NAME 'mhs-distribution-list' SUP 2.5.6.0 ; top MUST ( 2.5.4.3 $ ; cn 2.6.5.2.4 $ ; mhs-dl-submit-permissions 2.6.5.2.6 ) ; mhs-or-addresses MAY ( 2.5.4.13 $ ; description 2.5.4.10 $ ; o 2.5.4.11 $ ; ou 2.5.4.32 $ ; owner 2.5.4.34 $ ; seeAlso 2.6.5.2.0 $ ; mhs-maximum-content-length 2.6.5.2.1 $ ; mhs-deliverable-content-types 2.6.5.2.17 $ ; mhs-acceptable-eits 2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits 2.6.5.2.18 $ ; mhs-unacceptable-eits 2.6.5.2.13 $ ; mhs-dl-policy 2.6.5.2.15 $ ; mhs-dl-subscription-service 2.6.5.2.12 $ ; mhs-dl-archive-service 2.6.5.2.14 $ ; mhs-dl-related-lists 2.6.5.2.3 ) ) ; mhs-dl-members 2.10 mhs-message-store Object Class The mhs-message-store object class is used to define directory entries that represent application entities that implement the MHS Message Store (MS) functionality. The attributes in an entry, to the extent that they are present, describe the MS, identify its owner, and enumerate the attributes, automatic actions, matching rules, content types, and network protocols the MS supports. DALLY Expires 28 November 1999 [Page 12] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.6.5.1.1 NAME 'mhs-message-store' SUP 2.5.6.12 ; applicationEntity MAY (2.5.4.32 $ ; owner $ 2.6.5.2.10 $ ; mhs-supported-attributes $ 2.6.5.2.8 $ ; mhs-supported-automatic-actions $ 2.6.5.2.11 $ ; mhs-supported-matching-rules $ 2.6.5.2.9 $ ; mhs-supported-content-types $ 2.5.4.48 ) ) ; protocolInformation 2.11 mhs-message-transfer-agent Object Class The mhs-message-transfer-agent object class is used to define directory entries that represent application entities that implement the MHS Message Transfer Agent (MTA) functionality. The attributes in an entry, to the extent that they are present, describe the MTA and identify its owner, the maximum content length it can handle, and its supported network protocols. ( 2.6.5.1.2 NAME 'mhs-message-transfer-agent' SUP 2.5.6.12 ; applicationEntity MAY ( 2.5.4.32 $ ; owner 2.6.5.2.0 $ ; mhs-maximum-content-length 2.5.4.48 ) ) ; protocolInformation 2.12 mhs-user Object Class The mhs-user object class is used in defining directory entries representing MHS users. The attributes in an entry identify the MHS user's OR-address and, to the extent that the relevant attributes are present, identify the maximum content length, content types, and EITs that can be handled by the user; its MS; and its preferred delivery methods. ( 2.6.5.1.3 NAME 'mhs-user' SUP 2.5.6.0 ; top AUXILIARY MUST 2.6.5.2.6 ; mhs-or-addresses MAY ( 2.6.5.2.0 $ ; mhs-maximum-content-length 2.6.5.2.1 $ ; mhs-deliverable-content-types 2.6.5.2.17 $ ; mhs-acceptable-eits 2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits 2.6.5.2.18 $ ; mhs-unacceptable-eits 2.6.5.2.16 $ ; mhs-or-addresses-with-capabilities 2.6.5.2.5 ) ) ; mhs-message-store-dn DALLY Expires 28 November 1999 [Page 13] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.13 mhs-user-agent Object Class The mhs-message-transfer-agent object class is used to define directory entries that represent application entities that implement the MHS MTA functionality. The attributes in an entry, to the extent that they are present, describe the MTA and identify its owner, the maximum content length it can handle, and its supported network protocols. ( 2.6.5.1.4 NAME 'mhs-user-agent' SUP 2.5.6.12 ; applicationEntity MAY ( 2.5.4.32 $ ; owner 2.6.5.2.0 $ ; mhs-maximum-content-length 2.6.5.2.1 $ ; mhs-deliverable-content-types 2.6.5.2.17 $ ; mhs-acceptable-eits 2.6.5.2.2 $ ; mhs-exclusively-acceptable-eits 2.6.5.2.18 $ ; mhs-unacceptable-eits 2.6.5.2.19 $ ; mhs-deliverable-classes 2.6.5.2.6 $ ; mhs-or-addresses 2.5.4.48 ) ) ; protocolInformation 2.14 mLA Object Class The mLA object class is used to represent an application entity that performs the functions of a Mail List Agent (MLA). This object class is a subclass of applicationEntity and strong-authentication-user. Note that this object class may become obsolete, depending on the resolution of Certificate Management Infrastructure (CMI) issues. ( 2.16.840.1.101.2.2.3.31 NAME 'mLA' SUP ( 2.5.6.12 $ ; applicationEntity 2.5.6.15 ) ; strongAuthenticationUser MAY 2.5.4.52 ) ; supportedAlgorithms 2.15 mLAgent Object Class The mLAgent object class is used to represent an application entity that performs the functions of a MLA. This object class is a subclass of applicationEntity and pkiUser. ( 2.16.840.1.101.2.2.3.64 NAME 'mLAgent' SUP ( 2.5.6.12 $ ; applicationEntity 2.5.6.21 ; pkiUser ) MAY 2.5.4.52 ) ; supportedAlgorithms DALLY Expires 28 November 1999 [Page 14] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.16 network Object Class The network structural object class is used to define directory entries representing interconnected communications networks. A Network entry can have subordinate entries that define the access and instructions for reaching other networks. ( 2.16.840.1.101.2.2.3.60 NAME 'network' SUP 2.5.6.0 ; top MUST 2.5.4.3 ; cn MAY ( 2.5.4.13 $ ; description 2.16.840.1.101.2.2.1.122 $ ; networkSchema 2.16.840.1.101.2.2.1.124 $ ; operationName 2.5.4.34 ) ) ; seeAlso 2.17 networkInstructions Object Class The networkInstructions structural object class is used to define a directory entry that provides the description of how to reach the subject network from another network. ( 2.16.840.1.101.2.2.3.61 NAME 'networkInstructions' SUP 2.5.6.0 ; top MUST 2.5.4.3 ; cn MAY ( 2.16.840.1.101.2.2.1.106 $ ; accessCodes 2.16.840.1.101.2.2.1.107 $ ; accessSchema 2.5.4.13 $ ; description 2.16.840.1.101.2.2.1.121 ) ) ; networkDN 2.18 orgACP127 Object Class The orgACP127 object class is used to define the entry for a single ACP 127/JANAP 128 [4]/[5] messaging user. This object class is a subclass of the plaACP127 auxiliary object class. DALLY Expires 28 November 1999 [Page 15] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.3.34 NAME 'orgACP127' SUP 2.16.840.1.101.2.2.3.47 ; plaACP127 MAY ( 2.16.840.1.101.2.2.1.53 $ ; accountingCode 2.16.840.1.101.2.2.1.4 $ ; associatedOrganization 2.5.4.6 $ ; c 2.16.840.1.101.2.2.1.54 $ ; dualRoute 2.16.840.1.101.2.2.1.56 $ ; entryClassification 2.5.4.7 $ ; l 2.16.840.1.101.2.2.1.63 $ ; longTitle 2.16.840.1.101.2.2.1.64 $ ; minimize 2.16.840.1.101.2.2.1.65 $ ; minimizeOverride 2.16.840.1.101.2.2.1.67 $ ; nameClassification 2.16.840.1.101.2.2.1.77 $ ; rI 2.16.840.1.101.2.2.1.79 $ ; rIInfo 2.16.840.1.101.2.2.1.81 $ ; section 2.5.4.8 $ ; st 2.16.840.1.101.2.2.1.87 ) ) ; tARE 2.19 otherContactInformation Object Class The otherContactInformation object class provides for additional telephone, location, and mailbox information in directory entries. ( 2.16.840.1.101.2.2.3.62 NAME 'otherContactInformation' SUP 2.5.6.0 ; top AUXILIARY MAY ( 2.16.840.1.101.2.2.1.94 $ ; aCPMobileTelephoneNumber 2.16.840.1.101.2.2.1.95 $ ; aCPPagerTelephoneNumber 2.16.840.1.101.2.2.1.108 $ ; aCPPreferredDelivery 2.16.840.1.101.2.2.1.118 $ ; mailDomains 2.16.840.1.101.2.2.1.119 $ ; militaryFacsimileNumber 2.16.840.1.101.2.2.1.120 $ ; militaryTelephoneNumber 2.16.840.1.101.2.2.1.126 $ ; proprietaryMailboxes 0.9.2342.19200300.100.1.6 $ ; roomNumber 2.16.840.1.101.2.2.1.127 $ ; secureFacsimileNumber 2.16.840.1.101.2.2.1.128 ) ) ; secureTelephoneNumber 2.20 pkiCA Object Class The pkiCA object class is used to represent Certification Authorities. ( 2.5.6.22 NAME 'pkiCA' SUP 2.5.6.0 ; top AUXILIARY MAY ( 2.5.4.37 $ ; cACertificate 2.5.4.39 $ ; certificateRevocationList 2.5.4.38 $ ; authorityRevocationList 2.5.4.40 ) ) ; crossCertificatePair DALLY Expires 28 November 1999 [Page 16] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.21 pkiUser Object Class The pkiUser object class is used to represent certificate subjects. A certificate subject is a human or other type of directory user to which a certificate has been issued. ( 2.5.6.21 NAME 'pkiUser' SUP 2.5.6.0 ; top AUXILIARY MAY 2.5.4.36 ) ; userCertificate 2.22 plaACP127 Object Class The plaACP127 object class provides for the general PLA attributes common to general service (GENSER) PLA entries, all of which inherit this class. ( 2.16.840.1.101.2.2.3.47 NAME 'plaACP127' SUP 2.5.6.0 ; top AUXILIARY MUST 2.16.840.1.101.2.2.1.70 ; plaNameACP127 MAY ( 2.16.840.1.101.2.2.1.52 $ ; community 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 $ ; expirationDate 2.16.840.1.101.2.2.1.68 $ ; nationality 2.16.840.1.101.2.2.1.74 $ ; publish 2.16.840.1.101.2.2.1.76 $ ; remarks 2.16.840.1.101.2.2.1.82 ) ) ; serviceOrAgency 2.23 plaCollectiveACP127 Object Class The plaCollectiveACP127 object class is used to define the entry for an ACP 127/JANAP 128 [4]/[5] Address Indicator Group (AIG) distribution list or Type distribution list. This object class is a subclass of the plaACP127 auxiliary object class. ( 2.16.840.1.101.2.2.3.35 NAME 'plaCollectiveACP127' SUP 2.16.840.1.101.2.2.3.47 ; plaACP127 MUST 2.16.840.1.101.2.2.1.51 ; cognizantAuthority MAY ( 2.16.840.1.101.2.2.1.46 $ ; actionAddressees 2.16.840.1.101.2.2.1.50 $ ; allowableOriginators 2.16.840.1.101.2.2.1.113 $ ; associatedAL 2.5.4.13 $ ; description 2.16.840.1.101.2.2.1.56 $ ; entryClassification 2.16.840.1.101.2.2.1.59 $ ; infoAddressees 2.16.840.1.101.2.2.1.60 $ ; lastRecapDate 2.16.840.1.101.2.2.1.75 ) ) ; recapDueDate DALLY Expires 28 November 1999 [Page 17] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.24 plaData Object Class The plaData object class contains attributes common to Special Intelligentce (SI) PLAs. ( 2.16.840.1.101.2.2.3.26 NAME 'plaData' SUP 2.5.6.0 ; top AUXILIARY MAY ( 2.16.840.1.101.2.2.1.52 $ ; community 2.5.4.13 $ ; description 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 2.25 plaUser Object Class The plaUser object class contains the name of a PLA's directory entry and, optionally, Routing Indicator (RI) for addressing that PLA. ( 2.16.840.1.101.2.2.3.56 NAME 'plaUser' SUP 2.5.6.0 ; top AUXILIARY MUST 2.16.840.1.101.2.2.1.70 ; plaNameACP127 MAY 2.16.840.1.101.2.2.1.79 ) ; rIInfo 2.26 releaseAuthorityPerson Object Class The releaseAuthorityPerson object class is used to define the entry for a role of release authority who releases organizational messages on behalf of an organization. Whereas organizations originate their organizational messages, it is the job of the release authority to sign the messages. Release authorities do not send individual messages and do not receive messages. Note that this object class may become obsolete, depending on the resolution of CMI issues. ( 2.16.840.1.101.2.2.3.63 NAME 'releaseAuthorityPerson' SUP.2.16.840.1.101.2.1.4.13 ; secure-user MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName DALLY Expires 28 November 1999 [Page 18] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.27 releaseAuthorityPersonA Object Class The releaseAuthorityPersonA object class is used to define the entry for a role of release authority who releases organizational messages on behalf of an organization. Whereas organizations originate their organizational messages, it is the job of the release authority to sign the messages. Release authorities do not send individual messages and do not receive messages. ( 2.16.840.1.101.2.2.3.65 NAME 'releaseAuthorityPersonA' SUP.2.16.840.1.101.2.2.3.66 ; securePkiUser MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName 2.28 routingIndicator Object Class The routingIndicator object class is used to define an entry for a RI and is a subclass of the plaData auxiliary object class. ( 2.16.840.1.101.2.2.3.37 NAME 'routingIndicator' SUP 2.16.840.1.101.2.2.3.26 ; plaData MUST 2.16.840.1.101.2.2.1.77 ; rI MAY ( 2.16.840.1.101.2.2.1.62 $ ; lmf 2.6.5.2.0 $ ; mhs-maximum-content-length 2.16.840.1.101.2.2.1.68 $ ; nationality 2.16.840.1.101.2.2.1.74 $ ; publish 