[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01

INTERNET-DRAFT                                               Kathy Dally
Informational Draft                                      The MITRE Corp.
Expires 22 March 2001                                  22 September 2000

                    ACP 133 Common Content and LDAP
                  <draft-dally-acp133-and-ldap-01.txt>


STATUS OF THIS MEMO

     This document is an Internet-Draft and is in full conformance with
     all provisions of Section 10 of RFC 2026 except that the
     right to produce derivative works is not granted.  Internet-Drafts
     are working documents of the Internet Engineering Task Force
     (IETF), its areas, and its working groups.  Note that other groups
     may also distribute working documents as Internet-Drafts.

     Internet-Drafts are draft documents valid for a maximum of six
     months and may be updated, replaced, or obsoleted by other
     documents at any time.  It is inappropriate to use Internet-Drafts
     as reference material or to cite them other than as "work in
     progress."

     The list of current Internet-Drafts can be accessed at
     http://www.ietf.org/ietf/1id-abstracts.txt

     The list of Internet-Draft Shadow Directories can be accessed at
     http://www.ietf.org/shadow.html.


ABSTRACT

     In Allied Communications Publication (ACP) 133 [1], an X.500
     directory user schema, called Common Content, is specified for the
     Allied Directory.  In order to enable Lightweight Directory Access
     Protocol (LDAP) access to the Allied Directory and to enable the
     general use by others of elements from the Common Content, this
     document specifies the encoding of the Common Content using the
     LDAP notation from Request for Comments (RFC) 2252 [2].





















DALLY                   Expires 22 March 2001                   [Page 1]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


                          TABLE OF CONTENTS

STATUS OF THIS MEMO....................................................1
ABSTRACT...............................................................1
TABLE OF CONTENTS......................................................2
1.  INTRODUCTION.......................................................8
1.1  Background........................................................8
1.2  Purpose...........................................................8
2.  OBJECT CLASSES.....................................................9
2.1  aCPNetworkEdB Object Class........................................9
2.2  aCPNetworkInstructionsEdB Object Class............................9
2.3  addressList Object Class..........................................9
2.4  aliasCommonName Object Class.....................................10
2.5  aliasOrganizationalUnit Object Class.............................10
2.6  altSpellingACP127 Object Class...................................10
2.7  cadACP127 Object Class...........................................11
2.8  distributionCodeDescription Object Class.........................11
2.9  distributionCodesHandled Object Class............................11
2.10 dSSCSPLA Object Class............................................11
2.11 messagingGateway Object Class....................................12
2.12 mhs-distribution-list Object Class...............................12
2.13 mhs-message-store Object Class...................................13
2.14 mhs-message-transfer-agent Object Class..........................13
2.15 mhs-user Object Class............................................14
2.16 mhs-user-agent Object Class......................................14
2.17 mLA Object Class.................................................14
2.18 mLAgent Object Class.............................................15
2.19 orgACP127 Object Class...........................................15
2.20 otherContactInformation Object Class.............................16
2.21 pkiCA Object Class...............................................16
2.22 pkiUser Object Class.............................................16
2.23 plaACP127 Object Class...........................................16
2.24 plaCollectiveACP127 Object Class.................................17
2.25 plaData Object Class.............................................17
2.26 plaUser Object Class.............................................17
2.27 releaseAuthorityPerson Object Class..............................18
2.28 releaseAuthorityPersonA Object Class.............................18
2.29 routingIndicator Object Class....................................18
2.30 secure-user Object Class.........................................18
2.31 securePkiUser Object Class.......................................19
2.32 sigintPLA Object Class...........................................19
2.33 sIPLA Object Class...............................................19
2.34 spotPLA Object Class.............................................20
2.35 taskForceACP127 Object Class.....................................20
2.36 tenantACP127 Object Class........................................20
2.37 ukms Object Class................................................21
3.  ATTRIBUTE TYPES...................................................22
3.1  accessCodes Attribute............................................22
3.2  accountingCode Attribute.........................................22
3.3  aCPLegacyFormat Attribute........................................22
3.4  aCPMobileTelephoneNumber Attribute...............................22
3.5  aCPNetwAccessSchemaEdB Attribute.................................22


DALLY                   Expires 22 March 2001                   [Page 2]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.6  aCPNetworkSchemaEdB Attribute....................................23
3.7  aCPPagerTelephoneNumber Attribute................................23
3.8  aCPPreferredDelivery Attribute...................................23
3.9  aCPTelephoneFaxNumber............................................23
3.10 actionAddressees Attribute.......................................24
3.11 additionalAddressees Attribute...................................25
3.12 additionalSecondPartyAddressees Attribute........................25
3.13 adminConversion Attribute........................................25
3.14 administrator Attribute..........................................25
3.15 aigsExpanded Attribute...........................................25
3.16 aLExemptedAddressProcessor Attribute.............................26
3.17 aliasPointer Attribute...........................................26
3.18 alid Attribute...................................................26
3.19 allowableOriginators Attribute...................................26
3.20 aLReceiptPolicy Attribute........................................26
3.21 alternateRecipient Attribute.....................................27
3.22 aLType Attribute.................................................27
3.23 aprUKMs Attribute................................................27
3.24 associatedAL Attribute...........................................27
3.25 associatedOrganization Attribute.................................27
3.26 associatedPLA Attribute..........................................28
3.27 augUKMs Attribute................................................28
3.28 buildingName Attribute...........................................28
3.29 cognizantAuthority Attribute.....................................28
3.30 collective-mhs-or-addresses Attribute............................29
3.31 collectiveMilitaryFacsimileNumber Attribute......................29
3.32 collectiveMilitaryTelephoneNumber Attribute......................29
3.33 collectiveNationality Attribute..................................29
3.34 collectiveSecureFacsimileNumber Attribute........................29
3.35 collectiveSecureTelephoneNumber Attribute........................29
3.36 community Attribute..............................................29
3.37 copyMember.......................................................30
3.38 decUKMs Attribute................................................30
3.39 deployed Attribute...............................................30
3.40 distributionCodeAction Attribute.................................30
3.41 distributionCodeInfo Attribute...................................31
3.42 dualRoute Attribute..............................................31
3.43 effectiveDate Attribute..........................................31
3.44 entryClassification Attribute....................................31
3.45 expirationDate Attribute.........................................31
3.46 febUKMs Attribute................................................32
3.47 garrison Attribute...............................................32
3.48 gatewayType Attribute............................................32
3.49 ghpType Attribute................................................32
3.50 guard Attribute..................................................33
3.51 host Attribute...................................................33
3.52 hostOrgACP127 Attribute..........................................33
3.53 infoAddressees Attribute.........................................33
3.54 janUKMs Attribute................................................33
3.55 julUKMs Attribute................................................34
3.56 junUKMs Attribute................................................34
3.57 lastRecapDate Attribute..........................................34


DALLY                   Expires 22 March 2001                   [Page 3]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.58 listPointer Attribute............................................34
3.59 lmf Attribute....................................................34
3.60 longTitle Attribute..............................................35
3.61 mailDomains Attribute............................................35
3.62 marUKMs Attribute................................................35
3.63 mayUKMs Attribute................................................35
3.64 mhs-acceptable-eits Attribute....................................36
3.65 mhs-deliverable-classes Attribute................................36
3.66 mhs-deliverable-content-types Attribute..........................36
3.67 mhs-dl-archive-service Attribute.................................36
3.68 mhs-dl-members Attribute.........................................36
3.69 mhs-dl-policy Attribute..........................................37
3.70 mhs-dl-related-lists Attribute...................................37
3.71 mhs-dl-submit-permissions Attribute..............................37
3.72 mhs-dl-subscription-service Attribute............................37
3.73 mhs-exclusively-acceptable-eits Attribute........................37
3.74 mhs-maximum-content-length Attribute.............................38
3.75 mhs-message-store-dn Attribute...................................38
3.76 mhs-or-addresses Attribute.......................................38
3.77 mhs-or-addresses-with-capabilities Attribute.....................38
3.78 mhs-supported-attributes Attribute...............................39
3.79 mhs-supported-automatic-actions Attribute........................39
3.80 mhs-supported-content-types Attribute............................39
3.81 mhs-supported-matching-rules Attribute...........................40
3.82 mhs-unacceptable-eits Attribute..................................40
3.83 militaryFacsimileNumber Attribute................................40
3.84 militaryTelephoneNumber Attribute................................40
3.85 minimize Attribute...............................................41
3.86 minimizeOverride Attribute.......................................41
3.87 nameClassification Attribute.....................................41
3.88 nationality Attribute............................................41
3.89 networkDN Attribute..............................................41
3.90 novUKMs Attribute................................................42
3.91 octUKMs Attribute................................................42
3.92 onSupported Attribute............................................42
3.93 operationName Attribute..........................................42
3.94 plaAddressees Attribute..........................................43
3.95 plaNameACP127 Attribute..........................................43
3.96 plaReplace Attribute.............................................43
3.97 plasServed Attribute.............................................43
3.98 positionNumber Attribute.........................................44
3.99 primarySpellingACP127 Attribute..................................44
3.100 proprietaryMailboxes Attribute..................................44
3.101 publish Attribute...............................................44
3.102 rank Attribute..................................................44
3.103 recapDueDate Attribute..........................................45
3.104 releaseAuthorityName Attribute..................................45
3.105 remarks Attribute...............................................45
3.106 rfc822Mailbox Attribute.........................................45
3.107 rI Attribute....................................................45
3.108 rIClassification Attribute......................................46
3.109 rIInfo Attribute................................................46


DALLY                   Expires 22 March 2001                   [Page 4]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.110 roomNumber Attribute............................................46
3.111 secondPartyAddressees Attribute.................................46
3.112 section Attribute...............................................47
3.113 secureFacsimileNumber Attribute.................................47
3.114 secureTelephoneNumber Attribute.................................47
3.115 sepUKMs Attribute...............................................47
3.116 serviceNumber Attribute.........................................47
3.117 serviceOrAgency Attribute.......................................48
3.118 sHD Attribute...................................................48
3.119 shortTitle Attribute............................................48
3.120 sigad Attribute.................................................48
3.121 spot Attribute..................................................49
3.122 tARE Attribute..................................................49
3.123 tCC Attribute...................................................49
3.124 tCCG Attribute..................................................49
3.125 transferStation Attribute.......................................49
3.126 tRC Attribute...................................................50
3.127 usdConversion Attribute.........................................50
4.  NAME FORMS........................................................51
4.1  aCPNetworkEdBNameForm............................................51
4.2  aCPNetworkInstrEdBNameForm.......................................51
4.3  addressListNameForm..............................................51
4.4  aENameForm.......................................................51
4.5  aliasCNNameForm..................................................51
4.6  aliasOUNameForm..................................................51
4.7  applProcessNameForm..............................................51
4.8  alternateSpellingPLANameForm.....................................51
4.9  cadPLANameForm...................................................52
4.10 cRLDistPtNameForm................................................52
4.11 countryNameForm..................................................52
4.12 deviceNameForm...................................................52
4.13 distributionCodeDescriptionNameForm..............................52
4.14 dSANameForm......................................................52
4.15 dSSCSPLANameForm.................................................52
4.16 gONNameForm......................................................52
4.17 locNameForm......................................................53
4.18 messagingGatewayNameForm.........................................53
4.19 mhs-dLNameForm...................................................53
4.20 mLANameForm......................................................53
4.21 mLAgentNameForm..................................................53
4.22 mSNameForm.......................................................53
4.23 mTANameForm......................................................53
4.24 mUANameForm......................................................53
4.25 organizationalPLANameForm........................................54
4.26 organizationNameForm.............................................54
4.27 orgRNameForm.....................................................54
4.28 orgUNameForm.....................................................54
4.29 plaCollectiveNameForm............................................54
4.30 qualifiedOrgPersonNameForm.......................................54
4.31 releaseAuthorityPersonNameForm...................................54
4.32 releaseAuthorityPersonANameForm..................................54
4.33 routingIndicatorNameForm.........................................55


DALLY                   Expires 22 March 2001                   [Page 5]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


4.34 sigintNameForm...................................................55
4.35 sIPLANameForm....................................................55
4.36 sOPNameForm......................................................55
4.37 spotPLANameForm..................................................55
4.38 taskForcePLANameForm.............................................55
4.39 tenantPLANameForm................................................55
5.  MATCHING RULES....................................................56
5.1  addressCapabilitiesMatch Matching Rule...........................56
5.2  capabilityMatch Matching Rule....................................56
5.3  oRAddressMatch Matching Rule.....................................56
5.4  oRNameExactMatch Matching Rule...................................56
5.5  caseIgnoreListSubstringsMatch Matching Rule......................56
5.6  booleanMatch Matching Rule.......................................56
6.  ATTRIBUTE SYNTAXES................................................57
6.1  aCPLegacyFormat Attribute Syntax.................................57
6.2  aCPPreferredDelivery Attribute Syntax for the
     aCPPreferredDelivery Attribute...................................57
6.3  aCPTelephoneFaxNumber Attribute Syntax...........................57
6.4  AddressCapabilities Attribute Syntax from X.402..................58
6.5  addressees Attribute Syntax......................................58
6.6  addressListType Attribute Syntax for the aLType Attribute........58
6.7  Capability Attribute Syntax from X.402...........................59
6.8  Classification Attribute Syntax..................................59
6.9  Community Abstract Syntax for the community Attribute............60
6.10 DLPolicy Attribute Syntax from X.402.............................60
6.11 DLSubmitPermission Attribute Syntax from X.402...................62
6.12 MLReceiptPolicy Attribute Syntax.................................62
6.13 ORName Attribute Syntax from X.411...............................63
6.14 otherNotificationsSupported Abstract Syntax for the
     onSupported Attribute............................................63
6.15 Remarks Attribute Syntax.........................................63
6.16 RIParameters Attribute Syntax....................................64
7.  EXAMPLE CONTENT RULES.............................................65
7.1  aCPApplicationEntityRuleEdA Content Rule.........................65
7.2  aCPCRLDistributionPointRule Content Rule.........................65
7.3  aCPDeviceRuleEdA Content Rule....................................65
7.4  aCPDSARuleEdA Content Rule.......................................65
7.5  aCPGroupOfNamesRule Content Rule.................................65
7.6  aCPLocalityRule Content Rule.....................................66
7.7  aCPMhs-distribution-listRule Content Rule........................66
7.8  aCPMhs-message-storeRuleEdA Content Rule.........................66
7.9  aCPMhs-message-transfer-agentRuleEdA Content Rule................66
7.10 aCPMhs-user-agentRule Content Rule...............................66
7.11 aCPOrganizationalPersonRuleEdB Content Rule......................66
7.12 aCPOrganizationalRoleRuleEdB Content Rule........................67
7.13 aCPOrganizationalUnitRuleEdB Content Rule........................67
7.14 aCPOrganizationRuleEdB Content Rule..............................68
7.15 aCPRoutingIndicatorEdB Content Rule..............................68
7.16 addressListRuleEdA Content Rule..................................68
7.17 aliasCommonNameRule Content Rule.................................69
7.18 aliasOrganizationalUnitRule Content Rule.........................69
7.19 distributionCodeDescriptionRule Content Rule.....................69


DALLY                   Expires 22 March 2001                   [Page 6]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


7.20 messagingGatewayRuleEdA Content Rule.............................69
7.21 mLAgentRule Content Rule.........................................69
7.22 networkEdBRule Content Rule......................................69
7.23 networkInstructionsRuleEdB Content Rule..........................70
7.24 rAPersonRuleEdA Content Rule.....................................70
7.25 sigintPLARule Content Rule.......................................70
7.26 spotPLARule Content Rule.........................................70
8.  STRUCTURE RULES...................................................71
9.  SECURITY CONSIDERATIONS...........................................71
10. REFERENCES........................................................72
11. ABBREVIATIONS.....................................................74
12. ACKNOWLEDGEMENTS..................................................76
13. AUTHOR'S ADDRESS..................................................76









































DALLY                   Expires 22 March 2001                   [Page 7]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


1.  INTRODUCTION

1.1  Background

     ACP 133(B) [1] is the specification, developed by the Combined
     Communications-Electronics Board (CCEB), of the X.500-based Allied
     Directory.  One of the things specified in ACP 133(B) [1] is the
     directory user schema, which is called Common Content.  In the
     Common Content are directory elements that support several
     communications applications including electronic mail (e-mail),
     Message Handling Systems (MHS), and telephony.

     The CCEB is a five nation joint military communications-electronics
     organization whose mission is the coordination of any military
     communications information systems matters among the members.  The
     Member Nations of the CCEB are Australia, Canada, New Zealand, the
     United Kingdom, and the United States.

     ACP 133(B) [1] specifies access to the Allied Directory using the
     X.500 Directory Access Protocol (DAP).  Also, within the CCEB,
     guidelines have been developed for the use of the Internet LDAP.

1.2  Purpose

     This document is meant to be informational.  Its purpose is to
     record an LDAP encoding of the Common Content, so that:

        * elements from the Common Content can be applied generally to
          applications and environments other than the Allied
          Directory.  For example, the name forms for components of
          X.400 MHS could be used in any X.400/X.500 system.  Likewise,
          the addressList object class could be used in cases where
          lists of recipients are processed differently than X.400
          distribution lists.

        * use of LDAP to access the Allied Directory is enabled

     Since the Common Content is based on X.500, this document refers
     to RFC 2252 [2] and RFC 2256 [3] for the X.500 schema elements
     (e.g., localityName attribute, country object class).  The
     contents of this document are the specifications of all of the
     rest of the schema elements in the Common Content (e.g.,
     mLAgentNameForm name form, otherContactInformation object class).
     For descriptions and procedures regarding the Common Content
     schema elements, consult ACP 133(B) [1].









