W3C XKMS WG Home

Final Results of Questionnaire XKMS CR TEST-SUITE REPORT

This questionnaire was open from 2004-09-14 to 2005-01-28 and was available as a wbs online form.

Seven client developers and four XKMS servers participated in the interoperabiltiy event.

I. General Information

I1: Company / organization

Details

Responder
Alvaro Guillermo Trinity College Dublin
Tommy Lindberg Markup Security (http://markupsecurity.com)
Roland Lockhart Entrust Inc.
Vamsi Motukuru Oracle Corporation
Berin Lautenbach Apache Software Foundation ( http://www.apache.org )
Rich Salz DataPower Technology, Inc.
http://www.datapower.com
Yunhao Zhang SQLData Systems

I2: Representative's name (who is answering this form)

Details

Responder
Alvaro Guillermo Guillermo Alvaro
Tommy Lindberg Tommy Lindberg
Roland Lockhart Roland Lockhart
Vamsi Motukuru Vamsi Motukuru

Berin Lautenbach Berin Lautenbach
Rich Salz Rich Salz
rsalz@datapower.com
Yunhao Zhang Yunhao Zhang

I3: Implementation name (please precise a URL if available)

Details

Responder
Alvaro Guillermo
Tommy Lindberg Markup Security XKMS (http://markupsecurity.com/info/xkms)
Roland Lockhart Entrust XKMS Test Client
Vamsi Motukuru Oracle Security Developer Tools
http://www.oracle.com/technology/products/id_mgmt/osdt/index.html
Berin Lautenbach XML Security C++ Library ( http://xml.apache.org/security/c/index.html )
Rich Salz DataPower XS-40
Yunhao Zhang SQLData XKMS Server 2.0 (http://sqldata.com/xkms.htm)

I4: Implementation version (which version was used for this testing)

Details

Responder
Alvaro Guillermo 1.0
Tommy Lindberg beta
Roland Lockhart 1.0
Vamsi Motukuru 10gR2
http://www.oracle.com/technology/products/id_mgmt/osdt/index.html
Berin Lautenbach Pre release of Version 1.2 - CO from public CVS
Rich Salz Release 3.x
Yunhao Zhang 2.0

I5: Spec Version/Comment

Details

Responder
Alvaro Guillermo XKMS 2.0
Tommy Lindberg XKMS 2.0 - "http://www.w3.org/2002/03/xkms#"
Roland Lockhart XKMS 2.0
Vamsi Motukuru XKMS Version 2.0 - "http://www.w3.org/2002/03/xkms#"
Berin Lautenbach XKMS Version - "http://www.w3.org/2002/03/xkms#"
Rich Salz XKMS 2.0
Yunhao Zhang XKMS Version - "http://www.w3.org/2002/03/xkms#"

II. Test-suite implementation report

You should indicate in your answers against which server you did your tests. The following four servers are available:

N.B. The survey widget has some limitations. It's legend should be interpreted as follows:

1 Failure, 2 Non applicable, 3 Cannot tell, 4 Not tested, 5 Success

XKISS-T1: Locate

A client wishes to obtain an encryption key bound to bob@example.com, so it can be able to send an encrypted mail to Bob. The client secure email format is S/MIME. The processing mode is synchronous. The resulting set of messages will consist of a Locate Request to the server and the Locate Result returned.

Test suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 4 1
Entrust 1 3 3
SQL Data 2 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion Locate operation successfully tested.

* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5 Using SOAP 1.2 for SQL Data
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 1 5 No opinion
Rich Salz 4 4 4
Yunhao Zhang 5 No opinion No opinion No opinion Successful when a DN is used for the KeyName.Only SOAP bindings were tested.

XKISS-T2: Validate

A client wishes to check whether a certificate supplied by a sender (Alice) in a message is valid or not, so he sends the certificate chain to the XKMS service. The processing mode is synchronous. The certificate is valid and it has not been revoked. The resulting set of messages will consist of a Validate Request to the server and the Validate Result returned reporting that the key binding has successfully been checked.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 6 1
Entrust 2 4 1
SQL Data 1 5 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 5 5 No opinion Validate operation successfully tested.

