-- *********************************************************************
-- IEEE8021-DEVID-MIB
--   
-- Managed object definitions for IEEE 802.1AR Secure Device Identity
-- *********************************************************************

IEEE8021-DEVID-MIB 
DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    Unsigned32,
    Counter32
        FROM SNMPv2-SMI
    TruthValue,
    TEXTUAL-CONVENTION
        FROM SNMPv2-TC
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    MODULE-COMPLIANCE,
    OBJECT-GROUP
        FROM SNMPv2-CONF
    PhysicalIndex, entPhysicalIndex
        FROM ENTITY-MIB;

ieee8021DevIDMIB MODULE-IDENTITY
    LAST-UPDATED    "201807151904Z"
    ORGANIZATION    "IEEE 802.1 Working Group"
    CONTACT-INFO    "WG-URL: http://www.ieee802.org/1
				   WG-EMail: stds-802-1-L@ieee.org
					 
					Contact: IEEE 802.1 Working Group Chair
					Postal:  C/O IEEE 802.1 Working Group
							 IEEE Standards Association
							 445 Hoes Lane
							 Piscataway
							 NJ 08854
							 USA
					E-mail:  STDS-802-1-L@IEEE.ORG"
    DESCRIPTION
    "The MIB module for managing an IEEE 802.1AR DevID (Secure Device
	Identifier) Module. A DevID comprises: a DevID secret (a private
	key) stored confidentially by the DevID module and accessible only 
	through operations provided by the module; a DevID certificate 
	containing the corresponding public key and a subject name that 
	identifies the device; and a (possibly null) certificate chain. Use 
	of the DevID module signing operations allows the device to prove 
	possession of the DevID secret, and thus assert its identity in
	authentication protocols. An initial IDevID provided by the
	device supplier can be used directly or can be used to provision
	one or more locally significant LDevIDs that reflect authorization 
	decisions by the local network administrator with certificate fields 
	that record those decisions.
	An SNMP agent can manage a network element comprising one or  
	many devices. They can include component (such as individual line 
	cards in a chassis) or aggregate devices (such as the chassis and 
	its current complement of cards). In each case a DevID module binds
	DevIDs secrets and certificates to the device whose identity they can be
	used to assert: they remain attached to a component device if it is
	removed from the network  element, and are not retained by the SNMP
	agent. The entPhysicalIndex defined by the ENTITY-MIB identifies each
	device managed by the agent and is used to index tables of managed
	objects for each device with a DevID module, so ENTITY-MIB objects are
	correlated with and can supplement DevID information cryptographically
	bound to the device.
	The initial version of this ieee8021DevIDMIB used the object name
	prefix 'devID' rather than 'ieee8021DevI' as recommended by 
	RFC 4181. The 'devID' prefix has been retained for backwards 
	compatibility and internal consistency."
    REVISION        "201807151904Z"
    DESCRIPTION
    "Published as part of IEEE Std 802.1AR-2018"
    REVISION        "200906250000Z"
    DESCRIPTION
    "Published as part of IEEE Std 802.1AR-2009"

     ::= { iso (1) iso-identified-organization (3) ieee (111) 
           standards-association-numbered-series-standards (2) 
           lan-man-stds (802) ieee802dot1(1) ieee802dot1mibs(1) 17 }

devIDMIBNotifications  	OBJECT IDENTIFIER   ::= { ieee8021DevIDMIB 0 }
						-- unused (historic)