DALLY                   Expires 22 March 2001                   [Page 8]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


2.  OBJECT CLASSES

2.1  aCPNetworkEdB Object Class

     The aCPNetworkEdB structural object class is used to define
     directory entries representing interconnected communications
     networks.  A Network EdB entry can have subordinate entries that
     define the access and instructions for reaching other networks.

     ( 2.16.840.1.101.2.2.3.68 NAME 'aCPNetworkEdB'
          SUP 2.5.6.0  ; top
          MUST 2.5.4.3  ; cn
          MAY ( 2.5.4.13 $  ; description
               2.16.840.1.101.2.2.1.147 $  ; aCPNetworkSchemaEdB
               2.16.840.1.101.2.2.1.124 $  ; operationName
               2.5.4.34 ) )  ; seeAlso

2.2  aCPNetworkInstructionsEdB Object Class

     The aCPNetworkInstructionsEdB structural object class is used to
     define a directory entry that provides the description of how to
     reach the subject network from another network.

     ( 2.16.840.1.101.2.2.3.69 NAME 'aCPNetworkInstructionsEdB'
          SUP 2.5.6.0  ; top
          MUST 2.5.4.3  ; cn
          MAY ( 2.16.840.1.101.2.2.1.106 $  ; accessCodes
               2.16.840.1.101.2.2.1.146 $  ; aCPNetwAccessSchemaEdB
               2.5.4.13 $  ; description
               2.16.840.1.101.2.2.1.121 ) )  ; networkDN

2.3  addressList Object Class

     The addressList (aL) object class is used to define directory
     entries that represent address lists, in particular, the members
     of the list.  The sender of a message uses the address list name
     to send to all of the members in the list.  The replacement of
     the address list name by the members of the list is performed by
     the sending User Agent (UA) or a Mailing List Agent (MLA), instead
     of the Message Transfer System (MTS).
     ( 2.16.840.1.101.2.2.3.57 NAME 'addressList'
          SUP 2.5.6.0  ; top
          MUST ( 2.5.4.3 $  ; cn
               2.6.5.2.4 )  ; mhs-dl-submit-permissions
          MAY ( 2.16.840.1.101.2.1.5.47 $  ; aLExemptedAddressProcessor
               2.16.840.1.101.2.1.5.14 $  ; alid
               2.16.840.1.101.2.2.1.135 $  ; aLReceiptPolicy
               2.16.840.1.101.2.2.1.112 $  ; aLType
               2.5.4.15 $  ; businessCategory
               2.16.840.1.101.2.2.1.114 $  ; copyMember
               2.5.4.13 $  ; description
               2.5.4.31 $  ; member


DALLY                   Expires 22 March 2001                   [Page 9]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


               2.6.5.2.12 $  ; mhs-dl-archive-service
               2.6.5.2.13 $  ; mhs-dl-policy
               2.6.5.2.14 $  ; mhs-dl-related-lists
               2.6.5.2.15 $  ; mhs-dl-subscription-service
               2.5.4.11 $  ; ou
               2.5.4.10 $  ; o
               2.5.4.32 $  ; owner
               2.16.840.1.101.2.2.1.76 $  ; remarks
               2.5.4.34 ) )  ; seeAlso

2.4  aliasCommonName Object Class

     The aliasCommonName object class is a subclass of alias where an
     alias entry is named by commonName.  It is useful when different
     attributes are used for the Relative Distinguished Names (RDNs) of
     aliases to different types of entries (e.g., commonName as alias
     to a person entry and organizationalUnitName as alias to a
     corporate department entry).  See the aliasOrganizationalUnit
     object class.

     ( 2.16.840.1.101.2.2.3.52 NAME 'aliasCommonName'
          SUP 2.5.6.1  ; alias
          MUST 2.5.4.3 )  ; cn

2.5  aliasOrganizationalUnit Object Class

     The aliasOrganizationalUnit object class is a subclass of alias
     where an alias entry is named by organizationalUnitName.  It
     is useful when different attributes are used for the RDNs of
     aliases to different types of entries.  See the aliasCommonName
     object class definition and example.

     ( 2.16.840.1.101.2.2.3.53 NAME 'aliasOrganizationalUnit'
          SUP 2.5.6.1  ; alias
          MUST 2.5.4.11 )  ; ou

2.6  altSpellingACP127 Object Class

     The altSpellingACP127 object class is used to represent a Plain
     Language Address (PLA) that is an alternative spelling of another
     PLA.  An object from this class always contains a reference to the
     PLA for which it provides the alternative spelling.  This object
     class is a subclass of the plaACP127 auxiliary object class.

     ( 2.16.840.1.101.2.2.3.58 NAME 'altSpellingACP127'
          SUP 2.16.840.1.101.2.2.3.47  ; plaACP127
          MUST ( 2.16.840.1.101.2.2.1.72 $  ; plaReplace
               2.16.840.1.101.2.2.1.73 ) )  ; primarySpellingACP127






DALLY                   Expires 22 March 2001                  [Page 10]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


2.7  cadACP127 Object Class

     The cadACP127 (Collective Address Designator) object class is used
     to represent an ACP 127/JANAP 128 (Joint Army, Navy, Air Force
     Procedure) [4]/[5] distribution list.  It is a subclass of the
     plaACP127 auxiliary object class.

     ( 2.16.840.1.101.2.2.3.28 NAME 'cadACP127'
          SUP 2.16.840.1.101.2.2.3.47  ; plaACP127
          MUST 2.16.840.1.101.2.2.1.51  ; cognizantAuthority
          MAY ( 2.16.840.1.101.2.2.1.113 $  ; associatedAL
               2.16.840.1.101.2.2.1.56 $  ; entryClassification
               2.16.840.1.101.2.2.1.75 $  ; recapDueDate
               2.16.840.1.101.2.2.1.79 ) )  ; rIInfo

2.8  distributionCodeDescription Object Class

     The distributionCodeDescription object class is used to define a
     directory entry that represents a registered Distribution Code in
     the directory and describes its meaning.  See ACP 123 [6] for
     specification of distribution codes.  The distribution code is
     held in the commonName attribute.

     ( 2.16.840.1.101.2.2.3.55 NAME 'distributionCodeDescription'
          SUP 2.5.6.0  ; top
          MUST 2.5.4.3  ; cn
          MAY 2.5.4.13 )  ; description

2.9  distributionCodesHandled Object Class

     The distributionCodesHandled object class provides for identifying
     the distribution codes (e.g., Subject Indicator Codes (SIC) as
     defined in NATO Subject Indicator System (NASIS) - publication 3
     (NATO APP-3) [7] and supplements) which are handled, either for
     action or information, by the object (e.g., organizational role,
     organizational person, or organizational unit) represented by the
     directory entry in which this auxiliary is included.

     ( 2.16.840.1.101.2.2.3.54 NAME 'distributionCodesHandled'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MAY ( 2.16.840.1.101.2.2.1.104 $  ; distributionCodeAction
               2.16.840.1.101.2.2.1.105 ) )  ; distributionCodeInfo

2.10  dSSCSPLA Object Class

     The dSSCSPLA object class is used to represent an Intelligence
     Community (IC) Plain Language Address (PLA) organization that, in
     the directory, is named using the plaNameACP127 attribute.





DALLY                   Expires 22 March 2001                  [Page 11]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.2.3.67 NAME 'dSSCSPLA'
          SUP 2.16.840.1.101.2.2.3.47  ; plaACP127
          MUST ( 2.16.840.1.101.2.2.1.77  ; rI )
          MAY ( 2.16.840.1.101.2.2.1.143 $  ; adminConversion
               2.16.840.1.101.2.2.1.4 $  ; associatedOrganization
               2.5.4.7 $  ; localityName
               2.16.840.1.101.2.2.1.85 $  ; sigad
               2.16.840.1.101.2.2.1.145 ) )  ; usdConversion

2.11  messagingGateway Object Class

     The messagingGateway object class is used to store information
     about an application entity which serves as an application layer
     gateway between two mail systems.  When a gateway performs
     translation services, a messagingGateway object provides a
     mechanism to address these translation services directly.

     ( 2.16.840.1.101.2.2.3.59 NAME 'messagingGateway'
          SUP 2.6.5.1.2  ; mhs-message-transfer-agent
          MAY ( 2.16.840.1.101.2.2.1.110 $  ; administrator
               2.16.840.1.101.2.2.1.111 $  ; aigsExpanded
               2.16.840.1.101.2.2.1.115 $  ; gatewayType
               2.16.840.1.101.2.2.1.116 $  ; ghpType
               0.9.2342.19200300.100.1.9 $  ; host
               2.16.840.1.101.2.2.1.118 $  ; mailDomains
               2.6.5.2.17 $  ; mhs-acceptable-eits
               2.6.5.2.1 $  ; mhs-deliverable-content-types
               2.6.5.2.2 $  ; mhs-exclusively-acceptable-eits
               2.6.5.2.5 $  ; mhs-message-store-dn
               2.6.5.2.6 $  ; mhs-or-addresses
               2.6.5.2.16 $  ; mhs-or-addresses-with-capabilities
               2.6.5.2.18 $  ; mhs-unacceptable-eits
               2.16.840.1.101.2.2.1.123 $  ; onSupported
               2.16.840.1.101.2.2.1.70 $  ; plaNameACP127
               2.16.840.1.101.2.2.1.79 ) )  ; rIInfo

2.12  mhs-distribution-list Object Class

     The mhs-distribution-list object class is used to define a
     directory entry that represents a distribution list (DL), that
     is, an address list that is expanded by the MTS.  The attributes
     in the entry identify the distribution list name, submit
     permissions, and OR-addresses and, to the extent that the relevant
     attributes are present, describe the DL, identify its organization,
     organizational units, and owner;  cite related objects;  identify
     its maximum content length, deliverable content types, and
     acceptable, exclusively acceptable, and unacceptable encoded
     information types (EITs);  and identify its expansion policy,
     subscription addresses, archive addresses, related lists,
     and members.




DALLY                   Expires 22 March 2001                  [Page 12]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.6.5.1.0 NAME 'mhs-distribution-list'
          SUP 2.5.6.0  ; top           MUST ( 2.5.4.3 $  ; cn
               2.6.5.2.4 $  ; mhs-dl-submit-permissions
               2.6.5.2.6 )  ; mhs-or-addresses
          MAY ( 2.5.4.13 $  ; description
               2.5.4.10 $  ; o
               2.5.4.11 $  ; ou
               2.5.4.32 $  ; owner
               2.5.4.34 $  ; seeAlso
               2.6.5.2.0 $  ; mhs-maximum-content-length
               2.6.5.2.1 $  ; mhs-deliverable-content-types
               2.6.5.2.17 $  ; mhs-acceptable-eits
               2.6.5.2.2 $  ; mhs-exclusively-acceptable-eits
               2.6.5.2.18 $  ; mhs-unacceptable-eits
               2.6.5.2.13 $  ; mhs-dl-policy
               2.6.5.2.15 $  ; mhs-dl-subscription-service
               2.6.5.2.12 $  ; mhs-dl-archive-service
               2.6.5.2.14 $  ; mhs-dl-related-lists
               2.6.5.2.3 ) )  ; mhs-dl-members

2.13  mhs-message-store Object Class

     The mhs-message-store object class is used to define directory
     entries that represent application entities that implement the
     MHS Message Store (MS) functionality.  The attributes in an entry,
     to the extent that they are present, describe the MS, identify its
     owner, and enumerate the attributes, automatic actions, matching
     rules, content types, and network protocols the MS supports.

     ( 2.6.5.1.1 NAME 'mhs-message-store'
          SUP 2.5.6.12  ; applicationEntity
          MAY (2.5.4.32 $  ; owner
               $ 2.6.5.2.10 $  ; mhs-supported-attributes
               $ 2.6.5.2.8 $  ; mhs-supported-automatic-actions
               $ 2.6.5.2.11 $  ; mhs-supported-matching-rules
               $ 2.6.5.2.9 $  ; mhs-supported-content-types
               $ 2.5.4.48 ) )  ; protocolInformation

2.14  mhs-message-transfer-agent Object Class

     The mhs-message-transfer-agent object class is used to define
     directory entries that represent application entities that
     implement the MHS Message Transfer Agent (MTA) functionality.  The
     attributes in an entry, to the extent that they are present,
     describe the MTA and identify its owner, the maximum content
     length it can handle, and its supported network protocols.

     ( 2.6.5.1.2 NAME 'mhs-message-transfer-agent'
          SUP 2.5.6.12  ; applicationEntity
          MAY ( 2.5.4.32 $  ; owner
               2.6.5.2.0 $  ; mhs-maximum-content-length
               2.5.4.48 ) )  ; protocolInformation


DALLY                   Expires 22 March 2001                  [Page 13]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


2.15  mhs-user Object Class

     The mhs-user object class is used in defining directory entries
     representing MHS users.  The attributes in an entry identify the
     MHS user's OR-address and, to the extent that the relevant
     attributes are present, identify the maximum content length,
     content types, and EITs that can be handled by the user;  its MS;
     and its preferred delivery methods.

     ( 2.6.5.1.3 NAME 'mhs-user'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MUST 2.6.5.2.6  ; mhs-or-addresses
          MAY ( 2.6.5.2.0 $  ; mhs-maximum-content-length
               2.6.5.2.1 $  ; mhs-deliverable-content-types
               2.6.5.2.17 $  ; mhs-acceptable-eits
               2.6.5.2.2 $  ; mhs-exclusively-acceptable-eits
               2.6.5.2.18 $  ; mhs-unacceptable-eits
               2.6.5.2.16 $  ; mhs-or-addresses-with-capabilities
               2.6.5.2.5 ) )  ; mhs-message-store-dn

2.16  mhs-user-agent Object Class

     The mhs-message-transfer-agent object class is used to define
     directory entries that represent application entities that
     implement the MHS MTA functionality.  The attributes in an entry,
     to the extent that they are present, describe the MTA and identify
     its owner, the maximum content length it can handle, and its
     supported network protocols.

     ( 2.6.5.1.4 NAME 'mhs-user-agent'
          SUP 2.5.6.12  ; applicationEntity
          MAY ( 2.5.4.32 $  ; owner
               2.6.5.2.0 $  ; mhs-maximum-content-length
               2.6.5.2.1 $  ; mhs-deliverable-content-types
               2.6.5.2.17 $  ; mhs-acceptable-eits
               2.6.5.2.2 $  ; mhs-exclusively-acceptable-eits
               2.6.5.2.18 $  ; mhs-unacceptable-eits
               2.6.5.2.19 $  ; mhs-deliverable-classes
               2.6.5.2.6 $  ; mhs-or-addresses
               2.5.4.48 ) )  ; protocolInformation

2.17  mLA Object Class

     The mLA object class is used to represent an application entity
     that performs the functions of a Mail List Agent (MLA).  This
     object class is a subclass of applicationEntity and
     strong-authentication-user.

     Note that this object class may become obsolete, depending on the
     resolution of Certificate Management Infrastructure (CMI) issues.



DALLY                   Expires 22 March 2001                  [Page 14]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.2.3.31 NAME 'mLA'
          SUP ( 2.5.6.12 $  ; applicationEntity
               2.5.6.15 )  ; strongAuthenticationUser
          MAY 2.5.4.52 )  ; supportedAlgorithms

2.18  mLAgent Object Class

     The mLAgent object class is used to represent an application
     entity that performs the functions of a MLA.  This object class
     is a subclass of applicationEntity and pkiUser.

     ( 2.16.840.1.101.2.2.3.64 NAME 'mLAgent'
          SUP ( 2.5.6.12 $  ; applicationEntity
               2.5.6.21  ; pkiUser )
          MAY 2.5.4.52 )  ; supportedAlgorithms

2.19  orgACP127 Object Class

     The orgACP127 object class is used to define the entry for a
     single ACP 127/JANAP 128 [4]/[5] messaging user.  This object
     class is a subclass of the plaACP127 auxiliary object class.

     ( 2.16.840.1.101.2.2.3.34 NAME 'orgACP127'
          SUP 2.16.840.1.101.2.2.3.47  ; plaACP127
          MAY ( 2.16.840.1.101.2.2.1.53 $  ; accountingCode
               2.16.840.1.101.2.2.1.4 $  ; associatedOrganization
               2.5.4.6 $  ; c
               2.16.840.1.101.2.2.1.54 $  ; dualRoute
               2.16.840.1.101.2.2.1.56 $  ; entryClassification
               2.5.4.7 $  ; l
               2.16.840.1.101.2.2.1.63 $  ; longTitle
               2.16.840.1.101.2.2.1.64 $  ; minimize
               2.16.840.1.101.2.2.1.65 $  ; minimizeOverride
               2.16.840.1.101.2.2.1.67 $  ; nameClassification
               2.16.840.1.101.2.2.1.77 $  ; rI
               2.16.840.1.101.2.2.1.79 $  ; rIInfo
               2.16.840.1.101.2.2.1.81 $  ; section
               2.5.4.8 $  ; st
               2.16.840.1.101.2.2.1.87 ) )  ; tARE

2.20  otherContactInformation Object Class

     The otherContactInformation object class provides for additional
     telephone, location, and mailbox information in directory entries.

