AccessControl-ASN1Module (Rec. X.741:04/1995)

-- Module AccessControl-ASN1Module (Rec. X.741:04/1995)
-- See also README
-- See also the index of all ASN.1 assignments defined in this recommendation
AccessControl-ASN1Module {joint-iso-itu-t ms(9) function(2) part9(9)
  asn1Module(2) 2} DEFINITIONS IMPLICIT TAGS ::=
BEGIN

IMPORTS
  AttributeId, CMISFilter, CMISSync, DistinguishedName, ObjectClass,
    ObjectInstance, Scope, ActionTypeId
    FROM CMIP-1 {joint-iso-itu-t ms(9) cmip(1) modules(0) protocol(3)}
  --  NOTE - This Recommendation | International Standard imports DistinguishedName from
  --  CCITT Rec. X.501 (1988) | ISO/IEC 9594-2:1990.  The specification for this syntax can now be
  --  found in an informative annex of ITU-T Rec. X.711 (1997) | ISO/IEC 9596-1:1997.
  AE-title
    FROM ACSE-1 {joint-iso-itu-t(2) association-control(2) modules(0) 
      apdus(0) version1(1)}
  DMI-TYPE-IDENTIFIER, DiscriminatorConstruct
    FROM Attribute-ASN1Module {joint-iso-itu-t ms(9) smi(3) part2(2)
      asn1Module(2) 1};

AccessControlList ::=
  SET OF CHOICE {proxy          [0]  Proxy,
                 initiatorName  [1]  InitiatorName}

InitiatorName ::= CHOICE {
  individualName  [1] IMPLICIT DistinguishedName,
  groupName       [2] IMPLICIT DistinguishedName,
  role            [3] IMPLICIT DistinguishedName,
  application     [4] IMPLICIT AE-title
}

AC-PROXY ::= DMI-TYPE-IDENTIFIER

Proxy ::= SEQUENCE {
  proxyId     [0] IMPLICIT AC-PROXY.&id({ProxySet}),
  proxyValue  [1]  AC-PROXY.&Value({ProxySet}{@.proxyId})
}

ProxySet AC-PROXY ::=
  {...}

AccessControlObjectName ::= GraphicString

ActionFilterList ::=
  SET OF
    SEQUENCE {actionTypeId         ActionTypeId,
              attributeFilterList  FilterList OPTIONAL}

AC-AUTH-CONTEXT ::= DMI-TYPE-IDENTIFIER

AuthenticationContext ::= SEQUENCE {
  authenticationPolicyId
    [0] IMPLICIT AC-AUTH-CONTEXT.&id({AuthenticationContextSet}),
  requirements
    [1]  AC-AUTH-CONTEXT.&Value
           ({AuthenticationContextSet}{@.authenticationPolicyId})
}

AuthenticationContextSet AC-AUTH-CONTEXT ::=
  {...}

Boolean ::= BOOLEAN

false Boolean ::= FALSE

AC-CAP-IDENTITY ::= DMI-TYPE-IDENTIFIER

CapabilityIdentitiesList ::=
  SET OF
    CHOICE {knownForm
              [0]  SEQUENCE {initiatorName  InitiatorName,
                             sdaList        SdaList OPTIONAL},
            unknownForm
              [1]  SEQUENCE {identifier
                               AC-CAP-IDENTITY.&id
                                 ({CapabilityIdentitiesSet}),
                             value
                               AC-CAP-IDENTITY.&Value
                                 ({CapabilityIdentitiesSet}{@.identifier})
            }}

CapabilityIdentitiesSet AC-CAP-IDENTITY ::=
  {...}

SdaList ::=
  SET OF
    SEQUENCE {securityDomainAuthorityName  SecurityDomainAuthorityName,
              operationType                OperationType}

DefaultAccess ::= SEQUENCE {
  action                   [0] IMPLICIT EnforcementAction DEFAULT deny,
  create                   [1] IMPLICIT EnforcementAction DEFAULT deny,
  delete                   [2] IMPLICIT EnforcementAction DEFAULT deny,
  get                      [3] IMPLICIT EnforcementAction DEFAULT deny,
  replace                  [4] IMPLICIT EnforcementAction DEFAULT deny,
  addMember                [5] IMPLICIT EnforcementAction DEFAULT deny,
  removeMember             [6] IMPLICIT EnforcementAction DEFAULT deny,
  replaceWithDefault       [7] IMPLICIT EnforcementAction DEFAULT deny,
  multipleObjectSelection  [8] IMPLICIT EnforcementAction DEFAULT deny,
  filter                   [9] IMPLICIT EnforcementAction DEFAULT deny
}

denyAll DefaultAccess ::= {}

DenialResponse ::= ENUMERATED {
  denyWithResponse(0), denyWithoutResponse(1), abortAssociation(2),
  denyWithFalseResponse(3)}

DenialGranularity ::= ENUMERATED {request(0), object(1), attribute(2)}

DomainIdentity ::= CHOICE {
  domainName   DistinguishedName,
  privateName  OCTET STRING
}

EnforcementAction ::= ENUMERATED {
  denyWithResponse(0), denyWithoutResponse(1), abortAssociation(2),
  denyWithFalseResponse(3), allow(4)}

deny EnforcementAction ::= denyWithResponse

FilterList ::= SET OF CMISFilter

InvalidAccessControlFilter ::= SEQUENCE {
  errorId  ENUMERATED {duplicateId(0), heterogeneousId(1), invalidId(2)},
  filter   CMISFilter OPTIONAL
}

LabelName ::= INTEGER

ObjectClassList ::=
  SET OF
    SEQUENCE {objectClass  [0]  ObjectClass,
              nameBinding  [1]  OBJECT IDENTIFIER OPTIONAL}

OperationsList ::= SET OF OperationType

OperationType ::= INTEGER {
  action(0), create(1), delete(2), get(3), replace(4), addMember(5),
  removeMember(6), replaceWithDefault(7), multipleObjectSelection(8), 
  filter(9)}

SecurityLabel ::=
  SET OF
    CHOICE {initiatorLabel
              [1] IMPLICIT SEQUENCE {clearance
                                       CHOICE {localForm   [0] IMPLICIT INTEGER,
                                               globalForm
                                                 [1] IMPLICIT OBJECT IDENTIFIER
                                     },
                                     category
                                       [2] IMPLICIT BIT STRING OPTIONAL
            }}

SecurityDomainAuthorityName ::= CHOICE {
  domainAuthorityName       [1] IMPLICIT DistinguishedName,
  alternativeAuthorityName  [2] IMPLICIT Proxy
}

StateConditions ::=
  SET OF
    SEQUENCE {conditionalObject  ObjectInstance,
              state              CMISFilter}

END
-- Generated by Asnp, the pretty-printer of France Telecom R&D