1
ACP-WGM21/WP-cc/
International Civil Aviation Organization
WORKING PAPER / ACP-WGM21/WP-cc
23 June 2014
AERONAUTICAL COMMUNICATIONS PANEL (ACP)
21stMEETING OF WORKING GROUP M (Maintenance)
Montréal, Canada, 17-18 July 2014
Agenda Item 3b: / ATN/OSI Document 9880 Update StatusDirectory– Amendment Proposal updating ASN.1 definitions (Doc 9880 Part IV)
(Presented by Michel Solery, France)
SUMMARYThis paper aims at submitting a Amendment Proposal (AP) related to the Detailed Technical Specifications for Directory, included in Doc 9880 Part-IV, and more specifically to terminology and ASN.1 definitions. The proposal primarily aims at:
- correcting a few inconsistencies found in Doc 9880, AN/466, Part IV, First Edition -2010,
- supporting user requirements expressed in the EUR Region for the sake of user capabilities management.
ACTION
The working group is invited to perform the actions recommended in section 3 of the paper.
1.INTRODUCTION
1.1This paper aims at submitting an Amendment Proposal (AP) related to the Detailed Technical Specifications for Directory, included in Doc 9880 Part-IV, and more specifically to terminology and ASN.1 definitions. The proposal aims at:
- correcting inconsistencies found in Doc 9880, AN/466, Part IV, First Edition -2010;
- supporting user requirements expressed in the EUR Region for the sake of user capabilities management by means of Directory.
- This paper is submitted based on the procedure provided in Appendix 5 to the WGM/14 meeting report.
2.DISCUSSION
2.1These inconsistencies and emerging user requirements were detected during the EDS (European Directory Service) project conducted in Europe under the aegis of Eurocontrol, and in coordination with the EUR ICAO AFS Group.
2.2Changes and additions are introduced, to facilitate Directory support of the EUR “AMHS Address Book” which aims at listing AMHS users, groups of users and DLs together with their capabilities. Since listing of user capabilities is seen as one of the major Directory functions in support of AMHS, it is important that the requirements expressed in the EUR “AMHS Address Book” document be supported by means of Directory features. At present, user capabilities management is provided by AMC, with a global coverage. Therefore, it is beneficial for the overall ICAO community that Directory support of this function be harmonised at a global level, by means of the present Doc 9880 amendment proposal.
2.3The additions were designed with the objective of minimising changes to the current Directory ASN.1 definitions. The enhancement is achieved by the addition of six new attribute types.
2.4It should be noted that some of the changes and corrections are related to sections which are already subject to another Amendment Proposal (ACP WG-M/19 – WP10 - Directory– Amendment Proposal regarding DIT structure), already approved in WG-M/19 (Bucharest, June 2012). For this reason, where appropriate, the text of the latter is used as the basis for additional amendments arising from the present AP. As a consequence, the present paper may be seen as the conjunction of WG-M/19 WP10 and of additional proposals new to this document, and it includes all identified changes to be introduced in Edition 2 of ICAO Document 9880 Part IV.
2.5The changes listed in the Amendment Proposal have been validated, from a technical and interoperability viewpoint, during the EDS interoperability testing performed between Eurocontrol and 4 European ANSPs (France, Germany, Spain, U.K.), at the end of 2013 and beginning of 2014.
3.ACTION BY THE MEETING
3.1The ACP WG-M is invited todiscuss and process the attached Amendment Proposal (AP), to be included as part of anamendment to the officially published version of ICAO Document 9880 Part IV.
3.2Furthermore, the ACP WG-M is invited to recommend that the outcome of the integration of this AP into Doc 9880, provided as an Attachment to this paper, be used by ICAO HQ as the draft Edition 2 of Doc 9880/AN-466 Part IV.