* Soap1.1 used to communicate with Entrust's server.
* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5 Using SOAP 1.2 for SQL Data
Roland Lockhart 5 4 4 Used SOAP 1.1
Vamsi Motukuru 5 5 5 No opinion
Berin Lautenbach 5 5 5 No opinion Used SOAP 1.1 For Entrust
Rich Salz 5 5 5
Yunhao Zhang 5 No opinion No opinion No opinion Tested using SOAP bindings.

XKISS-T3: Locate - not found

In a similar scenario to XKISS-T1, a client wishes to obtain a key bound to bob2@example.com, but the server cannot locate a key for that user. The resulting set of messages will consist of a Locate Request to the server and the Locate Result returned.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 4 1
Entrust 1 3 3
SQL Data 2 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion "Unsuccessful Locate" operation successfully tested.

* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5 Using SOAP 1.2 for SQL Data
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 1 5 No opinion
Rich Salz 4 4 4
Yunhao Zhang 5 No opinion No opinion No opinion Tested using SOAP bindings.

XKISS-T4: Validate an expired cert

In a similar scenario to XKISS-T2, a client wishes to check whether a certificate supplied by a sender (Eric) in a message is valid or not, so he sends the certificate chain to the XKMS service. The processing mode is synchronous. The certificate is not valid because it has expired. The resulting set of messages will consist of a Validate Request and a Validate Result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 5 1
Entrust 3 3 1
SQL Data 2 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 5 5 No opinion Validate over an expired cert operation successfully tested.

* Soap1.1 used to communicate with Entrust's server.
* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5 Using SOAP 1.2 for SQL Data
Roland Lockhart 5 4 4 Used SOAP 1.1
Vamsi Motukuru 5 5 5 No opinion
Berin Lautenbach 5 5 5 No opinion Used SOAP 1.1 For Entrust
Rich Salz 4 4 4
Yunhao Zhang 5 No opinion No opinion No opinion Tested only SOAP bindings.

XKISS-T5: Validate a revoked cert

In a similar scenario to XKISS-T2, a client wishes to check whether a certificate supplied by a sender (Ralph) in a message is valid or not, so he sends the certificate chain to the XKMS service. The processing mode is synchronous. The certificate is not valid because it has been revoked. The resulting set of messages will consist of a Validate Request and a Validate Result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 5 1
Entrust 3 3 1
SQL Data 2 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 5 5 No opinion Validate over a revoked cert operation successfully tested.

* Soap1.1 used to communicate with Entrust's server.
* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5 Using SOAP 1.2 for SQL Data
Roland Lockhart 5 4 4 Used SOAP 1.1
Vamsi Motukuru 5 5 5 No opinion
Berin Lautenbach 5 5 5 No opinion Used SOAP 1.1 For Entrust
Rich Salz 4 4 4
Yunhao Zhang 5 No opinion No opinion No opinion Tested only SOAP Bindings

XKISS-T6: Two Phase

A client wishes to obtain an encryption key bound to bob@example.com, so it can be able to send an encrypted mail to Bob. The client secure email format is S/MIME. The processing mode is Two Phase. The resulting set of messages will consist of two Locate Requests to the server and two Locate Results returned.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 1 4 1
Entrust 1 1 2 3
SQL Data 1 1 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion Two Phase operation successfully tested.

* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 3 5 No opinion Used SOAP 1.1 For Entrust - but returned immediately
Rich Salz 2 2 2
Yunhao Zhang 5 No opinion No opinion No opinion Successfully tested when the correct DN is used for the TL server.

XKISS-T7: Asynchronous

A client wishes to obtain an encryption key bound to bob@example.com. The client secure email format is S/MIME. The processing mode is asynchronous. The resulting set of messages will consist of two Locate Requests to the server and two Locate Responses returned. The server will notify by email when is it ready to receive the Pending Request. The resulting set of messages will consist of at least six messages: An initial Locate Request and Locate Result; One or more Status requests and responses, with the last Status Result stating the Success; a Pending Request and a final Locate Result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 1 4 1
Entrust 1 2 4
SQL Data 1 1 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion Asynchronous operation successfully tested.

* The first Status request/response pair was not performed with SQL Data's server as the operation had already been completed.
* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 5 No opinion
Rich Salz 2 2 2
Yunhao Zhang 5 No opinion No opinion No opinion The SQLData server processes asynchronous request immediately, only one status request was issued.

