ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalvadmindefinereg.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Define a private user registry type in EIM" />
<meta name="DC.Relation" scheme="URI" content="rzalvadminregistries.htm" />
<meta name="DC.Relation" scheme="URI" content="http://csrc.nist.gov/csor/pkireg.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalvadmindefinereg" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Define a private user registry type in EIM</title>
</head>
<body id="rzalvadmindefinereg"><a name="rzalvadmindefinereg"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Define a private user registry type in EIM</h1>
<div><p>When you create an Enterprise Identity Mapping (EIM) <a href="rzalveserverregistry.htm#rzalveserverregistry">registry
definition</a> you can specify one of a number of predefined user registry
types to represent an actual user registry that exists on a system within
the enterprise. Although the predefined registry definition types cover most
operating system user registries, you may need to create a registry definition
for which EIM does not include a predefined registry type. You have two options
in this situation. You can either use an existing registry definition which
matches the characteristics of your user registry or you can define a private
user registry type. </p>
<p>To define a user registry type that EIM is not predefined to recognize,
you must use an object identity (OID) to specify the registry type in the
form of <strong>ObjectIdentifier-normalization</strong>, where <strong>ObjectIdentifier</strong> is
a dotted-decimal object identifier, such as 1.2.3.4.5.6.7, and <strong>normalization</strong> is
either the value <strong>caseExact</strong> or the value <strong>caseIgnore</strong>. For example,
the object identifier (OID) for iSeries™ is <samp class="codeph">1.3.18.0.2.33.2-caseIgnore</samp>.</p>
<p>You should obtain any OIDs that you need from legitimate OID registration
authorities to ensure that you create and use unique OIDs. Unique OIDs help
you avoid potential conflicts with OIDs created by other organizations or
applications. </p>
<p>There are two ways of obtaining OIDs:</p>
<ul><li><strong>Register the objects with an authority</strong>. This method is a good choice
when you need a small number of fixed OIDs to represent information. For example,
these OIDs might represent certificate policies for users in your enterprise.</li>
<li><strong>Obtain an arc assignment from a registration authority and assign your
own OIDs as needed</strong>.  This method, which is a dotted-decimal object-identifier
range assignment, is a good choice if you need a large number of OIDs, or
if your OID assignments are subject to change. The arc assignment consists
of the beginning dotted-decimal numbers from which you must base your <strong>ObjectIdentifier</strong>.
For example, the arc assignment could be <samp class="codeph">1.2.3.4.5.</samp>. You
could then create OIDs by adding to this basic arc. For example, you could
create OIDs in the form <samp class="codeph">1.2.3.4.5.x.x.x)</samp>.</li>
</ul>
<p>You can learn more about registering your OIDs with a registration authority
by  reviewing these Internet resources: </p>
<ul><li>American National Standards Institute  (ANSI) is the registration authority
for the United States for organization names under the global registration
process established by International Standards Organization (ISO) and  International
Telecommunication Union (ITU).  A fact sheet in Microsoft<sup>®</sup> Word format about applying
for a Registered Application Provider Identifier (RID) is located at the ANSI
Public Document Library Web site <a href="http://public.ansi.org/ansionline/Documents/" target="_blank">http://public.ansi.org/ansionline/Documents/</a><img src="www.gif" alt="Link outside Information Center" />.
You can find the fact sheet by selecting <span class="uicontrol">Other Services &gt; Registration
Programs</span>. The ANSI OID arc for organizations is <samp class="codeph">2.16.840.1</samp>.
 ANSI charges a fee for OID arc assignments.  It takes approximately two weeks
to receive the assigned OID arc from ANSI.  ANSI will assign a number (NEWNUM)
to create a new OID arc; for example: <samp class="codeph">2.16.840.1.NEWNUM</samp>.</li>
<li>In most countries or regions, the national standards association maintains
an OID registry.  As with the ANSI arc, these are generally arcs assigned
under the OID <samp class="codeph">2.16</samp>.  It may take some investigation to find
the OID authority for a particular country or region.  The addresses for ISO
national member bodies may be found at <a href="http://www.iso.ch/addresse/membodies.html" target="_blank">http://www.iso.ch/addresse/membodies.html</a><img src="www.gif" alt="Link outside Information Center" />.  The information includes postal
address and electronic mail.  In many cases, a Web site is specified as well.</li>
<li>The Internet Assigned Numbers Authority (IANA) assigns private enterprise
numbers, which are OIDs, in the arc <samp class="codeph">1.3.6.1.4.1</samp>.  IANA has
assigned arcs to over 7500 companies to date.  The application page is located
at  <a href="http://www.iana.org/cgi-bin/enterprise.pl" target="_blank">http://www.iana.org/cgi-bin/enterprise.pl</a>  <img src="www.gif" alt="Link outside Information Center" />,
under Private Enterprise Numbers.  The IANA usually takes about one week.