Title: / Directory Services – DIT structureAP working paper number and date: / ACP-WGM21/WP-nn
Document(s) affected: /
- Doc 9880, Manual on detailed technical specifications for the Aeronautical Telecommunication Network using OSI standards and protocols, part IV (Directory Services)
- ACP-WGM19/WP-10: AP to Doc 9880 Part IV - Directory Amendment Proposal (DIT structure)
Sections of Documents affected: / 3.2.3.2.3 Table 3-1, 3.2.4.1 Table 3-2, 3.3.4.1 Table 3-5, 3.5.4.1 Table 3-11, 4.3.1, 4.3.2, 4.3.7, 4.3.12, 4.4.9, 4.4.14 to 4.4.19 (new), 4.8.2.3, 4.8.3 Table 4-4, 4.8.4 Figures 4-1 and 4-2, 4.10, 4.11
Coordinator: / Jean-Marc Vacher
(based on an input by H.J. Merkle, Comsoft GmbH)
Coordinators address: / DSNA/DTI
Pôle CNS/ITR
(ON-X support to international activities)
1 avenue du Dr Maurice Grynfogel
31035 Toulouse
France
Coordinators Phone: / +33 5 6214 5474
Coordinators Fax: / +33 5 6214 5401
Coordinators e-mail address: /
Category: / BUG and ENHANCEMENT
Problem description: / A. Correction of inconsistencies
There are several inconsistencies in the terminology and ASN.1 description of ATN Directory object-classes and attribute-types, where slight differences appear in OC or AT names, in various parts of the document. ASN.1 descriptions are also present in two different places, to depict individual elements and in an overall ASN.1 module. This is valid and usual in such a document but unfortunately, there are also some slight differences between the individual definitions and the overall module.
1) atn-amhs-distribution-list
Three different names are used for this OC:
atn-amhs-distribution-list,
atn-amhs-distributionList, and
atn-distributionList.
The first of these three designators should be used throughout the document (changes required in 3.2.4.1 Table 3-2, 4.8.2.3, 4.8.3 Table 4-4, 4.10)
2) mhs-distribution-list
This standard object-class defined in ITU-T X.402 (or ISO 10021-2) is erroneously referred to using the term “mhs-distributionList”.
The correct term “mhs-distribution-list” should be used throughout the document (changes required in 3.2.3.2.3 Table 3-1, 4.3.7, 4.10).
3) atn-amhs-addressing-scheme
Two different names are used for this AT:
atn-amhs-addressing-scheme, and
atn-amhsMD-addressing-scheme.
The first of these two designators should be used throughout the document (changes required in 4.3.12, 4.10 (as part of atn-amhsMD description))
4)commonName
Two different names are used for this AT:
commonName, and
common-name.
The first of these two designators should be used throughout the document (changes required in 4.3.12, 4.10 (as part of atn-amhsMD description))
5) atn-amhs-user
There are variations in the definitions specified for this OC: the attribute atn-per-certificate is listed at different positions in 4.3.1 and 4.10.
The ASN.1 definition of this OC included in section 4.3.1 (with atn-per-certificate listed just before atn-der-certificate) should be copied into section 4.10 to replace the existing one.
6) atn-organizational-unit
Two different definitions are specified for this OC, one with (4.10) and one without (4.3.2) the atn-facility-name attribute (as part of MAY CONTAIN)
The ASN.1 definition of this OC included in section 4.10 (with AT atn-facility-name) should be copied into section 4.3.2 to replace the existing one.
7) atn-amhs-gateway
Two significantly different definitions are specified for this OC, with two different names (atn-amhs-gateway in 4.3.9 and atn-AmhsGateway in 4.10)
The ASN.1 definition of this OC included in section 4.3.9 should be copied into section 4.10 to replace the existing one.
8) atn-idrp-router
Two different definitions are specified for this OC, one with (4.3.13) and one without (4.10) the atn-der-certificate attribute (as part of MAY CONTAIN)
The ASN.1 definition of this OC included in section 4.3.13 (with atn-der-certificate) should be copied into section 4.10.
9) atn-organization
There is a typo in the definition of this OC included in section 4.10, leading to a discrepancy between 4.3.15 and 4.10.
In 4.10 the upper case ‘O’ in {Organization} should be replaced by lower case, to read {organization}
10) atn-global-domain-identifier
The OIDs specified for this AT in 4.4.9 and 4.10 are different. Furthermore they do not follow the usual OID allocation practice. Both OIDs in 4.4.9 and 4.10 should be replaced with id-at-atn-global-domain-identifier.
