Subversion Repositories oidplus

Compare Revisions

Regard whitespace Rev 1341 → Rev 1342

/trunk/doc/oidplus_custom_guid.md
1,74 → 1,247
# OIDplus Information Object GUID format
# OIDplus UUID format
 
## OIDplus Information Object GUID
## General OIDplus UUID format
 
OIDplus automatically assigns a UUID to every object it manages. It is based on the custom UUID type (UUIDv8) which was defined in the new version of RFC 4122.
OIDplus generates UUIDs for various object types using UUIDs in the "Custom / Version 8" format as defined in the new version of RFC 4122.
 
The general structure of these UUIDs is:
 
|Block| Byte | Length | Description |
|-----|------|---------|----------------------|
|-----|-------|---------|----------------------|
| 1 | 0-3 | 1 bit | Reserved, must be 0.
| | | 31 bits | OIDplus SystemID (lower 31 bits of SHA1 of Public Key)
| 2 | 4-5 | 16 bits | Creation timestamp: Days since 01.01.1970 00:00 GMT; 0 if unknown. Max possible: 0xFFFF = 06 June 2149
| | | 31 bits | OIDplus SystemID (lower 31 bits of the SHA1 hash of the Public Key in raw binary representation)
| 2 | 4-5 | 16 bits | Creation timestamp: Days since 01.01.1970 00:00 GMT; 0 if unknown or not applicable. Max possible: 0xFFFF = 06 June 2149
| 3 | 6-7 | 4 bits | UUID Version, must be 0x8 (Custom UUID)
| | | 12 bits | Reserved, must be 0x0000
| 4 | 8-9 | 2 bits | UUID Variant, must be 0b10 (RFC 4122)
| | | 14 bits | Namespace (lower 14 bits of SHA1 of Namespace OID)
| 5 |10-15 | 48 bits | Object name (lower 48 bits of SHA1 of canonical object name)
| | | 14 bits | Namespace
| 5 | 10-15 | 48 bits | Data as defined by the namespace
 
### Example
 
The object **java:com.example**, created 30 September 2018 on system #1855139287 has the following UUID:
## OIDplus System UUID (Block 4 = 0x8000)
 
6e932dd7-458c-8000-b9e9-c1e3894d1105
Every OIDplus system can be identified by a UUID.
 
The 14-bit namespace has a fixed value of 0, i.e. block 4 has the value of `0x8000`.
 
The 48-bit data has a fixed value of `0x1890afd80709` which is the lower 48 bits of SHA1 of an empty string.
 
The creation timestamp is currently 0 because OIDplus does not track the creation time of a freshly installed system.
 
**Example**: System #1855139287 has the following UUID:
 
6e932dd7-0000-8000-8000-1890afd80709
 
It contains the information as follows:
 
|Block| Description | Value | Interpretation |
|-----|-------------------|----------------|----------------|
|-----|-------------------|------------------|----------------|
| 1 | System ID | 0x6E932DD7 | SHA1(PubKey) & 0x7FFF.FFFF = 1855139287
| 2 | Timestamp | 0x0000 | Unknown
| 3 | Reserved+Version | 0x8000 | 0x0000 \| 0x8000
| 4 | Namespace+Variant | 0x8000 | 0x0000 \| 0x8000
| 5 | Data | 0x1890AFD80709 | SHA1('') & 0xFFFF.FFFF.FFFF
 
 
## OIDplus User/RA UUID (Block 4 = 0x8001)
 
Every user (RA or the Admin) can be identified by a UUID. (Defined hereby, but currently not used in OIDplus)
 
The 14-bit namespace has a fixed value of 1, i.e. block 4 has the value of `0x8001`.
 
For the Admin account, the 48-bit data has a fixed value of `0x000000000000`.
The creation timestamp for the admin is the creation of the system,
which is currently 0 because OIDplus does not track the creation time of a freshly installed system.
 
For an RA account, the 48-bit data are the lower 48 bits of the SHA1 hash of the email address of the RA.
The creation timestamp is the user registration time, which is currently 0
because OIDplus does not track the creation time of a user registration.
 
Please note: Since there may be collisions in the 48-bit hash,
this UUID should only be used for security-relevant applications
if the system ensures that there is no collision, e.g. by storing
all UUIDs and rejecting new user accounts if their UUID collides
with another user.
 