     ( 2.16.840.1.101.2.2.3.62 NAME 'otherContactInformation'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MAY ( 2.16.840.1.101.2.2.1.94 $  ; aCPMobileTelephoneNumber
               2.16.840.1.101.2.2.1.95 $  ; aCPPagerTelephoneNumber
               2.16.840.1.101.2.2.1.108 $  ; aCPPreferredDelivery
               2.16.840.1.101.2.2.1.118 $  ; mailDomains


DALLY                   Expires 22 March 2001                  [Page 15]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


               2.16.840.1.101.2.2.1.119 $  ; militaryFacsimileNumber
               2.16.840.1.101.2.2.1.120 $  ; militaryTelephoneNumber
               2.16.840.1.101.2.2.1.126 $  ; proprietaryMailboxes
               0.9.2342.19200300.100.1.6 $  ; roomNumber
               2.16.840.1.101.2.2.1.127 $  ; secureFacsimileNumber
               2.16.840.1.101.2.2.1.128 ) )  ; secureTelephoneNumber

2.21  pkiCA Object Class

     The pkiCA object class is used to represent Certification Authorities.

     ( 2.5.6.22 NAME 'pkiCA'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MAY ( 2.5.4.37 $  ; cACertificate
                2.5.4.39 $  ; certificateRevocationList
                2.5.4.38 $  ; authorityRevocationList
                2.5.4.40 ) )  ; crossCertificatePair

2.22  pkiUser Object Class

     The pkiUser object class is used to represent certificate
     subjects.  A certificate subject is a human or other type of
     directory user to which a certificate has been issued.

     ( 2.5.6.21 NAME 'pkiUser'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MAY 2.5.4.36 )  ; userCertificate

2.23  plaACP127 Object Class

     The plaACP127 object class provides for the general PLA attributes
     common to general service (GENSER) PLA entries, all of which
     inherit this class.

     ( 2.16.840.1.101.2.2.3.47 NAME 'plaACP127'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MUST 2.16.840.1.101.2.2.1.70  ; plaNameACP127

          MAY ( 2.16.840.1.101.2.2.1.52 $  ; community
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 $  ; expirationDate
               2.16.840.1.101.2.2.1.68 $  ; nationality
               2.16.840.1.101.2.2.1.74 $  ; publish
               2.16.840.1.101.2.2.1.76 $  ; remarks
               2.16.840.1.101.2.2.1.82 ) )  ; serviceOrAgency






DALLY                   Expires 22 March 2001                  [Page 16]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


2.24  plaCollectiveACP127 Object Class

     The plaCollectiveACP127 object class is used to define the entry
     for an ACP 127/JANAP 128 [4]/[5] Address Indicator Group (AIG)
     distribution list or Type distribution list.  This object class is
     a subclass of the plaACP127 auxiliary object class.

     ( 2.16.840.1.101.2.2.3.35 NAME 'plaCollectiveACP127'
          SUP 2.16.840.1.101.2.2.3.47  ; plaACP127
          MUST 2.16.840.1.101.2.2.1.51  ; cognizantAuthority
          MAY ( 2.16.840.1.101.2.2.1.46 $  ; actionAddressees
               2.16.840.1.101.2.2.1.50 $  ; allowableOriginators
               2.16.840.1.101.2.2.1.113 $  ; associatedAL
               2.5.4.13 $  ; description
               2.16.840.1.101.2.2.1.56 $  ; entryClassification
               2.16.840.1.101.2.2.1.59 $  ; infoAddressees
               2.16.840.1.101.2.2.1.60 $  ; lastRecapDate
               2.16.840.1.101.2.2.1.75 ) )  ; recapDueDate

2.25  plaData Object Class

     The plaData object class contains attributes common to Special
     Intelligence (SI) PLAs.

     ( 2.16.840.1.101.2.2.3.26 NAME 'plaData'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MAY ( 2.16.840.1.101.2.2.1.52 $  ; community
               2.5.4.13 $  ; description
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

2.26  plaUser Object Class

     The plaUser object class contains the name of a PLA's directory
     entry and, optionally, Routing Indicator (RI) for addressing
     that PLA.

     ( 2.16.840.1.101.2.2.3.56 NAME 'plaUser'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MUST 2.16.840.1.101.2.2.1.70  ; plaNameACP127
          MAY 2.16.840.1.101.2.2.1.79 )  ; rIInfo

2.27  releaseAuthorityPerson Object Class

     The releaseAuthorityPerson object class is used to define the
     entry for a role of release authority who releases organizational
     messages on behalf of an organization.  Whereas organizations
     originate their organizational messages, it is the job of the
     release authority to sign the messages.  Release authorities do
     not send individual messages and do not receive messages.


DALLY                   Expires 22 March 2001                  [Page 17]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     Note that this object class may become obsolete, depending on the
     resolution of CMI issues.

     ( 2.16.840.1.101.2.2.3.63 NAME 'releaseAuthorityPerson'
          SUP.2.16.840.1.101.2.1.4.13  ; secure-user
          MUST 2.16.840.1.101.2.2.1.45 )  ; releaseAuthorityName

2.28  releaseAuthorityPersonA Object Class

     The releaseAuthorityPersonA object class is used to define the
     entry for a role of release authority who releases organizational
     messages on behalf of an organization.  Whereas organizations
     originate their organizational messages, it is the job of the
     release authority to sign the messages.  Release authorities do
     not send individual messages and do not receive messages.

     ( 2.16.840.1.101.2.2.3.65 NAME 'releaseAuthorityPersonA'
          SUP.2.16.840.1.101.2.2.3.66  ; securePkiUser
          MUST 2.16.840.1.101.2.2.1.45 )  ; releaseAuthorityName

2.29  routingIndicator Object Class

     The routingIndicator object class is used to define an entry for
     a RI and is a subclass of the plaData auxiliary object class.

     ( 2.16.840.1.101.2.2.3.37 NAME 'routingIndicator'
          SUP 2.16.840.1.101.2.2.3.26  ; plaData
          MUST 2.16.840.1.101.2.2.1.77  ; rI
          MAY ( 2.16.840.1.101.2.2.1.62 $  ; lmf
               2.6.5.2.0 $  ; mhs-maximum-content-length
               2.16.840.1.101.2.2.1.68 $  ; nationality
               2.16.840.1.101.2.2.1.74 $  ; publish
               2.16.840.1.101.2.2.1.78 $  ; rIClassification
               2.16.840.1.101.2.2.1.83 $  ; sHD
               2.16.840.1.101.2.2.1.96 $  ; tCC
               2.16.840.1.101.2.2.1.69 $  ; transferStation
               2.16.840.1.101.2.2.1.97 ) )  ; tRC

2.30  secure-user Object Class

     The secure-user object class is used in defining directory entries
     that include credentials for users.  It is a subclass of the
     strongAuthenticationUser object class, defined in X.521 [8], which
     provides for a user certificate.

     Note that this object class may become obsolete, depending on the
     resolution of CMI issues.

     ( 2.16.840.1.101.2.1.4.13 NAME 'secure-user'
          SUP 2.5.6.15  ; strongAuthenticationUser
          AUXILIARY



DALLY                   Expires 22 March 2001                  [Page 18]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


          MAY ( 2.5.6.58 $  ; attributeCertificate
               2.5.4.52 ) )  ; supportedAlgorithms

2.31  securePkiUser Object Class

     The securePkiUser (Public Key Infrastructure) object class is used
     in defining directory entries that include credentials for ACP 123
     [6] users.  It is a subclass of the pkiUser object class, defined
     in RFC 2587 [9], which provides for a user certificate.

     ( 2.16.840.1.101.2.2.3.66 NAME 'securePkiUser'
          SUP 2.5.6.21  ; pkiUser
          AUXILIARY
          MAY ( 2.5.6.58 $  ; attributeCertificate
               2.5.4.52 ) )  ; supportedAlgorithms

2.32  sigintPLA Object Class

     The sigintPLA (Signal Intelligence) object class is used to
     represent sensitive SI PLAs.  This object class is a subclass of
     the plaData auxiliary object class.

     ( 2.16.840.1.101.2.2.3.38 NAME 'sigintPLA'
          SUP 2.16.840.1.101.2.2.3.26  ; plaData
          MUST 2.16.840.1.101.2.2.1.85  ; sigad
          MAY ( 2.5.4.7 $  ; l
               2.16.840.1.101.2.2.1.68 $  ; nationality
               2.16.840.1.101.2.2.1.74 $  ; publish
               2.16.840.1.101.2.2.1.76 $  ; remarks
               2.16.840.1.101.2.2.1.77 $  ; rI
               2.16.840.1.101.2.2.1.84 ) )  ; shortTitle

2.33  sIPLA Object Class

     The sIPLA object class is used to define the entry for a single
     Special Intelligence (SI) messaging user.  This object class is a
     subclass of the plaData auxiliary object class.

     ( 2.16.840.1.101.2.2.3.39 NAME 'sIPLA'
          SUP 2.16.840.1.101.2.2.3.26  ; plaData
          MUST 2.16.840.1.101.2.2.1.63  ; longTitle
          MAY ( 2.5.4.7 $  ; l
               2.16.840.1.101.2.2.1.68 $  ; nationality
               2.16.840.1.101.2.2.1.74 $  ; publish
               2.16.840.1.101.2.2.1.76 $  ;remarks
               2.16.840.1.101.2.2.1.77 $  ; rI
               2.16.840.1.101.2.2.1.84 $  ; shortTitle
               2.16.840.1.101.2.2.1.85 ) )  ; sigad






DALLY                   Expires 22 March 2001                  [Page 19]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


2.34  spotPLA Object Class

     The spotPLA object class is used to define an entry for a special
     products distribution list.  This object class is a subclass of
     the plaData auxiliary object class.

     ( 2.16.840.1.101.2.2.3.40 NAME 'spotPLA'
          SUP 2.16.840.1.101.2.2.3.26  ; plaData
          MUST 2.16.840.1.101.2.2.1.86  ; spot
          MAY ( 2.16.840.1.101.2.2.1.46 $  ; actionAddressees
               2.16.840.1.101.2.2.1.47 $  ; additionalAddressees
               2.16.840.1.101.2.2.1.48 $  ; additionalSecondPartyAddressees
               2.6.5.2.4 $  ; mhs-dl-submit-permissions
               2.16.840.1.101.2.2.1.76 $  ; remarks
               2.16.840.1.101.2.2.1.80 ) )  ; secondPartyAddressees

2.35  taskForceACP127 Object Class

     The taskForceACP127 object class is used to define a directory
     entry for an ACP 127/JANAP 128 [4]/[5] task force distribution
     list.  This object class is a subclass of the plaACP127 auxiliary
     object class.

     ( 2.16.840.1.101.2.2.3.41 NAME 'taskForceACP127'
          SUP 2.16.840.1.101.2.2.3.47  ; plaACP127
          MUST ( 2.16.840.1.101.2.2.1.51 $  ; cognizantAuthority
               2.16.840.1.101.2.2.1.60 $  ; lastRecapDate
               2.16.840.1.101.2.2.1.75  ; recapDueDate)
          MAY ( 2.16.840.1.101.2.2.1.113 $  ; associatedAL
               2.16.840.1.101.2.2.1.56 $  ; entryClassification
               2.16.840.1.101.2.2.1.71 ) )  ; plaAddressees

2.36  tenantACP127 Object Class

     The tenantACP127 object class is used to define a directory entry
     that represents a tenant PLA.  This object class is a subclass of
     the plaACP127 auxiliary object class.

     ( 2.16.840.1.101.2.2.3.42 NAME 'tenantACP127'
          SUP 2.16.840.1.101.2.2.3.47  ; plaACP127
          MUST 2.16.840.1.101.2.2.1.58  ; hostOrgACP127
          MAY ( 2.16.840.1.101.2.2.1.56 $  ; entryClassification
               2.16.840.1.101.2.2.1.87 ) )  ; tARE

2.37  ukms Object Class

     The ukms object class contains the monthly values of user keying
     material (UKM) used in the construction of selected CCEB symmetric
     confidentiality algorithms.





DALLY                   Expires 22 March 2001                  [Page 20]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.1.4.16 NAME 'ukms'
          SUP 2.5.6.0  ; top
          AUXILIARY
          MAY ( 2.16.840.1.101.2.1.5.20 $  ; janUKMs
               2.16.840.1.101.2.1.5.21 $  ; febUKMs
               2.16.840.1.101.2.1.5.22 $  ; marUKMs
               2.16.840.1.101.2.1.5.23 $  ; aprUKMs
               2.16.840.1.101.2.1.5.24 $  ; mayUKMs
               2.16.840.1.101.2.1.5.25 $  ; junUKMs
               2.16.840.1.101.2.1.5.26 $  ; julUKMs
               2.16.840.1.101.2.1.5.27 $  ; augUKMs
               2.16.840.1.101.2.1.5.28 $  ; sepUKMs
               2.16.840.1.101.2.1.5.29 $  ; octUKMs
               2.16.840.1.101.2.1.5.30 $  ; novUKMs
               2.16.840.1.101.2.1.5.31 ) )  ; decUKMs







































DALLY                   Expires 22 March 2001                  [Page 21]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.  ATTRIBUTE TYPES

3.1  accessCodes Attribute

     The accessCodes attribute value gives the coding of how to reach
     one network from another.  Additional instructions for the use of
     this access code are contained in a description attribute in the
     same entry.  For example, in a private telephone network, the user
     could be required to dial "8" to reach other users in a different
     city or to dial "9" to exit the private network.

     ( 2.16.840.1.101.2.2.1.106 NAME 'accessCodes'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )  ; Printable String

3.2  accountingCode Attribute

     The accountingCode attribute value is a character string used in
     logistics applications to identify an organization uniquely.  One
     example is the U.S. Department of Defense Activity Accounting Code
     (DODAAC).

     ( 2.16.840.1.101.2.2.1.53 NAME 'accountingCode'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{7} )  ; Printable String

3.3  aCPLegacyFormat Attribute

     The aCPLegacyFormat provides the specific message format type used
     when the value of the aCPPreferredDelivery attribute is ACP127(1).

     ( 2.16.840.1.101.2.2.1.142 NAME 'aCPLegacyFormat'
          SYNTAX 2.16.840.1.101.2.2.2.17  ; ACPLegacyFormat
          SINGLE-VALUE )

3.4  aCPMobileTelephoneNumber Attribute

     The aCPMobileTelephoneNumber attribute value identifies a mobile
     telephone number for the object represented by the directory entry
     that contains this attribute.

     ( 2.16.840.1.101.2.2.1.94 NAME 'aCPMobileTelephoneNumber'
          SUP 2.5.4.20 )  ; telephoneNumber

3.5  aCPNetwAccessSchemaEdB Attribute

     The aCPNetwAccessSchemaEdB attribute value is a schematic representation
     used to complete the access information from one network to
     another in the case of a complex connection.  (Many connections
     are not complex enough to need such a description and in that case
     the attribute would not be populated.)



DALLY                   Expires 22 March 2001                  [Page 22]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.2.1.146 NAME 'aCPNetwAccessSchemaEdB'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )  ; JPEG

3.6  aCPNetworkSchemaEdB Attribute

     The aCPNetworkSchemaEdB attribute value is a graphical
     representation of a network.  It describes the structure of the
     network and details any rules associated with that network.

     ( 2.16.840.1.101.2.2.1.147 NAME 'aCPNetworkSchemaEdB'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )  ; JPEG

3.7  aCPPagerTelephoneNumber Attribute

     The aCPPagerTelephoneNumber attribute identifies a telephone
     number for a pager associated with the object represented by the
     directory entry.

     ( 2.16.840.1.101.2.2.1.95 NAME 'aCPPagerTelephoneNumber'
          SUP 2.5.4.20 )  ; telephoneNumber

3.8  aCPPreferredDelivery Attribute

     The aCPPreferredDelivery attribute value is used to determine the
     messaging system a user, represented by the directory entry,
     prefers for message delivery.  The possible values are:
     "ACP 127", "SMTP" or "MHS".  "MHS" signifies either standard X.400
     (1984 or 1988) or ACP 123-compliant X.400.

     ( 2.16.840.1.101.2.2.1.108 NAME 'aCPPreferredDelivery'
          SYNTAX 2.16.840.1.101.2.2.2.6  ; ACP Preferred Delivery syntax
          SINGLE-VALUE )

3.9  aCPTelephoneFaxNumber ATTRIBUTE

     The aCPTelephoneFaxNumber attribute is defined for use as a
     supertype in defining the attributes:

          militaryFacsimileNumber
          militaryTelephoneNumber
          secureFacsimileNumber
          secureTelephoneNumber

     A value of the aCPTelephoneFaxNumber attribute and the attributes
     defined as its subtypes is a telephone number that is used for
     military purposes and is associated with an object represented by
     the directory entry.  For example, a person may have a telephone,
     equipped with a STU III (Secure Telephone Unit) device, on the
     Public Switched Telephone Network (PSTN).





DALLY                   Expires 22 March 2001                  [Page 23]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.2.1.109 NAME 'aCPTelephoneFaxNumber'
          EQUALITY 2.5.13.20  ; telephoneNumberMatch
          SUBSTR 2.5.13.21  ; telephoneNumberSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.1 )  ; ACPTelephoneFaxNumberSyntax

     The attribute value for an ACP telephone number contains the
     following substrings which are separated by commas (i.e., ","):

          network or site identifier
          telephone number
          security device identifier

     The maximum size of the network or site identifier substring is
     six characters.  In the example, the string "PSTN" would be the
     value of this identifier.

     For the telephone number substring, if the network is the PSTN,
     then the format shall be as for a Telephone Number as defined in
     X.520 [10] (i.e., CCITT E.123).  Extension numbers shall be
     preceded by "ext." or other nationally defined equivalent.  The
     maximum length of this substring is 32 characters.  In the
     example, the string "+1 555 222 ext. 34" could be the value of
     the telephone number.

