Rev 2 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 2 | daniel-mar | 1 | <div id="global_content"> |
| 2 | <div id="introduction"> |
||
| 3 | |||
| 4 | <table width="100%" border="0" cellpadding="0" cellspacing="0"> |
||
| 5 | <tbody> |
||
| 6 | <tr> |
||
| 7 | <td><span class="page_title"><a name="oid"></a>Introduction to OIDs</span></td> |
||
| 13 | daniel-mar | 8 | |
| 9 | <td width="28%" valign="middle" align="right"> |
||
| 10 | <div id="menu"> |
||
| 11 | <ul> |
||
| 12 | <li> |
||
| 13 | <a href="doc/introduction%20to%20object%20identifiers%20(OIDs).pdf">Presentation on OIDs</a> |
||
| 14 | </li> |
||
| 15 | <li> |
||
| 16 | <a href="faq.htm">Frequently Asked Questions<!-- (FAQ)--></a> |
||
| 17 | </li> |
||
| 18 | </ul> |
||
| 19 | </div> |
||
| 20 | </td> |
||
| 21 | |||
| 2 | daniel-mar | 22 | </tr> |
| 13 | daniel-mar | 23 | <tr><td colspan="2"> |
| 2 | daniel-mar | 24 | <p> |
| 25 | The Object Identifier (OID) concept and implementation dates back to |
||
| 26 | the mid-1980s, based on collaboration with the International Federation |
||
| 27 | for Information Processing (IFIP) over the previous several years. |
||
| 28 | </p> |
||
| 29 | <p> |
||
| 30 | OIDs provide a persistent identification of objects based on a hierarchical |
||
| 31 | structure of Registration Authorities (RA), where each parent has an |
||
| 32 | object identifier and allocates object identifiers to child nodes. It |
||
| 33 | provides a universal and flexible identification scheme for persistent |
||
| 34 | objects. It has been supported and recommended by ITU-T, ISO and IEC, |
||
| 35 | and has been used in many ITU-T (and ITU-R) Recommendations, and ISO |
||
| 36 | and IEC International Standards, since the middle 1980s, as part of |
||
| 37 | the ASN.1 (Abstract Syntax Notation One). |
||
| 38 | </p> |
||
| 39 | <p> |
||
| 40 | Almost any organization, Recommendation, or Standard can obtain (if |
||
| 41 | it not already has) an OID node. OIDs are fundamental for all security |
||
| 42 | work in ITU, ISO and IETF, and are widely used in many standards. |
||
| 43 | </p> |
||
| 44 | </td></tr> |
||
| 45 | |||
| 46 | <tr><td> |
||
| 47 | <p> |
||
| 48 | <img src="images/fl.png" style="width: 10px; height: 8px;" |
||
| 13 | daniel-mar | 49 | width="41" border="0" height="8"> <a href="https://www.itu.int/pub/T-HDB-LNG.4-2010"><span style="font-size:12px;"> |
| 50 | OID handbook |
||
| 51 | </span></a> |
||
| 52 | </p> |
||
| 53 | <p> |
||
| 54 | <img src="images/fl.png" style="width: 10px; height: 8px;" |
||
| 55 | width="41" border="0" height="8"> <a href="faq.htm#16"><span style="font-size:12px;"> |
||
| 2 | daniel-mar | 56 | What |
| 57 | do we call a registration tree (or object identifier tree)? |
||
| 58 | </span></a> |
||
| 59 | </p> |
||
| 60 | <p> |
||
| 61 | <img src="images/fl.png" style="width: 10px; height: 8px;" |
||
| 13 | daniel-mar | 62 | width="41" border="0" height="8"> <a href="faq.htm#18"><span style="font-size:12px;"> |
| 2 | daniel-mar | 63 | How |
| 64 | is the entire registration tree managed? |
||
| 65 | </span></a> |
||
| 66 | </p> |
||
| 67 | <p> |
||
| 13 | daniel-mar | 68 | <img src="images/fl.png" style="width: 10px; height: 8px;" width="41" border="0" height="8"> <a href="#" onclick="showdiv('Q3');"><span style="font-size:12px;"> |
| 2 | daniel-mar | 69 | Where |
| 70 | can I learn more about OIDs and registration? |
||
| 71 | </span></a> |
||
| 72 | </p> |
||
| 73 | </td></tr> |
||
| 74 | |||
| 75 | </tbody> |
||
| 76 | </table> |
||
| 77 | <table width="100%" border="0" cellpadding="0" cellspacing="0"> |
||
| 78 | <tbody> |
||
| 79 | <tr> |
||
| 80 | <span class="section_title"><a name="long-arc"></a>Internationalization and the long arc concept</span> |
||
| 81 | </tr> |
||
| 82 | </tbody> |
||
| 83 | </table> |
||
| 84 | <table width="100%" border="0" cellpadding="0" cellspacing="0"> |
||
| 85 | <tbody> |
||
| 86 | <tr><td> |
||
| 87 | <p> |
||
| 88 | In the early years of 2000, the Object Identifier tree was renamed as |
||
| 89 | the International Object Identifier tree, and the names of arcs were |
||
| 90 | extended to allow what were called "Unicode labels" - names in any language, |
||
| 91 | using the <a href="http://www.unicode.org">Unicode</a> character set |