devIDMIBObjects        	OBJECT IDENTIFIER   ::= { ieee8021DevIDMIB 1 }

devIDMIBConformance    	OBJECT IDENTIFIER   ::= { ieee8021DevIDMIB 2 }

--
-- Textual Conventions - current
--
DevIDFingerprint ::= TEXTUAL-CONVENTION
	DISPLAY-HINT "1x:1x"
	STATUS				current
	DESCRIPTION "A Named Information identifier (RFC 6920) comprising a
	single octet (an IANA (iana.org) Named Information Hash Algorithm 
	Registry value) followed by the result of applying that identified 
	(possibly truncated) hash function  to the arbitrary long octet 
	string to be fingerprinted. The fingerprint size (including the 
	initial identifier) is limited to 49 octets to meet the SNMP oid 
	size constraints when used as an INDEX while allowing the use of
	sha3-384, but sha-256-32 or sha-256-64 (5 or 9 octets total) is 
	recommended with checking of full, not fingerprint, values in 
	sensitive applications. This TEXTUAL-CONVENTION allows a zero-length 
	value where the fingerprint value is optional. MIB definitions or 
	implementations may refuse to accept a zero-length value."
	SYNTAX				OCTET STRING (SIZE (0 .. 49)) 
--
-- DevID Management Objects 
--
devIDGlobalMIBObjects  	OBJECT IDENTIFIER  ::= { devIDMIBObjects 1 }
						-- unused (historic)

devIDMgmtMIBObjects    	OBJECT IDENTIFIER  ::= { devIDMIBObjects 2 }

devIDStatsMIBObjects	OBJECT IDENTIFIER   ::= { devIDMIBObjects 3 }
						-- unused (historic)
--
-- devIDMgmtMIBObjects - tables with current objects
--
devIDModuleTable		OBJECT-TYPE
	SYNTAX				SEQUENCE OF 	DevIDModuleEntry
	MAX-ACCESS							not-accessible
	STATUS								current
	DESCRIPTION
	"A table of DevID module capabilities, which can differ for devices
	managed by the same SNMP agent."		
    REFERENCE	"IEEE 802.1AR 7.3, 10.2, 10.3" 
	::= { devIDMgmtMIBObjects 6 }

devIDModuleEntry		OBJECT-TYPE
	SYNTAX				DevIDModuleEntry				
    MAX-ACCESS      	not-accessible	
    STATUS          	current
	DESCRIPTION	"DevID module capabilities, indexed by the ENTITY MIB's
	entPhysicalIndex."
	INDEX { entPhysicalIndex }
	::= { devIDModuleTable 1 }

DevIDModuleEntry ::= SEQUENCE { 
		devIDModuleSupportsLDevIDs 		TruthValue,
		devIDModuleGeneratesLDevIDKeys 	TruthValue,
		devIDModuleInsertsLDevIDKeys 	TruthValue
}

devIDModuleSupportsLDevIDs		OBJECT-TYPE
	SYNTAX								TruthValue
    MAX-ACCESS      					read-only	
    STATUS          					current
    DESCRIPTION	"True if the module supports the mandatory operations
    for LDevIDs."
    REFERENCE	"IEEE 802.1AR 7.2(k)-(n)."  
	::= { devIDModuleEntry 1}	

devIDModuleGeneratesLDevIDKeys	OBJECT-TYPE
	SYNTAX								TruthValue
    MAX-ACCESS      					read-only	
    STATUS          					current
    DESCRIPTION	"True if the module supports LDevID key generation."
    REFERENCE	"IEEE 802.1AR 7.2(h), 7.2(j), 7.2.8, 7.2.10."  
	::= { devIDModuleEntry 2}	

devIDModuleInsertsLDevIDKeys	OBJECT-TYPE
	SYNTAX								TruthValue
    MAX-ACCESS      					read-only	
    STATUS          					current
    DESCRIPTION	"True if the module supports LDevID key insertion."
    REFERENCE	"IEEE 802.1AR 7.2(i), 7.2(j), 7.2.9, 7.2.10, 7.3."  
	::= { devIDModuleEntry 3}	
--	
devIDCertTable			OBJECT-TYPE
	SYNTAX				SEQUENCE OF 	DevIDCertEntry
	MAX-ACCESS							not-accessible
	STATUS								current
	DESCRIPTION	"A table of DevID certificates, indexed by
	entPhysicalIndex (identifying the DevID module to which the 		
	certificate belongs) and the certificate's fingerprint."		
    REFERENCE	"IEEE 802.1AR Clause 6, 6.2, 7.2.2, 7.2.3, 7.2.6, 7.2.7,
    7.2.11, 7.2.13, 7.3." 
	::= { devIDMgmtMIBObjects 7 }
	
devIDCertEntry			OBJECT-TYPE
	SYNTAX				DevIDCertEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION	"DevID certificate objects, indexed by entPhysicalIndex 
	and its devIDCertFingerprint."
	INDEX	{ entPhysicalIndex, devIDCertFingerprint }
	::= { devIDCertTable 1}
	