     The maximum size of the security device identifier substring is
     eight characters.  In the example, the string "STU III" would be
     the value of this identifier.

     The complete example value would be "PSTN, +1 555 222 ext. 34,
     STU III".

     The security device (and preceding substring separator ",") is
     present only if the military telephone number is secured (i.e.,
     attribute subtypes secureTelephoneNumber or secureFacsimileNumber).

     Note that the equality and substring matching rule for this
     attribute is not case sensitive and the substring matching rule is
     case sensitive.  Thus, it is recommended that the network/site
     identifier and security device identifier are in upper case.

3.10  actionAddressees Attribute

     An actionAddressees attribute value is the list of action
     addressees of an ACP 127/JANAP 128 [4]/[5] collective, for
     example, an AIG.  An action addressee is expected to take action
     appropriate on the message content, whereas an information
     addressee receives the message for informational purposes only.

     ( 2.16.840.1.101.2.2.1.46 NAME 'actionAddressees'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SUBSTR 2.5.13.12  ; caseIgnoreListSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.2 )  ; Addressees syntax


DALLY                   Expires 22 March 2001                  [Page 24]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.11  additionalAddressees Attribute

     The additionalAddressees attribute value is a list of addressees
     to be added to the actionAddressees list (value of the
     actionAddressees attribute) under circumstances identified in the
     remarks attribute in the same directory entry.

     ( 2.16.840.1.101.2.2.1.47 NAME 'additionalAddressees'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SUBSTR 2.5.13.12  ; caseIgnoreListSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.2 )  ; Addressees syntax

3.12  additionalSecondPartyAddressees Attribute

     The additionalSecondPartyAddressees attribute value is a list of
     addressees to be added to the secondPartyAddressees list (value
     of the secondPartyAddressees attribute) under circumstances
     identified in the remarks attribute in the same directory entry.

     ( 2.16.840.1.101.2.2.1.48 NAME 'additionalSecondPartyAddressees'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SUBSTR 2.5.13.12  ; caseIgnoreListSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.2 )  ; Addressees syntax

3.13  adminConversion ATTRIBUTE

     The adminConversion attribute provides for using an abbreviation
     of the organization's administrative title as an administrative
     message address.

     ( 2.16.840.1.101.2.2.1.143 NAME 'adminConversion'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  ; DirectoryString
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4 )  ; caseIgnoreSubstringsMatch

3.14  administrator Attribute

     The administrator attribute value represents the entity
     responsible for the operation of a component when it is different
     from the owner of the component.  For example, the owner may be
     a domain.

     ( 2.16.840.1.101.2.2.1.110 NAME 'administrator'
          SUP 2.5.4.49 )  ; distinguishedName

3.15  aigsExpanded Attribute

     The aigsExpanded attribute values are the names of the AIGs
     expanded by a messaging gateway.

     ( 2.16.840.1.101.2.2.1.111 NAME 'aigsExpanded'
          SUP 2.5.4.49 )  ; distinguishedName


DALLY                   Expires 22 March 2001                  [Page 25]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.16  aLExemptedAddressProcessor Attribute

     The aLExemptedAddressProcessor attribute value is the ORName of
     the address list processor for the address list where exempted
     addresses are removed.

     ( 2.16.840.1.101.2.1.5.47 'aLExemptedAddressProcessor'
          SYNTAX 2.16.840.1.101.2.2.2.10  ; O/R Name syntax
          SINGLE-VALUE )

3.17  aliasPointer Attribute

     The aliasPointer attribute type value points to alias directory
     entries which might have to be modified if the directory entry
     containing this attribute is modified.  It is intended to be used
     to maintain data consistency in the Directory Information
     Base (DIB).

     ( 2.16.840.1.101.2.2.1.49 NAME 'aliasPointer'
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )  ; DN

3.18  alid Attribute

     The alid attribute value is the AL key material identifier.

     ( 2.16.840.1.101.2.1.5.14 NAME 'alid'
          EQUALITY 2.5.13.17  ; octetStringMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )  ; Kmid = Octet String

3.19  allowableOriginators Attribute

     The allowableOriginators attribute value is the name of an
     ACP 127/JANAP 128 [4]/[5] collective that contains the list of
     PLAs that are allowed to originate messages to this list.

     ( 2.16.840.1.101.2.2.1.50 NAME 'allowableOriginators'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SUBSTR 2.5.13.12  ; caseIgnoreListSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.2 )  ; Addressees syntax

3.20  aLReceiptPolicy Attribute

     The aLReceiptPolicy attribute value indicates address list's
     signed receipt policy.  This receipt policy supersedes the
     originator's request for signed receipts (see ACP 120 [11]).

     ( 2.16.840.1.101.2.2.1.135 NAME 'aLReceiptPolicy'
          SYNTAX 2.16.840.1.101.2.2.2.9  ; MLReceiptPolicy
          SINGLE-VALUE )




DALLY                   Expires 22 March 2001                  [Page 26]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.21  alternateRecipient Attribute

     The alternateRecipient attribute is used to designate an X.400
     alternate recipient for a messaging user.  It could be used by an
     X.400 message originator to create an originator-assigned alternate
     recipient address to be used by the MTS, if delivery to the
     addressed recipient fails.

     ( 2.16.840.1.101.2.2.1.3 NAME 'alternateRecipient'
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

3.22  aLType Attribute

     The aLType attribute value indicates the type of an address list
     from these possibilities:  AIG (Address Indicator Group), Type
     Organization Collective, CAD (Collective Address Designator), and
     Task Force.

     ( 2.16.840.1.101.2.2.1.112 NAME 'aLType'
          EQUALITY 2.5.13.14  ; integerMatch
          SYNTAX 2.16.840.1.101.2.2.2.8  ; Address List Type syntax
          SINGLE-VALUE )

3.23  aprUKMs Attribute

     The aprUKMs (User Key Materials) attribute value is used in the
     construction of selected symmetric confidentiality algorithms
     for the month of April.

     ( 2.16.840.1.101.2.1.5.23 NAME 'aprUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.24  associatedAL Attribute

     The associatedAL attribute value points to the address list object
     which replaces the ACP 127/JANAP 128 [4]/[5] task force PLA.  It
     assists in the transition from ACP 127/JANAP 128 [4]/[5] to X.400
     addressing and the associated transition from the use of ACP 127/
     JANAP 128 [4]/[5] collectives to the use of address lists.

     ( 2.16.840.1.101.2.2.1.113 NAME 'associatedAL'
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

3.25  associatedOrganization Attribute

     The associatedOrganization attribute value points to the
     organizationalUnit directory entry which represents the same


DALLY                   Expires 22 March 2001                  [Page 27]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     organizational messaging entity as the PLA directory entry
     containing this attribute.

     ( 2.16.840.1.101.2.2.1.4 NAME 'associatedOrganization'
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

3.26  associatedPLA Attribute

     The associatedPLA attribute value points to the ACP 127/JANAP 128
     [4]/[5] directory entry for the same messaging entity as
     represented by the Organizational Unit directory entry containing
     this attribute.

     ( 2.16.840.1.101.2.2.1.6 NAME 'associatedPLA'
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

3.27  augUKMs Attribute

     The augUKMs attribute value is used in the construction of selected
     symmetric confidentiality algorithms for the month of August.

     ( 2.16.840.1.101.2.1.5.27 NAME 'augUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.28  buildingName Attribute

     A buildingName attribute value specifies the name of the building
     where an organization or organizational unit is based.  This
     attribute was originally defined in RFC 1274 [13].

     ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
              ; directoryString, minimum length is one.
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch )

3.29  cognizantAuthority Attribute

     The cognizantAuthority attribute value indicates the administrator
     for an ACP 127/JANAP 128 [4]/[5] collective.

     ( 2.16.840.1.101.2.2.1.51 NAME 'cognizantAuthority'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55}  ; Printable String
          SINGLE-VALUE )



DALLY                   Expires 22 March 2001                  [Page 28]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.30  collective-mhs-or-addresses Attribute

     The collective-mhs-or-addresses attribute value is a value of
     mhs-or-addresses that is applied at an administrative point.

     ( 2.16.840.1.101.2.2.1.134.1 NAME 'collective-mhs-or-addresses'
          SUP 2.6.5.2.6 )  ; mhs-or-addresses

3.31  collectiveMilitaryFacsimileNumber Attribute

     The collectiveMilitaryFacsimileNumber attribute value is a value of
     militaryFacsimileNumber that is applied at an administrative point.

     ( 2.16.840.1.101.2.2.1.119.1 NAME 'collectiveMilitaryFacsimileNumber'
          SUP 2.16.840.1.101.2.2.1.119 )  ; militaryFacsimileNumber

3.32  collectiveMilitaryTelephoneNumber Attribute

     The collectiveMilitaryTelephoneNumber attribute value is a value of
     militaryTelephoneNumber that is applied at an administrative point.

     ( 2.16.840.1.101.2.2.1.120.1 NAME 'collectiveMilitaryTelephoneNumber'
          SUP 2.16.840.1.101.2.2.1.120 )  ; militaryTelephoneNumber

3.33  collectiveNationality Attribute

     The collectiveNationality attribute value is a value of nationality
     that is applied at an administrative point.

     ( 2.16.840.1.101.2.2.1.68.1 NAME 'collectiveNationality'
          SUP 2.16.840.1.101.2.2.1.68 )  ; nationality

3.34  collectiveSecureFacsimileNumber Attribute

     The collectiveSecureFacsimileNumber attribute value is a value of
     secureFacsimileNumber that is applied at an administrative point.

     ( 2.16.840.1.101.2.2.1.127.1 NAME 'collectiveSecureFacsimileNumber'
          SUP 2.16.840.1.101.2.2.1.127 )  ; secureFacsimileNumber

3.35  collectiveSecureTelephoneNumber ATTRIBUTE

     The collectiveSecureTelephoneNumber attribute value is a value of
     secureTelephoneNumber that is applied at an administrative point.

     ( 2.16.840.1.101.2.2.1.128.1 NAME 'collectiveSecureTelephoneNumber'
          SUP 2.16.840.1.101.2.2.1.128 )  ; secureTelephoneNumber

3.36  community Attribute

     The community attribute value indicates whether an object belongs
     to the GENSER (R) or SI (Y) community or both (R/Y).


DALLY                   Expires 22 March 2001                  [Page 29]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.2.1.52 NAME 'community'
          SYNTAX 2.16.840.1.101.2.2.2.5  ; Community syntax
          SINGLE-VALUE )

3.37  copyMember Attribute

     The copyMember attribute value specifies a group of names
     associated with the object represented by the directory entry.
     In an address list directory entry, this attribute indicates the
     "copy" or "info" members of the list as opposed to "primary" or
     "action" members.

     ( 2.16.840.1.101.2.2.1.114 NAME 'copyMember'
          SUP 2.5.4.31 )  ; member

3.38  decUKMs Attribute

     The decUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of December.

     ( 2.16.840.1.101.2.1.5.31 NAME 'decUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE)

3.39  deployed ATTRIBUTE

     The deployed attribute value contains distinguished names of other
     directory entries that represent the same real world object in the
     field.  See the garrison attribute.

     ( 2.16.840.1.101.2.2.1.139 NAME 'deployed'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12  ; DistinguishedName
          EQUALITY 2.5.13.1 )  ; distinguishedNameMatch

3.40  distributionCodeAction Attribute

     The distributionCodeAction attribute values identify the
     distribution codes (including Subject Indicator Codes (SICs)) for
     which an organization, person, or role handles messages for action.

     ( 2.16.840.1.101.2.2.1.104 NAME 'distributionCodeAction'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )  ; DistributionCode =
                                                  ; PrintableString






DALLY                   Expires 22 March 2001                  [Page 30]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.41  distributionCodeInfo Attribute

     The distributionCodeInfo attribute values identify the
     distribution codes (including SICs) for which an organization,
     person, or role handles messages for information.

     ( 2.16.840.1.101.2.2.1.105 NAME 'distributionCodeInfo'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )  ; DistributionCode =
                                                  ; PrintableString

3.42  dualRoute Attribute

     The dualRoute attribute value indicates whether delivery of
     messages for an organization to both the home and deployed sites
     is required.  If set to TRUE, dual delivery is required.

     ( 2.16.840.1.101.2.2.1.54 NAME 'dualRoute'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  ;
          SINGLE-VALUE )

3.43  effectiveDate Attribute

     The effectiveDate attribute value indicates when the directory
     entry is to become valid.

     ( 2.16.840.1.101.2.2.1.55 NAME 'effectiveDate'
          EQUALITY 2.5.13.27  ; generalizedTimeMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.24  ; GeneralizedTime
          SINGLE-VALUE )

3.44  entryClassification Attribute

     The entryClassification attribute value indicates the
     classification of the directory entry that contains this
     attribute.  The possible values are:  unmarked, unclassified,
     restricted, confidential, secret, and top secret.

     ( 2.16.840.1.101.2.2.1.56 NAME 'entryClassification'
          SYNTAX 2.16.840.1.101.2.2.2.4)  ; Classification syntax

3.45  expirationDate Attribute

     The expirationDate attribute value indicates the time at which the
     directory entry becomes invalid.

     ( 2.16.840.1.101.2.2.1.57 NAME 'expirationDate'
          EQUALITY 2.5.13.27  ; generalizedTimeMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.24  ; GeneralizedTime
          SINGLE-VALUE )


DALLY                   Expires 22 March 2001                  [Page 31]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.46  febUKMs Attribute

     The febUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of February.

     ( 2.16.840.1.101.2.1.5.21 NAME 'febUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.47  garrison ATTRIBUTE

     The garrison attribute value contains distinguished names of other
     directory entries that represent the same real world object in
     garrison.  See the deployed attribute.

     ( 2.16.840.1.101.2.2.1.140 NAME 'garrison'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12  ; DistinguishedName
          EQUALITY 2.5.13.1 )  ; distinguishedNameMatch

3.48  gatewayType Attribute

     The gatewayType attribute value is used to indicate the
     translations a messaging gateway is capable of performing.  The
     translations that can be indicated are:

          acp120-acp127-gateway
          acp120-janap128-gateway
          acp120-mhs-gateway
          acp120-mmhs-gateway
          acp120-rfc822-gateway
          boundary MTA
          mmhs-mhs-gateway
          mmhs-rfc822-gateway
          mta-acp127-gateway

     ( 2.16.840.1.101.2.2.1.115 NAME 'gatewayType'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID

3.49  ghpType Attribute

     The ghpType attribute value is used to indicate the gateway
     handling policy of an mta-acp127-gateway defined in
     STANAG 4406 [12].

     ( 2.16.840.1.101.2.2.1.116 NAME 'ghpType'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID



DALLY                   Expires 22 March 2001                  [Page 32]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.50  guard Attribute

     The guard attribute value indicates the Name(s) of the
     Guard Gateway.

     ( 2.16.840.1.101.2.2.1.117 NAME 'guard'
          SUP 2.5.4.49 )  ; distinguishedName

3.51  host Attribute

     The host attribute value gives an identifier for a host computer,
     as defined in the COSINE and Internet X.500 Schema, RFC 1274 [13].
     ( 0.9.2342.19200300.100.1.9 NAME 'host'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )  ; DirectoryString
                        ; limited to TeletexString or PrintableString

3.52  hostOrgACP127 Attribute

     The hostOrgACP127 attribute value of a tenant PLA identifies the
     PLA for the organization which accepts traffic for a tenant.

     ( 2.16.840.1.101.2.2.1.58 NAME 'hostOrgACP127'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55}  ; PrintableString
          SINGLE-VALUE )

3.53  infoAddressees Attribute

     The infoAddressees attribute value of an ACP 127/JANAP 128 [4]/[5]
     collective contains the list of information addressees of
     the collective.

     ( 2.16.840.1.101.2.2.1.59 NAME 'infoAddressees'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SUBSTR 2.5.13.12  ; caseIgnoreListSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.2 )  ; Addressees syntax

3.54  janUKMs Attribute

     The janUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of January.

     ( 2.16.840.1.101.2.1.5.20 NAME 'janUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )



DALLY                   Expires 22 March 2001                  [Page 33]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.55  julUKMs Attribute

     The julUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of July.

     ( 2.16.840.1.101.2.1.5.26 NAME 'julUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.56  junUKMs ATTRIBUTE

     The junUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of June.

     ( 2.16.840.1.101.2.1.5.25 NAME 'junUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.57  lastRecapDate Attribute

     The lastRecapDate attribute value indicates when a list was last
     recapped or validated.

     ( 2.16.840.1.101.2.2.1.60 NAME 'lastRecapDate'
          EQUALITY 2.5.13.27  ; generalizedTimeMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.24  ; GeneralizedTime
          SINGLE-VALUE )

3.58  listPointer Attribute

     The listPointer attribute value is used to point to address list
     directory entries which might have to be modified if the entry
     containing this attribute is modified.  It is intended to be used
     to maintain data consistency in the DIB.

     ( 2.16.840.1.101.2.2.1.61 NAME 'listPointer'
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )  ; DistinguishedName

3.59  lmf Attribute

     The lmf (Language and Media Format) attribute value indicates the
     language and media format that can be accepted between the two
     communicating end-systems.  Possible values include:




DALLY                   Expires 22 March 2001                  [Page 34]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


          T     tape
          A     ASCII (American Standard Code for Information
                Interchange)
          C     card, etc.

