<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en-us" xml:lang="en-us"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="security" content="public" /> <meta name="Robots" content="index,follow" /> <meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' /> <meta name="DC.Type" content="concept" /> <meta name="DC.Title" content="Define a private user registry type in EIM" /> <meta name="DC.Relation" scheme="URI" content="rzalvadminregistries.htm" /> <meta name="DC.Relation" scheme="URI" content="http://csrc.nist.gov/csor/pkireg.htm" /> <meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" /> <meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" /> <meta name="DC.Format" content="XHTML" /> <meta name="DC.Identifier" content="rzalvadmindefinereg" /> <meta name="DC.Language" content="en-us" /> <!-- All rights reserved. Licensed Materials Property of IBM --> <!-- US Government Users Restricted Rights --> <!-- Use, duplication or disclosure restricted by --> <!-- GSA ADP Schedule Contract with IBM Corp. --> <link rel="stylesheet" type="text/css" href="./ibmdita.css" /> <link rel="stylesheet" type="text/css" href="./ic.css" /> <title>Define a private user registry type in EIM</title> </head> <body id="rzalvadmindefinereg"><a name="rzalvadmindefinereg"><!-- --></a> <!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script> <h1 class="topictitle1">Define a private user registry type in EIM</h1> <div><p>When you create an Enterprise Identity Mapping (EIM) <a href="rzalveserverregistry.htm#rzalveserverregistry">registry definition</a> you can specify one of a number of predefined user registry types to represent an actual user registry that exists on a system within the enterprise. Although the predefined registry definition types cover most operating system user registries, you may need to create a registry definition for which EIM does not include a predefined registry type. You have two options in this situation. You can either use an existing registry definition which matches the characteristics of your user registry or you can define a private user registry type. </p> <p>To define a user registry type that EIM is not predefined to recognize, you must use an object identity (OID) to specify the registry type in the form of <strong>ObjectIdentifier-normalization</strong>, where <strong>ObjectIdentifier</strong> is a dotted-decimal object identifier, such as 1.2.3.4.5.6.7, and <strong>normalization</strong> is either the value <strong>caseExact</strong> or the value <strong>caseIgnore</strong>. For example, the object identifier (OID) for iSeries™ is <samp class="codeph">1.3.18.0.2.33.2-caseIgnore</samp>.</p> <p>You should obtain any OIDs that you need from legitimate OID registration authorities to ensure that you create and use unique OIDs. Unique OIDs help you avoid potential conflicts with OIDs created by other organizations or applications. </p> <p>There are two ways of obtaining OIDs:</p> <ul><li><strong>Register the objects with an authority</strong>. This method is a good choice when you need a small number of fixed OIDs to represent information. For example, these OIDs might represent certificate policies for users in your enterprise.</li> <li><strong>Obtain an arc assignment from a registration authority and assign your own OIDs as needed</strong>. This method, which is a dotted-decimal object-identifier range assignment, is a good choice if you need a large number of OIDs, or if your OID assignments are subject to change. The arc assignment consists of the beginning dotted-decimal numbers from which you must base your <strong>ObjectIdentifier</strong>. For example, the arc assignment could be <samp class="codeph">1.2.3.4.5.</samp>. You could then create OIDs by adding to this basic arc. For example, you could create OIDs in the form <samp class="codeph">1.2.3.4.5.x.x.x)</samp>.</li> </ul> <p>You can learn more about registering your OIDs with a registration authority by reviewing these Internet resources: </p> <ul><li>American National Standards Institute (ANSI) is the registration authority for the United States for organization names under the global registration process established by International Standards Organization (ISO) and International Telecommunication Union (ITU). A fact sheet in Microsoft<sup>®</sup> Word format about applying for a Registered Application Provider Identifier (RID) is located at the ANSI Public Document Library Web site <a href="http://public.ansi.org/ansionline/Documents/" target="_blank">http://public.ansi.org/ansionline/Documents/</a><img src="www.gif" alt="Link outside Information Center" />. You can find the fact sheet by selecting <span class="uicontrol">Other Services > Registration Programs</span>. The ANSI OID arc for organizations is <samp class="codeph">2.16.840.1</samp>. ANSI charges a fee for OID arc assignments. It takes approximately two weeks to receive the assigned OID arc from ANSI. ANSI will assign a number (NEWNUM) to create a new OID arc; for example: <samp class="codeph">2.16.840.1.NEWNUM</samp>.</li> <li>In most countries or regions, the national standards association maintains an OID registry. As with the ANSI arc, these are generally arcs assigned under the OID <samp class="codeph">2.16</samp>. It may take some investigation to find the OID authority for a particular country or region. The addresses for ISO national member bodies may be found at <a href="http://www.iso.ch/addresse/membodies.html" target="_blank">http://www.iso.ch/addresse/membodies.html</a><img src="www.gif" alt="Link outside Information Center" />. The information includes postal address and electronic mail. In many cases, a Web site is specified as well.</li> <li>The Internet Assigned Numbers Authority (IANA) assigns private enterprise numbers, which are OIDs, in the arc <samp class="codeph">1.3.6.1.4.1</samp>. IANA has assigned arcs to over 7500 companies to date. The application page is located at <a href="http://www.iana.org/cgi-bin/enterprise.pl" target="_blank">http://www.iana.org/cgi-bin/enterprise.pl</a> <img src="www.gif" alt="Link outside Information Center" />, under Private Enterprise Numbers. The IANA usually takes about one week. An OID from IANA is free. IANA will assign a number (NEWNUM) so that the new OID arc will be <samp class="codeph">1.3.6.1.4.1.NEWNUM</samp>.</li> <li>The U.S. Federal Government maintains the Computer Security Objects Registry (CSOR). The CSOR is the naming authority for the arc <samp class="codeph">2.16.840.1.101.3</samp>, and is currently registering objects for security labels, cryptographic algorithms, and certificate policies. The certificate policy OIDs are defined in the arc <samp class="codeph">2.16.840.1.101.3.2.1</samp>. The CSOR provides policy OIDs to agencies of the U.S. Federal Government. For more information about the CSOR, see <a href="http://csrc.nist.gov/csor/" target="_blank">http://csrc.nist.gov/csor/</a><img src="www.gif" alt="Link outside Information Center" />.</li> </ul> </div> <div> <div class="familylinks"> <div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadminregistries.htm" title="This information explains how to create and manage the Enterprise Identity Mapping (EIM) registry definitions for those user registries in your enterprise that participate in EIM.">Manage Enterprise Identity Mapping registry definitions</a></div> </div> <div class="relinfo"><strong>Related information</strong><br /> <div><a href="http://csrc.nist.gov/csor/pkireg.htm">http://csrc.nist.gov/csor/pkireg.htm</a></div> </div> </div> </body> </html>