DevIDCertEntry ::= SEQUENCE {
        devIDCertFingerprint            DevIDFingerprint,
        devIDCertPublicKeyInfoFprint	DevIDFingerprint,
        devIDCertIDevID			        TruthValue,
        devIDCertKeyEnabled		        TruthValue,
        devIDCertEnabled		        TruthValue,
        devIDCert				        OCTET STRING    
}

devIDCertFingerprint	 				OBJECT-TYPE
    SYNTAX          					DevIDFingerprint
    MAX-ACCESS      					not-accessible
    STATUS          					current
    DESCRIPTION	"A fingerprint of the DevID certificate, identifying the 
    fingerprinting hash."
    REFERENCE   "IEEE 802.1AR 10.3"  
	::= { devIDCertEntry 1}

devIDCertPublicKeyInfoFprint	 		OBJECT-TYPE
    SYNTAX          					DevIDFingerprint
    MAX-ACCESS      					read-only
    STATUS          					current
    DESCRIPTION	"A fingerprint of the DevID certificate's 
    subjectPublicKeyInfo field, identifying the fingerprinting hash."
    REFERENCE   "IEEE 802.1AR 10.3"  
	::= { devIDCertEntry 2}

devIDCertIDevID							OBJECT-TYPE
	SYNTAX								TruthValue
    MAX-ACCESS      					read-only	
    STATUS          					current
    DESCRIPTION	"True if this is an IDevID Certificate."
    REFERENCE	"IEEE 802.1AR Clause 6, 6.2, 7.3."  
	::= { devIDCertEntry 3}	

devIDCertKeyEnabled						OBJECT-TYPE
	SYNTAX								TruthValue
    MAX-ACCESS      					read-only	
    STATUS          					current
    DESCRIPTION	"True if use of the DevID Secret for this certificate is
    enabled, allowing its use."
    REFERENCE	"IEEE 802.1AR 7.2.7, 7.3"  
	::= { devIDCertEntry 4}

devIDCertEnabled						OBJECT-TYPE
	SYNTAX								TruthValue
    MAX-ACCESS      					read-only	
    STATUS          					current
    DESCRIPTION	"True if the certificate can be used."
    REFERENCE	"IEEE 802.1AR 7.2.6"  
	::= { devIDCertEntry 5}

devIDCert			 					OBJECT-TYPE
    SYNTAX          					OCTET STRING
    MAX-ACCESS      					read-only
    STATUS          					current
    DESCRIPTION	"The X.509 DevID certificate."
    REFERENCE   "IEEE 802.1AR 6.2, 7.3, Clause 8"  
	::= { devIDCertEntry 6}		
--		
devIDChainTable							OBJECT-TYPE
	SYNTAX								SEQUENCE OF DevIDChainEntry
	MAX-ACCESS							not-accessible
	STATUS								current
	DESCRIPTION	"A table of DevID intermediate certificates, indexed by 
	entPhysicalIndex (identifying the DevID module), 
	devIDCertFingerprint (identifying the DevID certificate), and 
	devIDChainCertIndex (identifying the certificate's position in 
	the certificate chain, upwards from the DevID certificate)."		
    REFERENCE	"IEEE 802.1AR 10.3, 6.3, 7.2.3." 
	::= { devIDMgmtMIBObjects 8 }

devIDChainEntry							OBJECT-TYPE
	SYNTAX								DevIDChainEntry
	MAX-ACCESS							not-accessible
	STATUS								current
	DESCRIPTION	"DevID intermediate certificate objects, indexed by 
	entPhysicalIndex, DevID certificate fingerprint, and the  
	certificate's position in the certificate chain."
	INDEX	{ entPhysicalIndex, devIDCertFingerprint, 
			  devIDChainCertIndex }
	::= { devIDChainTable 1}
	