     ( 2.16.840.1.101.2.2.1.62 NAME 'lmf'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{1}
          SINGLE-VALUE )

3.60  longTitle Attribute

     The longTitle attribute value is the expanded form of an
     organization's PLA.

     ( 2.16.840.1.101.2.2.1.63 NAME 'longTitle'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{255}  ; PrintableString
          SINGLE-VALUE )

3.61  mailDomains Attribute

     The mailDomains attribute value is a string, which provides
     information on the domains that the messaging gateway will bridge.

     ( 2.16.840.1.101.2.2.1.118 NAME 'mailDomains'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )  ; DirectoryString

3.62  marUKMs Attribute

     The marUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of May.

     ( 2.16.840.1.101.2.1.5.22 NAME 'marUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.63  mayUKMs Attribute

     The mayUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of May.

     ( 2.16.840.1.101.2.1.5.24 NAME 'mayUKMs'
           SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating


DALLY                   Expires 22 March 2001                  [Page 35]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.64  mhs-acceptable-eits Attribute

     The mhs-acceptable-eits attribute value identifies a set of EITs
     for messages.  The user or distribution list, represented by the
     directory entry, will accept delivery of or expand a message in
     which any one of these eits is present.

     ( 2.6.5.2.17 NAME 'mhs-acceptable-eits'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID
                    ; ExtendedEncodedInformationType = object identifier

3.65  mhs-deliverable-classes Attribute

     The mhs-deliverable-classes attribute value identifies the classes
     of messages whose delivery a UA, represented by the directory
     entry, will accept.

     ( 2.6.5.2.19 NAME 'mhs-deliverable-classes'
          EQUALITY 2.6.5.4.2  ; capabilityMatch
          SYNTAX 2.16.840.1.101.2.2.2.13 )  ; Capability syntax

3.66  mhs-deliverable-content-types Attribute

     The mhs-deliverable-content-types attribute values identify the
     content types of the messages whose delivery the user, represented
     by the directory entry, will accept.

     ( 2.6.5.2.1 NAME 'mhs-deliverable-content-types'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.4.1.4.1.1466.115.121.1.38 )  ; ExtendedContentType
                                                  ; = object identifier

3.67  mhs-dl-archive-service Attribute

     The mhs-dl-archive-service attribute value identifies a service
     from which a user may request copies of messages previously
     distributed by the address list represented by the directory entry.

     ( 2.6.5.2.12 NAME 'mhs-dl-archive-service'
          EQUALITY 2.6.5.4.0  ; oRNameExactMatch
          SYNTAX 2.16.840.1.101.2.2.2.10 )  ; O/R Name syntax

3.68  mhs-dl-members Attribute

     The mhs-dl-members attribute value is an OR-name which identifies
     a member of the DL.  This attribute may have multiple values each
     of which identifies one member of the DL.  When a DL is expanded,



DALLY                   Expires 22 March 2001                  [Page 36]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     each of the values of this attribute becomes a recipient of
     the message.

     ( 2.6.5.2.3 NAME 'mhs-dl-members'
          EQUALITY 2.6.5.4.0  ; oRNameExactMatch
          SYNTAX 2.16.840.1.101.2.2.2.10 )  ; O/R Name syntax

3.69  mhs-dl-policy Attribute

     The mhs-dl-policy attribute value identifies the choice of policy
     options to be applied when expanding the address list represented
     by the directory entry.

     ( 2.6.5.2.13 NAME 'mhs-dl-policy'
          SYNTAX 2.16.840.1.101.2.2.2.14  ; DLPolicy syntax
          SINGLE-VALUE )

3.70   mhs-dl-related-lists Attribute

     The mhs-dl-related-lists attribute value identifies other address
     lists which are, in some unspecified way, related to the address
     list represented by the directory entry.

     ( 2.6.5.2.14 NAME 'mhs-dl-related-lists'
          SUP 2.5.4.49  ; DistinguishedName
          EQUALITY 2.5.13.1  ; distinguishedNameMatch )

3.71 mhs-dl-submit-permissions Attribute

     The mhs-dl-submit-permissions attribute values identify the users
     and address lists that may submit messages to the address list
     represented by the directory entry.

     ( 2.6.5.2.4 NAME 'mhs-dl-submit-permissions'
          SYNTAX 2.16.840.1.101.2.2.2.15 )  ; DLSubmitPermission syntax

3.72  mhs-dl-subscription-service Attribute

     The mhs-dl-subscription-service attribute value identifies a
     service of which a user may request changes to the membership of
     the address list represented by the directory entry, (e.g., for a
     user to request to be added to the address list).

     ( 2.6.5.2.15 NAME 'mhs-dl-subscription-service'
          EQUALITY 2.6.5.4.0  ; oRNameExactMatch
          SYNTAX 2.16.840.1.101.2.2.2.10 )  ; O/R Name syntax

3.73  mhs-exclusively-acceptable-eits Attribute

     The mhs-exclusively-acceptable-eits attribute value identifies a
     set of EITs for messages.  The user or distribution list,
     represented by the directory entry, will accept delivery of or


DALLY                   Expires 22 March 2001                  [Page 37]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     expand a message in which all of these EITs
     are present.

     ( 2.6.5.2.2 NAME 'mhs-exclusively-acceptable-eits'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID
                    ; ExtendedEncodedInformationType = object identifier

3.74  mhs-maximum-content-length Attribute

     The mhs-maximum-content-length attribute value identifies the
     maximum content length of the messages that can be handled by the
     object represented by the directory entry.  The object is a user
     to whom the message would be delivered, an address list for which
     expansion would be performed on the message, or an MTA to which
     the message would be acceptable.

     ( 2.6.5.2.0 NAME 'mhs-maximum-content-length'
          EQUALITY 2.5.13.14  ; integerMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  ; ContentLength = INTEGER
          SINGLE-VALUE )

3.75  mhs-message-store-dn Attribute

     The mhs-message-store-dn attribute value identifies by directory
     name the message store of the user represented by the
     directory entry.

     ( 2.6.5.2.5 NAME 'mhs-message-store-dn'
          SUP 2.5.4.49  ; distinguishedName
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SINGLE-VALUE )

3.76  mhs-or-addresses Attribute

     The mhs-or-addresses attribute values specify the O/R addresses of
     the user or address list represented by the directory entry.

     ( 2.6.5.2.6 NAME 'mhs-or-addresses'
          EQUALITY 2.6.4.8.14  ; oRAddressMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.33 )  ; MHS OR Address syntax

3.77  mhs-or-addresses-with-capabilities Attribute

     The mhs-or-addresses-with-capabilities attribute values specify
     the O/R addresses and the messaging capabilities associated with
     each address of the user or address list represented by the
     directory entry.

     Recognized security labels are identified in ACP 123 [6].




DALLY                   Expires 22 March 2001                  [Page 38]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     Information about availability and nationality will be included
     in the description.

     If the address is served by a foreign nation, the International
     Standard Organization 3166 [14] code of the country shall be
     entered first.

     If an OR-address is not operational on a 24 by 7 basis, the normal
     daily schedule shall be given in start and stop times for each day
     of operation.  Planned down time also shall be given in start and
     stop time.

     ( 2.6.5.2.16 NAME 'mhs-or-addresses-with-capabilities'
          EQUALITY 2.6.5.4.1  ; addressCapabilitiesMatch
          SYNTAX 2.16.840.1.101.2.2.2.16 )  ; AddressCapabilities syntax

3.78  mhs-supported-attributes Attribute

     The mhs-supported-attributes attribute values identify the
     attributes that the message store, represented by the directory
     entry, fully supports.

     ( 2.6.5.2.10 NAME 'mhs-supported-attributes'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID
               ; MS-ATTRIBUTE.&id ({AttributeTable}) = object identifier

3.79  mhs-supported-automatic-actions Attribute

     The mhs-supported-automatic-actions attribute values identify the
     automatic actions that the message store, represented by the
     directory entry, supports.

     ( 2.6.5.2.8 NAME 'mhs-supported-automatic-actions'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID
               ; AUTO-ACTION.&id ({AutoActionTable}) = object identifier

3.80  mhs-supported-content-types Attribute

     The mhs-supported-content-types attribute values identify the
     content types of the messages whose syntax and semantics the
     message store, represented by the directory entry, supports.

     ( 2.6.5.2.9 NAME 'mhs-supported-content-types'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID
                             ; ExtendedContentType = object identifier






DALLY                   Expires 22 March 2001                  [Page 39]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.81  mhs-supported-matching-rules Attribute

     The mhs-supported-matching-rules attribute values identify the
     matching rules that the message store, represented by the
     directory entry, fully supports.

     ( 2.6.5.2.11 NAME 'mhs-supported-matching-rules'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID
               ; MATCHING-RULE.&id ({MatchingRuleTable}) = object
               ; identifier

3.82  mhs-unacceptable-eits Attribute

     The mhs-undeliverable-eits attribute value identifies the encoded
     information types of a message which would make a user not accept
     delivery, or which would prevent an address list from doing
     expansion on the message.  The absence of this attribute indicates
     that there are no EITs which are unacceptable.  The presence of
     the special value "id-eit-all" indicates that all EITs are
     unacceptable except for those EITs identified by the
     mhs-acceptable-eits or mhs-exclusively-acceptable-eits attributes.

     ( 2.6.5.2.18 NAME 'mhs-unacceptable-eits'
          EQUALITY 2.5.13.0  ; objectIdentifierMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )  ; OID
               ; ExtendedEncodedInformationType = object identifier

3.83  militaryFacsimileNumber Attribute

     The militaryFacsimileNumber attribute value identifies a military
     facsimile number, such as a Defense Switched Network (DSN) number
     or Defence Fixed Telecommunications Service (DFTS) number, which
     is associated with the object represented by the directory entry.
     This attribute is a subtype of aCPTelephoneFaxNumber.  An example
     of a militaryFacsimileNumber value is "DFTS, 555 1111 ext 25".

     ( 2.16.840.1.101.2.2.1.119 NAME 'militaryFacsimileNumber'
          SUP 2.16.840.1.101.2.2.1.94 )  ; aCPTelephoneFaxNumber

3.84  militaryTelephoneNumber Attribute

     The militaryTelephoneNumber attribute value identifies a military
     telephone number, such as a DSN number, which is associated with
     the object represented by the directory entry.

     This attribute is a subtype of aCPTelephoneFaxNumber.  An example
     of a militaryTelephoneNumber value is "DSN, 555-333".

     ( 2.16.840.1.101.2.2.1.120 NAME 'militaryTelephoneNumber'
          SUP 2.16.840.1.101.2.2.1.94 )  ; aCPTelephoneFaxNumber



DALLY                   Expires 22 March 2001                  [Page 40]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.85  minimize Attribute

     The minimize attribute value indicates whether an organization,
     person, or role, represented by the directory entry, is under the
     MINIMIZE condition.  If so, the message originators are
     responsible for not sending unnecessary messages to the recipient.

     ( 2.16.840.1.101.2.2.1.64 NAME 'minimize'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  ; BOOLEAN
          SINGLE-VALUE )

3.86  minimizeOverride Attribute

     The minimizeOverride attribute value is used by the Message
     Conversion System (MCS) to determine whether the MINIMIZE
     condition will be enforced when a message is originated by this
     PLA.  If the value is FALSE, override does not occur and MINIMIZE
     is enforced.  If the value is TRUE, MINIMIZE is not enforced.

     ( 2.16.840.1.101.2.2.1.65 NAME 'minimizeOverride'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
          SINGLE-VALUE )

3.87  nameClassification Attribute

     The nameClassification attribute value indicates the security
     classification of the name of the directory entry itself.

     ( 2.16.840.1.101.2.2.1.67 NAME 'nameClassification'
          SYNTAX 2.16.840.1.101.2.2.2.4 )  ; Classification

3.88  nationality Attribute

     The nationality attribute value names the country which "owns" an
     entity.  For an individual, it would be the nationality of the
     person.  The standard Country Name attribute is used to denote the
     location of the entity.

     ( 2.16.840.1.101.2.2.1.68 NAME 'nationality'
          SUP 2.5.4.41  ; name
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{2}  ; PrintableString
                                              ; exactly 2 characters
          SINGLE-VALUE )

3.89  networkDN Attribute

     The networkDN attribute value contains the full DN of a network
     and may be used to reference the entry for the network from
     another entry (e.g., used in the Network Instructions entry to
     reference the entry for the accessed network).


DALLY                   Expires 22 March 2001                  [Page 41]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.2.1.121 NAME 'networkDN'
          EQUALITY 2.5.13.1  ; distinguishedNameMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )  ; DistinguishedName

3.90  novUKMs Attribute

     The novUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of November.

     ( 2.16.840.1.101.2.1.5.30 NAME 'novUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.91  octUKMs Attribute

     The octUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of October.

     ( 2.16.840.1.101.2.1.5.29 NAME 'octUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.92  onSupported Attribute

     The onSupported attribute value indicates the types of
     notifications, besides MHS notifications, generated by an
     mta-acp127-type of gateway.  The gateway may generate all or none
     of the notifications.  If the attribute is absent, the gateway
     does none of the notifications.

     ( 2.16.840.1.101.2.2.1.123 NAME 'onSupported'
          EQUALITY 2.5.13.16  ; bitStringMatch
          SYNTAX 2.16.840.1.101.2.2.2.3  ; otherNotificationsSupported
          SINGLE-VALUE )

3.93  operationName Attribute

     The operationName attribute value is the name of an official
     military operation.  For example, when used in the definition of
     a network (i.e., in a Network directory entry), it could be the
     TURQUOISE operation which develops a RITA network.







DALLY                   Expires 22 March 2001                  [Page 42]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     ( 2.16.840.1.101.2.2.1.124 NAME 'operationName'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )  ; DirectoryString

3.94  plaAddressees Attribute

     The plaAddressees attribute value of an ACP 127/JANAP 128 [4]/[5]
     collective contains the list of action and information addressees
     of the collective.  It is used for some types of collectives
     instead of separating action and information addressees.

     ( 2.16.840.1.101.2.2.1.71 NAME 'plaAddressees'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SUBSTR 2.5.13.12  ; caseIgnoreListSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.2 )  ; Addressees syntax

3.95  plaNameACP127 Attribute

     The plaNameACP127 attribute value is the object's (represented by
     the directory entry) ACP 127/JANAP 128 [4]/[5] PLA.  A PLA is
     sometimes called the Signal Message Address or registered PLA.
     The long form of the PLA name is represented in the ACP 133 [1]
     by the longTitle attribute.

     ( 2.16.840.1.101.2.2.1.70 NAME 'plaNameACP127'
          SUP 2.5.4.41  ;  name
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55}  ; PrintableString
          SINGLE-VALUE )

3.96  plaReplace Attribute

     The plaReplace attribute value is used by ACP 127/JANAP 128
     [4]/[5].  When an "alternate spelling" PLA is addressed on a
     message, the MCS will look at the value of this attribute in the
     PLA's directory entry.  If set, the alternate spelling on the
     message will be replaced with the "primary" or correct spelling.
      (Each alternate spelling has a pointer to the primary PLA.)

     ( 2.16.840.1.101.2.2.1.72 NAME 'plaReplace'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  ; BOOLEAN
          SINGLE-VALUE )

3.97  plasServed Attribute

     The plasServed attribute value is a list of the PLAs accessible
     through a gateway.

     ( 2.16.840.1.101.2.2.1.138 NAME 'plasServed'
          SUP 2.5.4.41 )  ; name



DALLY                   Expires 22 March 2001                  [Page 43]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.98  positionNumber Attribute

     The position number attribute value is used by government and
     Defense agencies to identify uniquely each individual's position,
     and possibly role and duties, within the organization.

     ( 2.16.840.1.101.2.2.1.125 NAME 'positionNumber'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )  ; DirectoryString

3.99  primarySpellingACP127

     The primarySpellingACP127 attribute value of an Alternate
     Spelling PLA directory entry is the object's correct PLA spelling.

     ( 2.16.840.1.101.2.2.1.73 NAME 'primarySpellingACP127'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55}  ; PrintableString
          SINGLE-VALUE )

3.100  proprietaryMailboxes Attribute

     The proprietaryMailboxes attribute value identifies a mailbox
     identifier that can be used to address mail within the local
     proprietary domain, such as cc:mail.

     ( 2.16.840.1.101.2.2.1.126 NAME 'proprietaryMailboxes'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )  ; DirectoryString

3.101  publish Attribute

     The publish attribute value indicates whether this PLA should be
     published in the Message Address Directory or the ACP 117 [15].
     Access controls may be set based on this attribute.

     ( 2.16.840.1.101.2.2.1.74 NAME 'publish'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  ; BOOLEAN
          SINGLE-VALUE )

3.102  rank Attribute

     The value of the rank attribute type contains the military or
     civilian rank of an individual such as Major or civilian grade.

     ( 2.16.840.1.101.2.2.1.133 NAME 'rank'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch



DALLY                   Expires 22 March 2001                  [Page 44]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )  ; DirectoryString

3.103  recapDueDate Attribute

     The recapDueDate attribute value indicates when a list is expected
     to be recapped or validated.

     ( 2.16.840.1.101.2.2.1.75 NAME 'recapDueDate'
          EQUALITY 2.5.13.27  ; generalizedTimeMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.24  ; GeneralizedTime
          SINGLE-VALUE )

3.104  releaseAuthorityName Attribute

     The releaseAuthorityName attribute value is a relative
     distinguished name of a release authority for an organization.

     ( 2.16.840.1.101.2.2.1.45 NAME 'releaseAuthorityName'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )  ; DirectoryString

3.105  remarks Attribute

     The remarks attribute value is textual information associated
     with a PLA's directory entry.  These remarks may be instructions
     rather than a description of the entity.