**Example**: The user "joe@example.com" on system #1855139287 has the following UUID:
 
6e932dd7-0000-8000-8001-2938f50e857e
 
It contains the information as follows:
 
|Block| Description | Value | Interpretation |
|-----|-------------------|----------------|--------------------------------------------|
| 1 | System ID | 0x6E932DD7 | SHA1(PubKey) & 0x7FFF.FFFF = 1855139287
| 2 | Timestamp | 0x0000 | Unknown
| 3 | Reserved+Version | 0x8000 | 0x0000 \| 0x8000
| 4 | Namespace+Variant | 0x8001 | 0x0001 \| 0x8000
| 5 | Data | 0x2938F50E857E | SHA1('joe@example.com') & 0xFFFF.FFFF.FFFF
 
 
## OIDplus Log entry UUID (Block 4 = 0x8002)
 
Every log entry can be identified by a UUID. (Defined hereby, but currently not used in OIDplus)
 
The 14-bit namespace has a fixed value of 2, i.e. block 4 has the value of `0x8002`.
 
The 48-bit data is a sequential number. It can be either sequential and unique
for the current day of the given system, or be sequential and unique for the system
independent of the day. An example of the latter usage would be using the
autoincrement field of the database table.
In case the autoincrement field of the database gets lost (e.g. data loss in the
log table or fresh install of the system), then the sequence could be incremented
by a reasonable value at least for the rest of the current day.
 
**Example**: The log entry 1234 on system #1855139287 logged on 30 September 2018 has the following UUID:
 
6e932dd7-458c-8000-8002-0000000004d2
 
It contains the information as follows:
 
|Block| Description | Value | Interpretation |
|-----|-------------------|----------------|----------------------------------------------|
| 1 | System ID | 0x6E932DD7 | SHA1(PubKey) & 0x7FFF.FFFF = 1855139287
| 2 | Timestamp | 0x458C | 30 September 2018 (17804 days since 1 January 1970)
| 3 | Reserved+Version | 0x8000 | 0x0000 \| 0x8000
| 4 | Namespace+Variant | 0xB9E9 | SHA1('1.3.6.1.4.1.37476.2.5.2.4.8.6') & 0x3FFF \| 0x8000
| 5 | Object Name | 0xC1E3894D1105 | SHA1('com.example') & 0xFFFF.FFFF.FFFF
| 4 | Namespace+Variant | 0x8002 | 0x0002 \| 0x8000
| 5 | Data | 0x0000000004D2 | Sequence 1234
 
 
## OIDplus System GUID
## OIDplus Configuration entry UUID (Block 4 = 0x8003)
 
Every OIDplus system can be identified by a UUID generated using this schema based on the Information Object UUID.
Every system configuration entry (the values on the config database table;
not the base configuration settings in the userdata folder) can be
identified by a UUID. (Defined hereby, but currently not used in OIDplus)
 
|Block| Byte | Length | Description |
|-----|------|---------|----------------------|
| 1 | 0-3 | 1 bit | Reserved, must be 0.
| | | 31 bits | OIDplus SystemID (lower 31 bits of SHA1 of Public Key)
| 2 | 4-5 | 16 bits | Reserved for system creation timestamp. Currently 0 because OIDplus does not track the timestamp of a new system.
| 3 | 6-7 | 4 bits | UUID Version, must be 0x8 (Custom UUID)
| | | 12 bits | Reserved, must be 0x0000
| 4 | 8-9 | 2 bits | UUID Variant, must be 0b10 (RFC 4122)
| | | 14 bits | Namespace: Fix value of 0.
| 5 |10-15 | 48 bits | Object name: Fix 0x1890afd80709 (lower 48 bits of SHA1 of an empty string)
The 14-bit namespace has a fixed value of 3, i.e. block 4 has the value of `0x8003`.
 
### Example
The 48-bit data are the 48 bits of the SHA1 hash of the
configuration name.
 
The system #1855139287 has the following UUID:
The creation timestamp is currently 0 because OIDplus does not track the creation time of configuration entries.
 
