X.500 Standard status
(Implementors' Guide)
X.509 Related activities
How to be involved
More Information
Tutorial section 1
X.500 General
Tutorial section 2
X.509 specific
X.509 at work
The X.500 standard defines several schema elements for general purpose use. In the first edition (the 1988 edition) some very useful object classes were defined. Each of these object classes includes utilise these new attribute types auxiliary object classes have to be defined to complement the structural object classes defined within X.500. Administrators of directories may therefore feel the need to develop own auxiliary object classes and at times also additional attribute types. Such "home grown" directory schema definition makes future interworking problematic. Standardised schema elements should be used whenever possible. During its lifetime the CEN/ISSS Directory Workshop (CEN = European Committee for Standardization; ISSS = Information Society Standardization System) developed a set of directory schema elements. The schema elements defined here should be used in preference to defining own schema elements.
The object identifier subtree used for developing these schema elements were:
euroDir ::= { iso(1) identified-organisation(3) ewos(16) eg(2) dir(1) }
From this root object identifiers are allocated as described below.
The allocation of CEN/ISSS object identifiers is consistent with the object identifier structure of the base Directory Specification (see ISO/IEC 9594-2 or X.501 Annex A). The allocated values are shown below.
euroModule OBJECT IDENTIFIER ::= {euroDir 1} -- for ASN.1 modules
euro-at OBJECT IDENTIFIER ::= {euroDir 4} -- for attributes types
euro-as OBJECT IDENTIFIER ::= {euroDir 5} -- for attribute syntaxes
euro-oc OBJECT IDENTIFIER ::= {euroDir 6} -- for object classes
euro-alg OBJECT IDENTIFIER ::= {euroDir 8} -- for security algorithms
euro-mr OBJECT IDENTIFIER ::= {euroDir 13} -- for matching rules
euro-nf OBJECT IDENTIFIER ::= {euroDir 15} -- for name forms
The schema elements defined here refer to schema elements defined within the Internet environment.
id-euro-oc-organization OBJECT IDENTIFIER ::= { euro-oc 1 }
id-euro-oc-orgUnit OBJECT IDENTIFIER ::= { euro-oc 2 }
id-euro-oc-orgPerson OBJECT IDENTIFIER ::= { euro-oc 3 }
id-euro-oc-resPerson OBJECT IDENTIFIER ::= { euro-oc 4 }
id-euro-at-orgID OBJECT IDENTIFIER ::= { euro-at 1 }
id-euro-at-floor OBJECT IDENTIFIER ::= { euro-at 2 }
id-euro-at-floorEntity OBJECT IDENTIFIER ::= { euro-at 3 }
id-euro-at-telExten OBJECT IDENTIFIER ::= { euro-at 4 }
id-euro-at-fax OBJECT IDENTIFIER ::= { euro-at 5 }
id-euro-at-localEmails OBJECT IDENTIFIER ::= { euro-at 6 }
id-euro-at-area OBJECT IDENTIFIER ::= { euro-at 7 }
id-euro-nf-orgNF OBJECT IDENTIFIER ::= { euro-nf 1 }
id-euro-nf-orgPersNF OBJECT IDENTIFIER ::= { euro-nf 2 }
id-euro-nf-resPersNF OBJECT IDENTIFIER ::= { euro-nf 3 }
The telephone related attribute types taken from RFC-1274 have the syntax TelephoneNumberSyntax, which is defined in the 1988 edition of ISO/IEC 9594-6 or CCITT X.520, but removed in later editions. It is the same as the PrintableString syntax.
The textEncodedORAddress has been included to allow this attribute type as an alternative to the more complex attribute type mhs-or-addresses defined in X.402 | ISO/IEC 10021-2.
Some of the attribute types included in the following auxiliary object classes are taken from ISO/IEC 9594-6 | ITU-T X.520 - Selected Attribute Types. This specification is in the following referred to as X.520
This auxiliary object class is intended to supplement the organization object class defined in ISO/IEC 9594-7 or ITU-T Rec. X.521.
euroOrganization OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { serialNumber | -- from X.520
secretary | -- from RFC-1274
mail | -- from RFC-1274
textEncodedORAddress | -- from RFC-1274
mobile | -- from RFC-1274
pager | -- from RFC-1274
labeledURI | -- from RFC-2079
area | -- defined here
fax | -- defined here
vATName } -- defined here
ID id-euro-oc-organization }
This auxiliary object class is intended to supplement the organizational unit object class defined in ISO/IEC 9594-7 or ITU-T X.521.
euroOrgUnit OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { serialNumber | -- from X.520
secretary | -- from RFC-1274
mail | -- from RFC-1274
textEncodedORAddress | -- from RFC-1274
mobile | -- from RFC-1274
pager | -- from RFC-1274
labeledURI | -- from RFC-2079
area | -- defined here
fax } -- defined here
ID id-euro-oc-orgUnit }
This auxiliary object class is intended to supplement the organizationalPerson object class defined in ISO/IEC 9594-7 or ITU-T X.521.