2.16.840.1.101.2.2.1.78 $ ; rIClassification 2.16.840.1.101.2.2.1.83 $ ; sHD 2.16.840.1.101.2.2.1.96 $ ; tCC 2.16.840.1.101.2.2.1.69 $ ; transferStation 2.16.840.1.101.2.2.1.97 ) ) ; tRC 2.29 secure-user Object Class The secure-user object class is used in defining directory entries that include credentials for users. It is a subclass of the strongAuthenticationUser object class, defined in X.521 [8], which provides for a user certificate. Note that this object class may become obsolete, depending on the resolution of CMI issues. ( 2.16.840.1.101.2.1.4.13 NAME 'secure-user' SUP 2.5.6.15 ; strongAuthenticationUser AUXILIARY MAY ( 2.5.6.58 $ ; attributeCertificate 2.5.4.52 ) ) ; supportedAlgorithms DALLY Expires 28 November 1999 [Page 19] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.30 securePkiUser Object Class The securePkiUser (Public Key Infrastructure) object class is used in defining directory entries that include credentials for ACP 123 [6] users. It is a subclass of the pkiUser object class, defined in RFC ???? [9], which provides for a user certificate. ( 2.16.840.1.101.2.2.3.66 NAME 'securePkiUser' SUP 2.5.6.21 ; pkiUser AUXILIARY MAY ( 2.5.6.58 $ ; attributeCertificate 2.5.4.52 ) ) ; supportedAlgorithms 2.31 sigintPLA Object Class The sigintPLA (Signal Intelligence) object class is used to represent sensitive SI PLAs. This object class is a subclass of the plaData auxiliary object class. ( 2.16.840.1.101.2.2.3.38 NAME 'sigintPLA' SUP 2.16.840.1.101.2.2.3.26 ; plaData MUST 2.16.840.1.101.2.2.1.85 ; sigad MAY ( 2.5.4.7 $ ; l 2.16.840.1.101.2.2.1.68 $ ; nationality 2.16.840.1.101.2.2.1.74 $ ; publish 2.16.840.1.101.2.2.1.76 $ ; remarks 2.16.840.1.101.2.2.1.77 $ ; rI 2.16.840.1.101.2.2.1.84 ) ) ; shortTitle 2.32 sIPLA Object Class The sIPLA object class is used to define the entry for a single SI messaging user. This object class is a subclass of the plaData auxiliary object class. ( 2.16.840.1.101.2.2.3.39 NAME 'sIPLA' SUP 2.16.840.1.101.2.2.3.26 ; plaData MUST 2.16.840.1.101.2.2.1.63 ; longTitle MAY ( 2.5.4.7 $ ; l 2.16.840.1.101.2.2.1.68 $ ; nationality 2.16.840.1.101.2.2.1.74 $ ; publish 2.16.840.1.101.2.2.1.76 $ ;remarks 2.16.840.1.101.2.2.1.77 $ ; rI 2.16.840.1.101.2.2.1.84 $ ; shortTitle 2.16.840.1.101.2.2.1.85 ) ) ; sigad DALLY Expires 28 November 1999 [Page 20] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.33 spotPLA Object Class The spotPLA object class is used to define an entry for a special products distribution list. This object class is a subclass of the plaData auxiliary object class. ( 2.16.840.1.101.2.2.3.40 NAME 'spotPLA' SUP 2.16.840.1.101.2.2.3.26 ; plaData MUST 2.16.840.1.101.2.2.1.86 ; spot MAY ( 2.16.840.1.101.2.2.1.46 $ ; actionAddressees 2.16.840.1.101.2.2.1.47 $ ; additionalAddressees 2.16.840.1.101.2.2.1.48 $ ; additionalSecondPartyAddressees 2.6.5.2.4 $ ; mhs-dl-submit-permissions 2.16.840.1.101.2.2.1.76 $ ; remarks 2.16.840.1.101.2.2.1.80 ) ) ; secondPartyAddressees 2.34 taskForceACP127 Object Class The taskForceACP127 object class is used to define a directory entry for an ACP 127/JANAP 128 [4]/[5] task force distribution list. This object class is a subclass of the plaACP127 auxiliary object class. ( 2.16.840.1.101.2.2.3.41 NAME 'taskForceACP127' SUP 2.16.840.1.101.2.2.3.47 ; plaACP127 MUST ( 2.16.840.1.101.2.2.1.51 $ ; cognizantAuthority 2.16.840.1.101.2.2.1.60 $ ; lastRecapDate 2.16.840.1.101.2.2.1.75 ; recapDueDate) MAY ( 2.16.840.1.101.2.2.1.113 $ ; associatedAL 2.16.840.1.101.2.2.1.56 $ ; entryClassification 2.16.840.1.101.2.2.1.71 ) ) ; plaAddressees 2.35 tenantACP127 Object Class The tenantACP127 object class is used to define a directory entry that represents a tenant PLA. This object class is a subclass of the plaACP127 auxiliary object class. ( 2.16.840.1.101.2.2.3.42 NAME 'tenantACP127' SUP 2.16.840.1.101.2.2.3.47 ; plaACP127 MUST 2.16.840.1.101.2.2.1.58 ; hostOrgACP127 MAY ( 2.16.840.1.101.2.2.1.56 $ ; entryClassification 2.16.840.1.101.2.2.1.87 ) ) ; tARE DALLY Expires 28 November 1999 [Page 21] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.36 ukms Object Class The ukms object class contains the monthly values of user keying material (UKM) used in the construction of selected CCEB symmetric confidentiality algorithms. ( 2.16.840.1.101.2.1.4.16 NAME 'ukms' SUP 2.5.6.0 ; top AUXILIARY MAY ( 2.16.840.1.101.2.1.5.20 $ ; janUKMs 2.16.840.1.101.2.1.5.21 $ ; febUKMs 2.16.840.1.101.2.1.5.22 $ ; marUKMs 2.16.840.1.101.2.1.5.23 $ ; aprUKMs 2.16.840.1.101.2.1.5.24 $ ; mayUKMs 2.16.840.1.101.2.1.5.25 $ ; junUKMs 2.16.840.1.101.2.1.5.26 $ ; julUKMs 2.16.840.1.101.2.1.5.27 $ ; augUKMs 2.16.840.1.101.2.1.5.28 $ ; sepUKMs 2.16.840.1.101.2.1.5.29 $ ; octUKMs 2.16.840.1.101.2.1.5.30 $ ; novUKMs 2.16.840.1.101.2.1.5.31 ) ) ; decUKMs DALLY Expires 28 November 1999 [Page 22] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3. ATTRIBUTE TYPES 3.1 accessCodes Attribute The accessCodes attribute value gives the coding of how to reach one network from another. Additional instructions for the use of this access code are contained in a description attribute in the same entry. For example, in a private telephone network, the user could be required to dial "8" to reach other users in a different city or to dial "9" to exit the private network. ( 2.16.840.1.101.2.2.1.106 NAME 'accessCodes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 3.2 accessSchema Attribute The accessSchema attribute value is a schematic representation used to complete the access information from one network to another in the case of a complex connection. (Many connections are not complex enough to need such a description and in that case the attribute would not be populated.) ( 2.16.840.1.101.2.2.1.107 NAME 'accessSchema' SYNTAX 2.16.840.1.101.2.2.2.7 ) ; GraphicString 3.3 accountingCode Attribute The accountingCode attribute value is a character string used in logistics applications to identify an organization uniquely. One example is the U.S. Department of Defense Activity Accounting Code (DODAAC). ( 2.16.840.1.101.2.2.1.53 NAME 'accountingCode' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{7} ) 3.4 aCPMobileTelephoneNumber Attribute The aCPMobileTelephoneNumber attribute value identifies a mobile telephone number for the object represented by the directory entry that contains this attribute. ( 2.16.840.1.101.2.2.1.94 NAME 'aCPMobileTelephoneNumber' SUP 2.5.4.20 ) ; telephoneNumber 3.5 aCPPagerTelephoneNumber Attribute The aCPPagerTelephoneNumber attribute identifies a telephone number for a pager associated with the object represented by the directory entry. DALLY Expires 28 November 1999 [Page 23] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.95 NAME 'aCPPagerTelephoneNumber' SUP 2.5.4.20 ) ; telephoneNumber 3.6 aCPPreferredDelivery Attribute The aCPPreferredDelivery attribute value is used to determine the messaging system a user, represented by the directory entry, prefers for message delivery. The possible values are: "ACP 127", "SMTP" or "MHS". "MHS" signifies either standard X.400 (1984 or 1988) or ACP 123-compliant X.400. ( 2.16.840.1.101.2.2.1.108 NAME 'aCPPreferredDelivery' SYNTAX 2.16.840.1.101.2.2.2.6 ; ACP Preferred Delivery syntax SINGLE-VALUE ) 3.7 aCPTelephoneFaxNumber ATTRIBUTE The aCPTelephoneFaxNumber attribute is defined for use as a supertype in defining the attributes: militaryFacsimileNumber militaryTelephoneNumber secureFacsimileNumber secureTelephoneNumber A value of the aCPTelephoneFaxNumber attribute and the attributes defined as its subtypes is a telephone number that is used for military purposes and is associated with an object represented by the directory entry. For example, a person may have a telephone, equipped with a STU III (Secure Telephone Unit) device, on the Public Switched Telephone Network (PSTN). ( 2.16.840.1.101.2.2.1.109 NAME 'aCPTelephoneFaxNumber' EQUALITY 2.5.13.20 ; telephoneNumberMatch SUBSTR 2.5.13.21 ; telephoneNumberSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.1 ) ; ACPTelephoneFaxNumberSyntax The attribute value for an ACP telephone number contains the following substrings which are separated by commas (i.e., ","): network or site identifier telephone number security device identifier The maximum size of the network or site identifier substring is six characters. In the example, the string "PSTN" would be the value of this identifier. For the telephone number substring, if the network is the PSTN, then the format shall be as for a Telephone Number as defined in X.520 [10] (i.e., CCITT E.123). Extension numbers shall be DALLY Expires 28 November 1999 [Page 24] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 preceded by "ext." or other nationally defined equivalent. The maximum length of this substring is 32 characters. In the example, the string "+1 555 222 ext. 34" could be the value of the telephone number. The maximum size of the security device identifier substring is eight characters. In the example, the string "STU III" would be the value of this identifier. The complete example value would be "PSTN, +1 555 222 ext. 34, STU III". The security device (and preceding substring separator ",") is present only if the military telephone number is secured (i.e., attribute subtypes secureTelephoneNumber or secureFacsimileNumber). Note that the equality and substring matching rule for this attribute is not case sensitive and the substring matching rule is case sensitive. Thus, it is recommended that the network/site identifier and security device identifier are in upper case. 3.8 actionAddressees Attribute An actionAddressees attribute value is the list of action addressees of an ACP 127/JANAP 128 [4]/[5] collective, for example, an AIG. An action addressee is expected to take action appropriate on the message content, whereas an information addressee receives the message for informational purposes only. ( 2.16.840.1.101.2.2.1.46 NAME 'actionAddressees' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax 3.9 additionalAddressees Attribute The additionalAddressees attribute value is a list of addressees to be added to the actionAddressees list (value of the actionAddressees attribute) under circumstances identified in the remarks attribute in the same directory entry. ( 2.16.840.1.101.2.2.1.47 NAME 'additionalAddressees' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax 3.10 additionalSecondPartyAddressees Attribute The additionalSecondPartyAddressees attribute value is a list of addressees to be added to the secondPartyAddressees list (value of the secondPartyAddressees attribute) under circumstances DALLY Expires 28 November 1999 [Page 25] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 identified in the remarks attribute in the same directory entry. ( 2.16.840.1.101.2.2.1.48 NAME 'additionalSecondPartyAddressees' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax 3.11 administrator Attribute The administrator attribute value represents the entity responsible for the operation of a component when it is different from the owner of the component. For example, the owner may be a domain. ( 2.16.840.1.101.2.2.1.110 NAME 'administrator' SUP 2.5.4.49 ) ; distinguishedName 3.12 aigsExpanded Attribute The aigsExpanded attribute values are the names of the AIGs expanded by a messaging gateway. ( 2.16.840.1.101.2.2.1.111 NAME 'aigsExpanded' SUP 2.5.4.49 ) ; distinguishedName 3.13 aLExemptedAddressProcessor Attribute The aLExemptedAddressProcessor attribute value is the ORName of the address list processor for the address list where exempted addresses are removed. ( 2.16.840.1.101.2.1.5.47 'aLExemptedAddressProcessor' SYNTAX 2.16.840.1.101.2.2.2.10 ; O/R Name syntax SINGLE-VALUE ) 3.14 aliasPointer