XKISS-T8: Two Phase + Asynchronous

A client wishes to obtain an encryption key bound to bob@example.com. The client secure email format is S/MIME. The processing mode is Two Phase Protocol with Asynchronous Processing. The resulting set of messages will consist of at least eight messages: two Locate Requests to the server and two Locate Responses returned, corresponding to the Two Phase protocol, then at least a Status Request-Response pair and finally a Pending Request and the final Locate Result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 1 4 1
Entrust 1 2 4
SQL Data 1 2 3 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion Two Phase and Asynchronous operation successfully tested.

* Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 4 No opinion
Rich Salz 2 2 2
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T9: Compound

A client wishes to make a locate and two validate requests simultaneously. The processing mode is synchronous. The locate and validate requests that will be made correspond to the tests XKISS-T1, XKISS-T2 and XKISS-T4. The resulting set of messages will consist of an outer Compound Request with three inner requests and an outer Compound Result with three inner results.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 1 4 1
Entrust 1 2 4
SQL Data 1 1 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion * Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 5 No opinion
Rich Salz 2 2 2
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T10: Two Phase Compound

A client wishes to make a locate and two validate requests simultaneously. The processing mode is Two Phase Protocol. The locate and validate requests that will be made correspond to the tests XKISS-T1, XKISS-T2 and XKISS-T4. The resulting set of messages will consist of two outer Compound Request with three inner requests and two Compound Results. the first without inner results and the second containing three.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 1 4 1
Entrust 1 2 4
SQL Data 1 1 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion * Soap1.2 used to communicate with SQL Data's server.
Tommy Lindberg No opinion 4 5 5
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 5 No opinion
Rich Salz 2 2 2
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T11: Asynchronous Compound

A client wishes to make a locate and two validate requests simultaneously. The processing mode is asynchronous. The locate and validate requests that will be made correspond to the tests XKISS-T1, XKISS-T2 and XKISS-T4. The client will send a Status Request after receiving the notification of the Locate message but when the validate messages are still pending. The resulting set of messages will consist of at least six messages: an initial outer Compound Request with three inner requests and the initial Compound Result; at least a Status Request-Result pair; a Pending Request and the final Compound Result with three inner results.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 2 3 1
Entrust 1 2 4
SQL Data 1 2 3 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion * Soap1.2 used to communicate with SQL Data's server.
* The Status Req/Res pair was performed after the operation had been completed.
Tommy Lindberg No opinion 4 5 4
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 4 No opinion 4 No opinion
Rich Salz 2 2 2
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T12: Compound with inner asynchronous requests

A client wishes to make a locate and two validate requests simultaneously. The processing mode for the compound message is synchronous. The locate and validate requests that will be made correspond to the tests XKISS-T1, XKISS-T2 and XKISS-T4. The inner Locate Request will be made synchronously and the Validate requests asynchronously. The resulting set of messages will consist of at least ten messages: an initial outer Compound Request with three inner requests and the initial Compound Result with three inner results; at least two Status request-response pairs and two Pending requests and two Validate results.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 2 2 2
Entrust 1 2 4
SQL Data 1 1 2 2 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 3 No opinion Inner aysnchronous requests are processed synchronously.
Berin Lautenbach 4 No opinion 4 No opinion
Rich Salz 2 2 2
Yunhao Zhang No opinion No opinion No opinion No opinion

XKISS-T13: Soap 1.1

The same scenario as XKISS-T1 but with the messages wrapped in SOAP 1.1 envelopes.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 1 5 1
Entrust 2 3 2
SQL Data 1 4 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion No opinion No opinion Operation over Soap1.1 successfully tested.
Tommy Lindberg No opinion 4 5 5 Used T2 instead of T1 with Entrust.
Roland Lockhart 4 4 4
Vamsi Motukuru 5 5 5 No opinion
Berin Lautenbach 5 5 5 No opinion Used ValidateRequest for Entrust
Rich Salz 5 5 5
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T14: Soap 1.2

The same scenario as XKISS-T1 but with the messages wrapped in SOAP 1.2 envelopes.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 4 1
Entrust 1 3 3
SQL Data 2 4 1
ASF-XKMS 1 4

Averages:

Choices All responders:
TL Server 4.67
Entrust 3.25
SQL Data 4.67
ASF-XKMS 5.00

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion Operation over Soap1.2 successfully tested.
Tommy Lindberg No opinion 4 5 5
Roland Lockhart 4 4 4
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 1 5 No opinion
Rich Salz 4 4 4
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T15: Opaque Client Data

