When you create an Enterprise Identity Mapping (EIM) registry definition you can specify one of a number of predefined user registry types to represent an actual user registry that exists on a system within the enterprise. Although the predefined registry definition types cover most operating system user registries, you may need to create a registry definition for which EIM does not include a predefined registry type. You have two options in this situation. You can either use an existing registry definition which matches the characteristics of your user registry or you can define a private user registry type.
To define a user registry type that EIM is not predefined to recognize, you must use an object identity (OID) to specify the registry type in the form of ObjectIdentifier-normalization, where ObjectIdentifier is a dotted-decimal object identifier, such as 1.2.3.4.5.6.7, and normalization is either the value caseExact or the value caseIgnore. For example, the object identifier (OID) for iSeries™ is 1.3.18.0.2.33.2-caseIgnore.
You should obtain any OIDs that you need from legitimate OID registration authorities to ensure that you create and use unique OIDs. Unique OIDs help you avoid potential conflicts with OIDs created by other organizations or applications.
There are two ways of obtaining OIDs:
- Register the objects with an authority. This method is a good choice when you need a small number of fixed OIDs to represent information. For example, these OIDs might represent certificate policies for users in your enterprise.
- Obtain an arc assignment from a registration authority and assign your own OIDs as needed. This method, which is a dotted-decimal object-identifier range assignment, is a good choice if you need a large number of OIDs, or if your OID assignments are subject to change. The arc assignment consists of the beginning dotted-decimal numbers from which you must base your ObjectIdentifier. For example, the arc assignment could be 1.2.3.4.5.. You could then create OIDs by adding to this basic arc. For example, you could create OIDs in the form 1.2.3.4.5.x.x.x).
You can learn more about registering your OIDs with a registration authority by reviewing these Internet resources:
- American National Standards Institute (ANSI) is the registration authority
for the United States for organization names under the global registration
process established by International Standards Organization (ISO) and International
Telecommunication Union (ITU). A fact sheet in Microsoft® Word format about applying
for a Registered Application Provider Identifier (RID) is located at the ANSI
Public Document Library Web site http://public.ansi.org/ansionline/Documents/
.
You can find the fact sheet by selecting Other Services > Registration
Programs. The ANSI OID arc for organizations is 2.16.840.1.
ANSI charges a fee for OID arc assignments. It takes approximately two weeks
to receive the assigned OID arc from ANSI. ANSI will assign a number (NEWNUM)
to create a new OID arc; for example: 2.16.840.1.NEWNUM. - In most countries or regions, the national standards association maintains
an OID registry. As with the ANSI arc, these are generally arcs assigned
under the OID 2.16. It may take some investigation to find
the OID authority for a particular country or region. The addresses for ISO
national member bodies may be found at http://www.iso.ch/addresse/membodies.html. The information includes postal
address and electronic mail. In many cases, a Web site is specified as well.
- The Internet Assigned Numbers Authority (IANA) assigns private enterprise
numbers, which are OIDs, in the arc 1.3.6.1.4.1. IANA has
assigned arcs to over 7500 companies to date. The application page is located
at http://www.iana.org/cgi-bin/enterprise.pl ,
under Private Enterprise Numbers. The IANA usually takes about one week.
An OID from IANA is free. IANA will assign a number (NEWNUM) so that the
new OID arc will be 1.3.6.1.4.1.NEWNUM.
- The U.S. Federal Government maintains the Computer Security Objects Registry
(CSOR). The CSOR is the naming authority for the arc 2.16.840.1.101.3,
and is currently registering objects for security labels, cryptographic algorithms,
and certificate policies. The certificate policy OIDs are defined in the
arc 2.16.840.1.101.3.2.1. The CSOR provides policy OIDs
to agencies of the U.S. Federal Government. For more information about the
CSOR, see http://csrc.nist.gov/csor/.