Certificate extension: "roleSpecCertIdentifier" (Role specification certificate identifier extension)
View at oid-info.com
This extension may be used by an AA as a pointer to a role specification certificate that contains the assignment of privileges to a role. It may be present in a role assignment certificate (i.e. a certificate that contains the role attribute).
A privilege verifier, when dealing with a role assignment certificate, needs to obtain the set of privileges of that role in order to determine whether to pass or fail the verification. If the privileges were assigned to the role in a role specification certificate, this field may be used to locate that certificate.
More information can be found in Recommendation ITU-T X.509 (March 2000) and in ISO/IEC 9594-8 (2001): "Directory: Public-key and attribute certificate frameworks".
ITU-T SG 17 & ISO/IEC JTC 1/SC 6
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 2.5.29.1 | authorityKeyIdentifier | 0 | 0 | X.509 old Authority Key Identifier Deprecated, use {2 5 29 35} instead |
| 2.5.29.2 | keyAttributes | 0 | 0 | Obsolete |
| 2.5.29.3 | certificatePolicies | 0 | 0 | Certificate policies (obsolete but can be found in some VeriSign-issued certificates) |
| 2.5.29.4 | keyUsageRestriction | 0 | 0 | Obsolete |
| 2.5.29.5 | policyMapping | 0 | 0 | Obsolete |
| 2.5.29.6 | subtreesConstraint | 0 | 0 | Obsolete |
| 2.5.29.7 | subjectAltName | 0 | 0 | Obsolete |
| 2.5.29.8 | issuerAltName | 0 | 0 | Obsolete |
| 2.5.29.9 | subjectDirectoryAttributes | 0 | 0 | Subject directory attributes certificate extension |
| 2.5.29.10 | basicConstraints | 0 | 0 | X.509 id-ce (deprecated) |
| 2.5.29.11 | 11 | 0 | 0 | Obsolete |
| 2.5.29.12 | 12 | 0 | 0 | Obsolete |
| 2.5.29.13 | 13 | 0 | 0 | Obsolete |
| 2.5.29.14 | subjectKeyIdentifier | 0 | 0 | Subject key identifier. |
| 2.5.29.15 | keyUsage | 0 | 0 | Key usage. |
| 2.5.29.16 | privateKeyUsagePeriod | 0 | 0 | Private key usage period. |
| 2.5.29.17 | subjectAltName | 0 | 0 | Subject alternative name. |
| 2.5.29.18 | issuerAltName | 0 | 0 | Issuer alternative name. |
| 2.5.29.19 | basicConstraints | 0 | 0 | Basic constraints. |
| 2.5.29.20 | cRLNumber | 0 | 0 | CRL (Certificate Revocation List) number. |
| 2.5.29.21 | reasonCode | 0 | 0 | Reason code. |
| 2.5.29.22 | expirationDate | 0 | 0 | Obsolete |
| 2.5.29.23 | instructionCode | 0 | 0 | Hold instruction code |
| 2.5.29.24 | invalidityDate | 0 | 0 | Invalidity date. |
| 2.5.29.25 | cRLDistributionPoints | 0 | 0 | Obsolete |
| 2.5.29.26 | issuingDistributionPoint | 0 | 0 | Obsolete |
| 2.5.29.27 | deltaCRLIndicator | 0 | 0 | Certificate Revocation List indicator. |
| 2.5.29.28 | issuingDistributionPoint | 0 | 0 | Issuing distribution point. |
| 2.5.29.29 | certificateIssuer | 0 | 0 | Certificate issuer. |
| 2.5.29.30 | nameConstraints | 1 | 1 | Name constraints. |
| 2.5.29.31 | cRLDistributionPoints | 0 | 0 | Certificate Revocation List distribution points. |