11) atnOrgNameForm and atnOrgUnitNameForm
The naming attributes for atnOrgNameForm in 4.8.2.3 and 4.10, and for atnOrgUnitNameForm in 4.10 (OrganizationName and OrganizationalUnitName, respectively) start with a capital ‘O’ whilst they should start with a lower case character. These capital ‘O’ characters should be replaced with lower case ‘o’.
12) Although understandable, figures 4-1 and 4-2 do not strictly use the OC designators defined in sections 4.3 and 4.10. This should be corrected. Furthermore Figure 4-2 still includes an “atn-AmhsUser” box which should be removed, and an empty box which should be filled in with “device”.
13) A minor typo is present in section 4.11, where the word id-at-atn-ipm-heading-extensions contains an unexpected space character after ‘id-at-’
B. Enhancement for User Capabilities Management
Changes and additions are introduced, to facilitate Directory support of the EUR “AMHS Address Book” which aims at listing AMHS users, groups of users and DLs together with their capabilities. Since listing of user capabilities is seen as one of the major Directory functions in support of AMHS at a worldwide level, it is important that these requirements be supported by means of Directory features and harmonised at a global level.
Six new atn-specific attribute types are defined:
-atn-maximum-number-of-body-parts (integer)
-atn-maximum-text-size (integer)
-atn-maximum-file-size (integer)
-atn-use-of-amhs-security (Boolean)
-atn-use-of-directory(Boolean)
-atn-group-of-addresses (Boolean)
They need to be added in section 3.3.4.1 Table 3-5, 3.5.4.1 Table 3-11, 4.4.14 to 4.4.19 (new), 4.10 and 4.11.
Furthermore, they are defined to complement the ASN.1 definitions of the object-classes atn-amhs-user and atn-amhs-distribution-list. These definitions consequently need to be updated too, with an impact on sections 4.3.1, 4.3.7 and 4.10.
Background: / Development of the EDS (European Directory Service) project, result in the Directory Service Operation Concept
Backwards compatibility: / The current inconsistencies may lead to different implementers having different interpretations, thereby hindering interoperability.
Such inconsistencies must be removed to avoid such risk.
Backward compatibility with implementations having made choices different from those above is not ensured.
The correction of these inconsistencies, which is required in any case, provides an opportunity for additional changes without later impact on interoperability.
Amendment Proposal: / 1)Use the sections provided below as the replacement for equivalent sections in Edition 1, as amended by the referred AP ;
2)Replace Table 4-4 with the Table below, which is derived from the referred AP previously discussed by WG-M. The amendments of the previous AP remain highlighted as changes, for comparison with the current Edition 1 text.
3)Replace Figures 4-1 and 4-2 with the Figures below. Figure 1 is derived from the referred AP previously discussed by WG-M. The amendments of the previous AP remain highlighted as changes, for comparison with the current Edition 1 text.
4)Update the complete ASN.1 module in section 4.10 as described below.
5)Update the OID definitions in section 4.11 by removing the space character in excess in id-at- atn-ipm-heading-extensions and adding the OIDs for the six new attribute types.
Amendment Part1a:
[Start of document excerpt]
3.2.3.2.3Table 3-1 is structured as a PRL derived from the ISPICS pro forma included in ISO/IEC ISP 11189 (FDI2). The columns “base”, “basic profile”, “profile DL FG” and “ISP” are extracted from ISO/IECISP 11189. The column “ATN DSA” specifies the static capability of an ATN DSA to contain, convey and handle attributes of the referenced object classes.
Table 3-1.DSA support of object classes for the MHS
Ref. no. / Object class / Base / Basic profile / DL profile FG / ATN DSA1 / mhs-distributionL-list / O / O / M / M
2 / mhs-message-store / O / O / - / M
3 / mhs-message-transfer-agent / O / O / - / M
4 / mhs-user / O / M / - / M
5 / mhs-user-agent / O / O / - / M
13.2.4DSA object classes defined for the ATN
3.2.4.1ATN DSAs shall support the ATN-specific object classes as specified in Table 3-2.
