Dashboard > openOSI Object Identifier name space > ... > 1.3.6.1.4.1.27630.1 > 1.3.6.1.4.1.27630.1.0
  openOSI Object Identifier name space Log In   View a printable version of the current page.  
  1.3.6.1.4.1.27630.1.0
Added by Jose REMY, last edited by Jose REMY on Jul 20, 2007 show comment
Labels: 
(None)

(1.3.6.1.4.1.27630.1.0 DESC 'common' )

Common certificate practice statements

 This object identifier (OID) describes our common certification practices statement.

ASN1 notation: {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0)}
URN notation: urn:oid:1.3.6.1.4.1.27630.1.0
IETF DOT notation: 1.3.6.1.4.1.27630.1.0
BNF notation (RFC822 Backus-Naur form): ( 1.3.6.1.4.1.27630.1.0 DESC 'common' )
Description:  Common certification practices statement - COMMON

This document identifies and introduces the set of provisions, and indicates the types of entities and applications for which this CP / CPS is targeted.

openOSI Certification authority (CA) - Common Certificate policy

The openOSI Common certificate policy defines our common set of rules for usage, extended usage, enrollment and issuance procedures, as well as corresponding liability issues of openosi certificates. Our Common certificate policy is independent of the certified entity (Virtual person, Host or software service) that is, there si no "name constraints". The enforcement of our certificate policy relies on software workers coming from the open source community. These are mainly:

  • J2EE public key infrastructure (Sun, tomcat and jboss)
  • LDAP directory (openldap)
  • SMTP mail system (sendmail)
  • HTTP software (apache)
  • Database software (mysql)
  • IP geolocalisation (concurrent use of: javainetlocator, InetAddressLocator, hostip)

This Common certification practices statement (common) helps the user of an X.509 certificate to determine the level of trust that its organization or given services can put in the certificates that are issued by openOSI certification authorities. The enforcement of our certificate practice statements relies on core openOSI business process using following provisions.

  • Operating system security relying on SElinux
  • Network security management provided by SECUR.NET framework including PKI
  • Web HTTP firewall using open source software mod_security
  • openOSI X400 messaging integrated with openOSI LDAP directories and openOSI PKI
  • openOSI security business processs
  • openOSI PKI business process

openOSI common CPS follows the framework defined in RFC 3647. The following nodes refine the common CPS.