Attribute The aliasPointer attribute type value points to alias directory entries which might have to be modified if the directory entry containing this attribute is modified. It is intended to be used to maintain data consistency in the Directory Information Base (DIB). ( 2.16.840.1.101.2.2.1.49 NAME 'aliasPointer' EQUALITY 2.5.13.1 ; distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) ; DN 3.15 alid Attribute The alid attribute value is the AL key material identifier. DALLY Expires 28 November 1999 [Page 26] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.1.5.14 NAME 'alid' EQUALITY 2.5.13.17 ; octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) ; Kmid = Octet String 3.16 allowableOriginators Attribute The allowableOriginators attribute value is the name of an ACP 127/JANAP 128 [4]/[5] collective that contains the list of PLAs that are allowed to originate messages to this list. ( 2.16.840.1.101.2.2.1.50 NAME 'allowableOriginators' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax 3.17 aLReceiptPolicy Attribute The aLReceiptPolicy attribute value indicates address list's signed receipt policy. This receipt policy supersedes the originator's request for signed receipts (see ACP 120 [11]). ( 2.16.840.1.101.2.2.1.135 NAME 'aLReceiptPolicy' SYNTAX 2.16.840.1.101.2.2.2.9 ; MLReceiptPolicy SINGLE-VALUE ) 3.18 alternateRecipient Attribute The alternateRecipient attribute is used to designate an X.400 alternate recipient for a messaging user. It could be used by an X.400 message originator to create an originator-assigned alternate recipient address to be used by the MTS, if delivery to the addressed recipient fails. ( 2.16.840.1.101.2.2.1.3 NAME 'alternateRecipient' EQUALITY 2.5.13.1 ; distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 3.19 aLType Attribute The aLType attribute value indicates the type of an address list from these possibilities: AIG (Address Indicator Group), Type Organization Collective, CAD (Collective Address Designator), and Task Force. ( 2.16.840.1.101.2.2.1.112 NAME 'aLType' EQUALITY 2.5.13.14 ; integerMatch SYNTAX 2.16.840.1.101.2.2.2.8 ; Address List Type syntax SINGLE-VALUE ) DALLY Expires 28 November 1999 [Page 27] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.20 aprUKMs Attribute The aprUKMs (User Key Materials) attribute value is used in the construction of selected symmetric confidentiality algorithms for the month of April. ( 2.16.840.1.101.2.1.5.23 NAME 'aprUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.21 associatedAL Attribute The associatedAL attribute value points to the address list object which replaces the ACP 127/JANAP 128 [4]/[5] task force PLA. It assists in the transition from ACP 127/JANAP 128 [4]/[5] to X.400 addressing and the associated transition from the use of ACP 127/ JANAP 128 [4]/[5] collectives to the use of address lists. ( 2.16.840.1.101.2.2.1.113 NAME 'associatedAL' EQUALITY 2.5.13.1 ; distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 3.22 associatedOrganization Attribute The associatedOrganization attribute value points to the organizationalUnit directory entry which represents the same organizational messaging entity as the PLA directory entry containing this attribute. ( 2.16.840.1.101.2.2.1.4 NAME 'associatedOrganization' EQUALITY 2.5.13.1 ; distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 3.23 associatedPLA Attribute The associatedPLA attribute value points to the ACP 127/JANAP 128 [4]/[5] directory entry for the same messaging entity as represented by the Organizational Unit directory entry containing this attribute. ( 2.16.840.1.101.2.2.1.6 NAME 'associatedPLA' EQUALITY 2.5.13.1 ; distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 3.24 augUKMs Attribute The augUKMs attribute value is used in the construction of selected symmetric confidentiality algorithms for the month of August. DALLY Expires 28 November 1999 [Page 28] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.1.5.27 NAME 'augUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.25 cognizantAuthority Attribute The cognizantAuthority attribute value indicates the administrator for an ACP 127/JANAP 128 [4]/[5] collective. ( 2.16.840.1.101.2.2.1.51 NAME 'cognizantAuthority' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} SINGLE-VALUE ) 3.26 collective-mhs-or-addresses Attribute The collective-mhs-or-addresses attribute value is a value of mhs-or-addresses that is applied at an administrative point. ( 2.16.840.1.101.2.2.1.134 1 NAME 'collective-mhs-or-addresses' SUP 2.6.5.2.6 ) ; mhs-or-addresses 3.27 collectiveMilitaryFacsimileNumber Attribute The collectiveMilitaryFacsimileNumber attribute value is a value of militaryFacsimileNumber that is applied at an administrative point. ( 2.16.840.1.101.2.2.1.119 1 NAME 'collectiveMilitaryFacsimileNumber' SUP 2.16.840.1.101.2.2.1.119 ) ; militaryFacsimileNumber 3.28 collectiveMilitaryTelephoneNumber Attribute The collectiveMilitaryTelephoneNumber attribute value is a value of militaryTelephoneNumber that is applied at an administrative point. ( 2.16.840.1.101.2.2.1.120 1 NAME 'collectiveMilitaryTelephoneNumber' SUP 2.16.840.1.101.2.2.1.120 ) ; militaryTelephoneNumber 3.29 collectiveNationality Attribute The collectiveNationality attribute value is a value of nationality that is applied at an administrative point. ( 2.16.840.1.101.2.2.1.68 1 NAME 'collectiveNationality' SUP 2.16.840.1.101.2.2.1.68 ) ; nationality DALLY Expires 28 November 1999 [Page 29] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.30 collectiveSecureFacsimileNumber Attribute The collectiveSecureFacsimileNumber attribute value is a value of secureFacsimileNumber that is applied at an administrative point. ( 2.16.840.1.101.2.2.1.127 1 NAME 'collectiveSecureFacsimileNumber' SUP 2.16.840.1.101.2.2.1.127 ) ; secureFacsimileNumber 3.31 collectiveSecureTelephoneNumber ATTRIBUTE The collectiveSecureTelephoneNumber attribute value is a value of secureTelephoneNumber that is applied at an administrative point. ( 2.16.840.1.101.2.2.1.128 1 NAME 'collectiveSecureTelephoneNumber' SUP 2.16.840.1.101.2.2.1.128 ) ; secureTelephoneNumber 3.32 community Attribute The community attribute value indicates whether an object belongs to the GENSER (R) or SI (Y) community or both (R/Y). ( 2.16.840.1.101.2.2.1.52 NAME 'community' SYNTAX 2.16.840.1.101.2.2.2.5 ; Community syntax SINGLE-VALUE ) 3.33 copyMember Attribute The copyMember attribute value specifies a group of names associated with the object represented by the directory entry. In an address list directory entry, this attribute indicates the "copy" or "info" members of the list as opposed to "primary" or "action" members. ( 2.16.840.1.101.2.2.1.114 NAME 'copyMember' SUP 2.5.4.31 ) ; member 3.34 decUKMs Attribute The decUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of December. ( 2.16.840.1.101.2.1.5.31 NAME 'decUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE) DALLY Expires 28 November 1999 [Page 30] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.35 distributionCodeAction Attribute The distributionCodeAction attribute values identify the distribution codes (including Subject Indicator Codes (SICs)) for which an organization, person, or role handles messages for action. ( 2.16.840.1.101.2.2.1.104 NAME 'distributionCodeAction' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) ; DistributionCode = ; PrintableString 3.36 distributionCodeInfo Attribute The distributionCodeInfo attribute values identify the distribution codes (including SICs) for which an organization, person, or role handles messages for information. ( 2.16.840.1.101.2.2.1.105 NAME 'distributionCodeInfo' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) ; DistributionCode = ; PrintableString 3.37 dualRoute Attribute The dualRoute attribute value indicates whether delivery of messages for an organization to both the home and deployed sites is required. If set to TRUE, dual delivery is required. ( 2.16.840.1.101.2.2.1.54 NAME 'dualRoute' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ; SINGLE-VALUE ) 3.38 effectiveDate Attribute The effectiveDate attribute value indicates when the directory entry is to become valid. ( 2.16.840.1.101.2.2.1.55 NAME 'effectiveDate' EQUALITY 2.5.13.27 ; generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 3.39 entryClassification Attribute The entryClassification attribute value indicates the classification of the directory entry that contains this attribute. The possible values are: unmarked, unclassified, restricted, confidential, secret, and top secret. DALLY Expires 28 November 1999 [Page 31] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.56 NAME 'entryClassification' SYNTAX 2.16.840.1.101.2.2.2.4) ; Classification syntax 3.40 expirationDate Attribute The expirationDate attribute value indicates the time at which the directory entry becomes invalid. ( 2.16.840.1.101.2.2.1.57 NAME 'expirationDate' EQUALITY 2.5.13.27 ; generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 3.41 febUKMs Attribute The febUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of February. ( 2.16.840.1.101.2.1.5.21 NAME 'febUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.42 gatewayType Attribute The gatewayType attribute value is used to indicate the translations a messaging gateway is capable of performing. The translations that can be indicated are: acp120-acp127-gateway acp120-janap128-gateway acp120-mhs-gateway acp120-mmhs-gateway acp120-rfc822-gateway boundary MTA mmhs-mhs-gateway mmhs-rfc822-gateway mta-acp127-gateway ( 2.16.840.1.101.2.2.1.115 NAME 'gatewayType' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 3.43 ghpType Attribute The ghpType attribute value is used to indicate the gateway handling policy of an mta-acp127-gateway defined in STANAG 4406 [12]. DALLY Expires 28 November 1999 [Page 32] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.116 NAME 'ghpType' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 3.44 guard Attribute The guard attribute value indicates the Name(s) of the Guard Gateway. ( 2.16.840.1.101.2.2.1.117 NAME 'guard' SUP 2.5.4.49 ) ; distinguishedName 3.45 host Attribute The host attribute value gives an identifier for a host computer, as defined in the COSINE and Internet X.500 Schema, RFC 1274 [13]. ( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) ; limited to ; TeletexString or PrintableString 3.46 hostOrgACP127 Attribute The hostOrgACP127 attribute value of a tenant PLA identifies the PLA for the organization which accepts traffic for a tenant. ( 2.16.840.1.101.2.2.1.58 NAME 'hostOrgACP127' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} SINGLE-VALUE ) 3.47 infoAddressees Attribute The infoAddressees attribute value of an ACP 127/JANAP 128 [4]/[5] collective contains the list of information addressees of the collective. ( 2.16.840.1.101.2.2.1.59 NAME 'infoAddressees' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax 3.48 janUKMs Attribute The janUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of January. DALLY Expires 28 November 1999 [Page 33] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.1.5.20 NAME 'janUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.49 julUKMs Attribute The julUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of July. ( 2.16.840.1.101.2.1.5.26 NAME 'julUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.50 junUKMs ATTRIBUTE The junUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of June. ( 2.16.840.1.101.2.1.5.25 NAME 'junUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.51 lastRecapDate Attribute The lastRecapDate attribute value indicates when a list was last recapped or validated. ( 2.16.840.1.101.2.2.1.60 