Table 3-2.DSA support of object classes defined for the ATN
Ref. / Object classes / ATN DSA1 / atn-amhs-user / M
2 / atn-organizational-unit / M
3 / atn-organizational-person / M
4 / atn-organizational-role / M
5 / atn-application-entity / M
6 / atn-certification-authority / M
7 / atn-amhs-distribution-list distributionList / M
8 / atn-amhs-user-agent / M
9 / atn-amhs-gateway / M
10 / atn-aircraft / M
11 / atn-facility / M
12 / atn-amhsMD / M
13 / atn-idrp-router / M
14 / atn-dSA / M
15 / atn-organization / M
[End of document excerpt]
Amendment Part1b:
[Start of document excerpt]
3.3.4DSA attribute types defined for the ATN
3.3.4.1An ATN DSA shall support the ATN-specific attributes defined in Section 4.4 as specified in Table 3-5.
Table 3-5.DSA support of attribute types defined for the ATN
Ref. no. / Attribute type / ATN DSA / Notes1 / atn-AF-address / M / See 4.4
2 / atn-per-certificate / M / “
3 / atn-der-certificate / M / “
4 / atn-amhs-direct-access / M / “
5 / atn-facility-name / M / “
6 / atn-aircraftIDName / M / “
7 / atn-version / M / “
8 / atn-ipm-heading-extensions / M / “
9 / atn-global-domain-identifier / M / “
10 / atn-icao-designator / M / “
11 / atn-net / M / “
12 / atn-amhs-addressing-scheme / M / “
13 / atn-amhsMD-naming-context / M / “
14 / atn-maximum-number-of-body-parts / M
15 / atn-maximum-text-size / M
16 / atn-maximum-file-size / M
17 / atn-use-of-amhs-security / M
18 / atn-use-of-directory / M
19 / atn-group-of-addresses / M
[End of document excerpt]
Amendment Part1c:
[Start of document excerpt]
3.5.4DUA supported ATN-specific attribute types
3.5.4.1ATN DUAs shall support the ATN-specific attributes listed in Table 3-11.
Table 3-11.DUA support of ATN-specific attribute types
Ref. no. / Attribute type / ATN DSADUA / Notes1 / atn-AF-address / m / See 4.4.1
2 / atn-per-certificate / m / See 4.4.2
3 / atn-der-certificate / m / See 4.4.3
4 / atn-amhs-direct-access / m / See 4.4.4
5 / atn-facility-name / m / See 4.4.5
6 / atn-aircraftIDName / m / See 4.4.6
7 / atn-version / m / See 4.4.7
8 / atn-ipm-heading-extensions / m / See 4.4.8
9 / atn-global-domain-identifier / m / See 4.4.9
10 / atn-icao-designator / m / See 4.4.10
11 / atn-net / m / See 4.4.11
12 / atn-amhs-addressing-scheme / m / See 4.4.12
13 / atn-amhsMD-naming-context / m / See 4.4.13
14 / atn-maximum-number-of-body-parts / m / See 4.4.14
15 / atn-maximum-text-size / m / See 4.4.15
16 / atn-maximum-file-size / m / See 4.4.16
17 / atn-use-of-amhs-security / m / See 4.4.17
18 / atn-use-of-directory / m / See 4.4.18
19 / atn-group-of-addresses / m / See 4.4.19
[End of document excerpt]
Amendment Part 1d:
[Start of document excerpt]
4.3.1The ATN-specific object class atn-amhs-user shall be defined by the ASN.1 syntax:
atn-amhs-user OBJECT-CLASS ::= {
SUBCLASS OF{ top }
KINDAUXILIARY
MUST CONTAIN{ mhs-or-addresses |
atn-ipm-heading-extensions |
atn-amhs-direct-access }
MAY CONTAIN{ mhs-maximum-content-length |
mhs-deliverable-content-types |
mhs-acceptable-eits |
mhs-exclusively-acceptable-eits |
atn-maximum-number-of-body-parts |
atn-maximum-text-size |
atn-maximum-file-size |
mhs-message-store-dn |
atn-per-certificate |
atn-der-certificate |
atn-use-of-amhs-security |
