XKMS Assertions and Test Collection

Editors Copy 11 February 2005

This version:
http://www.w3.org/2001/XKMS/Drafts/test-suite/CR-XKMS-test-suite.html
Editor:
Guillermo Alvaro, Trinity College Dublin

Copyright © 2005 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark, document use, and software licensing rules apply.

Abstract

This document draws on assertions found in the XML Key Management specifications [XKMS Part1], [XKMS Part2], and provides a set of tests in order to show whether the assertions are implemented in a XKMS client/server.

The assertions shown below represent the result of a comprehensive search of relevant words such as "MUST" or "SHOULD" in the specification. However, some of the assertions are not testable and won't be related to any of the subsequent tests.

Status of this Document

This document is an editors' copy that has no official standing.

Short Table of Contents

1. Introduction
2. XKMS Assertions
3. XKMS Test Collection
4. References

Table of Contents

1. Introduction
2. XKMS Assertions
    2.1 XKMS, Part 1 Assertions
    2.2 XKMS, Part 2 Assertions
3. XKMS Test Collection
    3.1 Introduction
    3.2 Tests
4. References
    4.1 Normative References

1. Introduction

This document draws on assertions found in the XKMS specifications, and provides a set of tests in order to show whether the testable assertions are implemented in a XKMS client/server.

2. XKMS Assertions

Not all the assertions shown below are testable as they only represent the result of a comprehensive search of relevant words such as "MUST" or "SHOULD" in the specification. The Test Collection covers all the testable assertions found in this chapter. The assertions that are not covered were not represented in the Test Collection because the Working Group decided that they couldn't be tested in the interoperability testing period.

From time to time, the XKMS specification gives developers advice for building secure clients and servers that can be used in an every day situation. In some cases, the Working Group decided to not test a given assertion as it would have ended being more a test about the robustness of a given implementation, rather than the interoperability of different implementations. In these cases, there will be a comment stating that this the assertion was skipped because it only concerned implementation, but not interoperability.

2.1 XKMS, Part 1 Assertions

Assertion XKMS_2_0_Paragraph_48-uriidentifiers

Location of the assertion

XKMS Part 1, Section 2.2

Text from the specification

The means by which the service specifies protocol options which it accepts is outside the scope of this document. If the mechanism used for this purpose uses URI based identifiers for this purpose the following identifiers SHOULD be used: Asynchronous Processing http://www.w3.org/2002/03/xkms#Asynchronous Two Phase Request Protocol http://www.w3.org/2002/03/xkms#Represent Compound Requests and Responses http://www.w3.org/2002/03/xkms#Compound

Comments

Tests

XKISS-T6 XKISS-T7 XKISS-T8 XKISS-T10 XKISS-T11 XKISS-T12

Assertion XKMS_2_0_Paragraph_52-majorresultpending

Location of the assertion

XKMS Part 1, Section 2.4

Text from the specification

An XKMS service MUST NOT return the MajorResult code Pending unless the ResponseMechanism value Pending was specified in the corresponding request. If an XKMS service receives a request that cannot be processed synchronously and the ResponseMechanism value Pending is not specified the MajorResult code Receiver and MinorResult codeNotSynchronous are returned.

Comments

-

Tests

XKISS-T7 XKISS-T8 XKISS-T11 XKISS-T12

Assertion XKMS_2_0_Paragraph_56-respmechanismrequest

Location of the assertion

XKMS Part 1, Section 2.5.1

Text from the specification

Requestor generation of the Request Message - ResponseMechanism value Pending MUST be specified

Comments

-

Tests

XKISS-T7 XKISS-T8 XKISS-T11 XKISS-T12

Assertion XKMS_2_0_Paragraph_64-majorresultrepresent

Location of the assertion

XKMS Part 1, Section 2.6

Text from the specification

An XKMS service MUST NOT return the MajorResult code Represent unless the ResponseMechanism value Represent was specified in the corresponding request. If an XKMS service requires the use of the Two Phase Request protocol and the ResponseMechanism value Represent is not specified in the corresponding request the MajorResult code Sender and MinorResult codeRepresentRequiredare returned.

Comments

-

Tests

XKISS-T6 XKISS-T8 XKISS-T10

Assertion XKMS_2_0_Paragraph_66-noncerecent

Location of the assertion

XKMS Part 1, Section 2.6

Text from the specification

The service SHOULD verify that the nonce value specified in a second phase request was recently generated by the service. The service MAY verify that the nonce value has not been previously responded to.