     ( 2.16.840.1.101.2.2.1.76 NAME 'remarks'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SYNTAX 2.16.840.1.101.2.2.2.11 )  ; Remarks

3.106  rfc822Mailbox Attribute

     As defined in the COSINE/Internet schema, RFC 1274 [13], the
     rfc822Mailbox attribute value is an electronic mailbox identifier
     following the syntax in RFC 822 [16].  An example for a user on a
     military network is "user@host.Service.mil".  This attribute and
     the caseIgnoreIA5SubstringsMatch are defined in RFC 2798 [19].  The
     attribute is included here for readability.

          ( 0.9.2342.19200300.100.1.3 NAME 'mail'
               EQUALITY 1.3.6.1.4.1.1466.109.114.2  ; caseIgnoreIA5Match
               SUBSTR 1.3.6.1.4.1.1466.109.114.3
                                         ; caseIgnoreIA5SubstringsMatch
               SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )  ; IA5String

3.107  rI Attribute

     The rI (Routing Indicator) attribute value is the information
     mapped to in ACP 127/JANAP 128 [4]/[5] from a user's PLA name.


DALLY                   Expires 22 March 2001                  [Page 45]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     Users are named by their PLA names and delivered to by their
     routing indicator values, analogous to Directory Names and O/R
     Addresses for X.400 users.

     ( 2.16.840.1.101.2.2.1.77 NAME 'rI'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )  ; PrintableString
                                             ; exactly 7 characters

3.108  rIClassification Attribute

     The rIClassification attribute value indicates the highest
     classification of data allowed to be processed by a
     specified device.

     ( 2.16.840.1.101.2.2.1.78 NAME 'rIClassification'
          SYNTAX 2.16.840.1.101.2.2.2.4 )  ; Classification

3.109  rIInfo Attribute

     The rIInfo attribute value is RI values with the associated
     properties of each RI.

     ( 2.16.840.1.101.2.2.1.79 NAME 'rIInfo'
          SYNTAX 2.16.840.1.101.2.2.2.12 )  ; RIParameters

3.110  roomNumber Attribute

     The roomNumber attribute value identifies a room number, as
     defined in the COSINE/Internet schema, RFC 1274 [13].

     ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )  ; DirectoryString
                      ; limited to TeletexString or PrintableString

3.111  secondPartyAddressees Attribute

     The secondPartyAddressees attribute value is a list of second
     party action PLAs.

     ( 2.16.840.1.101.2.2.1.80 NAME 'secondPartyAddressees'
          EQUALITY 2.5.13.11  ; caseIgnoreListMatch
          SUBSTR 2.5.13.12  ; caseIgnoreListSubstringsMatch
          SYNTAX 2.16.840.1.101.2.2.2.2 )  ; Addressees







DALLY                   Expires 22 March 2001                  [Page 46]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.112  section Attribute

     The section attribute value is set to TRUE if the receiving PLA
     requires message sectioning to be performed.  This is required to
     transition users with slow-speed terminals.

     ( 2.16.840.1.101.2.2.1.81 NAME 'section'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  ; BOOLEAN
          SINGLE-VALUE )

3.113  secureFacsimileNumber Attribute

     The secureFacsimileNumber attribute value is a facsimile number
     that is used for secure communication with the object represented
     by the directory entry.

     This attribute is a subtype of aCPTelephoneFaxNumber.  An example
     of a secureFacsimileNumber value is "DSN, 555-333".

     ( 2.16.840.1.101.2.2.1.127 NAME 'secureFacsimileNumber'
          SUP 2.16.840.1.101.2.2.1.94 )  ; aCPTelephoneFaxNumber

3.114  secureTelephoneNumber Attribute

     The secureTelephoneNumber attribute value is a telephone number
     of a secure device, such as STU II or STU III, that is used for
     secure communication with the object represented by the directory
     entry.

     This attribute is a subtype of aCPTelephoneFaxNumber.  An example
     of a secureTelephoneNumber value is "PSTN, +1 555 222, STU III".

     ( 2.16.840.1.101.2.2.1.128 NAME 'secureTelephoneNumber'
          SUP 2.16.840.1.101.2.2.1.94  ; aCPTelephoneFaxNumber )

3.115  sepUKMs Attribute

     The sepUKMs attribute value is used in the construction of
     selected CCEB symmetric confidentiality algorithms for the month
     of November.

     ( 2.16.840.1.101.2.1.5.28 NAME 'sepUKMs'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.5  ; binary syntax
                                               ; encapsulating
                                               ; MonthlyUKMs
          SINGLE-VALUE )

3.116  serviceNumber Attribute

     The serviceNumber attribute value is the staff identifier number
     used by government and defense agencies for purposes such as


DALLY                   Expires 22 March 2001                  [Page 47]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     payroll references, medical records, human resources, and
     duty rosters.

     ( 2.16.840.1.101.2.2.1.129 NAME 'serviceNumber'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )  ; DirectoryString

3.117  serviceOrAgency Attribute

     The serviceOrAgency attribute value is an identifier of the
     Service or agency to which the PLA belongs.

     ( 2.16.840.1.101.2.2.1.82 NAME 'serviceOrAgency'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{4}  ; PrintableString
          SINGLE-VALUE )

3.118  sHD Attribute

     The sHD (specialHandlingDesignator) attribute value is a string
     containing the special handling designator which an entity,
     address, or routing indicator can support.

     ( 2.16.840.1.101.2.2.1.83 NAME 'sHD'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )  ; PrintableString

3.119  shortTitle Attribute

     The shortTitle attribute value is a PLA name used for Signal
     Intelligence (SIGINT) related communications.

     ( 2.16.840.1.101.2.2.1.84 NAME 'shortTitle'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55}  ; PrintableString
          SINGLE-VALUE )

3.120  sigad Attribute

     The sigad (SIGINT Address) attribute value is a PLA name used for
     sensitive SIGINT related communications.

     ( 2.16.840.1.101.2.2.1.85 NAME 'sigad'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{8}  ; PrintableString
                                                  ; 5 - 8 characters
          SINGLE-VALUE )


DALLY                   Expires 22 March 2001                  [Page 48]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


3.121  spot Attribute

     The spot attribute value identifies a special project address
     list or collective.

     ( 2.16.840.1.101.2.2.1.86 NAME 'spot'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4  ; caseIgnoreSubstringsMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{55}  ; PrintableString
          SINGLE-VALUE )

3.122  tARE Attribute

     The tARE (Telegraph Automatic Relay Equipment) attribute value is
     a flag that specifies delivery responsibility for a message that
     is received by an intermediary.  The flag is set in the directory
     entry for the intended recipient.

     ( 2.16.840.1.101.2.2.1.87 NAME 'tARE'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  ; BOOLEAN
          SINGLE-VALUE )

3.123  tCC Attribute

     The tCC (Transmission Control Code) attribute value specifies a
     message handling instruction used in the RI.

     ( 2.16.840.1.101.2.2.1.96 NAME 'tCC'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44  ; PrintableString
                                           ; exactly 3 characters
          SINGLE-VALUE )

3.124  tCCG ATTRIBUTE

     The tCCG (Transmission Control Code Group) attribute value
     specifies a group of message handling instructions used in the
     routing indicator.

     ( 2.16.840.1.101.2.2.1.144 NAME 'tCCG'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44  ; PrintableString
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4 )  ; caseIgnoreSubstringsMatch

3.125  transferStation Attribute

     The transferStation attribute value indicates whether a message
     for the entity should be sent to a communications processing and
     routing system, called a transfer station.  For example, a Naval
     Communications Processing and Routing System (NAVCOMPARS) is a



DALLY                   Expires 22 March 2001                  [Page 49]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     transfer station.  If this attribute is TRUE, traffic should be
     routed to a transfer station.

     ( 2.16.840.1.101.2.2.1.69 NAME 'transferStation'
          EQUALITY 2.5.13.13  ; booleanMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  ; BOOLEAN
          SINGLE-VALUE )

3.126  tRC Attribute

     The tRC (Transmission Release Code) attribute value is the
     classification of data used in the routing indicator.  Possible
     values include:
          A     Australia
          B     British Commonwealth less Canada, Australia, and
                New Zealand
          C     Canada
          U     US
          X     Belgium, Denmark, France, Germany, Greece, Italy,
                Netherlands, Norway, Portugal, Turkey, NATO
          Z     New Zealand

     ( 2.16.840.1.101.2.2.1.97 NAME 'tRC'
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.44  ; PrintableString
          SINGLE-VALUE )

3.127  usdConversion ATTRIBUTE

     The usdConversion attribute value is an organizational address
     that is used when other types of address are not appropriate.

     ( 2.16.840.1.101.2.2.1.145 NAME 'usdConversion'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  ; DirectoryString
          EQUALITY 2.5.13.2  ; caseIgnoreMatch
          SUBSTR 2.5.13.4 )  ; caseIgnoreSubstringsMatch


















DALLY                   Expires 22 March 2001                  [Page 50]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


4.  NAME FORMS

4.1  aCPNetworkEdBNameForm

     ( 2.16.840.1.101.2.2.4.42 NAME 'aCPNetworkEdBNameForm'
          OC 2.16.840.1.101.2.2.3.68  ; aCPNetworkEdB
          MUST 2.5.4.3 )  ; cn

4.2  aCPNetworkInstrEdBNameForm

     ( 2.16.840.1.101.2.2.4.43 NAME 'aCPNetworkInstrEdBNameForm'
          OC 2.  ; aCPNetworkInstructionsEdB
          MUST 2.5.4.3 )  ; cn

4.3  addressListNameForm

     ( 2.16.840.1.101.2.2.4.27 NAME 'addressListNameForm'
          OC 2.16.840.1.101.2.2.3.57  ; addressList
          MUST 2.5.4.3 )  ; cn

4.4  aENameForm

     ( 2.16.840.1.101.2.2.4.34 NAME 'aENameForm'
          OC 2.5.6.12  ; applicationEntity
          MUST 2.5.4.3  ; cn
          MAY 2.5.4.46 )  ; dnQualifier

4.5  aliasCNNameForm

     ( 2.16.840.1.101.2.2.4.21 NAME 'aliasCNNameForm'
          OC 2.16.840.1.101.2.2.3.52  ; aliasCommonName
          MUST 2.5.4.3 )  ; cn

4.6  aliasOUNameForm

     ( 2.16.840.1.101.2.2.4.22 NAME 'aliasOUNameForm'
          OC 2.16.840.1.101.2.2.3.53  ; aliasOrganizationalUnit
          MUST 2.5.4.11 )  ; ou

4.7  applProcessNameForm

     ( 2.5.15.10 NAME 'applProcessNameForm'
          OC 2.5.6.11  ; applicationProcess
          MUST 2.5.4.3 )  ; cn

4.8  alternateSpellingPLANameForm

     ( 2.16.840.1.101.2.2.4.4 NAME 'alternateSpellingPLANameForm'
          OC 2.16.840.1.101.2.2.3.58  ; altSpellingACP127
          MUST 2.16.840.1.101.2.2.1.70 )  ; plaNameACP127




DALLY                   Expires 22 March 2001                  [Page 51]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


4.9  cadPLANameForm

     ( 2.16.840.1.101.2.2.4.6 NAME 'cadPLANameForm'
          OC 2.16.840.1.101.2.2.3.28  ; cadACP127
          MUST 2.16.840.1.101.2.2.1.70 )  ; plaNameACP127

4.10  cRLDistPtNameForm

     ( 2.5.15.14 NAME 'cRLDistPtNameForm'
          OC 2.5.6.19  ; cRLDistributionPoint
          MUST 2.5.4.3 )  ; cn

4.11  countryNameForm

     ( 2.5.15.0 NAME 'countryNameForm'
          OC 2.5.6.2  ; country
          MUST 2.5.4.6 )  ; countryName

4.12  deviceNameForm

     ( 2.5.15.13 NAME 'deviceNameForm'
          OC 2.5.6.14  ; device
          MUST 2.5.4.3 )  ; cn

4.13  distributionCodeDescriptionNameForm

    ( 2.16.840.1.101.2.2.4.23 NAME 'distributionCodeDescriptionNameForm'
         OC 2.16.840.1.101.2.2.3.55  ; distributionCodeDescription
         MUST 2.5.4.3 )  ; cn

4.14  dSANameForm

     ( 2.5.15.12 NAME 'dSANameForm'
          OC 2.5.6.13  ; dSA
          MUST 2.5.4.3 )  ; cn

4.15  dSSCSPLANameForm

     ( 2.16.840.1.101.2.2.4.41 NAME 'dSSCSPLANameForm'
          OC 2.16.840.1.101.2.2.3.67  ; dSSCSPLA
          MUST 2.16.840.1.101.2.2.1.70 )  ; plaNameACP127

4.16  gONNameForm

     ( 2.5.15.8 NAME 'gONNameForm'
          OC 2.5.6.9  ; groupOfNames
          MUST 2.5.4.3 )  ; cn







DALLY                   Expires 22 March 2001                  [Page 52]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


4.17  locNameForm

     ( 2.5.15.1 NAME 'locNameForm'
          OC 2.5.6.3  ; locality
          MUST 2.5.4.7 )  ; localityName

4.18  messagingGatewayNameForm

     ( 2.16.840.1.101.2.2.4.28 NAME 'messagingGatewayNameForm'
          OC 2.16.840.1.101.2.2.4.59  ; messagingGateway
          MUST 2.5.4.3 )  ; cn

4.19  mhs-dLNameForm

     ( 2.16.840.1.101.2.2.4.29 NAME 'mhs-dLNameForm'
          OC 2.6.5.1.0  ; mhs-distribution-list
          MUST 2.5.4.3 )  ; cn

4.20  mLANameForm

     ( 2.16.840.1.101.2.2.4.9 NAME 'mLANameForm'
          OC 2.16.840.1.101.2.2.3.31  ; mLA
          MUST 2.5.4.3 )  ; cn

4.21  mLAgentNameForm

     ( 2.16.840.1.101.2.2.4.40 NAME 'mLAgentNameForm'
          OC 2.16.840.1.101.2.2.3.64  ; mLAgent
          MUST 2.5.4.3 )  ; cn

4.22  mSNameForm

     ( 2.16.840.1.101.2.2.4.24 NAME 'mSNameForm'
          OC 2.6.5.1.1  ; mhs-message-store
          MUST 2.5.4.3 )  ; cn

4.23  mTANameForm

     ( 2.16.840.1.101.2.2.4.25 NAME 'mTANameForm'
          OC 2.6.5.1.2  ; mhs-message-transfer-agent
          MUST 2.5.4.3 )  ; cn

4.24  mUANameForm

     ( 2.16.840.1.101.2.2.4.26 NAME 'mUANameForm'
          OC 2.6.5.1.4  ; mhs-user-agent
          MUST 2.5.4.3 )  ; cn







DALLY                   Expires 22 March 2001                  [Page 53]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


4.25  organizationalPLANameForm

     ( 2.16.840.1.101.2.2.4.12 NAME 'organizationalPLANameForm'
          OC 2.16.840.1.101.2.2.3.34  ; orgACP127
          MUST 2.16.840.1.101.2.2.1.70 )  ; plaNameACP127

4.26  organizationNameForm

     ( 2.16.840.1.101.2.2.4.35 NAME 'organizationNameForm'
          OC 2.5.6.4  ; organization
          MUST 2.5.4.10  ; organizationName
          MAY 2.5.4.46 )  ; dnQualifier

4.27  orgRNameForm

     ( 2.16.840.1.101.2.2.4.37 NAME 'orgRNameForm'
          OC 2.5.6.8  ; organizationalRole
          MUST 2.5.4.3  ; cn
          MAY 2.5.4.46 )  ; dnQualifier

4.28  orgUNameForm

     ( 2.16.840.1.101.2.2.4.38 NAME 'orgUNameForm'
          OC 2.5.6.5  ; organizationalUnit
          MUST 2.5.4.11  ; organizationalUnitName
          MAY 2.5.4.46 )  ; dnQualifier

4.29  plaCollectiveNameForm

     ( 2.16.840.1.101.2.2.4.13 NAME 'plaCollectiveNameForm'
          OC 2.16.840.1.101.2.2.3.35  ; plaCollectiveACP127
          MUST 2.16.840.1.101.2.2.1.70 )  ; plaNameACP127

4.30  qualifiedOrgPersonNameForm

     ( 2.16.840.1.101.2.2.4.36 NAME 'qualifiedOrgPersonNameForm'
          OC 2.5.6.7  ; organizationalPerson
          MUST 2.5.4.3  ; cn
          MAY ( 2.5.4.46  ; dnQualifier
               $ 2.5.4.11 )  ; organizationalUnitName

4.31  releaseAuthorityPersonNameForm
     ( 2.16.840.1.101.2.2.4.32 NAME 'releaseAuthorityPersonNameForm'
          OC 2.16.840.1.101.2.2.3.63  ; releaseAuthorityPerson
          MUST 2.16.840.1.101.2.2.1.45 )  ; releaseAuthorityName

4.32  releaseAuthorityPersonANameForm

     ( 2.16.840.1.101.2.2.4.39 NAME 'releaseAuthorityPersonANameForm'
          OC 2.16.840.1.101.2.2.3.65  ; releaseAuthorityPersonA
          MUST 2.16.840.1.101.2.2.1.45 )  ; releaseAuthorityName



DALLY                   Expires 22 March 2001                  [Page 54]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