Similar to XKISS-T2 but with OpaqueClientData) A client wishes to check whether a certificate supplied by a sender (Alice) in a message is valid or not, so he sends the certificate chain to the XKMS service. The client adds two instances of randomly generated OpaqueData to the request. The processing mode is synchronous. The certificate is valid and it has not been revoked. The resulting set of messages will consist of a Validate Request to the server and the Validate Result returned reporting that the key binding has successfully been checked. The OpaqueClientData in the result is identical to the one included in the request.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 4 1
Entrust 1 4
SQL Data 4 1
ASF-XKMS 1 4

Averages:

Choices All responders:
TL Server 5.00
Entrust 4.00
SQL Data 5.00
ASF-XKMS 5.00

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 5
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 5 No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T16: Request Signature Value

(Similar to XKISS-T2 but the request is signed and the client requests return of request signature value) A client wishes to check whether a certificate supplied by a sender (Alice) in a message is valid or not, so he sends the certificate chain to the XKMS service. The client signs the request with Bob's key and includes the corresponding verification key in the request. The client indicates through the ResponseMechanism element that he is prepared to receive the request signature value bytes in the result. The processing mode is synchronous. The certificate is valid and it has not been revoked. The resulting set of messages will consist of a Validate Request to the server and the Validate Result returned reporting that the key binding has successfully been checked. In addition, the request signature bytes match those returned in the RequestSignatureValue element of the result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 4 1
Entrust 1 4
SQL Data 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 5
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 5 No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKISS-T17: Unsuccessful Request Signature Value

(Similar to XKRSS-T16 but incorrect verification key is supplied) A client wishes to check whether a certificate supplied by a sender (Alice) in a message is valid or not, so he sends the certificate chain to the XKMS service. The client signs the request with a key not known by the service. The client indicates through the ResponseMechanism element that he is prepared to receive the request signature value bytes in the result. The processing mode is synchronous. The result indicates a non successful outcome with a minor result code of NoAuthentication and the RequestSignatureValue is not present.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 4 1
ASF-XKMS 1 4

Averages:

Choices All responders:
TL Server 5.00
Entrust 4.00
SQL Data 5.00
ASF-XKMS 5.00

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 5
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 5 No opinion
Rich Salz
Yunhao Zhang No opinion No opinion No opinion No opinion

XKISS-T18: Response Limit

(Similar to XKISS-T1 but with a response limit indication) Mandy is known to have 10 encryption keypairs for use with S/MIME style e-mail all of which are bound to mandy@example.com. A client wishes to obtain no more than 5 of these keys. The processing mode is synchronous. The resulting set of messages will consist of a Locate Request to the server and the Locate Result returned. The minor result code has the TooManyResponses to indicate that more bindings than the requested 5 were found. If the major result indicates Success then the result contains no more than 5 key bindings. If the major result code indicates Receiver then the result does not contain any key bindings.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 4 1
Entrust 1 4
SQL Data 4 1
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 5 In the case of SQLData, 5 bindings are returned with the same key. I guess this is a question of how the DB is populated (same key ten times as opposed to ten distinct keys) which is why I mark this test as successful.
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach 5 No opinion 5 No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T1: Register Client Generated Key

A client wishes to register an RSA key pair bound to his email address. He generates an RSA key pair and sends a registration request to the XKMS service provider using a shared secret: "secret", for key binding authentication. The processing mode is synchronous, and the client provides an X.509 distinguished name in a UseKeyWith for "rfc2459". The response message indicates a successful key binding and there is an X.509 certificate in the key binding.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T2: Register Service Generated Key

A client wishes to register a key generated by the XKMS server. He sends a registration request to the XKMS service provider using a shared secret: "secret", for key binding authentication. The processing mode is synchronous, and the key is to be used with an email address. The XKMS server returns an RSA key pair with encrypted private key. The resulting set of messages will consist of two messages: a Register request and a Register response.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T3: Reissue

A client wishes to get a new X.509 certificate. He sends a Reissue request to the XKMS service. The key is specified in the payload either with a key value or with the old cert. The shared secret is "secret", and the processing mode is synchronous. The XKMS server returns a new certificate with new validity interval in the response message, and the status of the key binding is valid. The resulting set of messages will consist of four messages: an initial Register request/response pair and a Reissue request/response pair.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T4: Recover