||
| 92 | - and were made available for computer communication alongside the original |
||
| 93 | numbers. |
||
| 94 | </p> |
||
| 95 | <p> |
||
| 96 | At the same time, the concept of "long arcs" from the root of the International |
||
| 97 | OID tree to a node at level 2 or below was introduced. Long arcs do |
||
| 98 | not have numerical values, but provide an unambiguous reference to the |
||
| 99 | node from the root using a Unicode label. |
||
| 100 | </p> |
||
| 101 | <p> |
||
| 102 | Use of a path specified purely in terms of the set of Unicode labels |
||
| 103 | on the (normal or long) arcs from the root to a node is called an International |
||
| 104 | Object Identifier for that node. |
||
| 105 | </p> |
||
| 106 | <p> |
||
| 107 | In order to support names of arcs in multiple languages, an arc can |
||
| 108 | have multiple Unicode labels, giving rise to a need to transform a path |
||
| 109 | using Unicode labels into a canonical form of purely numerical labels |
||
| 110 | to identify the node. This is handled by the OID Resolution System (described |
||
| 111 | below). |
||
| 112 | </p> |
||
| 113 | </td></tr> |
||
| 114 | |||
| 115 | <tr><td> |
||
| 116 | <img src="images/fl.png" style="width: 10px; height: 8px;" width="41" border="0" height="8"> |
||
| 13 | daniel-mar | 117 | <a href="faq.htm#iri"><span style="font-size:12px;"> |
| 2 | daniel-mar | 118 | What |
| 119 | is an OID-IRI (Internationalized Resource Identifier)? |
||
| 120 | </span></a> |
||
| 121 | </td></tr> |
||
| 122 | |||
| 123 | </tbody> |
||
| 124 | </table> |
||
| 125 | <br><table width="100%" border="0" cellpadding="0" cellspacing="0"> |
||
| 126 | <tbody> |
||
| 127 | <tr> |
||
| 128 | <td><span class="section_title"><a name="use"></a>Use of OIDs</span></td> |
||
| 129 | </tr> |
||
| 130 | <tr><td> |
||
| 131 | <p> |
||
| 132 | It is hard to summarize the uses. This OID repository gives an impression |
||
| 133 | of the wide-spread use. |
||
| 134 | </p> |
||
| 135 | <p>Known areas of use include:</p> |
||
| 136 | <ul> |
||
| 137 | <li> |
||
| 138 | Extensive use in security in IETF, Rec. ITU-T X.500, ISO/IEC, RSA |
||
| 139 | and NIST encryption algorithms, etc.; |
||
| 140 | </li> |
||
| 141 | <li> extensive use in e-health standards;</li> |
||
| 142 | <li> |
||
| 143 | extensive use for network management (Management Information Bases, |
||
| 144 | MIBS); |
||
| 145 | </li> |
||
| 146 | <li>use related to RFID tags;</li> |
||
| 147 | <li>emerging use for the Common Alerting Protocol for disaster notification:</li> |
||
| 148 | <li>use forcybersecurity alerts. </li> |
||
| 149 | </ul> |
||
| 150 | </td></tr> |
||
| 151 | <tr><td> |
||
| 152 | <p> |
||
| 153 | <img src="images/fl.png" style="width: 10px; height: 8px;" |
||
| 13 | daniel-mar | 154 | width="41" border="0" height="8"> <a href="faq.htm#2"><span style="font-size:12px;"> |
| 2 | daniel-mar | 155 | Which |
| 156 | kind of objects can be referenced by OIDs? |
||
| 157 | </span></a> |
||
| 158 | </p> |
||
| 159 | <p> |
||
| 160 | <img src="images/fl.png" style="width: 10px; height: 8px;" |
||
| 13 | daniel-mar | 161 | width="41" border="0" height="8"> <a href="faq.htm#10"><span style="font-size:12px;"> |
| 2 | daniel-mar | 162 | How |
| 163 | to get an OID assigned? |
||
| 164 | </span></a> |
||
| 165 | </p> |
||
| 166 | </td></tr> |
||
| 167 | </tbody> |
||
| 168 | </table> |
||
| 169 | |||
| 170 | <table width="100%" border="0" cellpadding="0" cellspacing="0"> |
||
| 171 | <tbody> |
||
| 172 | <tr> |
||
| 173 | <td><span class="section_title"><a name="ors"></a>Introduction to the ORS (OID Resolution System)</span></td> |
||
| 174 | </tr> |
||
| 175 | </tbody> |
||
| 176 | </table> |
||
| 177 | <table width="100%" border="0" cellpadding="0" cellspacing="0"> |
||
| 178 | <tbody> |
||
| 179 | <tr><td> |
||
| 180 | <p> |
||
| 181 | Given that there are multiple ways of identifying an International |
||
| 182 | Object Identifier tree node by a set of Unicode labels defining the |
||
| 183 | path from the root to that node, there was a requirement to be able |
||
| 184 | to transform that by an efficient on-line look-up into a canonical form |
||
| 185 | consisting of the all-numeric identification of arcs of the path (canonicalization). |