6e932dd7-0000-8000-8000-1890afd80709
**Example**: The configuration value "max_ra_invite_time" on system #1855139287 has the following UUID:
 
6e932dd7-0000-8000-8003-f14dda42862a
 
It contains the information as follows:
 
|Block| Description | Value | Interpretation |
|-----|-------------------|----------------|----------------|
|-----|-------------------|----------------|--------------------------------------------|
| 1 | System ID | 0x6E932DD7 | SHA1(PubKey) & 0x7FFF.FFFF = 1855139287
| 2 | Timestamp | 0x0000 | Unknown
| 3 | Reserved+Version | 0x8000 | 0x0000 \| 0x8000
| 4 | Namespace+Variant | 0x8000 | 0x0000 \| 0x8000
| 5 | Object Name | 0xC1E3894D1105 | SHA1('') & 0xFFFF.FFFF.FFFF
| 4 | Namespace+Variant | 0x8003 | 0x0003 \| 0x8000
| 5 | Data | 0xF14DDA42862A | SHA1('max_ra_invite_time') & 0xFFFF.FFFF.FFFF
 
 
## OIDplus ASN.1 Alphanumeric ID UUID (Block 4 = 0x8004)
 
Each allocation of an alphanumeric (ASN.1) identifier of an OID
can be identified by a UUID. (Defined hereby, but currently not used in OIDplus)
 
The 14-bit namespace has a fixed value of 4, i.e. block 4 has the value of `0x8004`.
 
The 48-bit data is defined as follows:
- The upper 24 bits are the lower 24 bits of the SHA1 hash of the OID.
- The lower 24 bits are the lower 24 bits of the SHA1 hash of the alphanumeric ASN.1 identifier.
 
**Example**: The alphanumeric identifier "example" of OID "2.999" on system #1855139287 has the following UUID:
 
6e932dd7-0000-8000-8004-208ded8a3f8f
 
It contains the information as follows:
 
| Block | Description | Value | Interpretation |
|-------|-------------------|------------|-----------------------------------------|
| 1 | System ID | 0x6E932DD7 | SHA1(PubKey) & 0x7FFF.FFFF = 1855139287
| 2 | Timestamp | 0x0000 | Unknown
| 3 | Reserved+Version | 0x8000 | 0x0000 \| 0x8000
| 4 | Namespace+Variant | 0x8004 | 0x0004 \| 0x8000
| 5 | Data (High) | 0x208DED | SHA1('2.999') & 0xFF.FFFF
| | Data (Low) | 0x8A3F8F | SHA1('example') & 0xFF.FFFF
 
 
## OIDplus OID-IRI Unicode Label UUID (Block 4 = 0x8005)
 
Each allocation of a Unicode Label (for OID-IRI) of an OID
can be identified by a UUID. (Defined hereby, but currently not used in OIDplus)
 
The 14-bit namespace has a fixed value of 5, i.e. block 4 has the value of `0x8005`.
 
The 48-bit data is defined as follows:
- The upper 24 bits are the lower 24 bits of the SHA1 hash of the OID.
- The lower 24 bits are the lower 24 bits of the SHA1 hash of the Unicode Label in UTF-8 encoding.
 
**Example**: The Unicode Label "Example" of OID "2.999" on system #1855139287 has the following UUID:
 
6e932dd7-0000-8000-8005-208dedaf9a96
 
It contains the information as follows:
 
| Block | Description | Value | Interpretation |
|-------|-------------------|------------|-------------------------------------------------|
| 1 | System ID | 0x6E932DD7 | SHA1(PubKey) & 0x7FFF.FFFF = 1855139287
| 2 | Timestamp | 0x0000 | Unknown
| 3 | Reserved+Version | 0x8000 | 0x0000 \| 0x8000
| 4 | Namespace+Variant | 0x8005 | 0x0005 \| 0x8000
| 5 | Data (High) | 0x208DED | SHA1('2.999') & 0xFFFF.FFFF.FFFF
| | Data (Low) | 0xAF9A96 | SHA1(utf8_encode('Example')) & 0xFFFF.FFFF.FFFF
 
 
## System reserved UUIDs (Block 4 = 0x8006 till 0x800F)
 
The 14-bit namespace values 6 (block 4 = `0x8006`) through 15 (block 4 = `0x800F`) are reserved
for future use.
 
 
## OIDplus Information Object UUID (Block 4 = 0x8010 till 0xFFFF)
 
OIDplus automatically assigns a UUID to every object it manages.
 
The 14-bit namespace is defined as the lower 14 bits of the SHA1 hash of the OIDplus Object Type Plugin OID.
However, the values `0x0` - `0xF` are reserved for the other UUID types and must not be used. (In this case,
the object type plugin author shall pick a different OID for their plugin). So block 4 has a range
between `0x8010` till `0xFFFF`.
 
