Standard way to indicate version and "schema" for X509 Certificate

Question

I have a system in which X509 certificates can have a number of "schemas" where a schema is is a collection of the exact OIDs that are required/optional in the subject of the cert. The application that verifies these certificates needs to know what schema (and what version of that schema) has been used for a given certificate.

For example, Schema A requires CN, O, OU and schema B requires CN, UID, O, C, ST.

I'm looking for a standard way to encode the schema (+ version) in the certificate so the receiving application can tell from the certificate how to parse it. Solutions:

1. Hijack some totally unrelated OID to stuff this information into the subject. I don't like this, but it would work as a hack-y fallback.
2. Utilize an extension. I think the Subject Directory Attributes looks like it might be appropriate, but then it still seems to require OID name/value pairs as its payload, so again which OIDs?
3. Something else entirely?

Again, I can make this work with #1 or could do a similar hack with #2, but what I really want is a standard non-hack way to accomplish this goal.

Answer 1

I've ended up utilizing a UUID-based OID under the 2.25 arc for each of my my two metadata fields (schema and version).

The site below offers a UUID generator as a convenience and a registration link (although registration isn't strictly required):

http://www.itu.int/ITU-T/asn1/cgi-bin/uuid_generate