- asynchronous exchange
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
An exchange where the synchronous service response is incomplete, requiring the client to perform a subsequent request at some later time. When client registration requires time consuming checks it is more practical for a client to return at a later time for a completed response, for example. For XML Key Management all requests producing asynchronous results MUST produce a synchronous response status indicating an incomplete response, such as "Pending", for example. Such responses might also provide a URL for the client to check back to obtain the complete response at a later time.
- client
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
An application that makes requests of a service. The concept of a "client" is relative to a service request; an application may have the role of client for some request and service for others.
- deferred request authentication
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A mechanism to allow a client to verify that the server processed the correct request. The client may verify the server response, for example, by comparing the elements returned in the response, or comparing a digest of the request with a digest returned in a secured response. This ensures that an attacker has not diverted or otherwise changed portions of a request. For example, a client request might be directed to a particular URI so that a specific policy will be enforced as part of the service processing the request. Inclusion of the URI in the response ensures that the expected server policy was followed and that the request was conveyed correctly.
- key
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
An input parameter that varies the transformation performed by a cryptographic algorithm [RFC2828]. For the purpose of XML key management we specifically mean public keys and private keys as used in a public key cryptosystem.Key management relates to the management of a public key's validity status over its lifetime. Typically, operations are defined for controlling the validity (e.g. register, revoke) and querying the validity.A property associating additional information with a public key. This might be used to convey status and validity period information for key validity queries or used to convey private key information as part of a registration request or response.A service that locates and returns a public key given identifying information for the key. Generally the request will include a KeyInfo element containing information sufficient for the service to locate the key. A common example is to provide the key name.A property defined in the XML Digital Signature recommendation, allowing a name to be associated with a key within a element. The Key Name property is not required and when associated with a key in registration is not required to be a unique identifier for that key.A service that verifies the binding of information to a public key and also determines the current status of that binding, if appropriate or possible for the information in question. For example, key validation [SECGL] may be performed based on elements secured to a public key in an X.509 certificate as outlined in PKIX [RFC 2459].
- key binding
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A property associating additional information with a public key. This might be used to convey status and validity period information for key validity queries or used to convey private key information as part of a registration request or response.
- key location
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A service that locates and returns a public key given identifying information for the key. Generally the request will include a KeyInfo element containing information sufficient for the service to locate the key. A common example is to provide the key name.
- key management
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
Key management relates to the management of a public key's validity status over its lifetime. Typically, operations are defined for controlling the validity (e.g. register, revoke) and querying the validity.
- key name
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A property defined in the XML Digital Signature recommendation, allowing a name to be associated with a key within a element. The Key Name property is not required and when associated with a key in registration is not required to be a unique identifier for that key.
- key validation
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A service that verifies the binding of information to a public key and also determines the current status of that binding, if appropriate or possible for the information in question. For example, key validation [SECGL] may be performed based on elements secured to a public key in an X.509 certificate as outlined in PKIX [RFC 2459].
- pass phrase key
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A key derived from a pass phrase may be used for authentication in circumstances where public key based authentication is not possible.
- payload security
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
The XKMS request or response XML obtains integrity and/or confidentiality by being signed using an XML digital signature and/or encrypted using XML Encryption. The signature itself may be placed in the SOAP header when using a SOAP binding, for example. This is in contrast to transport integrity, where a SOAP message containing the XKMS payload is secured using TLS or other transport security mechanisms.
- proof ofof possession (POP)
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
Performing an action with a private key to demonstrate possession of it. An example is to create a signature using a registered private signing key to prove possession of it.
- service
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
An application that provides computational or informational resources on request. A service may be provided by several physical servers operating as a unit.
- TLS
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
Transport Layer Security, a protocol layer designed to provide message integrity and confidentiality for a message during transit between two endpoints. An earlier version is known as SSL, the Secure Socket Layer [TLS].
- trust service
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A service that is capable of registering public keys and/or providing key information services, including key validation and location.
- web service
-
From XML Key Management (XKMS 2.0) Requirements (2003-05-05)
A service that is accessible by means of messages sent using standard web protocols, notations and naming conventions, including XML Protocol (or until XML protocol is standardized, SOAP). Web service may also imply the use of ancillary mechanisms, such as WSDL [WSDL ] and UDDI [ UDDI ] for defining Web services interfaces.