Object Identifiers PKIoverheid
Object Identifiers (OIDs)
Object Identifiers (OIDs) are sequences of numbers with a specific structure used to uniquely and permanently identify “objects.” Objects can be physical (such as a wrench, fire hose, network card, or car) or conceptual (like a definition, process, algorithm, or legal entity). Each number has an associated name which clarifies its purpose. Due to the flexible nature of OIDs, they are employed globally across various industries and technologies. Public Key Infrastructure (PKI) is one area where OIDs are extensively utilized. Parties seeking entry into PKIoverheid, therefore, encounter OIDs.
Structure of OIDs
OIDs consist of numbers separated by dots, and each number has a name to give meaning to that particular number. Organizationally, the structure follows a tree structure, which is likened to the structure of domain names found on the Internet. Each number in an OID is a node in the overall OID tree structure. The leftmost number is the start of the tree structure (the metaphorical “tree trunk” or “start node”), and the rightmost number is the endpoint (the metaphorical “leaf” or “end node”). Each node has an organization as an owner, an Object Identifier-Registration Authority (OID-RA), with control over the underlying “arc,” representing the underlying level with all possible nodes. These organizations can then designate other organizations as owners of underlying nodes, allowing them to manage the underlying arcs. Owners of a node must maintain a register of the underlying nodes they issued, the associated names to give them meaning, and any transfer of ownership of one or more of these nodes.
At the national level, the Netherlands Normalization Institute (NEN) is responsible for issuing OIDs under the {joint-iso-itu-t(2) country(16) nl(528)}
country-arc. This, however has been delegated to the Policy Authority PKIoverheid.
The OID assigned to PKIoverheid is 2.16.528.1.1003.1
. When the different numbers are replaced by their corresponding names, the functioning of an OID becomes clear: {joint-iso-itu-t(2) country(16) nl(528) dutch-organization(1) dutch-government(1003) pki-for-government(1)}
. The Policy Authority PKIoverheid is OID-RA for this arc.
OIDs in PKI Certificates
PKI certificates contain many generic OIDs defined by standardization organizations (such as IETF, ETSI, ITU-T, etc.) to unambiguously identify standardized data fields, processes, and algorithms. In addition to these generic OIDs, a PKIoverheid certificate must also contain OIDs referring to specific characteristics of the Trust Service Provider (TSP) issuing the certificate. The list of specific OIDs to be used within the PKIoverheid system, as well as the system for arriving at these unique identifiers, is managed by Logius. This includes three categories of OIDs:
- Definition OIDs
- Certification Policy OIDs
- Organization OIDs
The Policy Authority PKIoverheid assigns new OIDs under the 2.16.528.1.1003.1
arc using naming conventions. Please note: OIDs assigned prior to 2023 may not adhere to this convention. They however remain valid.
All assigned OIDs can be found in the list of registered OIDs under the pki-for-government arc.
Applying for PKIoverheid OIDs
Parties wishing to join PKIoverheid as a TSP must request an Organization OID for their own organization and for the parties responsible for TSP services under their responsibility. A (prospective) TSP MUST submit to international rules regarding OIDs, as found in ISO/IEC 9834, and MUST follow additional guidance within the PKIoverheid system: Terms and conditions OIDs PKIoverheid.
To join PKIoverheid as an Trust Service Provider, please visit the Logius website for more details at https://www.logius.nl
References
The international standard for OIDs is described in ISO/IEC 9834, titled “Procedures for the operation of OSI Registration Authorities.”