NAME 'lastRecapDate' EQUALITY 2.5.13.27 ; generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 3.52 listPointer Attribute The listPointer attribute value is used to point to address list directory entries which might have to be modified if the entry containing this attribute is modified. It is intended to be used to maintain data consistency in the DIB. ( 2.16.840.1.101.2.2.1.61 NAME 'listPointer' EQUALITY 2.5.13.1 ; distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) DALLY Expires 28 November 1999 [Page 34] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.53 lmf Attribute The lmf (Language and Media Format) attribute value indicates the language and media format that can be accepted between the two communicating end-systems. Possible values include: T tape A ASCII (American Standard Code for Information Interchange) C card, etc. ( 2.16.840.1.101.2.2.1.62 NAME 'lmf' EQUALITY 2.5.13.2 ; caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{1} SINGLE-VALUE ) 3.54 longTitle Attribute The longTitle attribute value is the expanded form of an organization's PLA. ( 2.16.840.1.101.2.2.1.63 NAME 'longTitle' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{255} ; SINGLE-VALUE ) 3.55 mailDomains Attribute The mailDomains attribute value is a string, which provides information on the domains that the messaging gateway will bridge. ( 2.16.840.1.101.2.2.1.118 NAME 'mailDomains' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ; DirectoryString 3.56 marUKMs Attribute The marUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of March. ( 2.16.840.1.101.2.1.5.22 NAME 'marUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) DALLY Expires 28 November 1999 [Page 35] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.57 mayUKMs Attribute The mayUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of May. ( 2.16.840.1.101.2.1.5.24 NAME 'mayUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.58 mhs-acceptable-eits Attribute The mhs-acceptable-eits attribute value identifies a set of EITs for messages. The user or distribution list, represented by the directory entry, will accept delivery of or expand a message in which any one of these eits is present. ( 2.6.5.2.17 NAME 'mhs-acceptable-eits' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; ExtendedEncodedInformationType = object identifier 3.59 mhs-deliverable-classes Attribute The mhs-deliverable-classes attribute value identifies the classes of messages whose delivery a UA, represented by the directory entry, will accept. ( 2.6.5.2.19 NAME 'mhs-deliverable-classes' EQUALITY 2.6.5.4.2 ; capabilityMatch SYNTAX 2.16.840.1.101.2.2.2.13 ) ; Capability syntax 3.60 mhs-deliverable-content-types Attribute The mhs-deliverable-content-types attribute values identify the content types of the messages whose delivery the user, represented by the directory entry, will accept. ( 2.6.5.2.1 NAME 'mhs-deliverable-content-types' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.4.1.4.1.1466.115.121.1.38 ) ; ExtendedContentType ; = object identifier 3.61 mhs-dl-archive-service Attribute The mhs-dl-archive-service attribute value identifies a service from which a user may request copies of messages previously distributed by the address list represented by the directory entry. DALLY Expires 28 November 1999 [Page 36] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.6.5.2.12 NAME 'mhs-dl-archive-service' EQUALITY 2.6.5.4.0 ; oRNameExactMatch SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax 3.62 mhs-dl-members Attribute The mhs-dl-members attribute value is an OR-name which identifies a member of the DL. This attribute may have multiple values each of which identifies one member of the DL. When a DL is expanded, each of the values of this attribute becomes a recipient of the message. ( 2.6.5.2.3 NAME 'mhs-dl-members' EQUALITY 2.6.5.4.0 ; oRNameExactMatch SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax 3.63 mhs-dl-policy Attribute The mhs-dl-policy attribute value identifies the choice of policy options to be applied when expanding the address list represented by the directory entry. ( 2.6.5.2.13 NAME 'mhs-dl-policy' SYNTAX 2.16.840.1.101.2.2.2.14 ; DLPolicy syntax SINGLE-VALUE ) 3.64 mhs-dl-related-lists Attribute The mhs-dl-related-lists attribute value identifies other address lists which are, in some unspecified way, related to the address list represented by the directory entry. ( 2.6.5.2.14 NAME 'mhs-dl-related-lists' SUP 2.5.4.49 ; distinguishedName EQUALITY 2.5.13.1 ; distinguishedNameMatch ) 3.65 mhs-dl-submit-permissions Attribute The mhs-dl-submit-permissions attribute values identify the users and address lists that may submit messages to the address list represented by the directory entry. ( 2.6.5.2.4 NAME 'mhs-dl-submit-permissions' SYNTAX 2.16.840.1.101.2.2.2.15 ) ; DLSubmitPermission syntax 3.66 mhs-dl-subscription-service Attribute The mhs-dl-subscription-service attribute value identifies a service of which a user may request changes to the membership of the address list represented by the directory entry, (e.g., for a user to request to be added to the address list). DALLY Expires 28 November 1999 [Page 37] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.6.5.2.15 NAME 'mhs-dl-subscription-service' EQUALITY 2.6.5.4.0 ; oRNameExactMatch SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax 3.67 mhs-exclusively-acceptable-eits Attribute The mhs-exclusively-acceptable-eits attribute value identifies a set of EITs for messages. The user or distribution list, represented by the directory entry, will accept delivery of or expand a message in which all of these EITs are present. ( 2.6.5.2.2 NAME 'mhs-exclusively-acceptable-eits' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; ExtendedEncodedInformationType = object identifier 3.68 mhs-maximum-content-length Attribute The mhs-maximum-content-length attribute value identifies the maximum content length of the messages that can be handled by the object represented by the directory entry. The object is a user to whom the message would be delivered, an address list for which expansion would be performed on the message, or an MTA to which the message would be acceptable. ( 2.6.5.2.0 NAME 'mhs-maximum-content-length' EQUALITY 2.5.13.14 ; integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ; ContentLength = INTEGER SINGLE-VALUE ) 3.69 mhs-message-store-dn Attribute The mhs-message-store-dn attribute value identifies by directory name the message store of the user represented by the directory entry. ( 2.6.5.2.5 NAME 'mhs-message-store-dn' SUP 2.5.4.49 ; distinguishedName EQUALITY 2.5.13.1 ; distinguishedNameMatch SINGLE-VALUE ) 3.70 mhs-or-addresses Attribute The mhs-or-addresses attribute values specify the O/R addresses of the user or address list represented by the directory entry. ( 2.6.5.2.6 NAME 'mhs-or-addresses' EQUALITY 2.6.4.8.14 ; oRAddressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.33 ) ; MHS OR Address syntax DALLY Expires 28 November 1999 [Page 38] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.71 mhs-or-addresses-with-capabilities Attribute The mhs-or-addresses-with-capabilities attribute values specify the O/R addresses and the messaging capabilities associated with each address of the user or address list represented by the directory entry. Recognized security labels are identified in ACP 123 [6]. Information about availability and nationality will be included in the description. If the address is served by a foreign nation, the International Standard Organization 3166 [14] code of the country shall be entered first. If an OR-address is not operational on a 24 by 7 basis, the normal daily schedule shall be given in start and stop times for each day of operation. Planned down time also shall be given in start and stop time. ( 2.6.5.2.16 NAME 'mhs-or-addresses-with-capabilities' EQUALITY 2.6.5.4.1 ; addressCapabilitiesMatch SYNTAX 2.16.840.1.101.2.2.2.16 ) ; AddressCapabilities syntax 3.72 mhs-supported-attributes Attribute The mhs-supported-attributes attribute values identify the attributes that the message store, represented by the directory entry, fully supports. ( 2.6.5.2.10 NAME 'mhs-supported-attributes' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; MS-ATTRIBUTE.&id ({AttributeTable}) = object identifier 3.73 mhs-supported-automatic-actions Attribute The mhs-supported-automatic-actions attribute values identify the automatic actions that the message store, represented by the directory entry, supports. ( 2.6.5.2.8 NAME 'mhs-supported-automatic-actions' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; AUTO-ACTION.&id ({AutoActionTable}) = object identifier DALLY Expires 28 November 1999 [Page 39] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.74 mhs-supported-content-types Attribute The mhs-supported-content-types attribute values identify the content types of the messages whose syntax and semantics the message store, represented by the directory entry, supports. ( 2.6.5.2.9 NAME 'mhs-supported-content-types' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; ExtendedContentType ; = object identifier 3.75 mhs-supported-matching-rules Attribute The mhs-supported-matching-rules attribute values identify the matching rules that the message store, represented by the directory entry, fully supports. ( 2.6.5.2.11 NAME 'mhs-supported-matching-rules' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; MATCHING-RULE.&id ({MatchingRuleTable}) = object ; identifier 3.76 mhs-unacceptable-eits Attribute The mhs-undeliverable-eits attribute value identifies the encoded information types of a message which would make a user not accept delivery, or which would prevent an address list from doing expansion on the message. The absence of this attribute indicates that there are no EITs which are unacceptable. The presence of the special value "id-eit-all" indicates that all EITs are unacceptable except for those EITs identified by the mhs-acceptable-eits or mhs-exclusively-acceptable-eits attributes. ( 2.6.5.2.18 NAME 'mhs-unacceptable-eits' EQUALITY 2.5.13.0 ; objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) ; ExtendedEncodedInformationType = object identifier 3.77 militaryFacsimileNumber Attribute The militaryFacsimileNumber attribute value identifies a military facsimile number, such as a Defense Switched Network (DSN) number or Defence Fixed Telecommunications Service (DFTS) number, which is associated with the object represented by the directory entry. This attribute is a subtype of aCPTelephoneFaxNumber. An example of a militaryFacsimileNumber value is "DFTS, 555 1111 ext 25". ( 2.16.840.1.101.2.2.1.119 NAME 'militaryFacsimileNumber' SUP 2.16.840.1.101.2.2.1.94 ) ; aCPTelephoneFaxNumber DALLY Expires 28 November 1999 [Page 40] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.78 militaryTelephoneNumber Attribute The militaryTelephoneNumber attribute value identifies a military telephone number, such as a DSN number, which is associated with the object represented by the directory entry. This attribute is a subtype of aCPTelephoneFaxNumber. An example of a militaryTelephoneNumber value is "DSN, 555-333". ( 2.16.840.1.101.2.2.1.120 NAME 'militaryTelephoneNumber' SUP 2.16.840.1.101.2.2.1.94 ) ; aCPTelephoneFaxNumber 3.79 minimize Attribute The minimize attribute value indicates whether an organization, person, or role, represented by the directory entry, is under the MINIMIZE condition. If so, the message originators are responsible for not sending unnecessary messages to the recipient. ( 2.16.840.1.101.2.2.1.64 NAME 'minimize' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3.80 minimizeOverride