Comments

-

Tests

XKISS-T6 XKISS-T8 XKISS-T10

Assertion XKMS_2_0_Paragraph_67-respmechanismphase1

Location of the assertion

XKMS Part 1, Section 2.6.1

Text from the specification

Requestor generation of the Phase 1 Request Message - ResponseMechanism value Represent MUST be specified

Comments

-

Tests

XKISS-T6 XKISS-T8 XKISS-T10

Assertion XKMS_2_0_Paragraph_78-outersuccess

Location of the assertion

XKMS Part 1, Section 2.8

Text from the specification

If the ResultMajor value of the outer response is Success the compound response SHOULD contain an inner response response element corresponding to each inner request element of the compound request. If the the ResultMajor value of the outer response is not Success the response MUST NOT contain any inner responses. If a compound response has an outer ResultMajor value Success but does not contain a response corresponding to an inner request the ResultMajor value failure is assumed for that inner request.

Comments

-

Tests

XKISS-T9 XKISS-T10 XKISS-T11 XKISS-T12

Assertion XKMS_2_0_Paragraph_86-emptyidentifier

Location of the assertion

XKMS Part 1, Section 3.1.1

Text from the specification

The scope of the signature is the entire request message (i.e. the element derrived from MessageAbstractType) and is specified using a reference to the Id attribute specified in the MessageAbstractType abstract type. The empty identifier "" MUST NOT be used.

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_86-opaqueclientdata

Location of the assertion

XKMS Part 1, Section 3.1.1

Text from the specification

Data specified by the client that is opaque to the service. An XKMS service SHOULD return the value of the <OpaqueClientData> element unmodified in a request in a response with status code Success.

Comments

-

Tests

XKISS-T15

Assertion XKMS_2_0_Paragraph_89-signvalidation

Location of the assertion

XKMS Part 1, Section 3.1.2

Text from the specification

Validation of XML Signatures MUST be done independent of any ancestral XML context of the message. This may be achieved by: Isolating the XKMS message from any 'wrapper' (eg. SOAP) before validation, or; Specifying a canonicalization algorithm, such as Exclusive XML Canonicalization, in <SignedInfo>:<CanonicalizationMethod> to exclude ancestral XML context during the validation of the message. For interoperability purposes XKMS implementations MUST support the use of Exclusive XML Canonicalization.

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_97-respmechanismpending

Location of the assertion

XKMS Part 1, Section 3.2.1

Text from the specification

If the <PendingNotification> element is present the value Pending MUST be specified as a <ResponseMechanism> value.

Comments

-

Tests

XKISS-T7 XKISS-T8 XKISS-T11 XKISS-T12

Assertion XKMS_2_0_Paragraph_103-requesteddata

Location of the assertion

XKMS Part 1, Section 3.2.3

Text from the specification

The Service SHOULD return a requested data element if it is available. The Service MAY return additional data elements that were not requested. In particular, the service MAY return data elements specified in the request with the response.

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_115-noncepresent

Location of the assertion

XKMS Part 1, Section 3.3.1

Text from the specification

If the MajorResult value has the value Represent the nonce attribute MUST be present and MUST NOT be the empty string.

Comments

-

Tests

XKISS-T6 XKISS-T8 XKISS-T10

Assertion XKMS_2_0_Paragraph_117-unpredictabledata

Location of the assertion

XKMS Part 1, Section 3.3.1

Text from the specification

Care must be taken when signing responses to ensure that the service does not provide a signing oracle, that is sign messages whose content is guessable by an attacker. Implementations MUST ensure that response messages contain a sufficient quantity of unpredictable data such as a pseudo-randomly chosen Id attribute.

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_120-resultmajorrepresent

Location of the assertion

XKMS Part 1, Section 3.3.1.1

Text from the specification

Represent - Not Final - The service has not acted on the request. In order for the request to be acted upon the request MUST be represented with the specified nonce in accordance with the two phase protocol.

Comments

-

Tests

XKISS-T6 XKISS-T8 XKISS-T10

Assertion XKMS_2_0_Paragraph_124-reqsignvalueincluded

Location of the assertion

XKMS Part 1, Section 3.3.2

Text from the specification

A service SHOULD include the <RequestSignatureValue> element in a response if the following conditions are satisfied and MUST NOT include the value otherwise: The <ds:Signature> element was present in the corresponding request The service successfully verified the <ds:Signature> element in the corresponding request, and The ResponseMechanism RequestSignatureValue was specified.

Comments

-

Tests

XKISS-T16

Assertion XKMS_2_0_Paragraph_125-reqsignvaluerejection

Location of the assertion

XKMS Part 1, Section 3.3.2

Text from the specification

If the <RequestSignatureValue> element is present in a response the requestor MUST reject the message if either: The corresponding request was not authenticated, or: The value ds:Signature/ds:SignatureValue in the request does not match the value RequestSignatureValue in the response.