Documents Name and Identification



  1. Introduction ( 1.3.6.1.4.1.27630.1.0.1 DESC 'introduction' )
    1. Overview OID ( 1.3.6.1.4.1.27630.1.0.1.1 DESC 'overview' )
    2. Document Name and Identification OID (1.3.6.1.4.1.27630.1.0.1.2 DESC 'identification' )
    3. PKI Participants OID (1.3.6.1.4.1.27630.1.0.1.3 DESC 'participants' )
    4. Certificate Usage (1.3.6.1.4.1.27630.1.0.1.4 DESC 'usage' )
    5. Policy Administration (1.3.6.1.4.1.27630.1.0.1.5 DESC 'administration' )
    6. Definitions and Acronyms (1.3.6.1.4.1.27630.1.0.1.6 DESC 'acronyms' )
  2. Publication and Repository Responsibilities ([1.3.6.1.4.1.27630.1.0.2] DESC 'repositories' )
  3. Identification and Authentication (I&A) ([1.3.6.1.4.1.27630.1.0.3] DESC 'authentication' )
    1. Naming ([1.3.6.1.4.1.27630.1.0.3.1] DESC 'naming' )
    2. Initial Identity Validation ([1.3.6.1.4.1.27630.1.0.3.2] DESC 'validation' )
    3. I&A for Re-key Requests ([1.3.6.1.4.1.27630.1.0.3.3] DESC 'auth-re-key' )
    4. I&A for Revocation Requests ([1.3.6.1.4.1.27630.1.0.3.4] DESC 'auth-revocation' )
  4. Certificate Life-Cycle Operational Requirements ([1.3.6.1.4.1.27630.1.0.4] DESC 'life-cycle' )
    1. Certificate Application ([1.3.6.1.4.1.27630.1.0.4.1] DESC 'application' )
    2. Certificate Application Processing ([1.3.6.1.4.1.27630.1.0.4.2] DESC 'processing' )
    3. Certificate Issuance ([1.3.6.1.4.1.27630.1.0.4.3] DESC 'issuance' )
    4. Certificate Acceptance ([1.3.6.1.4.1.27630.1.0.4.4] DESC 'acceptance' )
    5. Key Pair and Certificate Usage ([1.3.6.1.4.1.27630.1.0.4.5] DESC 'keypair' )
    6. Certificate Renewal ([1.3.6.1.4.1.27630.1.0.4.6] DESC 'renewal' )
    7. Certificate Re-key ([1.3.6.1.4.1.27630.1.0.4.7] DESC 're-key' )
    8. Certificate Modification ([1.3.6.1.4.1.27630.1.0.4.8] DESC 'modification' )
    9. Certificate Revocation and Suspension ([1.3.6.1.4.1.27630.1.0.4.9] DESC 'suspension' )
    10. Certificate Status Services ([1.3.6.1.4.1.27630.1.0.4.10] DESC 'status' )
    11. End of Subscription ([1.3.6.1.4.1.27630.1.0.4.11] DESC 'end' )
    12. Key Escrow and Recovery ([1.3.6.1.4.1.27630.1.0.4.12] DESC 'escrow' )
  5. Facility, Management, and Operational Controls ([1.3.6.1.4.1.27630.1.0.5] DESC 'management' )
    1. Physical Security Controls ([1.3.6.1.4.1.27630.1.0.5.1] DESC 'physical' )
    2. Procedural Controls ([1.3.6.1.4.1.27630.1.0.5.2] DESC 'procedural' )
    3. Personnel Controls ([1.3.6.1.4.1.27630.1.0.5.3] DESC 'personnel' )
    4. Audit Logging Procedures ([1.3.6.1.4.1.27630.1.0.5.4] DESC 'audit' )
    5. Records Archival ([1.3.6.1.4.1.27630.1.0.5.5] DESC 'archival' )
    6. Key Changeover ([1.3.6.1.4.1.27630.1.0.5.6] DESC 'changeover' )
    7. Compromise and Disaster Recovery ([1.3.6.1.4.1.27630.1.0.5.7] DESC 'disaster' )
    8. CA or RA Termination ([1.3.6.1.4.1.27630.1.0.5.1] DESC 'termination' )
  6. Technical Security Controls ([1.3.6.1.4.1.27630.1.0.6] DESC 'technical' )
    1. Key Pair Generation and Installation ([1.3.6.1.4.1.27630.1.0.6.1] DESC 'generation' )
    2. Private Key Protection and Cryptographic Module Engineering Controls ([1.3.6.1.4.1.27630.1.0.6.2] DESC 'hsm' )
    3. Other Aspects of Key Pair Management ([1.3.6.1.4.1.27630.1.0.6.3] DESC 'other' )
    4. Activation Data ([1.3.6.1.4.1.27630.1.0.6.4] DESC 'activation' )
    5. Computer Security Controls ([1.3.6.1.4.1.27630.1.0.6.5] DESC 'computer' )
    6. Life Cycle Security Controls ([1.3.6.1.4.1.27630.1.0.6.6] DESC 'lifecycle-control' )
    7. Network Security Controls ([1.3.6.1.4.1.27630.1.0.6.7] DESC 'network' )
    8. Timestamping ([1.3.6.1.4.1.27630.1.0.6.8] DESC 'timestamping' )
  7. Certificate, CRL, and OCSP Profiless ([1.3.6.1.4.1.27630.1.0.7] DESC 'profiles' )
    1. Certificate Profile ([1.3.6.1.4.1.27630.1.0.7.1] DESC 'certificate-profile' )
    2. CRL Profile ([1.3.6.1.4.1.27630.1.0.7.2] DESC 'crl-profile' )
    3. OCSP Profile ([1.3.6.1.4.1.27630.1.0.7.3] DESC 'ocsp-profile' )
  8. Compliance Audit and Other Assessment ([1.3.6.1.4.1.27630.1.0.8] DESC 'compliance' )
  9. Other Business and Legal Matters (1.3.6.1.4.1.27630.1.0.9 DESC 'legal' )
    1. Fees ([1.3.6.1.4.1.27630.1.0.9.1] DESC 'fees' )
    2. Financial Responsibility ([1.3.6.1.4.1.27630.1.0.9.2] DESC 'responsibility' )
    3. Confidentiality of Business Information ([1.3.6.1.4.1.27630.1.0.9.3] DESC 'confidentiality' )
    4. Privacy of Personal Information ([1.3.6.1.4.1.27630.1.0.9.4] DESC 'privacy' )
    5. Intellectual Property Rights ([1.3.6.1.4.1.27630.1.0.9.5] DESC 'ipr' )
    6. Representations and Warranties ([1.3.6.1.4.1.27630.1.0.9.6] DESC 'warranties' )
    7. Disclaimers of Warranties ([1.3.6.1.4.1.27630.1.0.9.7] DESC 'disclaimer' )
    8. Limitations of Liability ([1.3.6.1.4.1.27630.1.0.9.8] DESC 'liability' )
    9. Indemnities ([1.3.6.1.4.1.27630.1.0.9.9] DESC 'indemnities' )
    10. Term and Termination ([1.3.6.1.4.1.27630.1.0.9.10] DESC 'term' )
    11. Individual notices and communications with participants ([1.3.6.1.4.1.27630.1.0.9.11] DESC 'communication' )
    12. Amendments ([1.3.6.1.4.1.27630.1.0.9.12] DESC 'amendments' )
    13. Dispute Resolution Procedures ([1.3.6.1.4.1.27630.1.0.9.13] DESC 'dispute' )
    14. Governing Law (1.3.6.1.4.1.27630.1.0.9.14 DESC 'law' )
    15. Compliance with Applicable Law ([1.3.6.1.4.1.27630.1.0.9.15] DESC 'lawcompliance' )
    16. Miscellaneous Provisions ([1.3.6.1.4.1.27630.1.0.9.16] DESC 'misc' )
    17. Other Provisions ([1.3.6.1.4.1.27630.1.0.9.17] DESC 'otherprovision' )

Each of these common OID may be refined by children of the following OID when appropriate, that is when the level of assurance add constraints to the common policy.

Objective 

With this OID, the aim of openOSI is to publish its certificate policy common statements that are inherited by the following OID:

Usage 

The usage of this common certificate policy is to be a single point of reference for others openOSI CP/CPS OID. These OID can be used by anyone under an LGPL license if corresponding policy is enforced.


XML format

<oid>
	<asn1-notation>{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) cps(1) common(0)}</asn1-notation>
	<description> Certificate policy with Common certification practices statement </description>
	<information>More <i>information</i> can be found in <a href="http://www.openosi.org/openosi/display/oid/1.3.6.1.4.1.27630.1.0">openOSI common CP/CPS</a> </information>
</oid>


1.3.6.1.4.1.27630.1.0.1 (openOSI Object Identifier name space)
1.3.6.1.4.1.27630.1.0.9 (openOSI Object Identifier name space)

Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.2 Build:#703 Mar 12, 2007) - Bug/feature request - Contact Administrators