Dashboard > openOSI Object Identifier name space > ... > 1.3.6.1.4.1.27630.2.1.1 > 1.3.6.1.4.1.27630.2.1.1.73
  openOSI Object Identifier name space Log In   View a printable version of the current page.  
  1.3.6.1.4.1.27630.2.1.1.73
 Browse Space
Added by Jose REMY, last edited by Jose REMY on Aug 29, 2007
Labels: 
(1.3.6.1.4.1.27630.2.1.1.73 DESC 'osiICardTokenService' )

osiICardTokenService attribute OID of openosi.schema for X500 / LDAP directory

Notation

This object identifier (OID) describes osiICardTokenService attribute of openosi.schema .

ASN1 notation: {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) identification(2) schema(1) attribute(1) osiICardTokenService(73)}
URN notation: urn:oid:1.3.6.1.4.1.27630.2.1.1.73
IETF DOT notation: 1.3.6.1.4.1.27630.2.1.1.73
BNF notation (RFC822 Backus-Naur form): ( 1.3.6.1.4.1.27630.2.1.1.73 DESC 'osiICardTokenService' )
Description: osiICardTokenService attribute OID for Info card in openosi.schema for X500 / LDAP directory

Definition

osiICardTokenService attribute is a container for attributes types conforming with RFC4512 specification.

DESC 'IdP/STS endpoints with credential descriptor(<endpointURI;charset=utf-8>::<CredentialType>)'

This required element describes a single token-issuing endpoint. Several elements (multivalued) build a TokenServiceList, which is an ordered list of (IdP/STS) security token service endpoints, and corresponding credential descriptors (implying the required authentication mechanisms), where tokens can be requested. Each service endpoint MUST be tried in order by the service requester when requesting tokens.

endpointURI is the <wsa:Address> of the <wsa:EndpointReference> element where the <wsid:Identity> is coming from an attribute of another appropriate objectclass / schema (i.e: a KerberosV5 service principal name if credentialType is KerberosV5Credential).

DisplayCredentialHint of the <ic:UserCredential> element provides a hint (string) to be displayed to the user to prompt for the correct credential related to the CredentialType (for example, a hint to insert the right smart card). The content of this element MAY be localized in a specific language.

CredentialType is a Credential descriptor that implicitly determines the authentication mechanism to be used and the DisplayCredentialHint.

CredentialType list

  • UsernamePasswordCredential
  • KerberosV5Credential
  • X509V3Credential
  • SelfIssuedCredential

Syntax

attributetype (1.3.6.1.4.1.27630.2.1.1.73    
	NAME ( 'osiICardTokenService' 'icTokenService' )
	DESC 'IdP/STS endpoints with credential descriptor(<endpointURI;charset=utf-8>::<CredentialType>)'
	EQUALITY caseExactMatch
	SUBSTR caseExactSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

Usage

It is mentionned by the following objectclasse:

XML

<ic:InformationCard xml:lang="xs:language" ...>
     ...
      <ic:TokenServiceList>
	<ic:TokenService>
	    <wsa:EndpointReference> ... </wsa:EndpointReference>
	    <ic:UserCredential>
	       <ic:DisplayCredentialHint> xs:string </ic:DisplayCredentialHint>
	       <-- one of the following  -->
	       <-- <ic:UsernamePasswordCredential>...</ic:UsernamePasswordCredential> -->
	       <-- <ic:KerberosV5Credential>...</ic:KerberosV5Credential> -->
	       <-- <ic:X509V3Credential>...</ic:X509V3Credential> -->
	       <-- <ic:SelfIssuedCredential>...</ic:SelfIssuedCredential> -->
	    </ic:UserCredential>
	</ic:TokenService>
      </ic:TokenServiceList>
     ...
</ic:InformationCard>

EndpointReference example for KerberosV5

<wsa:EndpointReference>
    <wsa:Address>http://example.com/sts</wsa:Address>
    <wsid:Identity>
         <wsid:Spn>...KerberosV5 service principal name...</wsid:Spn>
    </wsid:Identity>
</wsa:EndpointReference>

EndpointReference example for X509V3Credential

<wsa:EndpointReference>
    <wsa:Address>http://example.com/sts</wsa:Address>
    <wsid:Identity>
         <ds:KeyInfo>
		<ds:X509Data>
		    <ds:X509Certificate>...userCertificate/core.schema...</ds:X509Certificate>
		<ds:X509Data>
         <ds:KeyInfo>
    </wsid:Identity>
</wsa:EndpointReference>

For quick OID check (when registered) go to oid-info and use the following syntax:
www.oid-info.com/get/<OID number>


OID XML format

<oid>
<asn1-notation>{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) identification(2) schema(1) attribute(1) osiICardTokenService(73)}</asn1-notation>
<description>osiICardTokenService attributeOID of info card for openosi.schema for X500 / LDAP directory</description>
<information>More <i>information</i> can be found in <a href="http://openosi.org/osi/display/oid/1.3.6.1.4.1.27630.2.1.1.73">osiICardTokenService attributeOID of info card for openosi.schema for X500 / LDAP directory</a> </information>
</oid>
Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.2 Build:#703 Mar 12, 2007) - Bug/feature request - Contact Administrators