Comments

-

Tests

XKISS-T17

Assertion XKMS_2_0_Paragraph_160-trustworthylocate

Location of the assertion

XKMS Part 1, Section 4.3

Text from the specification

A Location service SHOULD attempt to provide only information which is trustworthy to the best of its knowledge but does not provide any assurance that it will do so. Information obtained from a Locate service SHOULD NOT be relied upon unless it is validated.

Comments

-

Tests

XKISS-T1 XKISS-T3

Assertion XKMS_2_0_Paragraph_173-uniquestableidentifier

Location of the assertion

XKMS Part 1, Section 5.1.1

Text from the specification

Clients MUST NOT rely on the key binding identifier being either unique or stable. In the case that an XKMS service is providing an interface to an underlying PKI, clients MUST NOT rely on the service choosing key binding identifiers that are either the same as or bear a systematic relationship to the serial numbers or other identifiers of the corresponding credentials in the underlying PKI.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_176-keyusageignored

Location of the assertion

XKMS Part 1, Section 5.1.2

Text from the specification

If a key usage is specified in a KeyBinding that the cryptographic algorithm associated with the key does not support the element MUST be ignored. If a key usage is specified in a QueryKeyBinding however the key usage forms part of the criteria the service should attempt to match.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_183-discsupport

Location of the assertion

XKMS Part 1, Section 5.1.3

Text from the specification

An XKMS service SHOULD support discovery of the supported security profiles and corresponding key bindings by means of a Locate operation that specifies the XKMS application URI and the URL of the service role. Note that as with any other Locate operation the credentials returned by this mechanism SHOULD only be considered trustworthy if validated according to the trust policy of the client.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_185-ukwforward

Location of the assertion

XKMS Part 1, Section 5.1.3

Text from the specification

Applications SHOULD NOT forward <UseKeyWith> elements returned in a Locate result in a subsequent Validate query.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_192-datefullyspecified

Location of the assertion

XKMS Part 1, Section 5.1.5

Text from the specification

All dateTime values MUST fully specify the date.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_195-leapseconds

Location of the assertion

XKMS Part 1, Section 5.1.5

Text from the specification

Implementations MUST NOT generate time instances that specify leap seconds.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_206-consistentreasoncodes

Location of the assertion

XKMS Part 1, Section 5.1.7

Text from the specification

If reason codes are specifiedStatusValue attribute MUST be consistent with the reason codes specified as follows: If an <InvalidReason> code is present the StatusValue attibute MUST have the value Invalid If an <IndeterminateReason> code is present the StatusValue attibute MUST have the either the value Indeterminate or the value Invalid. If neither an <InvalidReason> nor an <IndeterminateReason> code is present the StatusValue attibute MAY have any defined value, i.e. Valid, Indeterminate or Invalid.

Comments

-

Tests

XKISS-T2 XKISS-T4 XKISS-T5

Assertion XKMS_2_0_Paragraph_259-dataobjectrevocation

Location of the assertion

XKMS Part 1, Section 6.3

Text from the specification

If an XKMS key binding is bound to a data object in an underlying PKI the revocation of the key binding SHOULD result in the revocation of the underlying data object. For example if the XKMS key binding is bound to an X.509 certificate the revocation of the key binding SHOULD result in revocation of the underlying certificate.

Comments

-

Tests

XKRSS-T5 XKRSS-T6

Assertion XKMS_2_0_Paragraph_263-keyprevescrowed

Location of the assertion

XKMS Part 1, Section 6.4

Text from the specification

A Registration service MAY support key recovery. For key recovery to be possible the private key to be recovered MUST have been previously escrowed with the recovery service, for example by means of the XKRSS registration of a server generated key.

Comments

-

Tests

XKRSS-T4

Assertion XKMS_2_0_Paragraph_264-asynchkeyrecovery

Location of the assertion

XKMS Part 1, Section 6.4

Text from the specification

Clients supporting key recovery SHOULD support asynchronous processing.

Comments

There was no specific test for this assertion as it would have had the same processing as that of other asynchronous response tests, such as the asynchronous XKRSS (Register) test, and would have become redundant.

Tests

XKRSS-T8 XKRSS-T9 XKRSS-T12

Assertion XKMS_2_0_Paragraph_271-authrequests

Location of the assertion

XKMS Part 1, Section 6.5

Text from the specification

An X-KRSS Service SHOULD ensure that all requests are authentic and authorized.

Comments

-

Tests

All XKRSS tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_276-proofofpossessionrequired

Location of the assertion

XKMS Part 1, Section 6.5

Text from the specification

Services SHOULD require that clients demonstrate Proof of Possession of the private key components of a public key if a request is made to register a valid key binding bound to that public key.

Comments

-

Tests

XKRSS-T1

Assertion XKMS_2_0_Paragraph_277-proofofpossessionforrevocation

Location of the assertion

XKMS Part 1, Section 6.5

Text from the specification

Services SHOULD accept Proof of Possession of the private key component of a public key to effect revocation of any key binding bound to that key.