||
| 186 | </p> |
||
| 187 | <p> |
||
| 188 | There was also a requirement for the management of a node to be able |
||
| 189 | to store (and applications to retrieve) information associated with |
||
| 190 | a node in a flexible way (node information retrieval). This was first |
||
| 191 | identified in terms of RFID applications (What is the content of this |
||
| 192 | jar of jam? Who is the owner of this piece of hold baggage? etc.) but |
||
| 193 | now extends more widely. |
||
| 194 | </p> |
||
| 195 | <p> |
||
| 196 | There was a requirement for both of these look-up activities to be |
||
| 197 | fully supported by authentication of the returned result with a trust |
||
| 198 | anchor. |
||
| 199 | </p> |
||
| 200 | <p> |
||
| 201 | The OID Resolution System (ORS) was developed from 2004 onwards, and |
||
| 202 | allows an application to obtain (online) application-specific information |
||
| 203 | related to any node identified by an OID. |
||
| 204 | </p> |
||
| 205 | <p> |
||
| 206 | The ORS enables any one of the OID nodes to be mapped into DNS name |
||
| 207 | zone files, and information about it can be obtained by a DNS look-up |
||
| 208 | for further application processing. The system was initially designed |
||
| 209 | to support RFID tag activity, but also has applications in many other |
||
| 210 | application areas. |
||
| 211 | </p> |
||
| 212 | </td></tr> |
||
| 213 | <tr><td> |
||
| 214 | <img src="images/fl.png" style="width: 10px; height: 8px;" |
||
| 215 | width="41" border="0" height="8"> More |
||
| 216 | information in the |
||
| 217 | <a href="http://www.itu.int/pub/T-HDB-LNG.4-2010">OID |
||
| 218 | handbook</a> (part 6) |
||
| 219 | </td></tr> |
||
| 220 | </tbody> |
||
| 221 | </table> |
||
| 222 | <br><table width="100%" border="0" cellpadding="0" cellspacing="0"> |
||
| 223 | <tbody> |
||
| 224 | <tr> |
||
| 225 | <td><span class="section_title"><a name="features"></a>Features of the ORS (OID Resolution System)</span></td> |
||
| 226 | </tr> |
||
| 227 | <tr><td> |
||
| 228 | <ul> |
||
| 229 | <li> |
||
| 230 | <em>Support for the International Object Identifier tree naming scheme</em>: |
||
| 231 | Uses Unicode, so all languages can be included in the identification |
||
| 232 | of an object.<br><br></li> |
||
| 233 | <li> |
||
| 234 | <em>Relation to DNS</em>: International OIDs map to DNS names of the |
||
| 235 | form <code>zz.yy.xx.oid-res.org</code>. Look-ups are based on DNS zone-file |
||
| 236 | information, obtained via DNS port 53 (designed for the return of |
||
| 237 | application-specific information).<br><br></li> |
||
| 238 | <li> |
||
| 239 | <em>Security</em>: DNS servers supporting the mapping from the International |
||
| 240 | OID tree are required to support the DNSSEC protocol of the IETF, |
||
| 241 | and will return information authenticated using an ITU-T X.500 certificate |
||
| 242 | chain and a trust anchor.<br><br></li> |
||
| 243 | <li> |
||
| 244 | <em>Hierarchical structure</em><strong>:</strong>Any Registration Authority |
||
| 245 | that has been allocated a node in the International OID tree can make |
||
| 246 | allocations to children (entirely within its own responsibility), |
||
| 247 | and can provide (if requested) a pointer from its DNS zone files to |
||
| 248 | a server maintained by its child for its own DNS zone files. This |
||
| 249 | is entirely a matter between the parent and child, and is not constrained.<br><br></li> |
||
| 250 | <li> |
||
| 251 | <em>Absence of restrictions</em>: The International OID tree has potentially |
||
| 252 | infinitely many children from each node, and an infinite depth of |
||
| 253 | the tree. There is also no length restriction on the names used to |
||
| 254 | identify arcs (or on the characters used, within Unicode).<br><br></li> |
||
| 255 | <li> |
||
| 256 | <em>Application data</em>: The ORS can resolve an OID into its canonical |
||
| 257 | form, and can return authenticated URLs for access to any application |
||
| 258 | information recorded in the zone files for that OID. |
||
| 259 | </li> |
||
| 260 | </ul> |
||
| 261 | </td></tr> |
||
| 262 | </tbody> |
||
| 263 | </table> |
||
| 264 | </div> |
||
| 265 | <div class="clear"></div> |
||
| 266 | </div> |