 An OID from IANA is free.  IANA will assign a number (NEWNUM) so that the
new OID arc will be <samp class="codeph">1.3.6.1.4.1.NEWNUM</samp>.</li>
<li>The U.S. Federal Government maintains the Computer Security Objects Registry
(CSOR).  The CSOR is the naming authority for the arc <samp class="codeph">2.16.840.1.101.3</samp>,
and is currently registering objects for security labels, cryptographic algorithms,
and certificate policies.  The certificate policy OIDs are defined in the
arc <samp class="codeph">2.16.840.1.101.3.2.1</samp>.  The CSOR provides policy OIDs
to agencies of the U.S. Federal Government.  For more information about the
CSOR, see <a href="http://csrc.nist.gov/csor/" target="_blank">http://csrc.nist.gov/csor/</a><img src="www.gif" alt="Link outside Information Center" />.</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadminregistries.htm" title="This information explains how to create and manage the Enterprise Identity Mapping (EIM) registry definitions for those user registries in your enterprise that participate in EIM.">Manage Enterprise Identity Mapping registry definitions</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="http://csrc.nist.gov/csor/pkireg.htm">http://csrc.nist.gov/csor/pkireg.htm</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Define a private user registry type in EIM" />`
			`<meta name="DC.Relation" scheme="URI" content="rzalvadminregistries.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="http://csrc.nist.gov/csor/pkireg.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzalvadmindefinereg" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Define a private user registry type in EIM</title>`
			`</head>`
			`<body id="rzalvadmindefinereg"><a name="rzalvadmindefinereg"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Define a private user registry type in EIM</h1>`
			`<div><p>When you create an Enterprise Identity Mapping (EIM) <a href="rzalveserverregistry.htm#rzalveserverregistry">registry`
			`definition</a> you can specify one of a number of predefined user registry`
			`types to represent an actual user registry that exists on a system within`
			`the enterprise. Although the predefined registry definition types cover most`
			`operating system user registries, you may need to create a registry definition`
			`for which EIM does not include a predefined registry type. You have two options`
			`in this situation. You can either use an existing registry definition which`
			`matches the characteristics of your user registry or you can define a private`
			`user registry type. </p>`
			`<p>To define a user registry type that EIM is not predefined to recognize,`
			`you must use an object identity (OID) to specify the registry type in the`
			`form of <strong>ObjectIdentifier-normalization</strong>, where <strong>ObjectIdentifier</strong> is`
			`a dotted-decimal object identifier, such as 1.2.3.4.5.6.7, and <strong>normalization</strong> is`
			`either the value <strong>caseExact</strong> or the value <strong>caseIgnore</strong>. For example,`
			`the object identifier (OID) for iSeries™ is <samp class="codeph">1.3.18.0.2.33.2-caseIgnore</samp>.</p>`
			`<p>You should obtain any OIDs that you need from legitimate OID registration`
			`authorities to ensure that you create and use unique OIDs. Unique OIDs help`
			`you avoid potential conflicts with OIDs created by other organizations or`
			`applications. </p>`
			`<p>There are two ways of obtaining OIDs:</p>`
			`<ul><li><strong>Register the objects with an authority</strong>. This method is a good choice`
			`when you need a small number of fixed OIDs to represent information. For example,`
			`these OIDs might represent certificate policies for users in your enterprise.</li>`
			`<li><strong>Obtain an arc assignment from a registration authority and assign your`
			`own OIDs as needed</strong>. This method, which is a dotted-decimal object-identifier`
			`range assignment, is a good choice if you need a large number of OIDs, or`
			`if your OID assignments are subject to change. The arc assignment consists`
			`of the beginning dotted-decimal numbers from which you must base your <strong>ObjectIdentifier</strong>.`