Attribute The minimizeOverride attribute value is used by the Message Conversion System (MCS) to determine whether the MINIMIZE condition will be enforced when a message is originated by this PLA. If the value is FALSE, override does not occur and MINIMIZE is enforced. If the value is TRUE, MINIMIZE is not enforced. ( 2.16.840.1.101.2.2.1.65 NAME 'minimizeOverride' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3.81 nameClassification Attribute The nameClassification attribute value indicates the security classification of the name of the directory entry itself. ( 2.16.840.1.101.2.2.1.67 NAME 'nameClassification' SYNTAX 2.16.840.1.101.2.2.2.4 ) ; Classification 3.82 nationality Attribute The nationality attribute value names the country which "owns" an entity. For an individual, it would be the nationality of the person. The standard Country Name attribute is used to denote the location of the entity. DALLY Expires 28 November 1999 [Page 41] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.68 NAME 'nationality' SUP 2.5.4.41 ; name SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{2} ; exactly 2 characters SINGLE-VALUE ) 3.83 networkDN Attribute The networkDN attribute value contains the full DN of a network and may be used to reference the entry for the network from another entry (e.g., used in the Network Instructions entry to reference the entry for the accessed network). ( 2.16.840.1.101.2.2.1.121 NAME 'networkDN' EQUALITY 2.5.13.1 ; distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 3.84 networkSchema Attribute The networkSchema attribute value is a graphical representation of a network. It describes the structure of the network and details any rules associated with that network. ( 2.16.840.1.101.2.2.1.122 NAME 'networkSchema' SYNTAX 2.16.840.1.101.2.2.2.7 ) ; GraphicString 3.85 novUKMs Attribute The novUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of November. ( 2.16.840.1.101.2.1.5.30 NAME 'novUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) 3.86 octUKMs Attribute The octUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of October. ( 2.16.840.1.101.2.1.5.29 NAME 'octUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) DALLY Expires 28 November 1999 [Page 42] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.87 onSupported Attribute The onSupported attribute value indicates the types of notifications, besides MHS notifications, generated by an mta-acp127-type of gateway. The gateway may generate all or none of the notifications. If the attribute is absent, the gateway does none of the notifications. ( 2.16.840.1.101.2.2.1.123 NAME 'onSupported' EQUALITY 2.5.13.16 ; bitStringMatch SYNTAX 2.16.840.1.101.2.2.2.3 ; otherNotificationsSupported SINGLE-VALUE ) 3.88 operationName Attribute The operationName attribute value is the name of an official military operation. For example, when used in the definition of a network (i.e., in a Network directory entry), it could be the TURQUOISE operation which develops a RITA network. ( 2.16.840.1.101.2.2.1.124 NAME 'operationName' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 3.89 plaAddressees Attribute The plaAddressees attribute value of an ACP 127/JANAP 128 [4]/[5] collective contains the list of action and information addressees of the collective. It is used for some types of collectives instead of separating action and information addressees. ( 2.16.840.1.101.2.2.1.71 NAME 'plaAddressees' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees syntax 3.90 plaNameACP127 Attribute The plaNameACP127 attribute value is the object's (represented by the directory entry) ACP 127/JANAP 128 [4]/[5] PLA. A PLA is sometimes called the Signal Message Address or registered PLA. The long form of the PLA name is represented in the ACP 133 [1] by the longTitle attribute. ( 2.16.840.1.101.2.2.1.70 NAME 'plaNameACP127' SUP 2.5.4.41 ; name SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} SINGLE-VALUE ) DALLY Expires 28 November 1999 [Page 43] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.91 plaReplace Attribute The plaReplace attribute value is used by ACP 127/JANAP 128 [4]/[5]. When an "alternate spelling" PLA is addressed on a message, the MCS will look at the value of this attribute in the PLA's directory entry. If set, the alternate spelling on the message will be replaced with the "primary" or correct spelling. (Each alternate spelling has a pointer to the primary PLA.) ( 2.16.840.1.101.2.2.1.72 NAME 'plaReplace' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3.92 plasServed Attribute The plasServed attribute value is a list of the PLAs accessible through a gateway. ( 2.16.840.1.101.2.2.1.138 NAME 'plasServed' SUP 2.5.4.41 ) ; name 3.93 positionNumber Attribute The position number attribute value is used by government and Defense agencies to identify uniquely each individual's position, and possibly role and duties, within the organization. ( 2.16.840.1.101.2.2.1.125 NAME 'positionNumber' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 3.94 primarySpellingACP127 The primarySpellingACP127 attribute value of an Alternate Spelling PLA directory entry is the object's correct PLA spelling. ( 2.16.840.1.101.2.2.1.73 NAME 'primarySpellingACP127' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} SINGLE-VALUE ) 3.95 proprietaryMailboxes Attribute The proprietaryMailboxes attribute value identifies a mailbox identifier that can be used to address mail within the local proprietary domain, such as cc:mail. DALLY Expires 28 November 1999 [Page 44] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.126 NAME 'proprietaryMailboxes' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 3.96 publish Attribute The publish attribute value indicates whether this PLA should be published in the Message Address Directory or the ACP 117 [15]. Access controls may be set based on this attribute. ( 2.16.840.1.101.2.2.1.74 NAME 'publish' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3.97 rank Attribute The value of the rank attribute type contains the military or civilian rank of an individual such as Major or civilian grade. ( 2.16.840.1.101.2.2.1.133 NAME 'rank' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 3.98 recapDueDate Attribute The recapDueDate attribute value indicates when a list is expected to be recapped or validated. ( 2.16.840.1.101.2.2.1.75 NAME 'recapDueDate' EQUALITY 2.5.13.27 ; generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 3.99 releaseAuthorityName Attribute The releaseAuthorityName attribute value is a relative distinguished name of a release authority for an organization. ( 2.16.840.1.101.2.2.1.45 NAME 'releaseAuthorityName' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) 3.100 remarks Attribute The remarks attribute value is textual information associated with a PLA's directory entry. These remarks may be instructions rather than a description of the entity. DALLY Expires 28 November 1999 [Page 45] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.76 NAME 'remarks' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SYNTAX 2.16.840.1.101.2.2.2.11 ) ; Remarks 3.101 rfc822Mailbox Attribute As defined in the COSINE/Internet schema, RFC 1274 [13], the rfc822Mailbox attribute value is an electronic mailbox identifier following the syntax in RFC 822 [16]. An example for a user on a military network is "user@host.Service.mil". There is an issue with this attribute. The problem is that the caseIgnoreIA5StringSyntax from RFC 1274 [13] must be broken into the more recent form of separate syntax definition and matching rules. In fact, object identifiers are assigned and definitions given in RFC 2252 [2] to an IA5String attribute syntax and a caseIgnoreIA5Match matching rule. However, a caseIgnoreIA5SubstringsMatch matching rule is not defined in RFC 2252 [2] or RFC 2256 [3]. A remedy, including an object identifier, is specified in the Internet-Draft draft-smith-ldap-inetorgperson-03.txt [19]: "caseIgnoreIA5SubstringsMatch ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) "This rules determines whether the initial, any and final substring elements in a presented value are present in an attribute value of syntax IA5 String without regard to the case of the letters in the strings. It is expected that this matching rule will be added to an update of RFC 2252." Using the draft caseIgnoreIA5SubstringsMatch matching rule, the rfc822Mailbox attribute definition would be: ( 0.9.2342.19200300.100.1.3 NAME 'mail' EQUALITY 1.3.6.1.4.1.1466.109.114.2 ; caseIgnoreIA5Match SUBSTR 1.3.6.1.4.1.1466.109.114.3 ; caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) ; IA5String Finalization of the definition of the rfc822Mailbox attribute depends on approval for the caseIgnoreIA5SubstringsMatch matching rule. DALLY Expires 28 November 1999 [Page 46] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.102 rI Attribute The rI (Routing Indicator) attribute value is the information mapped to in ACP 127/JANAP 128 [4]/[5] from a user's PLA name. Users are named by their PLA names and delivered to by their routing indicator values, analogous to Directory Names and O/R Addresses for X.400 users. ( 2.16.840.1.101.2.2.1.77 NAME 'rI' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{7} ) ; exactly 7 characters 3.103 rIClassification Attribute The rIClassification attribute value indicates the highest classification of data allowed to be processed by a specified device. ( 2.16.840.1.101.2.2.1.78 NAME 'rIClassification' SYNTAX 2.16.840.1.101.2.2.2.4 ) ; Classification 3.104 rIInfo Attribute The rIInfo attribute value is RI values with the associated properties of each RI. ( 2.16.840.1.101.2.2.1.79 NAME 'rIInfo' SYNTAX 2.16.840.1.101.2.2.2.12 ) ; RIParameters 3.105 roomNumber Attribute The roomNumber attribute value identifies a room number, as defined in the COSINE/Internet schema, RFC 1274 [13]. ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) ; limited to ; TeletexString or PrintableString 3.106 secondPartyAddressees Attribute The secondPartyAddressees attribute value is a list of second party action PLAs. ( 2.16.840.1.101.2.2.1.80 NAME 'secondPartyAddressees' EQUALITY 2.5.13.11 ; caseIgnoreListMatch SUBSTR 2.5.13.12 ; caseIgnoreListSubstringsMatch SYNTAX 2.16.840.1.101.2.2.2.2 ) ; Addressees DALLY Expires 28 November 1999 [Page 47] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.107 section Attribute The section attribute value is set to TRUE if the receiving PLA requires message sectioning to be performed. This is required to transition users with slow-speed terminals. ( 2.16.840.1.101.2.2.1.81 NAME 'section' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3.108 secureFacsimileNumber Attribute The secureFacsimileNumber attribute value is a facsimile number that is used for secure communication with the object represented by the directory entry. This attribute is a subtype of aCPTelephoneFaxNumber. An example of a secureFacsimileNumber value is "DSN, 555-333". ( 2.16.840.1.101.2.2.1.127 NAME 'secureFacsimileNumber' SUP 2.16.840.1.101.2.2.1.94 ; aCPTelephoneFaxNumber ) 3.109 secureTelephoneNumber Attribute The secureTelephoneNumber attribute value is a telephone number of a secure device, such as STU II or STU III, that is used for secure communication with the object represented by the directory entry. This attribute is a subtype of aCPTelephoneFaxNumber. An example of a secureTelephoneNumber value is "PSTN, +1 555 222, STU III". ( 2.16.840.1.101.2.2.1.128 NAME 'secureTelephoneNumber' SUP 2.16.840.1.101.2.2.1.94 ; aCPTelephoneFaxNumber ) 3.110 sepUKMs Attribute The sepUKMs attribute value is used in the construction of selected CCEB symmetric confidentiality