Comments

-

Tests

XKRSS-T5 XKRSS-T6

Assertion XKMS_2_0_Paragraph_298-notboundauthcircumstances

Location of the assertion

XKMS Part 1, Section 7.1.5

Text from the specification

The authentication data is not securely bound to the request and thus the element [NotBoundAuthentication] MUST NOT be employed except in circumstances where the message or transport protocol provides adequate protection of both confidentiality and integrity.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_21-namespace

Location of the assertion

XKMS Part 1, Section 1.4

Text from the specification

The XML namespace [XML-ns] URI that MUST be used by implementations of this (dated) specification is: http://www.w3.org/2002/03/xkms#

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_22-internalentities

Location of the assertion

XKMS Part 1, Section 1.4

Text from the specification

While applications MUST support XML and XML namespaces, the use of internal entities [XML] or the "xkms" XML namespace prefix and defaulting/scoping conventions are OPTIONAL; we use these facilities to provide compact and readable examples.

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_330-entropy

Location of the assertion

XKMS Part 1, Section 8.1

Text from the specification

Applications MUST ensure that the limited use shared secret data contains sufficient entropy to prevent dictionary attacks.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_345-willbeacepted

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

A sender SHOULD NOT send a message unless it is known that it will be accepted by the recipient.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_353-owncredentialretrieval

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Services SHOULD support retrieval of their own credential by means of the Locate operation with the XKMS protocol URI.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_353-oneatleast

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

A conforming XKMS service MUST support at least one XKMS operation, that is there MUST be at least one possible input that results in the result Success.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_353-statusifasynchandcompound

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Services SHOULD support status operations if asynchronous processing and compound requests are also supported

Comments

-

Tests

XKISS-T11 XKRSS-T12

Assertion XKMS_2_0_Paragraph_353-accesptvalidrequests

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

A conforming XKMS service MUST accept any valid XKMS request sent to it and be capable of responding to the request with a correctly formatted XKMS result. If a service does not support an operation it MUST respond to all requests for a particular operation with the result Sender.MessageNotSupported.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_353-inmediate

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

A conforming XKMS service MUST be capable of returning an immediate response to any XKMS request.

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_353-asynchregisterreissuerecover

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Asynchronous Response for Register, Reissue, Recover: RECOMMENDED+: Processing of certain XKRSS operations may require manual intervention by an operator in certain circumstances. It is therefore recommended that clients support the use of asynchronous processing with these operations unless it is known that all requests will be serviced immediately.

Comments

-

Tests

XKRSS-T8 XKRSS-T9

Assertion XKMS_2_0_Paragraph_354-compoundoperations

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Services that support Compound Operations SHOULD support compound requests

Comments

-

Tests

XKISS-T9 XKISS-T10 XKISS-T11 XKRSS-T10 XKRSS-T11 XKRSS-T12

Assertion XKMS_2_0_Paragraph_354-pendingresponse

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

A client MAY offer asynchronous processing of Pending and Status operations however a service MUST NOT return a pending response.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_354-twophaseclientsupport

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Clients SHOULD support use of the two phase request protocol.

Comments

-

Tests

XKISS-T6 XKISS-T8 XKISS-T10

Assertion XKMS_2_0_Paragraph_354-httpservsupport

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Services MUST support the use of HTTP transport

Comments

-

Tests

Almost all tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_354-soap12servsupport

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Services MUST support the use of SOAP 1.2 encapsulation

Comments

-

Tests

XKISS-T14

Assertion XKMS_2_0_Paragraph_354-nosecuritylocate

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

No Security, Locate: REQUIRED

Comments

-

Tests

XKISS-T1 XKISS-T3

Assertion XKMS_2_0_Paragraph_354-nosecurityothers

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

No Security, Others than Locate: RECOMMENDED

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_354-payloadauth

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

Payload Authentication I & II: RECOMMENDED

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_354-tlsbinding

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

TLS Binding I, II & III: RECOMMENDED

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_354-exclcanonicalization

Location of the assertion

XKMS Part 1, Section 9

Text from the specification

If XML Signature is used, Exclusive Canonicalization MUST be supported.

Comments

-

Tests

All tests will cover this assertion.

