Defining a private user registry type in EIM
When you create an Enterprise Identity Mapping (EIM) registry definition you can specify one of a number of predefined user registry types to represent an actual user registry that exists on a system within the enterprise.
The predefined registry definition types cover most operating system user registries, you may need to create a registry definition for which EIM does not include a predefined registry type. You have two options in this situation. You can either use an existing registry definition which matches the characteristics of your user registry or you can define a private user registry type.
To define a user registry type that EIM is not predefined to recognize,
you must use an object identity (OID) to specify the registry type
in the form of ObjectIdentifier-normalization, where ObjectIdentifier is
a dotted-decimal object identifier, such as 1.2.3.4.5.6.7, and normalization is
either the value caseExact or the value caseIgnore.
For example, the object identifier (OID) for IBM® i is 1.3.18.0.2.33.2-caseIgnore
.
You should obtain any OIDs that you need from legitimate OID registration authorities to ensure that you create and use unique OIDs. Unique OIDs help you avoid potential conflicts with OIDs created by other organizations or applications.
There are two ways of obtaining OIDs:
- Register the objects with an authority. This method is a good choice when you need a small number of fixed OIDs to represent information. For example, these OIDs might represent certificate policies for users in your enterprise.
- Obtain an arc assignment from a registration authority and
assign your own OIDs as needed. This method, which is a dotted-decimal
object-identifier range assignment, is a good choice if you need a
large number of OIDs, or if your OID assignments are subject to change.
The arc assignment consists of the beginning dotted-decimal numbers
from which you must base your ObjectIdentifier. For example,
the arc assignment could be
1.2.3.4.5.
. You could then create OIDs by adding to this basic arc. For example, you could create OIDs in the form1.2.3.4.5.x.x.x)
.
You can learn more about registering your OIDs with a registration authority by reviewing these Internet resources:
- American National Standards Institute (ANSI) is the registration
authority for the United States for organization names under the global
registration process established by International Standards Organization
(ISO) and International Telecommunication Union (ITU). A fact sheet
in Microsoft Word format
about applying for a Registered Application Provider Identifier (RID)
is located at the ANSI Public Document Library Web site http://publicaa.ansi.org/sites/apdl/default.aspx. You can find the fact sheet by selecting Other
Services > Registration Programs. The ANSI OID arc for
organizations is
2.16.840.1
. ANSI charges a fee for OID arc assignments. It takes approximately two weeks to receive the assigned OID arc from ANSI. ANSI will assign a number (NEWNUM) to create a new OID arc; for example:2.16.840.1.NEWNUM
. - In most countries or regions, the national standards association
maintains an OID registry. As with the ANSI arc, these are generally
arcs assigned under the OID
2.16
. It may take some investigation to find the OID authority for a particular country or region. - The Internet Assigned Numbers Authority (IANA) assigns private
enterprise numbers, which are OIDs, in the arc
1.3.6.1.4.1
. IANA has assigned arcs to over 7500 companies to date. The application page is located at http://www.iana.org/cgi-bin/enterprise.pl , under Private Enterprise Numbers. The IANA usually takes about one week. An OID from IANA is free. IANA will assign a number (NEWNUM) so that the new OID arc will be1.3.6.1.4.1.NEWNUM
. - The U.S. Federal Government maintains the Computer Security Objects Registry (CSOR). The CSOR is
the naming authority for the arc
2.16.840.1.101.3
, and is currently registering objects for security labels, cryptographic algorithms, and certificate policies. The certificate policy OIDs are defined in the arc2.16.840.1.101.3.2.1
. The CSOR provides policy OIDs to agencies of the U.S. Federal Government. For more information about the CSOR, review http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/ .