algorithms for the month of September. ( 2.16.840.1.101.2.1.5.28 NAME 'sepUKMs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ; binary syntax ; encapsulating ; MonthlyUKMs SINGLE-VALUE ) DALLY Expires 28 November 1999 [Page 48] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 3.111 serviceNumber Attribute The serviceNumber attribute value is the staff identifier number used by government and defense agencies for purposes such as payroll references, medical records, human resources, and duty rosters. ( 2.16.840.1.101.2.2.1.129 NAME 'serviceNumber' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 3.112 serviceOrAgency Attribute The serviceOrAgency attribute value is an identifier of the Service or agency to which the PLA belongs. ( 2.16.840.1.101.2.2.1.82 NAME 'serviceOrAgency' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{4} SINGLE-VALUE ) 3.113 sHD Attribute The sHD (specialHandlingDesignator) attribute value is a string containing the special handling designator which an entity, address, or routing indicator can support. ( 2.16.840.1.101.2.2.1.83 NAME 'sHD' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{7} ) 3.114 shortTitle Attribute The shortTitle attribute value is a PLA name used for Signal Intelligence (SIGINT) related communications. ( 2.16.840.1.101.2.2.1.84 NAME 'shortTitle' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} SINGLE-VALUE ) 3.115 sigad Attribute The sigad (SIGINT Address) attribute value is a PLA name used for sensitive SIGINT related communications. DALLY Expires 28 November 1999 [Page 49] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.85 NAME 'sigad' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{8} ; 5 - 8 characters SINGLE-VALUE ) 3.116 spot Attribute The spot attribute value identifies a special project address list or collective. ( 2.16.840.1.101.2.2.1.86 NAME 'spot' EQUALITY 2.5.13.2 ; caseIgnoreMatch SUBSTR 2.5.13.4 ; caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55} SINGLE-VALUE ) 3.117 tARE Attribute The tARE (Telegraph Automatic Relay Equipment) attribute value is a flag that specifies delivery responsibility for a message that is received by an intermediary. The flag is set in the directory entry for the intended recipient. ( 2.16.840.1.101.2.2.1.87 NAME 'tARE' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3.118 tCC Attribute The tCC (Transmission Control Code) attribute value specifies a message handling instruction used in the RI. ( 2.16.840.1.101.2.2.1.96 NAME 'tCC' EQUALITY 2.5.13.2 ; caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{3} ; exactly 3 characters SINGLE-VALUE ) 3.119 transferStation Attribute The transferStation attribute value indicates whether a message for the entity should be sent to a communications processing and routing system, called a transfer station. For example, a Naval Communications Processing and Routing System (NAVCOMPARS) is a transfer station. If this attribute is TRUE, traffic should be routed to a transfer station. DALLY Expires 28 November 1999 [Page 50] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ( 2.16.840.1.101.2.2.1.69 NAME 'transferStation' EQUALITY 2.5.13.13 ; booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3.120 tRC Attribute The tRC (Transmission Release Code) attribute value is the classification of data used in the routing indicator. Possible values include: A Australia B British Commonwealth less Canada, Australia, and New Zealand C Canada U US X Belgium, Denmark, France, Germany, Greece, Italy, Netherlands, Norway, Portugal, Turkey, NATO Z New Zealand ( 2.16.840.1.101.2.2.1.97 NAME 'tRC' EQUALITY 2.5.13.2 ; caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{1} SINGLE-VALUE ) DALLY Expires 28 November 1999 [Page 51] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 4. NAME FORMS 4.1 cRLDistPtNameForm ( 2.5.15.14 NAME 'cRLDistPtNameForm' OC 2.5.6.19 ; cRLDistributionPoint MUST 2.5.4.3 ) ; cn 4.2 countryNameForm ( 2.5.15.0 NAME 'countryNameForm' OC 2.5.6.2 ; country MUST 2.5.4.6 ) ; countryName 4.3 locNameForm ( 2.5.15.1 NAME 'locNameForm' OC 2.5.6.3 ; locality MUST 2.5.4.7 ) ; localityName 4.4 sOPNameForm ( 2.5.15.2 NAME 'sOPNameForm' OC 2.5.6.3 ; locality MUST 2.5.4.8 ) ; stateOrProvinceName 4.5 gONNameForm ( 2.5.15.8 NAME 'gONNameForm' OC 2.5.6.9 ; groupOfNames MUST 2.5.4.3 ) ; cn 4.6 applProcessNameForm ( 2.5.15.10 NAME 'applProcessNameForm' OC 2.5.6.11 ; applicationProcess MUST 2.5.4.3 ) ; cn 4.7 dSANameForm ( 2.5.15.12 NAME 'dSANameForm' OC 2.5.6.13 ; dSA MUST 2.5.4.3 ) ; cn 4.8 deviceNameForm ( 2.5.15.13 NAME 'deviceNameForm' OC 2.5.6.14 ; device MUST 2.5.4.3 ) ; cn DALLY Expires 28 November 1999 [Page 52] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 4.9 addressListNameForm ( 2.16.840.1.101.2.2.4.27 NAME 'addressListNameForm' OC 2.16.840.1.101.2.2.3.57 ; addressList MUST 2.5.4.3 ) ; cn 4.10 aENameForm ( 2.16.840.1.101.2.2.4.34 NAME 'aENameForm' OC 2.5.6.12 ; applicationEntity MUST 2.5.4.3 ; cn MAY 2.5.4.46 ) ; dnQualifier 4.11 aliasCNNameForm ( 2.16.840.1.101.2.2.4.21 NAME 'aliasCNNameForm' OC 2.16.840.1.101.2.2.3.52 ; aliasCommonName MUST 2.5.4.3 ) ; cn 4.12 aliasOUNameForm ( 2.16.840.1.101.2.2.4.22 NAME 'aliasOUNameForm' OC 2.16.840.1.101.2.2.3.53 ; aliasOrganizationalUnit MUST 2.5.4.11 ) ; ou 4.13 alternateSpellingPLANameForm ( 2.16.840.1.101.2.2.4.4 NAME 'alternateSpellingPLANameForm' OC 2.16.840.1.101.2.2.3.58 ; altSpellingACP127 MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127 4.14 cadPLANameForm ( 2.16.840.1.101.2.2.4.6 NAME 'cadPLANameForm' OC 2.16.840.1.101.2.2.3.28 ; cadACP127 MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127 4.15 distributionCodeDescriptionNameForm ( 2.16.840.1.101.2.2.4.23 NAME 'distributionCodeDescriptionNameForm' OC 2.16.840.1.101.2.2.3.55 ; distributionCodeDescription MUST 2.5.4.3 ) ; cn 4.16 messagingGatewayNameForm ( 2.16.840.1.101.2.2.4.28 NAME 'messagingGatewayNameForm' OC 2.16.840.1.101.2.2.4.59 ; messagingGateway MUST 2.5.4.3 ) ; cn DALLY Expires 28 November 1999 [Page 53] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 4.17 mhs-dLNameForm ( 2.16.840.1.101.2.2.4.29 NAME 'mhs-dLNameForm' OC 2.6.5.1.0 ; mhs-distribution-list MUST 2.5.4.3 ) ; cn 4.18 mLANameForm ( 2.16.840.1.101.2.2.4.9 NAME 'mLANameForm' OC 2.16.840.1.101.2.2.3.31 ; mLA MUST 2.5.4.3 ) ; cn 4.19 mLAgentNameForm ( 2.16.840.1.101.2.2.4.40 NAME 'mLAgentNameForm' OC 2.16.840.1.101.2.2.3.64 ; mLAgent MUST 2.5.4.3 ) ; cn 4.20 mSNameForm ( 2.16.840.1.101.2.2.4.24 NAME 'mSNameForm' OC 2.6.5.1.1 ; mhs-message-store MUST 2.5.4.3 ) ; cn 4.21 mTANameForm ( 2.16.840.1.101.2.2.4.25 NAME 'mTANameForm' OC 2.6.5.1.2 ; mhs-message-transfer-agent MUST 2.5.4.3 ) ; cn 4.22 mUANameForm ( 2.16.840.1.101.2.2.4.26 NAME 'mUANameForm' OC 2.6.5.1.4 ; mhs-user-agent MUST 2.5.4.3 ) ; cn 4.23 networkNameForm ( 2.16.840.1.101.2.2.4.30 NAME 'networkNameForm' OC 2.16.840.1.101.2.2.3.60 ; network MUST 2.5.4.3 ) ; cn 4.24 networkInstructionsNameForm ( 2.16.840.1.101.2.2.4.31 NAME 'networkInstructionsNameForm' OC 2.16.840.1.101.2.2.3.61 ; networkInstructions MUST 2.5.4.3 ) ; cn DALLY Expires 28 November 1999 [Page 54] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 4.25 organizationalPLANameForm ( 2.16.840.1.101.2.2.4.12 NAME 'organizationalPLANameForm' OC 2.16.840.1.101.2.2.3.34 ; orgACP127 MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127 4.26 organizationNameForm ( 2.16.840.1.101.2.2.4.35 NAME 'organizationNameForm' OC 2.5.6.4 ; organization MUST 2.5.4.10 ; organizationName MAY 2.5.4.46 ) ; dnQualifier 4.27 orgRNameForm ( 2.16.840.1.101.2.2.4.37 NAME 'orgRNameForm' OC 2.5.6.8 ; organizationalRole MUST 2.5.4.3 ; cn MAY 2.5.4.46 ) ; dnQualifier 4.28 orgUNameForm ( 2.16.840.1.101.2.2.4.38 NAME 'orgUNameForm' OC 2.5.6.5 ; organizationalUnit MUST 2.5.4.11 ; organizationalUnitName MAY 2.5.4.46 ) ; dnQualifier 4.29 plaCollectiveNameForm ( 2.16.840.1.101.2.2.4.13 NAME 'plaCollectiveNameForm' OC 2.16.840.1.101.2.2.3.35 ; plaCollectiveACP127 MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127 4.30 qualifiedOrgPersonNameForm ( 2.16.840.1.101.2.2.4.36 NAME 'qualifiedOrgPersonNameForm' OC 2.5.6.7 ; organizationalPerson MUST 2.5.4.3 ; cn MAY ( 2.5.4.46 ; dnQualifier $ 2.5.4.11 ) ; organizationalUnitName 4.31 releaseAuthorityPersonNameForm ( 2.16.840.1.101.2.2.4.32 NAME 'releaseAuthorityPersonNameForm' OC 2.16.840.1.101.2.2.3.63 ; releaseAuthorityPerson MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName DALLY Expires 28 November 1999 [Page 55] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 4.32 releaseAuthorityPersonANameForm ( 2.16.840.1.101.2.2.4.39 NAME 'releaseAuthorityPersonANameForm' OC 2.16.840.1.101.2.2.3.65 ; releaseAuthorityPersonA MUST 2.16.840.1.101.2.2.1.45 ) ; releaseAuthorityName 4.33 routingIndicatorNameForm ( 2.16.840.1.101.2.2.4.15 NAME 'routingIndicatorNameForm' OC 2.16.840.1.101.2.2.3.37 ; routingIndicator MUST 2.16.840.1.101.2.2.1.77 ) ; rI 4.34 sigintPLANameForm ( 2.16.840.1.101.2.2.4.16 NAME 'sigintPLANameForm' OC 2.16.840.1.101.2.2.3.38 ; sigintPLA MUST 2.16.840.1.101.2.2.1.85 ) ; sigad 4.35 sIPLANameForm ( 2.16.840.1.101.2.2.4.17 NAME 'sIPLANameForm' OC 2.16.840.1.101.2.2.3.39 ; sIPLA MUST 2.16.840.1.101.2.2.1.63 ) ; longTitle 4.36 spotPLANameForm ( 2.16.840.1.101.2.2.4.18 NAME 'spotPLANameForm' OC 2.16.840.1.101.2.2.3.40 ; spotPLA MUST 2.16.840.1.101.2.2.1.86 ) ; spot 4.37 taskForcePLANameForm ( 2.16.840.1.101.2.2.4.19 NAME 'taskForcePLANameForm' OC 2.16.840.1.101.2.2.3.41 ; taskForceACP127 MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127 4.38 tenantPLANameForm ( 2.16.840.1.101.2.2.4.20 NAME 'tenantPLANameForm' OC 2.16.840.1.101.2.2.3.42 ; tenantACP127 MUST 2.16.840.1.101.2.2.1.70 ) ; plaNameACP127 DALLY Expires 28 November 1999 [Page 56] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 5. MATCHING RULES 5.1 addressCapabilitiesMatch Matching Rule ( 2.6.5.4.1 NAME 'addressCapabilitiesMatch' SYNTAX 2.16.840.1.101.2.2.2.16 ) ; Address Capabilities syntax 5.2 capabilityMatch Matching Rule ( 2.6.5.4.2 NAME 'capabilityMatch' SYNTAX 2.16.840.1.101.2.2.2.13 ) ; Capability syntax 5.3 oRAddressMatch Matching Rule ( 2.6.4.8.14 NAME 'oRAddressMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.33 ) 5.4 oRNameExactMatch Matching Rule ( 2.6.5.4.0 NAME 'oRNameExactMatch' SYNTAX 2.16.840.1.101.2.2.2.10 ) ; O/R Name syntax 5.5 caseIgnoreListSubstringsMatch Matching Rule ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) ; Substring Assertion 5.6 booleanMatch Matching Rule ( 2.5.13.13 NAME 'booleanMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) ; DALLY Expires 28 November 1999 [Page 57] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 6. ATTRIBUTE SYNTAXES 6.1 aCPTelephoneFaxNumber Attribute Syntax ( 2.16.840.1.101.2.2.2.1 DESC 'aCPTelephoneFaxNumber syntax' ) Values in this syntax are encoded according to the following BNF: aCPTelephoneFaxNumber = netid ", " telephonenum [ ", " securedevid ] nocommap = a /d / """ / "(" / ")" / "+" / "-" / "." / "/" / ":" / "?" / " " netid = 1*6nocommap telephonenum = 1*32nocommap securdevid = 1*8p For more information, see ACP 133 [1], Annex B, clause 24. 6.2 Addressees Attribute Syntax ( 2.16.840.1.101.2.2.2.2 DESC 'Addressees' ) Values in this syntax are encoded according to the following BNF: addressees = [ 1*55p *( "$" 1*55p ) ] That is, if the Addressees value is an empty sequence, the result is the empty or zero length string. Otherwise, the output consists of the PrintableString encoding of each element in the sequence, in the same order as in the sequence with "$" between the elements. 