| 2.5.29.32 | certificatePolicies | 1 | 1 | Certificate policies |
| 2.5.29.33 | policyMappings | 0 | 0 | Policy mappings. |
| 2.5.29.34 | policyConstraints | 0 | 0 | X.509 id-ce Deprecated, use {2 5 29 36} instead |
| 2.5.29.35 | authorityKeyIdentifier | 0 | 0 | Authority key identifier. |
| 2.5.29.36 | policyConstraints | 0 | 0 | Policy constraints. |
| 2.5.29.37 | extKeyUsage | 1 | 1 | Certificate extension: "extKeyUsage" (Extended key usage) |
| 2.5.29.38 | authorityAttributeIdentifier | 0 | 0 | Certificate extension: "authorityAttributeIdentifier" |
| 2.5.29.40 | cRLStreamIdentifier | 0 | 0 | Certificate extension: "cRLStreamIdentifier" |
| 2.5.29.41 | basicAttConstraints | 0 | 0 | Certificate extension: "basicAttConstraints" |
| 2.5.29.42 | delegatedNameConstraints | 0 | 0 | Certificate extension: "delegatedNameConstraints" |
| 2.5.29.43 | timeSpecification | 0 | 0 | Certificate extension: "timeSpecification" |
| 2.5.29.44 | cRLScope | 0 | 0 | Certificate extension: "cRLScope" |
| 2.5.29.45 | statusReferrals | 0 | 0 | Certificate extension: "statusReferrals" |
| 2.5.29.46 | freshestCRL | 0 | 0 | Certificate extension: "freshestCRL" |
| 2.5.29.47 | orderedList | 0 | 0 | Certificate extension: "orderedList" |
| 2.5.29.48 | attributeDescriptor | 0 | 0 | Certificate extension: "attributeDescriptor" |
| 2.5.29.49 | userNotice | 0 | 0 | Certificate extension: "userNotice" |
| 2.5.29.50 | sOAIdentifier | 0 | 0 | Certificate extension: "sOAIdentifier" |
| 2.5.29.51 | baseUpdateTime | 0 | 0 | Certificate extension: "baseUpdateTime" |
| 2.5.29.52 | acceptableCertPolicies | 0 | 0 | Certificate extension: "acceptableCertPolicies" (Acceptable certificate policies extension) |
| 2.5.29.53 | deltaInfo | 0 | 0 | Certificate extension: "deltaInfo" |
| 2.5.29.54 | inhibitAnyPolicy | 0 | 0 | X.509 version 3 certificate extension Inhibit Any-policy The inhibit any-policy extension can be used in certificates issued t… |
| 2.5.29.55 | targetInformation | 0 | 0 | Certificate extension: "targetInformation" (Targeting information extension) |
| 2.5.29.56 | noRevAvail | 0 | 0 | Certificate extension: "noRevAvail" (No revocation information extension) |
| 2.5.29.57 | acceptablePrivilegePolicies | 0 | 0 | Certificate extension: "acceptablePrivilegePolicies" |
| 2.5.29.58 | id-ce-toBeRevoked | 0 | 0 | None |
| 2.5.29.59 | id-ce-RevokedGroups | 0 | 0 | None |
| 2.5.29.60 | id-ce-expiredCertsOnCRL | 0 | 0 | None |
| 2.5.29.61 | indirectIssuer | 0 | 0 | (Attribute) certificate extension: "indirectIssuer" |
| 2.5.29.62 | id-ce-noAssertion | 0 | 0 | None |
| 2.5.29.63 | id-ce-aAissuingDistributionPoint | 0 | 0 | None |
| 2.5.29.64 | id-ce-issuedOnBehaIFOF | 0 | 0 | None |
| 2.5.29.65 | id-ce-singleUse | 0 | 0 | None |
| 2.5.29.66 | id-ce-groupAC | 0 | 0 | None |
| 2.5.29.67 | id-ce-allowedAttAss | 0 | 0 | None |
| 2.5.29.68 | id-ce-attributeMappings | 0 | 0 | None |
| 2.5.29.69 | id-ce-holderNameConstraints | 0 | 0 | None |