Previous section.

Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Copyright © 2000 The Open Group

Introduction

Applications using a single type of certificate can choose among Certificate Library Service Modules only if those service modules process those certificates in a standard manner. General interoperability is difficult to achieve. Standard Object identifiers can enable data-level interoperability, allowing an application to extract values from certificates and CRLs in a uniform manner, regardless of the certificate library module being used to access the certificate.

Certificate values are managed as name-value pairs through the CSSM APIs. Interoperability requires specification of the name space and specification of the representation for certificate values. The name space is defined as a set of OIDs, one per meaningful aggregation of certificate field values. If the certificate field values can be presented in several distinct representations, then each OID also indicates the selected representation of the certificate field values.

Several standards organizations have defined object identifiers for other security objects. In conjunction with the X.501 Directory Standard, the ITU has defined OIDs for directory data types. The standard PKCS-7, version 1.5 includes OID definitions for secured data objects contained in PKCS-7 messages. The X9 Financial standards organization has also defined OIDs for certificate extensions related to secured financial operations and services.

For the promotion of interoperable X.509 certificate services though the Common Data Security Architecture (CDSA), this Technical Standard defines a set of OIDs to identify fields in X.509 certificates and CRLs.

Contents Next section Index