6.3 otherNotificationsSupported Abstract Syntax for the onSupported Attribute ( 2.16.840.1.101.2.2.2.3 DESC 'otherNotificationsSupported' ) Values in this syntax are encoded according to the following BNF: otherNotificationsSupported = namedbits / bitstring namedbits = "{" [ namedbit *( "," namedbit ) ] "}" namedbit = "acp127-nn" / "acp127-pn" / "acp127-tn" bitstring = "'" *binary-digit "'B" binary-digit = "0" / "1" DALLY Expires 28 November 1999 [Page 58] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 The presence of the name of a namedbit in the namedbits alternative means that the value of the bit is 1. The value of an absent namedbit is 0. 6.4 Classification Attribute Syntax ( 2.16.840.1.101.2.2.2.4 DESC 'Classification' ) The encoding of a value in this syntax is any one of the INTEGER values: 0, 1, 2, 3, 4, or 5, where: 0 means unmarked, 1 means unclassified, 2 means restricted, 3 means confidential, 4 means secret, and 5 means top secret 6.5 Community Abstract Syntax for the community Attribute ( 2.16.840.1.101.2.2.2.5 DESC 'Community syntax' ) The encoding of a value in this syntax is any one of the INTEGER values: 0, 1, or 2, where: 0 means GENSER, 1 means SI, and 2 means both 6.6 aCPPreferredDelivery Attribute Syntax for the aCPPreferredDelivery Attribute ( 2.16.840.1.101.2.2.2.6 DESC 'aCPPreferredDelivery syntax' ) The encoding of a value in this syntax is any one of the INTEGER values: 0, 1, or 2, where: 0 means SMTP, 1 means ACP 127, and 2 means MHS 6.7 GraphicString Attribute Syntax ( 2.16.840.1.101.2.2.2.7 DESC 'GraphicString' ) The encoding of a value in this syntax is the string value itself. 6.8 addressListType Attribute Syntax for the aLType Attribute ( 2.16.840.1.101.2.2.2.8 DESC 'addressListType' ) DALLY Expires 28 November 1999 [Page 59] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 Values in this syntax are encoded according to the following BNF: addressListType = [ "-" ] numericstring ; an INTEGER, where: ; 0 means AIG, ; 1 means TYPE, ; 2 means CAD, and ; 3 means TASKFORCE Note that future definitions of this syntax may assign a standard meaning to another integer value, e.g., 4 means XXX. 6.9 MLReceiptPolicy Attribute Syntax ( 2.16.840.1.101.2.2.2.9 DESC 'MLReceiptPolicy' ) Values in this syntax are encoded according to the following BNF: mLReceiptPolicy = none / insteadof / inadditionto none = "none" insteadof = "instead of" generalnames *15( "$" generalnames ) inadditionto = "in addition to" generalnames *15( "$" generalnames ) generalnames = generalname *( "%" generalname ) generalname = ( "otherName = " othername ) / ( "rfc822Name = " ia5string ) / ( "dNSName = " ia5string ) / ( "x400Address = " oraddress ) / ( "directoryName = " name ) / ( "ediPartyName = " [ "nameAssigner:" directorystring ] "partyName:" directorystring ) / ( "uniformResourceIdentifier = " ia5string ) / ( "iPAddress = " octetstring ) / ( "registeredID = " numericoid ) othername = ; the BER encoding of the type and value pair ; for an instance of any data type that is ; specified to be an OTHER-NAME type. ia5string = ; IA5 String syntax 1.3.6.1.4.1.1466.115.121.1.26 oraddress = ; MHS OR Address syntax ; 1.3.6.1.4.1.1466.115.121.1.33 name = ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12 DALLY Expires 28 November 1999 [Page 60] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 directorystring = ; Directory String syntax ; 1.3.6.1.4.1.1466.115.121.1.15 octetstring = ; Octet String syntax ; 1.3.6.1.4.1.1466.115.121.1.40 6.10 ORName Attribute Syntax from X.411 [18] ( 2.16.840.1.101.2.2.2.10 DESC 'ORName' ) Values in this syntax are encoded according to the following BNF: oRName = oraddress [ "|" name ] oraddress = ; MHS OR Address syntax ; 1.3.6.1.4.1.1466.115.121.1.33 name = ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12 6.11 Remarks Attribute Syntax ( 2.16.840.1.101.2.2.2.11 DESC 'Remarks syntax' ) Values in this syntax are encoded according to the following BNF: remarks = [ *p *( "$" *p ) ] 6.12 RIParameters Attribute Syntax ( 2.16.840.1.101.2.2.2.12 DESC 'RIParameters' ) Values in this syntax are encoded according to the following BNF: rIParameters = "rI=" 7*7p whsp "rIType=" numericstring whsp ; an INTEGER in ; the range 0 - 2, where ; 0 means normal, ; 1 means off-line, and ; 2 means partTimeTerminal "minimize=FALSE" whsp "sHD=" 7*7p whsp "classification=" numericstring ; an INTEGER ; in the range 0 - 5, where ; 0 means unmarked, ; 1 means unclassified, ; 2 means restricted, ; 3 means confidential, ; 4 means secret, and ; 5 means top secret DALLY Expires 28 November 1999 [Page 61] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 6.13 Capability Attribute Syntax from X.402 [17] ( 2.16.840.1.101.2.2.2.13 DESC 'Capability' ) Values in this syntax are encoded according to the following BNF: capability = [ "content-types=" [numericoid *( ", " numericoid) ] ] [ "maximum-content-length=" numericstring ] ; an INTEGER in the range 0 - 2147483647 [ "encoded-information-types-constraints=" [ "unaccept eits" unacceptable-eits ] [ "accept eits" acceptable-eits ] [ "only eits" exclusively-acceptable-eits ] ] [ "security-labels=" securitycontext ] unacceptable-eits = extendedencodedeits acceptable-eits = extendedencodedeits exclusively-acceptable-eits = extendedencodedeits extendedencodedeits = numericoid *1023( ", "numericoid ) securitycontext = securitylabel *255securitylabel securitylabel = [ "security-policy-id=" numericoid ] [ "security-classification=" numericstring ] ; an INTEGER in the range 0 - 256, where ; 0 means Unmarked, ; 1 means Unclassified, ; 2 means Restricted, ; 3 means Confidential, ; 4 means Secret, and ; 5 means Top Secret [ "privacy-mark=" 1*128p ] [ "security-categories=" securitycategories ] securitycategories = ; the BER encoding of the set of type ; and value pairs for the instances of any ; data types that are specified to be ; SECURITY-CATEGORY types 6.14 DLPolicy Attribute Syntax from X.402 [17] ( 2.16.840.1.101.2.2.2.14 DESC 'DLPolicy' ) Values in this syntax are encoded according to the following BNF: dlpolicy = [ "report-propagation=" [ "-" ] numericstring ] DALLY Expires 28 November 1999 [Page 62] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 ; where 0 means previous-dl-or-originator, ; 1 means dl-owner, and ; 2 means both [ "report-from-dl=" [ "-" ] numericstring ] ; where 0 means whenever-requested and ; 1 means when-no-propagation [ "originating-MTA-report=" [ "-" ] numericstring ] ; where 0 means unchanged, ; 2 means report, ; 3 means non-delivery-report, and ; 4 means audited-report [ "originator-report=" [ "-" ] numericstring ] ; where 0 means unchanged, ; 1 means no-report, ; 2 means report, and ; 3 means non-delivery-report [ "return-of-content=" numericstring ] ; an INTEGER in the range 0 - 2, where ; 0 means unchanged, ; 1 means content-return-not-requested, ; and 2 means content-return-requested [ "priority=" [ "-" ] numericstring ] ; where ; 0 means unchanged, ; 1 means normal, ; 2 means non-urgent, and ; 3 means urgent [ "disclosure-of-other-recipients=" numericstring ] ; an INTEGER in the range 0 - 2, where ; 0 means unchanged, ; 1 means disclosure-of-other-recipients-prohibited, ; and 2 means disclosure-of-other-recipients-allowed [ "implicit-conversion-prohibited=" numericstring ] ; an INTEGER in the range 0 - 2, where ; 0 means unchanged, ; 1 means implicit-conversion-allowed, and ; 2 means implicit-conversion-prohibited [ "conversion-with-loss-prohibited=" numericstring ] ; an INTEGER in the range 0 - 2, where ; 0 means unchanged, ; 1 means conversion-with-loss-allowed, and ; 2 means conversion-with-loss-prohibited [ "further-dl-expansion-allowed=" ( "TRUE" / "FALSE") ] [ "originator-requested-alternate-recipient-removed=" ( "TRUE" / "FALSE" ) ] [ "proof-of-delivery=" [ "-" ] numericstring ] ; where 0 means dl-expansion-point, ; 1 means dl-members, ; 2 means both, and ; 3 means neither DALLY Expires 28 November 1999 [Page 63] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 [ "requested-delivery-method=" ( "unchanged" / "removed" / ( "replaced: " requested-delivery-method ) ) ] requested-delivery-method = [ delivery-methods *( ", " delivery-methods ) ] delivery-methods = numericstring ; an INTEGER in the range ; 0 - 256, where ; 0 means any-delivery-method, 1 means ; mhs-delivery, 2 means physical-delivery, ; 3 means telex-delivery, ; 4 means teletex-delivery, ; 5 means g3-facsimile-delivery, ; 6 means g4-facsimile-delivery, ; 7 means ia5-terminal-delivery, ; 8 means videotex-delivery, and ; 9 means telephone-delivery 6.15 DLSubmitPermission Attribute Syntax from X.402 [17] ( 2.16.840.1.101.2.2.2.15 DESC 'DLSubmitPermission' ) Values in this syntax are encoded according to the following BNF: dlsubmitpermission = ( "individual=" orname ) / ("member-of-dl=" orname ) / ("pattern-match=" orname ) / ( "member-of-group=" name ) orname = ; O/R Name syntax 2.16.840.1.101.2.2.2.? name = ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12 6.16 AddressCapabilities Attribute Syntax from X.402 [17] ( 2.16.840.1.101.2.2.2.16 DESC 'AddressCapabilities' ) Values in this syntax are encoded according to the following BNF: addresscapabilities = [ "description=" generalstring ] "address=" oraddress "capabilities=" [ capability *( "$"capability ) ] generalstring = ; The encoding of a value in this element ; of the syntax is the string value itself. oraddress = ; MHS OR Address syntax ; 1.3.6.1.4.1.1466.115.121.1.33 capability = ; capability syntax 2.16.840.1.101.2.2.2.13 DALLY Expires 28 November 1999 [Page 64] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 7. EXAMPLE CONTENT RULES The content rules given in ACP 133 [1] are examples, not requirements. The rules included in this document are examples to aid in the specification of similar content rules, especially those derived from these examples. 7.1 aCPApplicationEntityRuleEdA Content Rule ( 2.5.6.12 NAME 'aCPApplicationEntityRuleEdA' ; applicationEntity object class AUX ( 2.5.6.22 $ ; pkiCA 2.16.840.1.101.2.2.3.66 ) ; securePkiUser MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.5.4.46 $ ; dnQualifier 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.2 aCPCRLDistributionPointRule Content Rule ( 2.5.6.19 NAME 'aCPCRLDistributionPointRule' ; cRLDistributionPoint object class MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.3 aCPDeviceRuleEdA Content Rule ( 2.5.6.14 NAME 'aCPDeviceRuleEdA' ; device object class AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.4 aCPDSARuleEdA Content Rule ( 2.5.6.13 NAME 'aCPDSARuleEdA' ; dSA object class AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.5 aCPGroupOfNamesRule Content Rule ( 2.5.6.9 NAME 'aCPGroupOfNamesRule' ; groupOfNames object class MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate DALLY Expires 28 November 1999 [Page 65] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 7.6 aCPLocalityRule Content Rule ( 2.5.6.3 NAME 'aCPLocalityRule' ; locality object class MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.7 aCPMhs-distribution-listRule Content Rule ( 2.6.5.1.0 NAME 'aCPMhs-distribution-listRule' ; mhs-distribution-list object class MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.8 aCPMhs-message-storeRuleEdA Content Rule ( 2.6.5.1.1 NAME 'aCPMhs-message-storeRuleEdA' ; mhs-message-store object class AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.9 aCPMhs-message-transfer-agentRuleEdA Content Rule ( 2.6.5.1.2 NAME 'aCPMhs-message-transfer-agentRuleEdA' ; mhs-message-transfer-agent object class AUX 2.16.840.1.101.2.2.3.66 ; securePkiUser MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.10 aCPMhs-user-agentRule Content Rule ( 2.6.5.1.4 NAME 'aCPMhs-user-agentRule' ; mhs-user-agent object class MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.11 aCPOrganizationalPersonRuleEdA Content Rule ( 2.5.6.7 