euroOrgPerson OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { givenName | -- from X.520
initials | -- from X.520
generationQualifier | -- from X.520
uniqueIdentifier | -- from X.520
serialNumber | -- from X.520
secretary | -- from RFC-1274
mail | -- from RFC-1274
textEncodedORAddress | -- from RFC-1274
uid | -- from RFC-1274
mobile | -- from RFC-1274
homePhone | -- from RFC-1274
pager | -- from RFC-1274
homePostalAddress | -- from RFC-1274
roomNumber | -- from RFC-1274
buildingName | -- from RFC-1274
labeledURI | -- from RFC-2079
jpegPhoto | -- from RFC 2798
area | -- defined here
floor | -- defined here
floorEntity | -- defined here
fax | -- defined here
telExten | -- defined here
ID id-euro-oc-orgPerson }
This auxiliary object class is intended to supplement the residentialPerson object class defined in ISO/IEC 9594-7 or ITU-T X.521.
euroResPerson OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { givenName | -- from X.520
initials | -- from X.520
generationQualifier | -- from X.520
title | -- from X.520
uniqueIdentifier | -- from X.520
serialNumber | -- from X.520
houseIdentifier | -- from X.520
mail | -- from RFC-1274
textEncodedORAddress | -- from RFC-1274
mobile | -- from RFC-1274
pager | -- from RFC-1274
buildingName | -- from RFC-1274
labeledURI | -- from RFC-2079
fax | -- defined here
area | -- defined here
floor | -- defined here
floorEntity } -- defined here
ID id-euro-oc-resPerson }
As seen from this object class definition, it is possible to split a postal address up into several attributes. This may not always be useful. It is possible to put street name, house number, floor, etc. together as a single string in the streetAddress attribute (included in the residentialPerson object class). However, it is easier to validate a postal address when the different address items are stored in separate attributes. A telephone operator, as an example, requires being able to validate each piece of an address. It will validate that the postal district is actual existing. It will check an address database to see if the purported street name is a real street within that postal district. It will validate that the absolute correct, official spelling of the street name is used. Otherwise, producing list sorted on street names will not be possible. It will check that house number (houseIdentifier) is valid for the street, etc. This validation is essential to avoid fraud and to ensure high quality data in the directory.
vATName ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-vATName}
EQUALITY MATCHING RULE caseIgnoreMatch
SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
ID id-euro-at-orgID }
This attribute type is intended for holding an organisations VAT-number, government institution-number, or similar.
floor ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-floor}
EQUALITY MATCHING RULE caseIgnoreMatch
SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
ID id-euro-at-floor }
This attribute type is intended to hold a building floor identification, such as "2nd", basement, etc.
floorEntity ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-floor}
EQUALITY MATCHING RULE caseIgnoreMatch
SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
ID id-euro-at-floorEntity }
This attribute type is intended to hold information about the actual location within a particular building floor.
telExten ATTRIBUTE ::= {
SUBTYPE OF telephoneNumber
ID id-euro-at-telExten }
This attribute type is intended to hold the telephone extension of an organizational person.
fax ATTRIBUTE ::= {
SUBTYPE OF telephoneNumber -- from X.520
ID id-euro-at-fax }
This attribute type is intended to hold a fax number. This attribute is an alternative to the facsimileTelephoneNumber attribute type defined in ISO/IEC 9594-6 and ITU-T X.520. This latter attribute type has no associated matching rules, which make it less useful in searches.
area ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-area}
EQUALITY MATCHING RULE caseIgnoreMatch
SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
ID id-euro-at-area }
This attribute type is intended to hold additional addressing information, where some location information is necessary within, say, a postal district.
Under some circumstances it may be difficult to assign unique RDNs under, say, a locality entry. This can be the case for small companies, where company names are not controlled by any naming authorities. It is in particular a problem when assigning RDNs to person, whether they are organisational persons or residential persons. The X.500 standard has defined an attribute, the serialNumber attribute, to cope with this situation, however, the X.500 standard has not defined any name form to include that attribute. Below are defined names form for organisations, organisational person and residential persons. It is assumed that an organisation will always assigned unique names to organisation units and it is therefore not necessary to define a special name form for that type of object.
euroOrgNF NAME-FORM ::= {
NAMES organization
WITH ATTRIBUTES { organizationName }
AND OPTIONALLY { serialNumber }
ID id-euro-nf-orgNF }
This name form is to be used when the standard organization structural object class is supplemented with the euroOrganization auxiliary object class and when it is not always possible to ensure unique naming of organisations without some additional qualification.
euroOrgPersNF NAME-FORM ::= {
NAMES organizationalPerson
WITH ATTRIBUTES { commonName }
AND OPTIONALLY { serialNumber }
ID id-euro-nf-orgPersNF }
This name form is to be used when the standard organizationalPerson structural object class is supplemented with the euroOrgPerson auxiliary object class and when it is not always possible to ensure unique naming of organisational persons without some additional qualification.
euroResPersNF NAME-FORM ::= {
NAMES residentialPerson
WITH ATTRIBUTES { commonName }
AND OPTIONALLY { serialNumber }
ID id-euro-nf-resPersNF }
This name form is to be used when the standard residentialPerson structural object class is supplemented with the euroResPerson auxiliary object class and when it is not always possible to ensure unique naming of residential persons without some additional qualification.