atn-use-of-directory |
atn-group-of-addresses |
atn-AF-address }
ID id-oc-atn-AmhsUser }
4.3.2The ATN-specific object class atn-organizational-unit shall be defined by the ASN.1 syntax:
atn-organizational-unit OBJECT-CLASS ::= {
SUBCLASS OF{ organizationalUnit }
MUST CONTAIN{ }
MAY CONTAIN{ atn-per-certificate |
atn-der-certificate | }
atn-facility-name }
ID id-oc-atn-OrganizationalUnit }
[End of document excerpt]
Amendment Part 1e:
[Start of document excerpt]
4.3.7The ATN-specific object class atn-amhs-distribution-list shall be defined by the ASN.1 syntax:
atn-amhs-distribution-list OBJECT-CLASS ::= {
SUBCLASS OF{ mhs-distribution-Llist }
MUST CONTAIN{ atn-ipm-heading-extensions }
MAY CONTAIN{ atn-maximum-number-of-body-parts |
atn-maximum-text-size |
atn-maximum-file-size |
atn-per-certificate |
atn-der-certificate |}
atn-use-of-amhs-security |
atn-use-of-directory |
atn-AF-address }
ID id-oc-atn-AmhsDistributionList }
[End of document excerpt]
Amendment Part 1f:
[Start of document excerpt]
4.3.12The ATN-specific object class atn-amhsMD shall be defined by the ASN.1 syntax:
atn-amhsMD OBJECT-CLASS ::= {
SUBCLASS OF{ top }
MUST CONTAIN{ commonName-name |
atn-global-domain-identifier |
atn-icao-designator |
atn-amhsMD-addressing-scheme }
MAY CONTAIN{ atn-amhsMD-naming-context }
ID id-oc-atn-amhsMD }
[End of document excerpt]
Amendment Part 1g:
[Start of document excerpt]
4.4.9The ATN-specific attribute atn-global-domain-identifier shall be defined by the ASN.1 syntax:
atn-global-domain-identifierATTRIBUTE ::= {
WITH SYNTAX mhs-or-address
SINGLE VALUE TRUE
ID id-at-atn-amhs-global-domain-identifier }
[End of document excerpt]
Amendment Part 1h:
[Start of document excerpt]
4.4.14The ATN-specific attribute atn-maximum-number-of-body-parts shall be defined by the ASN.1 syntax:
atn-maximum-number-of-body-partsATTRIBUTE ::= {
WITH SYNTAX INTEGER
SINGLE VALUE TRUE
ID id-at-atn-maximum-number-of-body-parts }
4.4.15The ATN-specific attribute atn-maximum-text-size shall be defined by the ASN.1 syntax:
atn-maximum-text-sizeATTRIBUTE ::= {
WITH SYNTAX ContentLength
SINGLE VALUE TRUE
ID id-at-atn-maximum-text-size }
4.4.16The ATN-specific attribute atn-maximum-file-size shall be defined by the ASN.1 syntax:
atn-maximum-file-sizeATTRIBUTE ::= {
WITH SYNTAX ContentLength
SINGLE VALUE TRUE
ID id-at-atn-maximum-file-size }
4.4.17The ATN-specific attribute atn-use-of-amhs-security shall be defined by the ASN.1 syntax:
atn-use-of-amhs-securityATTRIBUTE ::= {
WITH SYNTAX BOOLEAN
SINGLE VALUE TRUE
ID id-at-atn-use-of-amhs-security }
4.4.18The ATN-specific attribute atn-use-of-directory shall be defined by the ASN.1 syntax:
atn-use-of-amhs-directoryATTRIBUTE ::= {
WITH SYNTAX BOOLEAN
SINGLE VALUE TRUE
ID id-at-atn-use-of-directory }
4.4.19The ATN-specific attribute atn-group-of-addresses shall be defined by the ASN.1 syntax:
atn-group-of-addressesATTRIBUTE ::= {
WITH SYNTAX BOOLEAN
SINGLE VALUE TRUE
ID id-at-atn-group-of-addresses }
[End of document excerpt]
Amendment Part 1i:
[Start of document excerpt]
4.8.2.3ATN name forms shall comply with the following ASN.1 definitions:
atnOrgUnitNameFormNAME-FORM ::= {
NAMESatn-organizational-unit
WITH ATTRIBUTES{ organizationalUnitName }