106 lines
7.9 KiB
HTML
106 lines
7.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Define a private user registry type in EIM" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzalvadminregistries.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="http://csrc.nist.gov/csor/pkireg.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzalvadmindefinereg" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Define a private user registry type in EIM</title>
|
||
|
</head>
|
||
|
<body id="rzalvadmindefinereg"><a name="rzalvadmindefinereg"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Define a private user registry type in EIM</h1>
|
||
|
<div><p>When you create an Enterprise Identity Mapping (EIM) <a href="rzalveserverregistry.htm#rzalveserverregistry">registry
|
||
|
definition</a> you can specify one of a number of predefined user registry
|
||
|
types to represent an actual user registry that exists on a system within
|
||
|
the enterprise. Although the predefined registry definition types cover most
|
||
|
operating system user registries, you may need to create a registry definition
|
||
|
for which EIM does not include a predefined registry type. You have two options
|
||
|
in this situation. You can either use an existing registry definition which
|
||
|
matches the characteristics of your user registry or you can define a private
|
||
|
user registry type. </p>
|
||
|
<p>To define a user registry type that EIM is not predefined to recognize,
|
||
|
you must use an object identity (OID) to specify the registry type in the
|
||
|
form of <strong>ObjectIdentifier-normalization</strong>, where <strong>ObjectIdentifier</strong> is
|
||
|
a dotted-decimal object identifier, such as 1.2.3.4.5.6.7, and <strong>normalization</strong> is
|
||
|
either the value <strong>caseExact</strong> or the value <strong>caseIgnore</strong>. For example,
|
||
|
the object identifier (OID) for iSeries™ is <samp class="codeph">1.3.18.0.2.33.2-caseIgnore</samp>.</p>
|
||
|
<p>You should obtain any OIDs that you need from legitimate OID registration
|
||
|
authorities to ensure that you create and use unique OIDs. Unique OIDs help
|
||
|
you avoid potential conflicts with OIDs created by other organizations or
|
||
|
applications. </p>
|
||
|
<p>There are two ways of obtaining OIDs:</p>
|
||
|
<ul><li><strong>Register the objects with an authority</strong>. This method is a good choice
|
||
|
when you need a small number of fixed OIDs to represent information. For example,
|
||
|
these OIDs might represent certificate policies for users in your enterprise.</li>
|
||
|
<li><strong>Obtain an arc assignment from a registration authority and assign your
|
||
|
own OIDs as needed</strong>. This method, which is a dotted-decimal object-identifier
|
||
|
range assignment, is a good choice if you need a large number of OIDs, or
|
||
|
if your OID assignments are subject to change. The arc assignment consists
|
||
|
of the beginning dotted-decimal numbers from which you must base your <strong>ObjectIdentifier</strong>.
|
||
|
For example, the arc assignment could be <samp class="codeph">1.2.3.4.5.</samp>. You
|
||
|
could then create OIDs by adding to this basic arc. For example, you could
|
||
|
create OIDs in the form <samp class="codeph">1.2.3.4.5.x.x.x)</samp>.</li>
|
||
|
</ul>
|
||
|
<p>You can learn more about registering your OIDs with a registration authority
|
||
|
by reviewing these Internet resources: </p>
|
||
|
<ul><li>American National Standards Institute (ANSI) is the registration authority
|
||
|
for the United States for organization names under the global registration
|
||
|
process established by International Standards Organization (ISO) and International
|
||
|
Telecommunication Union (ITU). A fact sheet in Microsoft<sup>®</sup> Word format about applying
|
||
|
for a Registered Application Provider Identifier (RID) is located at the ANSI
|
||
|
Public Document Library Web site <a href="http://public.ansi.org/ansionline/Documents/" target="_blank">http://public.ansi.org/ansionline/Documents/</a><img src="www.gif" alt="Link outside Information Center" />.
|
||
|
You can find the fact sheet by selecting <span class="uicontrol">Other Services > Registration
|
||
|
Programs</span>. The ANSI OID arc for organizations is <samp class="codeph">2.16.840.1</samp>.
|
||
|
ANSI charges a fee for OID arc assignments. It takes approximately two weeks
|
||
|
to receive the assigned OID arc from ANSI. ANSI will assign a number (NEWNUM)
|
||
|
to create a new OID arc; for example: <samp class="codeph">2.16.840.1.NEWNUM</samp>.</li>
|
||
|
<li>In most countries or regions, the national standards association maintains
|
||
|
an OID registry. As with the ANSI arc, these are generally arcs assigned
|
||
|
under the OID <samp class="codeph">2.16</samp>. It may take some investigation to find
|
||
|
the OID authority for a particular country or region. The addresses for ISO
|
||
|
national member bodies may be found at <a href="http://www.iso.ch/addresse/membodies.html" target="_blank">http://www.iso.ch/addresse/membodies.html</a><img src="www.gif" alt="Link outside Information Center" />. The information includes postal
|
||
|
address and electronic mail. In many cases, a Web site is specified as well.</li>
|
||
|
<li>The Internet Assigned Numbers Authority (IANA) assigns private enterprise
|
||
|
numbers, which are OIDs, in the arc <samp class="codeph">1.3.6.1.4.1</samp>. IANA has
|
||
|
assigned arcs to over 7500 companies to date. The application page is located
|
||
|
at <a href="http://www.iana.org/cgi-bin/enterprise.pl" target="_blank">http://www.iana.org/cgi-bin/enterprise.pl</a> <img src="www.gif" alt="Link outside Information Center" />,
|
||
|
under Private Enterprise Numbers. The IANA usually takes about one week.
|
||
|
An OID from IANA is free. IANA will assign a number (NEWNUM) so that the
|
||
|
new OID arc will be <samp class="codeph">1.3.6.1.4.1.NEWNUM</samp>.</li>
|
||
|
<li>The U.S. Federal Government maintains the Computer Security Objects Registry
|
||
|
(CSOR). The CSOR is the naming authority for the arc <samp class="codeph">2.16.840.1.101.3</samp>,
|
||
|
and is currently registering objects for security labels, cryptographic algorithms,
|
||
|
and certificate policies. The certificate policy OIDs are defined in the
|
||
|
arc <samp class="codeph">2.16.840.1.101.3.2.1</samp>. The CSOR provides policy OIDs
|
||
|
to agencies of the U.S. Federal Government. For more information about the
|
||
|
CSOR, see <a href="http://csrc.nist.gov/csor/" target="_blank">http://csrc.nist.gov/csor/</a><img src="www.gif" alt="Link outside Information Center" />.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadminregistries.htm" title="This information explains how to create and manage the Enterprise Identity Mapping (EIM) registry definitions for those user registries in your enterprise that participate in EIM.">Manage Enterprise Identity Mapping registry definitions</a></div>
|
||
|
</div>
|
||
|
<div class="relinfo"><strong>Related information</strong><br />
|
||
|
<div><a href="http://csrc.nist.gov/csor/pkireg.htm">http://csrc.nist.gov/csor/pkireg.htm</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|