DevIDChainEntry ::= SEQUENCE {
	devIDChainCertIndex					Unsigned32,
	devIDChainCertFingerprint           DevIDFingerprint,
	devIDChainCert						OCTET STRING
}

devIDChainCertIndex		 				OBJECT-TYPE
    SYNTAX          					Unsigned32
    MAX-ACCESS      					not-accessible
    STATUS          					current
    DESCRIPTION	"The position of this intermediate certificate in the
    certificate chain."
    REFERENCE   "IEEE 802.1AR 10.3."  
	::= { devIDChainEntry 1}

devIDChainCertFingerprint	 			OBJECT-TYPE
    SYNTAX          					DevIDFingerprint
    MAX-ACCESS      					read-only
    STATUS          					current
    DESCRIPTION	"A fingerprint of the intermediate certificate, identifying the 
    fingerprinting hash."
    REFERENCE   "IEEE 802.1AR 10.3."  
	::= { devIDChainEntry 2}

devIDChainCert		 					OBJECT-TYPE
    SYNTAX          					OCTET STRING
    MAX-ACCESS      					read-only
    STATUS          					current
    DESCRIPTION	"The X.509 intermediate certificate in a certificate chain."
    REFERENCE   "IEEE 802.1AR 6.3, 7.3, Clause 8."  
	::= { devIDChainEntry 3}
--
devIDStatisticsTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF 		DevIDStatisticsEntry 
    MAX-ACCESS      					not-accessible
    STATUS          					current
    DESCRIPTION	"Counts of selected operations for each DevID module."
    REFERENCE	"IEEE 802.1AR 7.3."
    ::= { devIDMgmtMIBObjects 5 }

devIDStatisticsEntry OBJECT-TYPE
    SYNTAX          					DevIDStatisticsEntry
    MAX-ACCESS      					not-accessible
    STATUS         					 	current
    DESCRIPTION	"Counts of selected operations for a DevID module."
    INDEX { entPhysicalIndex } 
    ::= { devIDStatisticsTable 1 }

DevIDStatisticsEntry ::= SEQUENCE {
        devIDStatisticKeyGenerationCount        Counter32,
        devIDStatisticKeyInsertionCount         Counter32,
        devIDStatisticKeyDeletionCount          Counter32,
        devIDStatisticCSRGenerationCount        Counter32,
        devIDStatisticCredentialInsertionCount	Counter32,
        devIDStatisticCredentialDeletionCount   Counter32,
        devIDStatisticCertInsertionCount		Counter32,
        devIDStatisticCertDeletionCount			Counter32
}

devIDStatisticKeyGenerationCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION	"The number of LDevID key pairs generated by the 
    module. Discontinuities at system restart and counter rollover."
    REFERENCE	"IEEE 802.1AR 7.2.8, 7.3." 
    ::= { devIDStatisticsEntry 1 }

devIDStatisticKeyInsertionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION	"The number of LDevID key pairs inserted into the module.  
    Discontinuities occur at system restart and counter rollover."
    REFERENCE	"IEEE 802.1AR 7.2.9, 7.3." 
    ::= { devIDStatisticsEntry 2 }

devIDStatisticKeyDeletionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION "The number of LDevID key pairs deleted by the module. 
	Discontinuities occur at system restart and counter rollover."
    REFERENCE	"IEEE 802.1AR 7.2.10, 7.3." 
    ::= { devIDStatisticsEntry 3 }

devIDStatisticCSRGenerationCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          deprecated
    DESCRIPTION	"The number of Certificate Signing Requests (CSR,
    RFC2986) generated by the module.  Discontinuities occur at system 
    restart and counter rollover. Deprecated: the module does not
    necessarily have all the information to generate a meaningful CSR,
    and key and certificate insertion is not tied to prior CSR 
    generation. If required the signing operation can generate a CSR 
    though this is not required for LDevID insertion."
    REFERENCE	"IEEE 802.1AR-2009 6.4, and 6.3.11" 
    ::= { devIDStatisticsEntry 4 }

devIDStatisticCredentialInsertionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The number of LDevID credential insertions. 
	Discontinuities occur at system restart and counter rollover."
    REFERENCE	"IEEE 802.1AR-2009 6.4, and 6.3.12." 
    ::= { devIDStatisticsEntry 5 }

devIDStatisticCredentialDeletionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The number of LDevID credential deletions. 
	Discontinuities occur at system restart and counter rollover."
    REFERENCE	"IEEE 802.1AR-2009 6.4, and 6.3.14." 
    ::= { devIDStatisticsEntry 6 }

devIDStatisticCertInsertionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION	"The number of LDevID certificate insertions. 
	Discontinuities occur at system restart and counter rollover."
    REFERENCE	"IEEE 802.1AR 7.2.11, 7.3." 
    ::= { devIDStatisticsEntry 7 }

devIDStatisticCertDeletionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION	"This number of LDevID certificate deletions. 
	Discontinuities occur at system restart and counter rollover."
    REFERENCE	"IEEE 802.1AR 7.2.13." 
    ::= { devIDStatisticsEntry 8 }
--
-- devIDMIBConformance - current
--
devIDMIBCompliances  OBJECT IDENTIFIER
    ::= { devIDMIBConformance 1 }

devIDMIBGroups  OBJECT IDENTIFIER
    ::= { devIDMIBConformance 2 }

devIDMIBModuleCompliance2 MODULE-COMPLIANCE
    STATUS          	current
    DESCRIPTION "Module Compliance for DevID MIB-2018."
    MODULE          --	this module
    MANDATORY-GROUPS {
                    	devIDMIBModuleGroup,
                    	devIDMIBCertificateGroup,
                    	devIDMIBAuditGroup
                    }
    ::= { devIDMIBCompliances 2 }


devIDMIBModuleGroup OBJECT-GROUP
    OBJECTS         {
						devIDModuleSupportsLDevIDs,
						devIDModuleGeneratesLDevIDKeys,
						devIDModuleInsertsLDevIDKeys
}
    STATUS          	current
    DESCRIPTION "DevID MIB objects describing module capabilities."
    ::= { devIDMIBGroups 2 }

devIDMIBCertificateGroup OBJECT-GROUP
    OBJECTS         {
                    	devIDCertPublicKeyInfoFprint,
                        devIDCertIDevID,
                        devIDCertKeyEnabled,
                        devIDCertEnabled,
                        devIDCert,
                        devIDChainCertFingerprint,
                        devIDChainCert
}
    STATUS          	current
    DESCRIPTION "DevID MIB objects for DevID public key,
    certificate, and certificate chain inventory operations."
    ::= { devIDMIBGroups 3 }

devIDMIBAuditGroup OBJECT-GROUP
    OBJECTS         {               
                        devIDStatisticKeyGenerationCount,
                        devIDStatisticKeyInsertionCount,
                        devIDStatisticKeyDeletionCount,
                        devIDStatisticCertInsertionCount,
                        devIDStatisticCertDeletionCount
}
    STATUS          	current
    DESCRIPTION "DevID MIB objects supporting DevID operation auditing."
    ::= { devIDMIBGroups 4 }
--**********************************************************************
-- Textual Conventions - obsolete
--
DevIDErrorStatus ::= TEXTUAL-CONVENTION
    STATUS obsolete
    DESCRIPTION "The error state  of a DevID operation."
    SYNTAX          INTEGER  {
                        none(1),
                        internalError(2)
                    }