4.33  routingIndicatorNameForm

     ( 2.16.840.1.101.2.2.4.15 NAME 'routingIndicatorNameForm'
          OC 2.16.840.1.101.2.2.3.37  ; routingIndicator
          MUST 2.16.840.1.101.2.2.1.77 )  ; rI

4.34  sigintPLANameForm

     ( 2.16.840.1.101.2.2.4.16 NAME 'sigintPLANameForm'
          OC 2.16.840.1.101.2.2.3.38  ; sigintPLA
          MUST 2.16.840.1.101.2.2.1.85 )  ; sigad

4.35  sIPLANameForm

     ( 2.16.840.1.101.2.2.4.17 NAME 'sIPLANameForm'
          OC 2.16.840.1.101.2.2.3.39  ; sIPLA
          MUST 2.16.840.1.101.2.2.1.63 )  ; longTitle

4.36  sOPNameForm

     ( 2.5.15.2 NAME 'sOPNameForm'
          OC 2.5.6.3  ; locality
          MUST 2.5.4.8 )  ; stateOrProvinceName

4.37  spotPLANameForm

     ( 2.16.840.1.101.2.2.4.18 NAME 'spotPLANameForm'
          OC 2.16.840.1.101.2.2.3.40  ; spotPLA
          MUST 2.16.840.1.101.2.2.1.86 )  ; spot

4.38  taskForcePLANameForm

     ( 2.16.840.1.101.2.2.4.19 NAME 'taskForcePLANameForm'
          OC 2.16.840.1.101.2.2.3.41  ; taskForceACP127
          MUST 2.16.840.1.101.2.2.1.70 )  ; plaNameACP127

4.39  tenantPLANameForm

     ( 2.16.840.1.101.2.2.4.20 NAME 'tenantPLANameForm'
          OC 2.16.840.1.101.2.2.3.42  ; tenantACP127
          MUST 2.16.840.1.101.2.2.1.70 )  ; plaNameACP127













DALLY                   Expires 22 March 2001                  [Page 55]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


5.  MATCHING RULES

5.1  addressCapabilitiesMatch Matching Rule

     ( 2.6.5.4.1 NAME 'addressCapabilitiesMatch'
          SYNTAX 2.16.840.1.101.2.2.2.16 )  ; Address Capabilities syntax

5.2  capabilityMatch Matching Rule

     ( 2.6.5.4.2 NAME 'capabilityMatch'
          SYNTAX 2.16.840.1.101.2.2.2.13 )  ; Capability syntax

5.3  oRAddressMatch Matching Rule

     ( 2.6.4.8.14 NAME 'oRAddressMatch'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.33 )

5.4  oRNameExactMatch Matching Rule

     ( 2.6.5.4.0 NAME 'oRNameExactMatch'
          SYNTAX 2.16.840.1.101.2.2.2.10 )  ; O/R Name syntax

5.5  caseIgnoreListSubstringsMatch Matching Rule

     ( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )  ;  Substring Assertion

5.6  booleanMatch Matching Rule

     ( 2.5.13.13 NAME 'booleanMatch'
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )  ; BOOLEAN























DALLY                   Expires 22 March 2001                  [Page 56]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


6.  ATTRIBUTE SYNTAXES

6.1  aCPLegacyFormat Attribute Syntax

     ( 2.16.840.1.101.2.2.2.17 DESC 'aCPLegacyFormat syntax' )

     The encoding of a value in this syntax is any one of the INTEGER
     values:  0 - 15 or 32 - 48 where:

          0 means JANAP128,
          1 means ACP126,
          2 means DOI103,
          3 means DOI103Special,
          4 means ACP127,
          5 means ACP127Converted,
          (6 means Reserved1),
          7 means ACP127State,
          8 means ACP127Modified,
          9 means SOCOMMSpecial,
          10 means SOCOMMNarrative,
          (11 means Reserved2),
          12 means SOCOMMNarrativeSpecial,
          13 means SOCOMMData,
          14 means SOCOMMInternal,
          15 means SOCOMMExternal, and
          32 - 48 means national or bilateral use.

6.2  aCPPreferredDelivery Attribute Syntax for the
     aCPPreferredDelivery Attribute

     ( 2.16.840.1.101.2.2.2.6 DESC 'aCPPreferredDelivery syntax' )

     The encoding of a value in this syntax is any one of the INTEGER
     values:  0, 1, or 2, where:

          0 means SMTP,
          1 means ACP 127, and
          2 means MHS

6.3  aCPTelephoneFaxNumber Attribute Syntax

     ( 2.16.840.1.101.2.2.2.1 DESC 'aCPTelephoneFaxNumber syntax' )

     Values in this syntax are encoded according to the following BNF:

          aCPTelephoneFaxNumber = netid ", " telephonenum [ ", "
                                   securedevid ]

          nocommap = a /d /  """ / "(" / ")" / "+" / "-" / "." / "/" /
                    ":" / "?" / " "

          netid = 1*6nocommap


DALLY                   Expires 22 March 2001                  [Page 57]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


          telephonenum = 1*32nocommap

          securdevid = 1*8p

     For more information, see ACP 133 [1], Annex B, clause 24.

6.4  AddressCapabilities Attribute Syntax from X.402 [17]

     ( 2.16.840.1.101.2.2.2.16 DESC 'AddressCapabilities' )

     Values in this syntax are encoded according to the following BNF:

          addresscapabilities = [ "description=" generalstring ]
                    "address=" oraddress
                    "capabilities=" [ capability *( "$"capability ) ]

          generalstring =  ; The encoding of a value in this element
                           ; of the syntax is the string value itself.

          oraddress =  ; MHS OR Address syntax
                       ; 1.3.6.1.4.1.1466.115.121.1.33

          capability =  ; capability syntax 2.16.840.1.101.2.2.2.13

6.5  Addressees Attribute Syntax

     ( 2.16.840.1.101.2.2.2.2 DESC 'Addressees' )

     Values in this syntax are encoded according to the following BNF:
          addressees = [ 1*55p *( "$" 1*55p ) ]

     That is, if the Addressees value is an empty sequence, the result
     is the empty or zero length string.  Otherwise, the output consists
     of the PrintableString encoding of each element in the sequence,
     in the same order as in the sequence with "$" between the elements.

6.6  addressListType Attribute Syntax for the aLType Attribute

     ( 2.16.840.1.101.2.2.2.8 DESC 'addressListType' )

     Values in this syntax are encoded according to the following BNF:

          addressListType = [ "-" ] numericstring  ; an INTEGER, where:
                                              ; 0 means AIG,
                                              ; 1 means TYPE,
                                              ; 2 means CAD, and
                                              ; 3 means TASKFORCE

     Note that future definitions of this syntax may assign a standard
     meaning to another integer value, e.g., 4 means XXX.




DALLY                   Expires 22 March 2001                  [Page 58]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


6.7  Capability Attribute Syntax from X.402 [17]

     ( 2.16.840.1.101.2.2.2.13 DESC 'Capability' )

     Values in this syntax are encoded according to the following BNF:

          capability = [ "content-types="
                              [numericoid *( ", " numericoid) ] ]
                       [ "maximum-content-length=" numericstring ]
                              ; an INTEGER in the range 0 - 2147483647
                       [ "encoded-information-types-constraints="
                              [ "unaccept eits" unacceptable-eits ]
                              [ "accept eits" acceptable-eits ]
                              [ "only eits"
                                   exclusively-acceptable-eits ] ]
                       [ "security-labels=" securitycontext ]

          unacceptable-eits = extendedencodedeits

          acceptable-eits = extendedencodedeits

          exclusively-acceptable-eits = extendedencodedeits

          extendedencodedeits = numericoid *1023( ", "numericoid )

          securitycontext = securitylabel *255securitylabel

          securitylabel = [ "security-policy-id=" numericoid ]
                         [ "security-classification=" numericstring ]
                              ; an INTEGER in the range 0 - 256, where
                              ; 0 means Unmarked,
                              ; 1 means Unclassified,
                              ; 2 means Restricted,
                              ; 3 means Confidential,
                              ; 4 means Secret, and
                              ; 5 means Top Secret
                         [ "privacy-mark=" 1*128p ]
                         [ "security-categories=" securitycategories ]

          securitycategories =  ; the BER encoding of the set of type
                           ; and value pairs for the instances of any
                           ; data types that are specified to be
                           ; SECURITY-CATEGORY types

6.8  Classification Attribute Syntax

     ( 2.16.840.1.101.2.2.2.4 DESC 'Classification' )







DALLY                   Expires 22 March 2001                  [Page 59]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     The encoding of a value in this syntax is any one of the INTEGER
     values:  0, 1, 2, 3, 4, or 5, where:

          0 means unmarked,
          1 means unclassified,
          2 means restricted,
          3 means confidential,
          4 means secret, and
          5 means top secret

6.9  Community Abstract Syntax for the community Attribute

     ( 2.16.840.1.101.2.2.2.5 DESC 'Community syntax' )

     The encoding of a value in this syntax is any one of the INTEGER
     values:  0, 1, or 2, where:

          0 means GENSER,
          1 means SI, and
          2 means both

6.10  DLPolicy Attribute Syntax from X.402 [17]

     ( 2.16.840.1.101.2.2.2.14 DESC 'DLPolicy' )

     Values in this syntax are encoded according to the following BNF:

          dlpolicy = [ "report-propagation=" [ "-" ] numericstring ]
                            ; where 0 means previous-dl-or-originator,
                            ; 1 means dl-owner, and
                            ; 2 means both
                    [ "report-from-dl=" [ "-" ] numericstring ]
                              ; where 0 means whenever-requested and
                              ; 1 means when-no-propagation
                    [ "originating-MTA-report=" [ "-" ] numericstring ]
                              ; where 0 means unchanged,
                              ; 2 means report,
                              ; 3 means non-delivery-report, and
                              ; 4 means audited-report
                    [ "originator-report=" [ "-" ] numericstring ]
                              ; where 0 means unchanged,
                              ; 1 means no-report,
                              ; 2 means report, and
                              ; 3 means non-delivery-report
                    [ "return-of-content=" numericstring ]
                              ; an INTEGER in the range 0 - 2, where
                              ; 0 means unchanged,
                              ; 1 means content-return-not-requested,
                              ; and 2 means content-return-requested
                    [ "priority=" [ "-" ] numericstring ]  ; where
                              ; 0 means unchanged,
                              ; 1 means normal,


DALLY                   Expires 22 March 2001                  [Page 60]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


                              ; 2 means non-urgent, and
                              ; 3 means urgent
                    [ "disclosure-of-other-recipients=" numericstring ]
                    ; an INTEGER in the range 0 - 2, where
                    ; 0 means unchanged,
                    ; 1 means disclosure-of-other-recipients-prohibited,
                    ; and 2 means disclosure-of-other-recipients-allowed
                    [ "implicit-conversion-prohibited=" numericstring ]
                              ; an INTEGER in the range 0 - 2, where
                              ; 0 means unchanged,
                              ; 1 means implicit-conversion-allowed, and
                              ; 2 means implicit-conversion-prohibited
                    [ "conversion-with-loss-prohibited=" numericstring ]
                         ; an INTEGER in the range 0 - 2, where
                         ; 0 means unchanged,
                         ; 1 means conversion-with-loss-allowed, and
                         ; 2 means conversion-with-loss-prohibited
                    [ "further-dl-expansion-allowed=" ( "TRUE" /
                                                       "FALSE") ]
                   [ "originator-requested-alternate-recipient-removed="
                         ( "TRUE" / "FALSE" ) ]
                    [ "proof-of-delivery=" [ "-" ] numericstring ]
                              ; where 0 means dl-expansion-point,
                              ; 1 means dl-members,
                              ; 2 means both, and
                              ; 3 means neither
                    [ "requested-delivery-method=" ( "unchanged" /
                         "removed" /
                         ( "replaced:  " requested-delivery-method ) ) ]

          requested-delivery-method = [ delivery-methods
                                           *( ", " delivery-methods ) ]

          delivery-methods = numericstring  ; an INTEGER in the range
                              ; 0 - 256, where
                              ; 0 means any-delivery-method, 1 means
                              ; mhs-delivery, 2 means physical-delivery,
                              ; 3 means telex-delivery,
                              ; 4 means teletex-delivery,
                              ; 5 means g3-facsimile-delivery,
                              ; 6 means g4-facsimile-delivery,
                              ; 7 means ia5-terminal-delivery,
                              ; 8 means videotex-delivery, and
                              ; 9 means telephone-delivery










DALLY                   Expires 22 March 2001                  [Page 61]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


6.11  DLSubmitPermission Attribute Syntax from X.402 [17]

     ( 2.16.840.1.101.2.2.2.15 DESC 'DLSubmitPermission' )

     Values in this syntax are encoded according to the following BNF:

          dlsubmitpermission = ( "individual=" orname ) /
                              ("member-of-dl=" orname ) /
                              ("pattern-match=" orname ) /
                              ( "member-of-group=" name )

          orname =  ; O/R Name syntax 2.16.840.1.101.2.2.2.10

          name =  ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12

6.12  MLReceiptPolicy Attribute Syntax

     ( 2.16.840.1.101.2.2.2.9 DESC 'MLReceiptPolicy' )

     Values in this syntax are encoded according to the following BNF:

          mLReceiptPolicy = none / insteadof / inadditionto

          none = "none"

          insteadof = "instead of" generalnames *15( "$" generalnames )

          inadditionto = "in addition to" generalnames
                         *15( "$" generalnames )

          generalnames = generalname *( "%" generalname )

          generalname = ( "otherName = " othername ) /
                        ( "rfc822Name = " ia5string ) /
                        ( "dNSName = " ia5string ) /
                        ( "x400Address = " oraddress ) /
                        ( "directoryName = " name ) /
                        ( "ediPartyName = "
                              [ "nameAssigner:" directorystring ]
                              "partyName:" directorystring ) /
                        ( "uniformResourceIdentifier = " ia5string ) /
                        ( "iPAddress = " octetstring ) /
                        ( "registeredID = " numericoid )

          othername =  ; the BER encoding of the type and value pair
                       ; for an instance of any data type that is
                       ; specified to be an OTHER-NAME type.

          ia5string =  ; IA5 String syntax 1.3.6.1.4.1.1466.115.121.1.26

          oraddress =  ; MHS OR Address syntax
                       ; 1.3.6.1.4.1.1466.115.121.1.33


DALLY                   Expires 22 March 2001                  [Page 62]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


          name =  ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12


          directorystring =  ; Directory String syntax
                             ; 1.3.6.1.4.1.1466.115.121.1.15

          octetstring =  ; Octet String syntax
                         ; 1.3.6.1.4.1.1466.115.121.1.40

6.13  ORName Attribute Syntax from X.411 [18]

     ( 2.16.840.1.101.2.2.2.10 DESC 'ORName' )

     Values in this syntax are encoded according to the following BNF:

          oRName = oraddress [ "|" name ]

          oraddress =  ; MHS OR Address syntax
                       ; 1.3.6.1.4.1.1466.115.121.1.33

          name =  ; DN syntax 1.3.6.1.4.1.1466.115.121.1.12

6.14  otherNotificationsSupported Abstract Syntax for the onSupported
     Attribute

     ( 2.16.840.1.101.2.2.2.3 DESC 'otherNotificationsSupported' )

     Values in this syntax are encoded according to the following BNF:

          otherNotificationsSupported = namedbits / bitstring

          namedbits = "{" [ namedbit *( "," namedbit ) ] "}"

          namedbit = "acp127-nn" / "acp127-pn" / "acp127-tn"

          bitstring = "'" *binary-digit "'B"

          binary-digit = "0" / "1"

     The presence of the name of a namedbit in the namedbits
     alternative means that the value of the bit is 1.  The value of
     an absent namedbit is 0.

6.15  Remarks Attribute Syntax

     ( 2.16.840.1.101.2.2.2.11 DESC 'Remarks syntax' )

     Values in this syntax are encoded according to the following BNF:

          remarks = [ *p *( "$" *p ) ]




DALLY                   Expires 22 March 2001                  [Page 63]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


6.16  RIParameters Attribute Syntax

     ( 2.16.840.1.101.2.2.2.12 DESC 'RIParameters' )

     Values in this syntax are encoded according to the following BNF:

          rIParameters = "rI=" *p whsp
                         "rIType=" numericstring whsp  ; an INTEGER in
                                             ; the range 0 - 2, where
                                             ; 0 means normal,
                                             ; 1 means off-line, and
                                             ; 2 means partTimeTerminal
                         "minimize=FALSE" whsp  ; not used anymore
                         "sHD=" *p whsp
                         "classification=" numericstring  ; an INTEGER
                                             ; in the range 0 - 5, where
                                             ; 0 means unmarked,
                                             ; 1 means unclassified,
                                             ; 2 means restricted,
                                             ; 3 means confidential,
                                             ; 4 means secret, and
                                             ; 5 means top secret
































DALLY                   Expires 22 March 2001                  [Page 64]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


7.  EXAMPLE CONTENT RULES

     The content rules given in ACP 133(B) [1] are examples, not
     requirements.  The rules included in this document are examples
     to aid in the specification of similar content rules, especially
     those derived from these examples.