Assertion XKMS_2_0_Paragraph_356-previousresponse

Location of the assertion

XKMS Part 1, Section 10.1

Text from the specification

Implementations SHOULD ensure that replay of a previous XKMS response is not possible.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_359-denialofserviceattackprevention

Location of the assertion

XKMS Part 1, Section 10.2

Text from the specification

XKMS Services SHOULD take measures to prevent or mitigate denial of service attacks. In particular XKMS Services SHOULD NOT perform an unlimited number of resource intensive operations unless the request comes from an authenticated source.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_362-keycompromisedbyrecovery

Location of the assertion

XKMS Part 1, Section 10.3

Text from the specification

Services SHOULD carefully assess the extent to which a recovery operation compromises a private key and apply sufficient controls such as the revocation of the underlying key binding as appropriate.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_363-minimumentropy

Location of the assertion

XKMS Part 1, Section 10.4

Text from the specification

Applications SHOULD enforce the following minimum entropy values for the shared secret: Registration of Client Generated Key The shared secret SHOULD contain a minimum of 32 bits of entropy if the service implements measures to prevent guessing of the shared secret and a minimum of 128 bits of entropy otherwise. Registration of Service Generated Key The shared secret SHOULD have a minimum of 128 bits of entropy

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_364-confidentialopaquedata

Location of the assertion

XKMS Part 1, Section 10.5

Text from the specification

Clients SHOULD NOT send confidential or privacy sensitive data to an XKMS Service as Opaque Data unless it is encrypted such that it is not disclosed to the service.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_366-authdataconfidentiality

Location of the assertion

XKMS Part 1, Section 10.6

Text from the specification

If a service supports the use of authentication using the <NotBoundAuthentication> element, controls MUST be employed to ensure the confidentiality of the authentication data and to ensure that the <NotBoundAuthentication> is bound to the request.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_368-predictedresponse

Location of the assertion

XKMS Part 1, Section 10.7

Text from the specification

XKMS services that provide signed responses SHOULD ensure that the requestor cannot solicit a predicted response, thus providing a signing oracle.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_370-privacynotification

Location of the assertion

XKMS Part 1, Section 10.8

Text from the specification

An XKMS service MAY solicit data which is subject to privacy concerns. In certain circumstances management of such data MAY be subject to government regulation, corporate policies or contractual obligations. Deployments SHOULD consider whether the information they collect is subject to such concerns and if necessary deploy a privacy notification mechanism such as P3P [P3P].

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_371-encryptioninfoprotected

Location of the assertion

XKMS Part 1, Section 10.9

Text from the specification

Implementations MUST ensure that in cases where a private key is generated by the service, the information used to encrypt the private key data is adequately protected. In particular if an authentication pass phrase exchanged out of band is used to encrypt the private key the implementation MUST ensure that the out of band communication mechanism adequately protects the confidentiality of the pass phrase.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_373-confidentialinfocompromised

Location of the assertion

XKMS Part 1, Section 10.10

Text from the specification

In certain circumstances the length of an encrypted response MAY reveal information that is useful to an attacker. For example a short message might indicate that a request was refused. Deployments SHOULD consider whether such disclosures might result in compromise of confidential information

Comments

-

Tests

ASImpNotInter

2.2 XKMS, Part 2 Assertions

Assertion XKMS_2_0_Paragraph_18-sensitiveinfo

Location of the assertion

XKMS Part 1, Section 2.1

Text from the specification

Confidentiality MAY be a requirement for an XKMS service. Deployments SHOULD consider the extent to which the content of XKMS messages reveal sensitive information. A confidentiality requirement MAY exist even if a service only provides information from public sources as the contents of a request might disclose information about the client.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_19-strongcipher

Location of the assertion

XKMS Part 2, Section 2.1

Text from the specification

A service that supports registration of server generated keys or Key Recovery MUST implement the use of XML Encryption with a strong cipher.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_20-confidentialitybyencryption

Location of the assertion

XKMS Part 2, Section 2.1

Text from the specification

An XKMS service SHOULD support Confidentiality by means of encryption.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_25-messagerequestauth

Location of the assertion

XKMS Part 2, Section 2.2

Text from the specification

An XKMS service SHOULD support Message Request Authentication.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_31-messagecorrelation

Location of the assertion

XKMS Part 2, Section 2.5

Text from the specification

An XKMS service MUST support a means of ensuring correct message correlation. That is the requestor must be assured that the response returned was made in response to the intended request sent to the service and not a modification of that request (Request Substitution attack) or a response to an earlier request (response replay attack).

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_32-responsecorrespondance

Location of the assertion

XKMS Part 2, Section 2.5

Text from the specification

In order to prevent response replay and request message substitution attacks the requestor SHOULD ensure that the response corresponds to the request.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_37-denialofserviceattackprotection

Location of the assertion

XKMS Part 2, Section 2.7

Text from the specification

An XKMS service SHOULD support protection against a Denial of Service attack.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_40-strongencryptionservergenkey

Location of the assertion

XKMS Part 2, Section 2.8

Text from the specification

If a Register service supports registration of server generated key pairs or key recovery strong encryption of the private key MUST be supported.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_40-initialregistrationauth

Location of the assertion

XKMS Part 2, Section 2.8

Text from the specification

XKMS Registration services SHOULD support the authentication of registration requests for initial registration of a key binding. Registration requests for secondary registration of previously issued credentials (i.e. a signed key binding or a digital certificate) MAY be permitted without authentication.

