|
|
The XML Key Management Specification (XKMS) provides a standard, XML-based messaging protocol that allows application developers to outsource the processing of key management (registration, verification, and so on) to trust services accessed through the Internet.
Using XKMS moves the public key infrastructure complexity and processing burden to a different server. This approach allows PKI code to be tightly integrated on remote servers accessed through self-describing XML interfaces. The example below shows an XKMS message indicating that a supplied key should be revoked:
<?xml version="1.0"?>
<Request>
<Prototype>
<AssertionStatus>Invalid</AssertionStatus>
<KeyID>unique_key_identifier</KeyID>
<ds:KeyInfo> ... </ds:KeyInfo>
</Prototype>
<AuthInfo><AuthUserInfo>
<ProofOfPossession>[RSA-Sign]</ProofOfPossession>
</AuthUserInfo></AuthInfo>
<Respond>
<string>KeyName</string>
</Respond>
</Request>
AssertionStatus indicates that the revocation request should include making the ID specified in the KeyID tag invalid. To prevent misuse, the ProofOfPossession tag provides a level of assurance that the request comes from a source authorized to make such a request.
|
|