A client wishes to recover his private key which he has forgotten. He specifies the authorization code "secret" for the key recovery operation, and an indeterminate key binding to his public key. The processing mode is synchronous. The XKMS server returns the encrypted private key. The resulting set of messages will consist of four messages: an initial Register request/response pair and a Recover request/response pair.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T5: Revoke

A client wishes to revoke a compromised key binding. The key was registered with a revocation pass phrase. The processing mode is synchronous. The revocation result is successful and the result key binding is invalid. The resulting set of messages will consist of four messages: an initial Register request/response pair and a Revoke request/response pair.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T6: Revoke with shared secret

A client wishes to revoke a compromised key binding. He uses the authorization code "secret" for the key revocation operation. The processing mode is synchronous. The revocation result is successful and the result key binding is invalid. The resulting set of messages will consist of four messages: an initial Register request/response pair and a Revoke request/response pair.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T7: Two Phase

(Similar to XKRSS-T2 but Two Phase)

A client wishes to register a key generated by the XKMS server. He sends a registration request to the XKMS service provider using a shared secret: "secret", for key binding authentication. The processing mode is two phase, and the key is to be used with an email address. The XKMS server returns an RSA key pair with encrypted private key. The resulting set of messages will consist of two Register Requests to the server and two Register Results returned.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T8: Asynchronous

(Similar to XKRSS-T2 but Asynchronous

A client wishes to register a key generated by the XKMS server. He sends a registration request to the XKMS service provider using a shared secret: "secret", for key binding authentication. The processing mode is asynchronous, and the key is to be used with an email address. The XKMS server returns an RSA key pair with encrypted private key. The client will also send at least a Status Request. The resulting set of messages will consist of at least six messages: An initial Register request/response pair, at least a Status request/response pair, a Pending request and a final Register result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T9: Asynchronous + Two Phase

(Similar to XKRSS-T2 but Asynchronous + Two Phase

A client wishes to register a key generated by the XKMS server. He sends a registration request to the XKMS service provider using a shared secret: "secret", for key binding authentication. The processing mode is asynchronous, and the key is to be used with an email address. The XKMS server returns an RSA key pair with encrypted private key. The client will also send at least a Status Request. The resulting set of messages will consist of at least eight messages: two Register request/response pairs, corresponding to the Two Phase protocol, then at least a Status request/response pair and then a Pending request and the final Register result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T10: Compound

A client wishes to make two registration requests simultaneously. The processing mode is synchronous. The registration requests that will be made correspond to the tests XKRSS-T1 and XKRSS-T2. The resulting set of messages will consist of an outer Compound Request with two inner requests and an outer Compound Result with two inner results.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T11: Two Phase Compound

A client wishes to make two registration requests simultaneously. The processing mode is two phase. The registration requests that will be made correspond to the tests XKRSS-T1 and XKRSS-T2. The resulting set of messages will consist of two outer Compound Request with two inner requests and two Compound Results, the first without inner results and the second containing two.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T12: Asynchronous Compound

A client wishes to make two registration requests simultaneously. The processing mode is asynchronous. The registration requests that will be made correspond to the tests XKRSS-T1 and XKRSS-T2. The client will send first a Status Request. The resulting set of messages will consist of at least six messages: an initial outer Compound Request with two inner requests and the initial Compound Result; at least a Status Request and a Status Result; a Pending Request and the final Compound Result with two inner results.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

XKRSS-T13: Compound with inner asynchronous requests

A client wishes to make two registration requests simultaneously. The processing mode for the compound message is synchronous. The registration requests that will be made correspond to the tests XKRSS-T1 and XKRSS-T2. The inner client-generated RegisterRequest will be made synchronously and the inner server-generated client request asynchronously. The client will send first at least a Status Request for the inner asynchronous operation. The resulting set of messages will consist of at least six messages: an initial outer Compound Request with two inner requests and the initial Compound Result with two inner results; at least a Status request-response pair and a Pending request and a Register result.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 3
Entrust 1 4
SQL Data 1 2 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 3 No opinion Inner aysnchronous requests are processed synchronously.
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang No opinion No opinion No opinion No opinion