DevIDAlgorithmIdentifier::= TEXTUAL-CONVENTION
    STATUS          obsolete
    DESCRIPTION "The algorithm type for the public key."
    SYNTAX          INTEGER  {
                        rsaEncryption(1),
                        idecPublicKey(2)
                    }                   
--
-- devIDMgmtMIBObjects - obsolete tables and individual objects
--
devIDPublicKeyCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION
    "The total number of DevID public keys installed in the module.
    Obsolete: the number of currently installed keys is the number of 
    DevIDCertEntry's with the module's entPhysicalIndex and distinct 
    devIDCertPublicKeyInfoFprint values, the maximum number can be an
    implementation dependent function of the keys' signature suites and 
    the storage occupied by certificates and certificate chains."
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2" 
    ::= { devIDMgmtMIBObjects 1 }    
--
devIDPublicKeyTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF DevIDPublicKeyEntry 
    MAX-ACCESS      not-accessible
    STATUS          obsolete
    DESCRIPTION
    "A table containing the public key, the keys keyIndex, a value
	indicating if the key is enabled. This allows the administrator
	to determine the DevID keys installed in the DevID module. The
	maximum number of entries in this table is limited by the value
	of devIDPublicKeyCount.
	Obsolete: the public keys that have been installed and may be 
	used can be obtained from the subjectPublicKeyInfo field in each of 
	the DevIDCertEntry's devIDCert object."
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2"
    ::= { devIDMgmtMIBObjects 2 }

devIDPublicKeyEntry OBJECT-TYPE
    SYNTAX          DevIDPublicKeyEntry
    MAX-ACCESS      not-accessible
    STATUS          obsolete
    DESCRIPTION
	"An entry containing DevID public key, the keys keyIndex, a value
	indicating if the key is enabled.
	Obsolete: the public keys that have been installed and may be 
	used can be obtained from the subjectPublicKeyInfo field in each of 
	the DevIDCertEntry's devIDCert object. The table entry indexing did
	not support multiple key pairs per entPhysicalIndex."
    INDEX           { entPhysicalIndex } 
    ::= { devIDPublicKeyTable 1 }

DevIDPublicKeyEntry ::= SEQUENCE {
    devIDPublicKeyIndex				Unsigned32,
    devIDPublicKeyEnabled			TruthValue,
    devIDPublicKeyAlgorithm			DevIDAlgorithmIdentifier,
    devIDPublicKeyPubkeySHA1Hash    SnmpAdminString,
    devIDPublicKeyErrStatus			DevIDErrorStatus
}

devIDPublicKeyIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (0..4294967295 )
    MAX-ACCESS      not-accessible
    STATUS          obsolete
    DESCRIPTION "All keys are indexed internally with this object. The 
    value of this object is within 0..devIDPublicKeyCount. This is the
	keyIndex and operations on keys will use the keyIndex to address a 
	specific key. The IDevID key shall only be at index 0. Any error 
	retrieving a key will be displayed in devIDPublicKeyErrStatus.
	Obsolete: the potential indexes are close packed forcing index 
	reuse not under the agents control so reading the index from the 
	devIDCredentialTable and then using it with this object may not
	retrieve the intended key."
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2" 
    ::= { devIDPublicKeyEntry 1 }

devIDPublicKeyEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          obsolete
    DESCRIPTION "The enable/disable state of this public key. This 
    setting persists across restarts. Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2" 
    ::= { devIDPublicKeyEntry 2 }

devIDPublicKeyAlgorithm OBJECT-TYPE
    SYNTAX          DevIDAlgorithmIdentifier                        
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION
    "The DevID PublicKey Algorithm field shall indicate the public key
	algorithm identifier. This object identifies the public key
	algorithm as either rsaEncryption or idecPublicKey.
	Obsolete along with table. The AlgorithmIdentifier is not 
	necessarily a complete description of the signature suite 
	(parameters in subjectPublicKeyInfo may also be required), full 
	information is in the devIDCert in the devIDCertTable using X.509 
	OIDs so avoiding generating new OIDs for this MIB and removing the
	need for future MIB updates as new signature suites are added."
    REFERENCE
        "IEEE 802.1AR-2009 6.4, 6.3.2 and 7.2.9" 
    ::= { devIDPublicKeyEntry 3 }

