C.1.4 h235Identity (H.350.2)

OID: 0.0.8.350.1.1.4.2.1

objectclasses: (0.0.8.350.1.1.4.2.1

NAME 'h235Identity'

DESC 'h235Identity object'

SUP top AUXILIARY

MAY ( h235IdentityEndpointID $ h235IdentityPassword $

userCertificate $ cACertificate $ authorityRevocationList $

certificateRevocationList $ crossCertificatePair )

)

DEFINITION & USE:

 
This object class is used to represent H.235 (the security profiles associated with H.323) elements. It is an auxiliary class related to H.350 and implementers should review H.350 in detail. The h235Identity object class defines two attributes, h235IdentityEndpointID and h235IdentityPassword, which are needed to implement H.235 Annex D. The remaining attributes that are used, and which are already defined in LDAP, are needed to support H.235 Annex E. Those attributes are userCertificate, cACertificate, authorityRevocationList, certificateRevocationList, and crossCertificatePair. These elements can be downloaded to an endpoint for automatic configuration or accessed by a gatekeeper for call signaling and authentication. The definitions and purpose of each of those attributes are defined in IETF RFC2256.

C.1.4.1 h235IdentityEndpointID

OID: 0.0.8.350.1.1.4.1.1

attributetypes: (0.0.8.350.1.1.4.1.1

NAME 'h235IdentityEndpointID'

DESC 'The Sender ID as defined in ITU-H235.'

EQUALITY caseIgnoreMatch

SUBSTR caseIgnoreSubstringsMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

DEFINITION & USE:

 
The endpoint's senderID as defined in ITU-H235 (this is always identical to endpointID). In practice, it is necessary for the h235IdentityEndpointID attribute to be unique for every endpoint. For applications using H.350 and H.235 Annex D, setting h235IdentityID equal to the commUniqueID is a handy way to insure uniqueness. Recall that by design this attribute is truly a device ID. H.350 provides a mechanism for mapping this device ID to the user ID, as described in section of this book.

NUMBER OF VALUES:

 
multi

INDEXING PROFILE:

 
No recommendation

EXAMPLE (LDIF FRAGMENT):

 
h235IdentityEndpointID: johnsmith

C.1.4.2 h235IdentityPassword

OID: 0.0.8.350.1.1.4.1.2

attributetypes: (0.0.8.350.1.1.4.1.2

NAME 'h235IdentityPassword'

DESC 'The endpoint password as defined in ITU-H325.'

EQUALITY octetStringMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )

DEFINITION & USE:

 
The endpoint's H.323 password as defined in ITU-T H.235. In practice, there will always be one and only one h235IdentityPassword attribute for every endpoint. If the password is stored in LDAP in encrypted format, then the LDAP encryption algorithm should match the encryption algorithm for the gatekeeper and endpoint, i.e. the gatekeeper and endpoint should support the same encryption format as the LDAP server, even as systems are upgraded over time. This is so the endpoint and gatekeeper may derive the unencrypted password in order to perform H.235 Annex D operations. Since this may not always be possible, the password may be stored in LDAP in an unencrypted fashion. In this case, whenever the password is read by a gatekeeper or endpoint, that communication should be transacted over a secure transport mechanism, e.g. TLS. (See further discussion in Chapter XX on Authentication)

NUMBER OF VALUES:

 
multi

INDEXING PROFILE:

 
equality

EXAMPLE (LDIF FRAGMENT):

 
h235IdentityPassword: 36zxJmCIB18dM0FVAj