XKRSS-T14: Unsuccessful authorization

(Similar to XKRSS-T2 but with a wrong shared secret)

A client wishes to register a key generated by the XKMS server. He sends a registration request to the XKMS service provider using a wrong shared secret: "notsecret", for key binding authentication. The processing mode is synchronous, and the key is to be used with an email address. The resulting set of messages will consist of two messages: a Register request and a Resister response, with a minor result code of NoAuthentication.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 3 2
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang 5 No opinion No opinion No opinion

Compound-T1: XKISS and XKRSS

A client wishes to make a validate and a registration requests simultaneously. The processing mode is synchronous. The validate request that will be made correspond to the test XKISS-T2 and the registration one to the test XKRSS-T2. The resulting set of messages will consist of an outer Compound Request with two inner requests and an outer Compound Result with two inner results.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 3
Entrust 1 4
SQL Data 3 2
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion 5 No opinion
Tommy Lindberg No opinion 4 5 4
Roland Lockhart
Vamsi Motukuru 5 No opinion 5 No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang No opinion No opinion No opinion No opinion

Optional-T1: Authentication with Private Key

(Similar to XKRSS-T2 but authenticating with private key instead of shared secret)

A client wishes to register a key generated by the XKMS server using a private key for key binding authentication. First he registers a key as in XKRSS-T2 and then he sends another registration request to the XKMS service provider using the private key received in the previous registration operation for key binding authentication. The processing mode is synchronous, and the key is to be used with an email address. The XKMS server returns an RSA key pair with encrypted private key. The resulting set of messages will consist of four messages: two Register request/response pairs.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 3
Entrust 1 4
SQL Data 1 4
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion No opinion No opinion
Tommy Lindberg No opinion 4 4 4
Roland Lockhart
Vamsi Motukuru 5 No opinion No opinion No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang No opinion No opinion No opinion No opinion

Optional-T2: Authentication with NotBoundAuthentication

(Similar to XKRSS-T2 but authenticating with not bound authentication)

A client wishes to register a key generated by the XKMS server. He sends a registration request to the XKMS service provider using a Not Bound Authentication (Protocol: "http://www.example.com/foo/protocol", Value: encoded "secret"), for key binding authentication. The processing mode is synchronous, and the key is to be used with an email address. The XKMS server returns an RSA key pair with encrypted private key. The resulting set of messages will consist of two messages: a Register request and a Resister response.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 3
Entrust 1 4
SQL Data 1 4
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion No opinion No opinion
Tommy Lindberg No opinion 4 4 4
Roland Lockhart
Vamsi Motukuru 5 No opinion No opinion No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang No opinion No opinion No opinion No opinion

Optional-T3: Validate with RetrievalMethod

(Similar to XKRSS-T2 but with a RetrievalMethod)

A client wishes to validate a certificate located at a network location http://62.77.172.83:4080/certs/rsa-alice-at-example-cert.der as indicated by a certificate holder (Alice). He sends a request specifying a RetrievalMethod to the XKMS service. The certificate encoding type is http://www.w3.org/2000/09/xmldsig#rawX509Certificate indicating a DER encoded certificate object. The processing mode is synchronous. The certificate is valid and it has not been revoked. The resulting set of messages will consist of a Validate Request to the server and the Validate Result returned reporting that the key binding has successfully been checked.

Test-suite reference

Summary

(The results on your answers are bolded)

Choice All responders
1 2 3 4 5 No opinion
TL Server 2 3
Entrust 1 4
SQL Data 1 4
ASF-XKMS 1 4

Details

Responder TL Server Entrust SQL Data ASF-XKMS Comments
Alvaro Guillermo 5 No opinion No opinion No opinion
Tommy Lindberg No opinion 4 4 4
Roland Lockhart
Vamsi Motukuru 5 No opinion No opinion No opinion
Berin Lautenbach No opinion No opinion No opinion No opinion
Rich Salz
Yunhao Zhang No opinion No opinion No opinion No opinion

Completed and maintained by Dominique Hazaël-Massieux (dom@w3.org) on an original design by Michael Sperberg-McQueen $Id: showv.php3,v 1.63 2005/01/17 09:32:14 dom Exp $. Please send bug reports and request for enhancements to dom@w3.org with w3t-sys@w3.org copied (if your mail client supports it, send mail directly to the right persons)