Comments

-

Tests

XKRSS-T1 XKRSS-T2

Assertion XKMS_2_0_Paragraph_40-initialregistrationpopverification

Location of the assertion

XKMS Part 2, Section 2.8

Text from the specification

XKMS Registration services SHOULD support the verification of Proof Of Possession in the initial registration of client generated keys.

Comments

-

Tests

XKRSS-T1

Assertion XKMS_2_0_Paragraph_41-soapmessageprotocol

Location of the assertion

XKMS Part 2, Section 3

Text from the specification

XKMS implementers should support the SOAP message protocol for interoperability. When doing do, they MUST use the binding described herein.

Comments

-

Tests

XKISS-T13 XKISS-T14

Assertion XKMS_2_0_Paragraph_42-soap12support

Location of the assertion

XKMS Part 2, Section 3

Text from the specification

XKMS 2.0 implementations MUST support the use of SOAP 1.2. For near term compatibility with existing tools and infrastructure, SOAP 1.1 MAY be used

Comments

-

Tests

XKISS-T14

Assertion XKMS_2_0_Paragraph_73-authenticatedtls

Location of the assertion

XKMS Part 2, Section 4.2

Text from the specification

When TLS is to be used in XKMS, XKMS responders MUST support server authenticated TLS.

Comments

-

Tests

ASImpNotInter

Assertion XKMS_2_0_Paragraph_73-tlsrsawith3des

Location of the assertion

XKMS Part 2, Section 4.2

Text from the specification

All XKMS clients and responders which support TLS MUST support the TLS_RSA_WITH_3DES-EDE_CBC_SHA ciphersuite. Other ciphersuites MAY be supported, but weak ciphersuites intended to meet export restrictions ("export grade") are NOT RECOMMENDED to be supported.

Comments

-

Tests

ASImpNotInter

3. XKMS Test Collection

3.1 Introduction

The Common Key Sets directory contains keys and certs to be used in the tests. Keys are in "OpenSSL" format and are all password encrypted using the string secret:

For this interoperability testing purposes, it was agreed that for asynchronous processing the completion of a pending message could be triggered by a Status Request from the client. Hence, asynchronous scenarios include Status Requests to be consistent with that.

In the tests where it is applicable, the symmetric encryption algorithm used will be tripleDES.

The client will include a UseKeyWith for "rfc2459", providing an X.509 distinguished name there, when it is necessary.

Key derivation is performed according to Section 8.1 of the specification, when it is necessary.

3.2 Tests

Test:XKISS-T1

Locate - Description:

A client wishes to obtain an encryption key bound to bob@example.com, so it can be able to send an encrypted mail to Bob. The client secure email format is S/MIME. The processing mode is synchronous. The resulting set of messages will consist of a Locate Request to the server and the Locate Result returned.

Messages:

Message Request

<xkmsmsg><?xml version="1.0" encoding="utf-8"?>
<LocateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#">
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
</LocateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#">
  <UnverifiedKeyBinding Id="...">
    <ds:KeyInfo>
    <ds:KeyName>...</ds:KeyName>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>...</ds:Modulus>
          <ds:Exponent>...</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </UnverifiedKeyBinding>
</LocateResult>

Test:XKISS-T2

Validate - Description:

A client wishes to check whether a certificate supplied by a sender (Alice) in a message is valid or not, so he sends the certificate chain to the XKMS service. The processing mode is synchronous. The certificate is valid and it has not been revoked. The resulting set of messages will consist of a Validate Request to the server and the Validate Result returned reporting that the key binding has successfully been checked.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<ValidateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
  </QueryKeyBinding>
</ValidateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<ValidateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#">
  <KeyBinding Id="...">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
    <Status StatusValue="http://www.w3.org/2002/03/xkms#Valid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</ValidReason>
    </Status>
  </KeyBinding>
</ValidateResult>

Test:XKISS-T3

Locate not found - Description:

In a similar scenario to XKISS-T1, a client wishes to obtain a key bound to bob2@example.com, but the server cannot locate a key for that user. The resulting set of messages will consist of a Locate Request to the server and the Locate Result returned.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<LocateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#">
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob2@example.com" />
  </QueryKeyBinding>
</LocateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." RequestId="..."
      ResultMajor="http://www.w3.org/2002/03/xkms#Success" ResultMinor="NoMatch"
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Test:XKISS-T4

Validate an expired cert - Description:

In a similar scenario to XKISS-T2, a client wishes to check whether a certificate supplied by a sender (Eric) in a message is valid or not, so he sends the certificate chain to the XKMS service. The processing mode is synchronous. The certificate is not valid because it has expired. The resulting set of messages will consist of a Validate Request and a Validate Result.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<ValidateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
  </QueryKeyBinding>
</ValidateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<ValidateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#">
  <KeyBinding Id="...">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
    <Status StatusValue="http://www.w3.org/2002/03/xkms#Invalid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <InvalidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</InvalidReason>
    </Status>
  </KeyBinding>
</ValidateResult>

Test:XKISS-T5

Validate a revoked cert - Description:

In a similar scenario to XKISS-T2, a client wishes to check whether a certificate supplied by a sender (Ralph) in a message is valid or not, so he sends the certificate chain to the XKMS service. The processing mode is synchronous. The certificate is not valid because it has been revoked. The resulting set of messages will consist of a Validate Request and a Validate Result.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<ValidateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="ralph@example.com" />
  </QueryKeyBinding>
</ValidateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<ValidateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#">
  <KeyBinding Id="...">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="ralph@example.com" />
    <Status StatusValue="http://www.w3.org/2002/03/xkms#Invalid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</ValidReason>
      <InvalidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</InvalidReason>
    </Status>
  </KeyBinding>
</ValidateResult>

Test:XKISS-T6

Two Phase - Description:

A client wishes to obtain an encryption key bound to bob@example.com, so it can be able to send an encrypted mail to Bob. The client secure email format is S/MIME. The processing mode is Two Phase. The resulting set of messages will consist of two Locate Requests to the server and two Locate Results returned.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<LocateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#">
  <ResponseMechanism>http://www.w3.org/2002/03/xkms#Represent</ResponseMechanism>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
</LocateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult Id="..." Service="..." Nonce="..."
      ResultMajor="http://www.w3.org/2002/03/xkms#Represent" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<LocateRequest Id="..." Service="..." Nonce="..." OriginalRequestId="..."
               xmlns="http://www.w3.org/2002/03/xkms#">
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
</LocateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#">
  <UnverifiedKeyBinding Id="...">
    <ds:KeyInfo>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>...</ds:Modulus>
          <ds:Exponent>...</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </UnverifiedKeyBinding>
</LocateResult>

Test:XKISS-T7

Asynchronous - Description:

A client wishes to obtain an encryption key bound to bob@example.com. The client secure email format is S/MIME. The processing mode is asynchronous. The resulting set of messages will consist of two Locate Requests to the server and two Locate Responses returned. The server will notify by email when is it ready to receive the Pending Request. The resulting set of messages will consist of at least six messages: An initial Locate Request and Locate Result; One or more Status requests and responses, with the last Status Result stating the Success; a Pending Request and a final Locate Result.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<LocateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#">
  <ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</ResponseMechanism>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
</LocateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Pending" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<StatusRequest Id="..." Service="..." OriginalRequestId="..."  ResponseId=""
xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<StatusResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Pending" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<StatusRequest Id="..." Service="..." OriginalRequestId="..."  ResponseId=""
xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<StatusResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<PendingRequest Id="..." Service="..." OriginalRequestId="..."  ResponseId=""
xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#">
  <UnverifiedKeyBinding Id="...">
    <ds:KeyInfo>
    <ds:KeyName>...</ds:KeyName>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>...</ds:Modulus>
          <ds:Exponent>...</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </UnverifiedKeyBinding>
</LocateResult>

Test:XKISS-T8

Two Phase + Asynchronous - Description:

A client wishes to obtain an encryption key bound to bob@example.com. The client secure email format is S/MIME. The processing mode is Two Phase Protocol with Asynchronous Processing. The resulting set of messages will consist of at least eight messages: two Locate Requests to the server and two Locate Responses returned, corresponding to the Two Phase protocol, then at least a Status Request-Response pair and finally a Pending Request and the final Locate Result.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<LocateRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#">
  <ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</ResponseMechanism>
  <ResponseMechanism>http://www.w3.org/2002/03/xkms#Represent</ResponseMechanism>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
</LocateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult Id="..." Service="..." Nonce="..."
      ResultMajor="http://www.w3.org/2002/03/xkms#Represent" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<LocateRequest Id="..." Service="..." Nonce="..." OriginalRequestId="..."
               xmlns="http://www.w3.org/2002/03/xkms#">
  <ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</ResponseMechanism>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
</LocateRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Pending" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<StatusRequest Id="..." Service="..." OriginalRequestId="..."  ResponseId=""
xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<StatusResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Pending" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<StatusRequest Id="..." Service="..." OriginalRequestId="..."  ResponseId=""
xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<StatusResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<PendingRequest Id="..." Service="..." OriginalRequestId="..."  ResponseId=""
                Nonce="..." xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<LocateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#">
  <UnverifiedKeyBinding Id="...">
    <ds:KeyInfo>
    <ds:KeyName>...</ds:KeyName>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>...</ds:Modulus>
          <ds:Exponent>...</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </UnverifiedKeyBinding>
</LocateResult>