7.1  aCPApplicationEntityRuleEdA Content Rule

     ( 2.5.6.12 NAME 'aCPApplicationEntityRuleEdA'
          ; applicationEntity object class
          AUX ( 2.5.6.22 $  ; pkiCA
               2.16.840.1.101.2.2.3.66 )  ; securePkiUser
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.5.4.46 $  ; dnQualifier
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.2  aCPCRLDistributionPointRule Content Rule

     ( 2.5.6.19 NAME 'aCPCRLDistributionPointRule'
          ; cRLDistributionPoint object class
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.3  aCPDeviceRuleEdA Content Rule

     ( 2.5.6.14 NAME 'aCPDeviceRuleEdA'  ; device object class
          AUX 2.16.840.1.101.2.2.3.66  ; securePkiUser
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.4  aCPDSARuleEdA Content Rule

     ( 2.5.6.13 NAME 'aCPDSARuleEdA'  ; dSA object class
          AUX 2.16.840.1.101.2.2.3.66  ; securePkiUser
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.5  aCPGroupOfNamesRule Content Rule

     ( 2.5.6.9 NAME 'aCPGroupOfNamesRule'
          ; groupOfNames object class
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate





DALLY                   Expires 22 March 2001                  [Page 65]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


7.6  aCPLocalityRule Content Rule

     ( 2.5.6.3 NAME 'aCPLocalityRule'
          ; locality object class
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.7  aCPMhs-distribution-listRule Content Rule

     ( 2.6.5.1.0 NAME 'aCPMhs-distribution-listRule'
          ; mhs-distribution-list object class
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.8  aCPMhs-message-storeRuleEdA Content Rule

     ( 2.6.5.1.1 NAME 'aCPMhs-message-storeRuleEdA'
          ; mhs-message-store object class
          AUX 2.16.840.1.101.2.2.3.66  ; securePkiUser
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.9  aCPMhs-message-transfer-agentRuleEdA Content Rule

     ( 2.6.5.1.2 NAME 'aCPMhs-message-transfer-agentRuleEdA'
          ; mhs-message-transfer-agent object class
          AUX 2.16.840.1.101.2.2.3.66  ; securePkiUser
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.10  aCPMhs-user-agentRule Content Rule

     ( 2.6.5.1.4 NAME 'aCPMhs-user-agentRule'
          ; mhs-user-agent object class
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.11  aCPOrganizationalPersonRuleEdB Content Rule

     ( 2.5.6.7 NAME 'aCPOrganizationalPersonRuleEdB'
          ; organizationalPerson object class
          AUX ( 2.16.840.1.101.2.2.3.54 $  ; distributionCodesHandled
               2.6.5.1.3 $  ; mhs-user
               2.16.840.1.101.2.2.3.62 $  ; otherContactInformation
               2.16.840.1.101.2.2.3.66 $  ; securePkiUser
               2.16.840.1.101.2.1.4.16 )  ; ukms



DALLY                   Expires 22 March 2001                  [Page 66]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


          MAY ( 2.16.840.1.101.2.2.1.142 $  ; aCPLegacyFormat
               2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.3 $  ; alternateRecipient
               2.5.4.15 $  ; businessCategory
               2.16.840.1.101.2.2.1.139 $  ; deployed
               2.5.4.46 $  ; dnQualifier
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 $  ; expirationDate
               2.16.840.1.101.2.2.1.140 $  ; garrison
               2.16.840.1.101.2.2.1.117 $  ; guard
               2.16.840.1.101.2.2.1.61 $  ; listPointer
               2.16.840.1.101.2.2.1.68 $  ; nationality
               2.16.840.1.101.2.2.1.125 $  ; positionNumber
               2.16.840.1.101.2.2.1.133 $  ; rank
               0.9.2342.19200300.100.1.3 $  ; rfc822Mailbox
               2.16.840.1.101.2.2.1.129 ) )  ; serviceNumber

7.12  aCPOrganizationalRoleRuleEdB Content Rule

     ( 2.5.6.8 NAME 'aCPOrganizationalRoleRuleEdB'
          ; organizationalRole object class
          AUX ( 2.5.6.22 $  ; pkiCA
               2.16.840.1.101.2.2.3.54 $  ; distributionCodesHandled
               2.6.5.1.3 $  ; mhs-user
               2.16.840.1.101.2.2.3.62 $  ; otherContactInformation
               2.16.840.1.101.2.2.3.66 $  ; securePkiUser
               2.16.840.1.101.2.1.4.16 )  ; ukms
          MAY ( 2.16.840.1.101.2.2.1.142 $  ; aCPLegacyFormat
               2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.3 $  ; alternateRecipient
               2.5.4.15 $  ; businessCategory
               2.16.840.1.101.2.2.1.139 $  ; deployed
               2.5.4.46 $  ; dnQualifier
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 $  ; expirationDate
               2.16.840.1.101.2.2.1.140 $  ; garrison
               2.16.840.1.101.2.2.1.117 $  ; guard
               2.16.840.1.101.2.2.1.61 $  ; listPointer
               2.16.840.1.101.2.2.1.68 $  ; nationality
               0.9.2342.19200300.100.1.3 ) )  ; rfc822Mailbox

7.13  aCPOrganizationalUnitRuleEdB Content Rule

     ( 2.5.6.5 NAME 'aCPOrganizationalUnitRuleEdB'
           ; organizationalUnit object class
          AUX ( 2.5.6.22 $  ; pkiCA
               2.16.840.1.101.2.2.3.54 $  ; distributionCodesHandled
               2.6.5.1.3 $  ; mhs-user
               2.16.840.1.101.2.2.3.62 $  ; otherContactInformation
               2.16.840.1.101.2.2.3.56 $  ; plaUser
               2.16.840.1.101.2.2.3.66 $  ; securePkiUser
               2.16.840.1.101.2.1.4.16 )  ; ukms


DALLY                   Expires 22 March 2001                  [Page 67]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


          MAY ( 2.16.840.1.101.2.2.1.142 $  ; aCPLegacyFormat
               2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.3 $  ; alternateRecipient
               2.16.840.1.101.2.2.1.6 $  ; associatedPLA
               2.16.840.1.101.2.2.1.139 $  ; deployed
               2.5.4.46 $  ; dnQualifier
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 $  ; expirationDate
               2.16.840.1.101.2.2.1.140 $  ; garrison
               2.16.840.1.101.2.2.1.117 $  ; guard
               2.16.840.1.101.2.2.1.61 $  ; listPointer
               2.16.840.1.101.2.2.1.68 $  ; nationality
               0.9.2342.19200300.100.1.3 ) )  ; rfc822Mailbox

7.14  aCPOrganizationRuleEdB Content Rule

     ( 2.5.6.4 NAME 'aCPOrganizationRuleEdB'
          ; organization object class
          AUX ( 2.5.6.22 $  ; pkiCA
               2.16.840.1.101.2.2.3.62 )  ; otherContactInformation
          MAY ( 2.16.840.1.101.2.2.1.142 $  ; aCPLegacyFormat
               2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.5.4.46 $  ; dnQualifier
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.15  aCPRoutingIndicatorRuleEdB Content Rule

     ( 2.16.840.1.101.2.2.3.37 NAME 'aCPRoutingIndicatorRuleEdB'
          ; routingIndicator
          MAY ( 2.16.840.1.101.2.2.1.144 $  ; tCCG
               2.16.840.1.101.2.2.1.76 ) )  ; remarks

7.16  addressListRuleEdA Content Rule

     ( 2.16.840.1.101.2.2.3.57 NAME 'addressListRuleEdA'
          ; addressList object class
          AUX ( 2.16.840.1.101.2.2.3.54 $  ; distributionCodesHandled
               2.6.5.1.3 $  ; mhs-user
               2.16.840.1.101.2.2.3.56 $  ; plaUser
               2.16.840.1.101.2.2.3.66 $  ; securePkiUser
               2.16.840.1.101.2.1.4.16 )  ; ukms
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.3 $  ; alternateRecipient
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 $  ; expirationDate
               2.16.840.1.101.2.2.1.117 $  ; guard
               2.16.840.1.101.2.2.1.61 $  ; listPointer
               0.9.2342.19200300.100.1.3 ) )  ; rfc822Mailbox





DALLY                   Expires 22 March 2001                  [Page 68]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


7.17  aliasCommonNameRule Content Rule

     ( 2.16.840.1.101.2.2.3.52 NAME 'aliasCommonNameRule'
          ; aliasCommonName object class
          MAY ( 2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.18  aliasOrganizationalUnitRule Content Rule

     ( 2.16.840.1.101.2.2.3.53 NAME 'aliasOrganizationalUnitRule'
          ; aliasOrganizationalUnit object class
          MAY ( 2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.19  distributionCodeDescriptionRule Content Rule

     ( 2.16.840.1.101.2.2.3.55 NAME 'distributionCodeDescriptionRule'
          ; distributionCodeDescription object class
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.20  messagingGatewayRuleEdA Content Rule

     ( 2.16.840.1.101.2.2.3.59 NAME 'messagingGatewayRuleEdA'
          ; messagingGateway object class
          AUX ( 2.16.840.1.101.2.2.3.66 $  ; securePkiUser
               2.16.840.1.101.2.1.4.16 )  ; ukms
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 $  ; expirationDate
               2.16.840.1.101.2.2.1.117 $  ; guard
               2.16.840.1.101.2.2.1.138 $  ; plasServed
               0.9.2342.19200300.100.1.3 ) )  ; rfc822Mailbox

7.21  mLAgentRule Content Rule

     ( 2.16.840.1.101.2.2.3.64 NAME 'mLAgentRule'
          ; mLAgent object class
          MAY ( 2.16.840.1.101.2.2.1.49 $  ; aliasPointer
               2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.22  networkEdBRule Content Rule

     ( 2.16.840.1.101.2.2.3.68 NAME 'networkEdBRule'
          ; aCPNetworkEdB object class
          MAY ( 2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate





DALLY                   Expires 22 March 2001                  [Page 69]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


7.23  networkInstructionsEdBRule Content Rule

     ( 2.16.840.1.101.2.2.3.69 NAME 'networkInstructionsEdBRule'
          ; aCPNetworkInstructionsEdB object class
          MAY ( 2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.24  rAPersonRuleEdA Content Rule

     ( 2.16.840.1.101.2.2.3.65 NAME 'rAPersonRuleEdA'
       ;  releaseAuthorityPersonA object class
          MAY ( 2.16.840.1.101.2.2.1.55 $  ; effectiveDate
               2.16.840.1.101.2.2.1.57 ) )  ; expirationDate

7.25  sigintPLARule Content Rule

     ( 2.16.840.1.101.2.2.3.38 NAME 'sigintPLARule'
          ; sigintPLA object class
          MAY 2.16.840.1.101.2.2.1.4 )  ; associatedOrganization

7.26  spotPLARule Content Rule

     ( 2.16.840.1.101.2.2.3.40 NAME 'spotPLARule'
          ; spotPLA object class
          MAY 2.16.840.1.101.2.2.1.113 )  ; associatedAL





























DALLY                   Expires 22 March 2001                  [Page 70]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


8.  STRUCTURE RULES

There are no structure rules defined in ACP 133(B) [1]


9.  SECURITY CONSIDERATIONS

     Attributes of directory entries are used to provide descriptive
     information about the real-world objects they represent, which can
     be people, organizations or devices.  Most countries have privacy
     laws regarding the publication of information about people.

     Some of the object classes and attributes in this document support
     the use of a directory as part of a PKI.  This schema also holds
     information so that components of a variety of network
     applications, including the directory service, can be strongly
     authenticated to one another and with users.





































DALLY                   Expires 22 March 2001                  [Page 71]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


10.  REFERENCES

     [1]  Common Directory Services and Procedures, ACP 133 Edition B,
          March 2000

     [2]  Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight
          X.500 Directory Access Protocol (v3): Attribute Syntax
          Definitions", RFC 2252, December 1997

     [3]  Wahl, M., "A Summary of the X.500(96) User Schema for use
          with LDAPv3", RFC 2256, December 1997

     [4]  ACP 127, "Communications Instructions - Tape Relay Procedures"

     [5]  JANAP 128(I), Joint Chiefs of Staff, May 1983, Automatic
          Digital Network (AUTODIN) Operating Procedures

     [6]  ACP 123, "Common Messaging Strategy and Procedures",
          November, 1994

     [7]  NATO APP-3, "NATO Subject Indicator System (NASIS) -
          publication 3", Oct. 1982

     [8]  ITU-T Recommendation X.521 (1993 & 1997) | ISO/IEC 9594-7:
          1995 & 1997, "Information technology - Open Systems
          Interconnection - The Directory:  Selected object classes"

     [9]  RFC 2587, "Internet X.509 Public Key Infrastructure
          LDAPv2 Schema", June 1999

     [10] ITU-T Recommendation X.520 (1993 & 1997) | ISO/IEC 9594-6:
          1995 & 1997, "Information technology - Open Systems
          Interconnection - The Directory:  Selected attribute types"

     [11] ACP 120, "Common Security Protocol (CSP)", final draft

     [12] STANAG 4406, "NATO Reference Model for Open Systems
          Interconnection -Military Message Handling Systems"

     [13] Barker, P. and Kille, S., "The COSINE and Internet X.500
          Schema", RFC 1274, November 1991

     [14] ISO 3166-1:  1997, "Codes for the representation of names of
          countries and their subdivsions - part 1:  Country codes"

     [15] ACP 117, "Allied Routing Indicator Book"

     [16] RFC 822, "STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT
          MESSAGES", August 13, 1982





DALLY                   Expires 22 March 2001                  [Page 72]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     [17] ITU-T Recommendation X.402 (1995)/ISO/IEC 10021-2:  1996,
          "Information Technology - Message Handling Systems (MHS) -
          Overall Architecture"

     [18] ITU-T Recommendation X.411 (1995)/ISO/IEC 10021-4:  1996,
          "Information Technology - Message Handling Systems (MHS) -
          Message Transfer System:  Abstract Service Definition
          and Procedure"

     [19] Smith, M., "Definition of the inetOrgPerson LDAP Object
          Class", RFC 2798, April 2000











































DALLY                   Expires 22 March 2001                  [Page 73]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


11. ABBREVIATIONS

     ACP          Allied Communications Publication
     AE           Application Entity
     AIG          Address Indicator Group
     AL           Address List
     ALID         AL Identifier
     ASN.1        Abstract Syntax Notation One
     AUTODIN      Automatic Digital Network
     BER          Basic Encoding Rules
     BNF          Backus-Naur Form
     C            Country
     CA           Certification Authority
     CAD          Collective Address Designator
     CCEB         Combined Communications Electronics Board
     CCITT        The International Telegraph and Telephone
                  Consultative Committee
     CMI          Certificate Management Infrastructure
     CN           Common Name
     CRL          Certificate Revocation List
     DAP          Directory Access Protocol
     DFTS         Defence Fixed Telecommunications Service
     DIB          Directory Information Base
     DL           Distribution List
     DN           Distinguished Name
     DODAAC       Department of Defense Activity Accounting Code
     DSA          Directory System Agent
     DSN          Defense Switched Network (DSN)
     EIT          Encoded Information Type
     FAX          Facsimile
     GENSER       General Service
     GHP          Gateway Handling Policy
     GON          Group of Names
     IA5          International Alphabet Number 5
     IEC          International Electrotechnical Commission
     IETF         Internet Engineering Task Force
     ISDN         Integrated Services Digital Network
     ISO          International Organization for Standardization
     ITU-T        International Telecommunication Union-
                  Telecommunication Standardization Sector
     JANAP        Joint Army, Navy, Air Force Procedure
     L            Locality
     LDAP         Lightweight Directory Access Protocol
     LMF          Language and Media Format
     LOC          Locality
     MCS          Message Conversion System
     MHS          Message Handling System
     ML           Mail List
     MLA          Mail List Agent
     MMHS         Military Message Handling System
     MS           Message Store
     MTA          Message Transfer Agent


DALLY                   Expires 22 March 2001                  [Page 74]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


     MTS          Message Transfer System
     MUA          Messaging User Agent
     NASIS        NATO Subject Indicator System
     NAVCOMPARS   Naval Communications Processing and Routing System
     O            Organization
     ON           Other Notification
     O/R, OR      Originator/Recipient
     ORG          Organizational
     OU           Organizational Unit
     PKI          Public Key Infrastructure
     PLA          Plain Language Address
     PSTN         Public Switched Telephone Network
     R            Role
     RA           Release Authority
     RAN          Release Authority Name
     RDN          Relative Distinguished Name
     RFC          Request for Comments
     RI           Routing Indicator
     SHD          Special Handling Designator
     SI           Special Intelligence
     SIC          Subject Indicator Code
     SIGAD        SIGINT Address
     SIGINT       Signal Intelligence
     SMTP         Simple Mail Transfer Protocol
     SOP          State or Province
     ST           State or Province Name
     STU          Secure Telephone Unit
     TARE         Telegraph Automatic Relay Equipment
     TCC          Transmission Control Code
     TRC          Transmission Release Code
     U            Unit
     UA           User Agent
     UKM          User Key Material





















DALLY                   Expires 22 March 2001                  [Page 75]

INTERNET-DRAFT     ACP 133 Common Content and LDAP     22 September 2000


12. ACKNOWLEDGEMENTS
     This document was prepared with the help and advice of
     two organizations:

          CCEB ACP 133 Task Force
          IETF LDAP Extensions Working Group

     Thanks to thanks to the members of these groups for their
     criticism, corrections, and feedback.


13. AUTHOR'S ADDRESS

     Kathy Dally
     The MITRE Corp.
     1820 Dolley Madison Blvd.
     McLean, VA 22102
     USA

     e-mail:  kdally@mitre.org
     telephone:  +1 703 883 6058
     fax:  +1 703 883 7142
































DALLY                   Expires 22 March 2001                  [Page 76]


Html markup produced by rfcmarkup 1.101, available from http://tools.ietf.org/tools/rfcmarkup/