NAME 'aCPOrganizationalPersonRuleEdA' ; organizationalPerson object class AUX ( 2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled 2.6.5.1.3 $ ; mhs-user 2.16.840.1.101.2.2.3.62 $ ; otherContactInformation 2.16.840.1.101.2.2.3.66 $ ; securePkiUser 2.16.840.1.101.2.1.4.16 ) ; ukms DALLY Expires 28 November 1999 [Page 66] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.3 $ ; alternateRecipient 2.5.4.15 $ ; businessCategory 2.5.4.46 $ ; dnQualifier 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 $ ; expirationDate 2.16.840.1.101.2.2.1.117 $ ; guard 2.16.840.1.101.2.2.1.61 $ ; listPointer 2.16.840.1.101.2.2.1.68 $ ; nationality 2.16.840.1.101.2.2.1.125 $ ; positionNumber 2.16.840.1.101.2.2.1.133 $ ; rank 0.9.2342.19200300.100.1.3 $ ; rfc822Mailbox 2.16.840.1.101.2.2.1.129 ) ) ; serviceNumber 7.12 aCPOrganizationalRoleRuleEdA Content Rule ( 2.5.6.8 NAME 'aCPOrganizationalRoleRuleEdA' ; organizationalRole object class AUX ( 2.5.6.22 $ ; pkiCA 2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled 2.6.5.1.3 $ ; mhs-user 2.16.840.1.101.2.2.3.62 $ ; otherContactInformation 2.16.840.1.101.2.2.3.66 $ ; securePkiUser 2.16.840.1.101.2.1.4.16 ) ; ukms MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.3 $ ; alternateRecipient 2.5.4.15 $ ; businessCategory 2.5.4.46 $ ; dnQualifier 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 $ ; expirationDate 2.16.840.1.101.2.2.1.117 $ ; guard 2.16.840.1.101.2.2.1.61 $ ; listPointer 2.16.840.1.101.2.2.1.68 $ ; nationality 0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox 7.13 aCPOrganizationalUnitRuleEdA Content Rule ( 2.5.6.5 NAME 'aCPOrganizationalUnitRuleEdA' ; organizationalUnit object class AUX ( 2.5.6.22 $ ; pkiCA 2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled 2.6.5.1.3 $ ; mhs-user 2.16.840.1.101.2.2.3.62 $ ; otherContactInformation 2.16.840.1.101.2.2.3.56 $ ; plaUser 2.16.840.1.101.2.2.3.66 $ ; securePkiUser 2.16.840.1.101.2.1.4.16 ) ; ukms MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.3 $ ; alternateRecipient 2.16.840.1.101.2.2.1.6 $ ; associatedPLA 2.5.4.46 $ ; dnQualifier 2.16.840.1.101.2.2.1.55 $ ; effectiveDate DALLY Expires 28 November 1999 [Page 67] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 2.16.840.1.101.2.2.1.57 $ ; expirationDate 2.16.840.1.101.2.2.1.117 $ ; guard 2.16.840.1.101.2.2.1.61 $ ; listPointer 2.16.840.1.101.2.2.1.68 $ ; nationality 0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox 7.14 aCPOrganizationRuleEdA Content Rule ( 2.5.6.4 NAME 'aCPOrganizationRuleEdA' ; organization object class AUX ( 2.5.6.22 $ ; pkiCA 2.16.840.1.101.2.2.3.62 ) ; otherContactInformation MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.5.4.46 $ ; dnQualifier 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.15 addressListRuleEdA Content Rule ( 2.16.840.1.101.2.2.3.57 NAME 'addressListRuleEdA' ; addressList object class AUX ( 2.16.840.1.101.2.2.3.54 $ ; distributionCodesHandled 2.6.5.1.3 $ ; mhs-user 2.16.840.1.101.2.2.3.56 $ ; plaUser 2.16.840.1.101.2.2.3.66 $ ; securePkiUser 2.16.840.1.101.2.1.4.16 ) ; ukms MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.3 $ ; alternateRecipient 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 $ ; expirationDate 2.16.840.1.101.2.2.1.117 $ ; guard 2.16.840.1.101.2.2.1.61 $ ; listPointer 0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox 7.16 aliasCommonNameRule Content Rule ( 2.16.840.1.101.2.2.3.52 NAME 'aliasCommonNameRule' ; aliasCommonName object class MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.17 aliasOrganizationalUnitRule Content Rule ( 2.16.840.1.101.2.2.3.53 NAME 'aliasOrganizationalUnitRule' ; aliasOrganizationalUnit object class MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate DALLY Expires 28 November 1999 [Page 68] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 7.18 distributionCodeDescriptionRule Content Rule ( 2.16.840.1.101.2.2.3.55 NAME 'distributionCodeDescriptionRule' ; distributionCodeDescription object class MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.19 messagingGatewayRuleEdA Content Rule ( 2.16.840.1.101.2.2.3.59 NAME 'messagingGatewayRuleEdA' ; messagingGateway object class AUX ( 2.16.840.1.101.2.2.3.66 $ ; securePkiUser 2.16.840.1.101.2.1.4.16 ) ; ukms MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 $ ; expirationDate 2.16.840.1.101.2.2.1.117 $ ; guard 0.9.2342.19200300.100.1.3 ) ) ; rfc822Mailbox 7.20 mLAgentRule Content Rule ( 2.16.840.1.101.2.2.3.64 NAME 'mLAgentRule' ; mLAgent object class MAY ( 2.16.840.1.101.2.2.1.49 $ ; aliasPointer 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.21 networkRule Content Rule ( 2.16.840.1.101.2.2.3.60 NAME 'networkRule' ; network object class MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.22 networkInstructionsRule Content Rule ( 2.16.840.1.101.2.2.3.61 NAME 'networkInstructionsRule' ; networkInstructions object class MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate 7.23 rAPersonRuleEdA Content Rule ( 2.16.840.1.101.2.2.3.65 NAME 'rAPersonRuleEdA' ; releaseAuthorityPersonA object class MAY ( 2.16.840.1.101.2.2.1.55 $ ; effectiveDate 2.16.840.1.101.2.2.1.57 ) ) ; expirationDate DALLY Expires 28 November 1999 [Page 69] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 7.24 sigintPLARule Content Rule ( 2.16.840.1.101.2.2.3.38 NAME 'sigintPLARule' ; sigintPLA object class MAY 2.16.840.1.101.2.2.1.4 ) ; associatedOrganization 7.25 spotPLARule Content Rule ( 2.16.840.1.101.2.2.3.40 NAME 'spotPLARule' ; spotPLA object class MAY 2.16.840.1.101.2.2.1.113 ) ; associatedAL 8. STRUCTURE RULES There are no structure rules defined in ACP 133 [1] 9. SECURITY CONSIDERATIONS Attributes of directory entries are used to provide descriptive information about the real-world objects they represent, which can be people, organizations or devices. Most countries have privacy laws regarding the publication of information about people. Some of the object classes and attributes in this document support the use of a directory as part of a PKI. This schema also holds information so that components of a variety of network applications, including the directory service, can be strongly authenticated to one another and with users. 10. COPYRIGHT Copyright (C) The Internet Society (1996-1999). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. DALLY Expires 28 November 1999 [Page 70] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 11. REFERENCES [1] Common Directory Services and Procedures, ACP 133 Edition A, June 1999 [2] Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight X.500 Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997 [3] Wahl, M., "A Summary of the X.500(96) User Schema for use with LDAPv3", RFC 2256, December 1997 [4] ACP 127, "Communications Instructions - Tape Relay Procedures" [5] JANAP 128(I), Joint Chiefs of Staff, March 1983, Automatic Digital Network (AUTODIN) Operating Procedures [6] ACP 123, "Common Messaging Strategy and Procedures", November, 1994 [7] NATO APP-3, "NATO Subject Indicator System (NASIS) - publication 3", Oct. 1982 [8] ITU-T Recommendation X.521 (1993 & 1997) | ISO/IEC 9594-7: 1995 & 1997, "Information technology - Open Systems Interconnection - The Directory: Selected object classes" [9] RFC ????, "Internet X.509 Public Key Infrastructure LDAPv2 Schema", 1999 [10] ITU-T Recommendation X.520 (1993 & 1997) | ISO/IEC 9594-6: 1995 & 1997, "Information technology - Open Systems Interconnection - The Directory: Selected attribute types" [11] ACP 120, "Common Security Protocol (CSP)", final draft [12] STANAG 4406, "NATO Reference Model for Open Systems Interconnection -Military Message Handling Systems" DALLY Expires 28 November 1999 [Page 71] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 [13] Barker, P. and Kille, S., "The COSINE and Internet X.500 Schema", RFC 1274, November 1991 [14] ISO 3166-1: 1997, "Codes for the representation of names of countries and their subdivsions - part 1: Country codes" [15] ACP 117, "Allied Routing Indicator Book" [16] RFC 822, "STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES", August 13, 1982 [17] ITU-T Recommendation X.402 (1995)/ISO/IEC 10021-2: 1996, "Information Technology - Message Handling Systems (MHS) - Overall Architecture" [18] ITU-T Recommendation X.411 (1995)/ISO/IEC 10021-4: 1996, "Information Technology - Message Handling Systems (MHS) - Message Transfer System: Abstract Service Definition and Procedure" [19] Smith, Mark, "Definition of the inetOrgPerson LDAP Object Class", draft-smith-ldap-inetorgperson-03.txt, April 1999 DALLY Expires 28 November 1999 [Page 72] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 12. ABBREVIATIONS ACP Allied Communications Publication AE Application Entity AIG Address Indicator Group AL Address List ALID AL Identifier ASN.1 Abstract Syntax Notation One AUTODIN Automatic Digital Network BER Basic Encoding Rules BNF Backus-Naur Form C Country CA Certification Authority CAD Collective Address Designator CCEB Combined Communications Electronics Board CCITT The International Telegraph and Telephone Consultative Committee CMI Certificate Management Infrastructure CN Common Name CRL Certificate Revocation List DAP Directory Access Protocol DFTS Defence Fixed Telecommunications Service DIB Directory Information Base DL Distribution List DN Distinguished Name DODAAC Department of Defense Activity Accounting Code DSA Directory System Agent DSN Defense Switched Network (DSN) EIT Encoded Information Type FAX Facsimile GENSER General Service GHP Gateway Handling Policy GON Group of Names IA5 International Alphabet Number 5 IEC International Electrotechnical Commission IETF Internet Engineering Task Force ISDN Integrated Services Digital Network ISO International Organization for Standardization ITU-T International Telecommunication Union- Telecommunication Standardization Sector JANAP Joint Army, Navy, Air Force Procedure L Locality LDAP Lightweight Directory Access Protocol LMF Language and Media Format LOC Locality MCS Message Conversion System MHS Message Handling System ML Mail List MLA Mail List Agent MMHS Military Message Handling System MS Message Store DALLY Expires 28 November 1999 [Page 73] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 MTA Message Transfer Agent MTS Message Transfer System MUA Messaging User Agent NASIS NATO Subject Indicator System NAVCOMPARS Naval Communications Processing and Routing System O Organization ON Other Notification O/R, OR Originator/Recipient ORG Organizational OU Organizational Unit PKI Public Key Infrastructure PLA Plain Language Address PSTN Public Switched Telephone Network R Role RA Release Authority RAN Release Authority Name RDN Relative Distinguished Name RFC Request for Comments RI Routing Indicator SHD Special Handling Designator SI Special Intelligence SIC Subject Indicator Code SIGAD SIGINT Address SIGINT Signal Intelligence SMTP Simple Mail Transfer Protocol SOP State or Province ST State or Province Name STU Secure Telephone Unit TARE Telegraph Automatic Relay Equipment TCC Transmission Control Code TRC Transmission Release Code U Unit UA User Agent UKM User Key Material 13. ACKNOWLEDGEMENTS This document was prepared with the help and advice of two organizations: CCEB ACP 133 Task Force IETF LDAP Extensions Working Group Thanks to thanks to the members of these groups for their assistance, criticism, corrections, and feedback. DALLY Expires 28 November 1999 [Page 74] INTERNET-DRAFT ACP 133 Common Content and LDAP 28 May 1999 14. AUTHOR'S ADDRESS Kathy Dally The MITRE Corp. 1820 Dolley Madison Blvd. McLean, VA 22102 USA e-mail: kdally@mitre.org telephone: +1 703 883 6058 fax: +1 703 883 7142 DALLY Expires 28 November 1999 [Page 75]