Test:XKISS-T9

Compound - Description:

A client wishes to make a locate and two validate requests simultaneously. The processing mode is synchronous. The locate and validate requests that will be made correspond to the tests XKISS-T1, XKISS-T2 and XKISS-T4. The resulting set of messages will consist of an outer Compound Request with three inner requests and an outer Compound Result with three inner results.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<CompoundRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <LocateRequest Id="..." Service="...">
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
 </LocateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
</CompoundRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<CompoundResult Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <LocateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="...">
  <UnverifiedKeyBinding Id="...">
    <ds:KeyInfo>
    <ds:KeyName>...</ds:KeyName>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>...</ds:Modulus>
          <ds:Exponent>...</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </UnverifiedKeyBinding>
 </LocateResult>
 <ValidateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="...">
  <KeyBinding Id="...">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
    <Status StatusValue="http://www.w3.org/2002/03/xkms#Valid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</ValidReason>
    </Status>
  </KeyBinding>
 </ValidateResult>
 <ValidateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="...">
  <KeyBinding Id="...">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
    <Status StatusValue="http://www.w3.org/2002/03/xkms#Invalid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <InvalidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</InvalidReason>
    </Status>
  </KeyBinding>
 </ValidateResult>
</CompoundResult>

Test:XKISS-T10

Two Phase Compound - Description:

A client wishes to make a locate and two validate requests simultaneously. The processing mode is Two Phase Protocol. The locate and validate requests that will be made correspond to the tests XKISS-T1, XKISS-T2 and XKISS-T4. The resulting set of messages will consist of two outer Compound Request with three inner requests and two Compound Results, the first without inner results and the second containing three.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<CompoundRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ResponseMechanism>http://www.w3.org/2002/03/xkms#Represent</ResponseMechanism>
 <LocateRequest Id="..." Service="...">
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
 </LocateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
</CompoundRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<CompoundResult Id="..." Service="..." Nonce="..."
      ResultMajor="http://www.w3.org/2002/03/xkms#Represent" RequestId="..."
      xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<CompoundRequest Id="..." Service="..." Nonce="..." OriginalRequestId="..."
             xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <LocateRequest Id="..." Service="...">
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
 </LocateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
</CompoundRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<CompoundResult Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <LocateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="...">
  <UnverifiedKeyBinding Id="...">
    <ds:KeyInfo>
    <ds:KeyName>...</ds:KeyName>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>...</ds:Modulus>
          <ds:Exponent>...</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </UnverifiedKeyBinding>
 </LocateResult>
 <ValidateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="...">
  <KeyBinding Id="...">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
    <Status StatusValue="http://www.w3.org/2002/03/xkms#Valid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</ValidReason>
    </Status>
  </KeyBinding>
 </ValidateResult>
 <ValidateResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Success" RequestId="...">
  <KeyBinding Id="...">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
    <Status StatusValue="http://www.w3.org/2002/03/xkms#Invalid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <InvalidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</InvalidReason>
    </Status>
  </KeyBinding>
 </ValidateResult>
</CompoundResult>

Test:XKISS-T11

Asynchronous Compound - Description:

A client wishes to make a locate and two validate requests simultaneously. The processing mode is asynchronous. The locate and validate requests that will be made correspond to the tests XKISS-T1, XKISS-T2 and XKISS-T4. The client will send a Status Request after receiving the notification of the Locate message but when the validate messages are still pending. The resulting set of messages will consist of at least six messages: an initial outer Compound Request with three inner requests and the initial Compound Result; at least a Status Request-Result pair; a Pending Request and the final Compound Result with three inner results.

Messages:

Message Request

<?xml version="1.0" encoding="utf-8"?>
<CompoundRequest Id="..." Service="..." xmlns="http://www.w3.org/2002/03/xkms#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</ResponseMechanism>
 <LocateRequest Id="..." Service="...">
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyName</RespondWith>
  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@example.com" />
  </QueryKeyBinding>
 </LocateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
 <ValidateRequest Id="..." Service="...">
  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>...</ds:X509Certificate>
        <ds:X509Certificate>...</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="eric@example.com" />
  </QueryKeyBinding>
 </ValidateRequest>
</CompoundRequest>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<CompoundResult Id="..." Service="..." ResultMajor="http://www.w3.org/2002/03/xkms#Pending"
                         RequestId="..." xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Request

<?xml version="1.0" encoding="utf-8"?>
<StatusRequest Id="..." Service="..." OriginalRequestId="..."  ResponseId=""
xmlns="http://www.w3.org/2002/03/xkms#"/>

Message Response

<?xml version="1.0" encoding="utf-8"?>
<StatusResult Id="..." Service="..." ResultMajor="http://www.w3