			`For example, the arc assignment could be <samp class="codeph">1.2.3.4.5.</samp>. You`
			`could then create OIDs by adding to this basic arc. For example, you could`
			`create OIDs in the form <samp class="codeph">1.2.3.4.5.x.x.x)</samp>.</li>`
			`</ul>`
			`<p>You can learn more about registering your OIDs with a registration authority`
			`by reviewing these Internet resources: </p>`
			`<ul><li>American National Standards Institute (ANSI) is the registration authority`
			`for the United States for organization names under the global registration`
			`process established by International Standards Organization (ISO) and International`
			`Telecommunication Union (ITU). A fact sheet in Microsoft<sup>®</sup> Word format about applying`
			`for a Registered Application Provider Identifier (RID) is located at the ANSI`
			`Public Document Library Web site <a href="http://public.ansi.org/ansionline/Documents/" target="_blank">http://public.ansi.org/ansionline/Documents/</a><img src="www.gif" alt="Link outside Information Center" />.`
			`You can find the fact sheet by selecting <span class="uicontrol">Other Services > Registration`
			`Programs</span>. The ANSI OID arc for organizations is <samp class="codeph">2.16.840.1</samp>.`
			`ANSI charges a fee for OID arc assignments. It takes approximately two weeks`
			`to receive the assigned OID arc from ANSI. ANSI will assign a number (NEWNUM)`
			`to create a new OID arc; for example: <samp class="codeph">2.16.840.1.NEWNUM</samp>.</li>`
			`<li>In most countries or regions, the national standards association maintains`
			`an OID registry. As with the ANSI arc, these are generally arcs assigned`
			`under the OID <samp class="codeph">2.16</samp>. It may take some investigation to find`
			`the OID authority for a particular country or region. The addresses for ISO`
			`national member bodies may be found at <a href="http://www.iso.ch/addresse/membodies.html" target="_blank">http://www.iso.ch/addresse/membodies.html</a><img src="www.gif" alt="Link outside Information Center" />. The information includes postal`
			`address and electronic mail. In many cases, a Web site is specified as well.</li>`
			`<li>The Internet Assigned Numbers Authority (IANA) assigns private enterprise`
			`numbers, which are OIDs, in the arc <samp class="codeph">1.3.6.1.4.1</samp>. IANA has`
			`assigned arcs to over 7500 companies to date. The application page is located`
			`at <a href="http://www.iana.org/cgi-bin/enterprise.pl" target="_blank">http://www.iana.org/cgi-bin/enterprise.pl</a> <img src="www.gif" alt="Link outside Information Center" />,`
			`under Private Enterprise Numbers. The IANA usually takes about one week.`
			`An OID from IANA is free. IANA will assign a number (NEWNUM) so that the`
			`new OID arc will be <samp class="codeph">1.3.6.1.4.1.NEWNUM</samp>.</li>`
			`<li>The U.S. Federal Government maintains the Computer Security Objects Registry`
			`(CSOR). The CSOR is the naming authority for the arc <samp class="codeph">2.16.840.1.101.3</samp>,`
			`and is currently registering objects for security labels, cryptographic algorithms,`
			`and certificate policies. The certificate policy OIDs are defined in the`
			`arc <samp class="codeph">2.16.840.1.101.3.2.1</samp>. The CSOR provides policy OIDs`
			`to agencies of the U.S. Federal Government. For more information about the`
			`CSOR, see <a href="http://csrc.nist.gov/csor/" target="_blank">http://csrc.nist.gov/csor/</a><img src="www.gif" alt="Link outside Information Center" />.</li>`
			`</ul>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadminregistries.htm" title="This information explains how to create and manage the Enterprise Identity Mapping (EIM) registry definitions for those user registries in your enterprise that participate in EIM.">Manage Enterprise Identity Mapping registry definitions</a></div>`
			`</div>`
			`<div class="relinfo"><strong>Related information</strong><br />`
			`<div><a href="http://csrc.nist.gov/csor/pkireg.htm">http://csrc.nist.gov/csor/pkireg.htm</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`