Certificate values are managed as name-value pairs through the CSSM APIs. Interoperability requires specification of the name space and specification of the representation for certificate values. The name space is defined as a set of OIDs, one per meaningful aggregation of certificate field values. If the certificate field values can be presented in several distinct representations, then each OID also indicates the selected representation of the certificate field values.
Several standards organizations have defined object identifiers for other security objects. In conjunction with the X.501 Directory Standard, the ITU has defined OIDs for directory data types. The standard PKCS-7, version 1.5 includes OID definitions for secured data objects contained in PKCS-7 messages. The X9 Financial standards organization has also defined OIDs for certificate extensions related to secured financial operations and services.
For the promotion of interoperable X.509 certificate services though the Common Data Security Architecture (CDSA), this Technical Standard defines a set of OIDs to identify fields in X.509 certificates and CRLs.