The 48-bit data is defined as the lower 48 bits of the SHA1 hash of the
object name without the object type prefix.
 
**Example**: The object **java:com.example**, created on 30 September 2018 on system #1855139287 has the following UUID:
 
6e932dd7-458c-8000-b9e9-c1e3894d1105
 
It contains the information as follows:
 
|Block| Description | Value | Interpretation |
|-----|-------------------|----------------|----------------|
| 1 | System ID | 0x6E932DD7 | SHA1(PubKey) & 0x7FFF.FFFF = 1855139287
| 2 | Timestamp | 0x458C | 30 September 2018 (17804 days since 1 January 1970)
| 3 | Reserved+Version | 0x8000 | 0x0000 \| 0x8000
| 4 | Namespace+Variant | 0xB9E9 | SHA1('1.3.6.1.4.1.37476.2.5.2.4.8.6') & 0x3FFF \| 0x8000
| 5 | Data | 0xC1E3894D1105 | SHA1('com.example') & 0xFFFF.FFFF.FFFF
 
 
## Known namespaces
 
| Vendor |Namespace| OID | SHA1 hash | Block 4| Notes |
|--------------|---------|--------------------------------|-----------|--------|--------------|
| Vendor | Namespace | Plugin OID | SHA1 hash | Block 4 | Notes |
|--------------|-----------|---------------------------------------------------|-----------|---------|--------------|
| n/a | n/a | n/a | n/a | 0x8000 | System
| n/a | n/a | n/a | n/a | 0x8001 | User/RA
| n/a | n/a | n/a | n/a | 0x8002 | Logging entry
| n/a | n/a | n/a | n/a | 0x8003 | Configuration entry
| n/a | n/a | n/a | n/a | 0x8004 | ASN.1 ID
| n/a | n/a | n/a | n/a | 0x8005 | Unicode Label (IRI)
| n/a | n/a | n/a | n/a | 0x8006 | Reserved for system
| n/a | n/a | n/a | n/a | 0x8007 | Reserved for system
| n/a | n/a | n/a | n/a | 0x8008 | Reserved for system
| n/a | n/a | n/a | n/a | 0x8009 | Reserved for system
| n/a | n/a | n/a | n/a | 0x800A | Reserved for system
| n/a | n/a | n/a | n/a | 0x800B | Reserved for system
| n/a | n/a | n/a | n/a | 0x800C | Reserved for system
| n/a | n/a | n/a | n/a | 0x800D | Reserved for system
| n/a | n/a | n/a | n/a | 0x800E | Reserved for system
| n/a | n/a | n/a | n/a | 0x800F | Reserved for system
| ViaThinkSoft | doi | 1.3.6.1.4.1.37476.2.5.2.4.8.1 | 0x...2259 | 0xA259 |
| ViaThinkSoft | gs1 | 1.3.6.1.4.1.37476.2.5.2.4.8.2 | 0x...021E | 0x821E |
| ViaThinkSoft | guid | 1.3.6.1.4.1.37476.2.5.2.4.8.3 | 0x...B924 | 0xB924 | In OIDplus, only the UUID itself will be shown
262,8 → 435,9
| ViaThinkSoft | (Unused) | 1.3.6.1.4.1.37476.2.5.2.4.8.185 | 0x...4854 | 0x8854 |
-->
 
### Notes for new object type plugins
 
## Notes for new object-type plugins
 
(1) When new object types are developed, the plugin author should check
if their "Block 4" hash based on their plugin OID conflicts with the
"Block 4" hashes of plugins from other vendors, and consider
287,10 → 461,14
if (!str_starts_with($plugin_oid, '1.3.6.1.4.1.37476.2.5.2.4.8.')) {
$coll = [];
for ($i = 1; $i <= 185; $i++) {
// No conflict between ViaThinkSoft OIDs .1 till .185
$block4 = dechex(hexdec(substr(sha1('1.3.6.1.4.1.37476.2.5.2.4.8.'.$i), -4)) & 0x3FFF | 0x8000);
$coll[] = $block4;
}
$coll[] = dechex(0x8000); // System
for ($i=0; $i<=0xF; $i++) {
// 0x8000 - 0x800F are used by the system
$coll[] = dechex(0x8000+$i);
}
$block4 = dechex(hexdec(substr(sha1($plugin_oid), -4)) & 0x3FFF | 0x8000);
if (in_array($block4, $coll)) {
echo "HASH CONFLICT\n";