devIDPublicKeyPubkeySHA1Hash OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The SHA1 Hash of this DevID public key.
    Obsolete with table. DevIDFingerprint used in new table objects
    to provided allow hash flexibility without MIB update."
    REFERENCE
        "IEEE 802.1AR-2009 6.4, 6.3.2 and 7.2.9" 
    ::= { devIDPublicKeyEntry 4 }

devIDPublicKeyErrStatus OBJECT-TYPE
    SYNTAX          DevIDErrorStatus
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "Displays the status of an operation on the public key. 
    The default value is none which means no error, indicating a 
    successful operation. Obsolete: DevID module service interface 
    operations are not visible in this MIB so this object provides no
    clue as to what has failed and does not specify whether it is 
    cleared by subsequent successful operations. If keys or certs are
    unusable they should not be visible to SNMP or appear not enabled. In 
    both cases this read-only MIB cannot diagnose or repair. SNMP 
    operations already have their own error codes."
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2"
    DEFVAL          { none } 
    ::= { devIDPublicKeyEntry 5 }
--
devIDCredentialCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "This gives the total number of DevID credentials 
    installed in the DevID module. Obsolete: Object is not indexed by
    entPhysicalIndex so is not a per module count if the agent is 
    managing multiple devices. Changes as component devices are added
    or removed are not meaningful without other information. Per module
    counts can be obtained by interrogating the devIDCertTable."    
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2" 
    ::= { devIDMgmtMIBObjects 3 }
--
devIDCredentialTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF DevIDCredentialEntry 
    MAX-ACCESS      not-accessible
    STATUS          obsolete
    DESCRIPTION "A table of current DevID credentials, where for each 
    certificate the following are indicated: sha1 hash of the 
    certificate, section7 defined fields of cert serial number, issuer,
    subject, HardwareModuleName, and public key.
    Obsolete: the ASN.1 encoding of a certificate is already defined 
    elsewhere, there is no need to require a device to decode the
    certificate into a different ASN.1 structure, and picking particular 
    field might omit problematic extensions in particular certificates."
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.3"
    ::= { devIDMgmtMIBObjects 4 }

devIDCredentialEntry OBJECT-TYPE
    SYNTAX          DevIDCredentialEntry
    MAX-ACCESS      not-accessible
    STATUS          obsolete
    DESCRIPTION "An entry containing DevID Credential information.
    Obsolete: Table entries are not indexed by entPhysicalIndex."
    INDEX           { devIDCredentialIndex } 
    ::= { devIDCredentialTable 1 }

DevIDCredentialEntry ::= SEQUENCE {
        devIDCredentialIndex                  Unsigned32,
        devIDCredentialEnabled                TruthValue,
        devIDCredentialSHA1Hash               SnmpAdminString,    
        devIDCredentialSerialNumber           SnmpAdminString,
        devIDCredentialIssuer                 SnmpAdminString,
        devIDCredentialSubject                SnmpAdminString,
        devIDCredentialSubjectAltName         SnmpAdminString,		
        devIDCredentialEntityIndex            PhysicalIndex,
        devIDCredentialPubkeyIndex            Unsigned32,
        devIDCredentialErrStatus              DevIDErrorStatus
}

devIDCredentialIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (0..4294967295 )
    MAX-ACCESS      not-accessible
    STATUS          obsolete
    DESCRIPTION "All credentials are indexed internally with this 
    object. The value of this object is in  [0..devIDCredentialCount].
    Operations on credentials will use the credentialIndex to address a 
    specific credential. The IDevID credential shall only be at index 0. 
    Additional operations on credentials use the credentialIndex to 
    address a specific credential.
    Obsolete: The SNP agent does not control or monitor individual 
    DevID service operations, an SNMP agent can manage a system that
    comprises multiple devices identified by the ENTITY-MIB and more 
    than one of those devices can have a DevID module with an IDevID. "
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2" 
    ::= { devIDCredentialEntry 1 }

devIDCredentialEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          obsolete
    DESCRIPTION "The enable/disable state of this credential. This 
    setting persists across restarts. Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 6.3.6" 
    ::= { devIDCredentialEntry 2 }
    
devIDCredentialSHA1Hash     OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The SHA1 Hash of this DevID credential.
    Obsolete with table."
    REFERENCE       "IEEE 802.1AR 7.2.2" 
    ::= { devIDCredentialEntry 3 }

devIDCredentialSerialNumber OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (0..20))
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The serial number of the credential.
    Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 7.2.2" 
    ::= { devIDCredentialEntry 4 }

devIDCredentialIssuer OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The issuer field of the credential.
    Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 7.2.4" 
    ::= { devIDCredentialEntry 5 }

devIDCredentialSubject OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The subject field of the credential.
    Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 7.2.8" 
    ::= { devIDCredentialEntry 6 }
    
devIDCredentialSubjectAltName OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The subjectaltname field of the credential.
    Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 7.2.8" 
    ::= { devIDCredentialEntry 7 }	
	
devIDCredentialEntityIndex    OBJECT-TYPE
    SYNTAX          PhysicalIndex
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "This refers to the entPhysicalIndex in entPhysicalTable 
    to identify the associated physical entity.
    Obsolete with table."
     REFERENCE       "IEEE 802.1AR-2009 6.4" 
    ::= { devIDCredentialEntry 8 }
    
devIDCredentialPubkeyIndex OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "Has the appropriate devIDPublicKeyIndex value from 
    devIDPublicKeyTable to identify the public key information.
    Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 7.2.9" 
    ::= { devIDCredentialEntry 9 }

devIDCredentialErrStatus OBJECT-TYPE
    SYNTAX          DevIDErrorStatus
    MAX-ACCESS      read-only
    STATUS          obsolete
    DESCRIPTION "The displays the status of an operation on the
    credential. The default value is none which means no error, 
    indicating a successful operation.
    Obsolete with table."
    REFERENCE       "IEEE 802.1AR-2009 6.4, and 6.3.2"
    DEFVAL          { none } 
    ::= { devIDCredentialEntry 10 }
--
-- devIDMIBConformance - obsolete
--
devIDMIBModuleCompliance MODULE-COMPLIANCE
    STATUS          	obsolete
    DESCRIPTION "Module Compliance for DevID MIB-2009."
    MODULE          --	this module
    MANDATORY-GROUPS {
                    	devIDMIBObjectGroup
                    }
    ::= { devIDMIBCompliances 1 }
--
devIDMIBObjectGroup OBJECT-GROUP
    OBJECTS         {
                        devIDPublicKeyCount,
                        devIDPublicKeyEnabled,
                        devIDPublicKeyAlgorithm,
                        devIDPublicKeyPubkeySHA1Hash,
                        devIDPublicKeyErrStatus,
                        devIDCredentialCount,
                        devIDCredentialEnabled,
                        devIDCredentialSHA1Hash,
                        devIDCredentialSerialNumber,
                        devIDCredentialIssuer,
                        devIDCredentialSubject,
                        devIDCredentialSubjectAltName,
                        devIDCredentialEntityIndex,
                        devIDCredentialPubkeyIndex,
                        devIDCredentialErrStatus,                        
                        devIDStatisticKeyGenerationCount,
                        devIDStatisticKeyInsertionCount,
                        devIDStatisticKeyDeletionCount,
                        devIDStatisticCSRGenerationCount,
                        devIDStatisticCredentialInsertionCount,
                        devIDStatisticCredentialDeletionCount
}
    STATUS          obsolete
    DESCRIPTION "A collection of objects providing public key 
    manageability, credential manageability and stats."
    ::= { devIDMIBGroups 1 }

--**********************************************************************
END
