14.2 XKMS Common Data Elements

XKMS makes heavy use of a variety of elements from XML Digital Signature. For the additional structures it defines, all values are sent as element data.

Some common data elements are described in this section.


You use ResultCode an enumerated type to return result codes.

 <simpleType name="ResultCode">    <restriction base="string">       <enumeration value="Success"/>       <enumeration value="NoMatch"/>       <enumeration value="Incomplete"/>       <enumeration value="Failure"/>       <enumeration value="Refused"/>       <enumeration value="Pending"/>    </restriction> </simpleType> 
  • "NoMatch" means the search prototype could not be found.

  • "Incomplete" means that only part of the requested information could be provided.

  • "Failure" does not specify a reason for failure.

  • "Pending" means that operation was queued for future processing.


You use the AssertionStatus element in responses to indicate the status of an assertion such as a key binding.

 <simpleType name="AssertionStatus" base="string">    <enumeration value="Valid"/>    <enumeration value="Invalid"/>    <enumeration value="Indeterminate"/> </simpleType> 


The Reason element provides further details on the xkms:AssertionStatus. If the assertion status is "Valid" or "Indeterminate," this element lists those status aspects that have been determined to be "Valid" or "Indeterminate," respectively. If the assertion status was "Invalid," it lists the aspects that are either "Invalid" or "Indeterminate." Table 14-1 defines aspects of the XKMS Reason string.

Table 14-1. XKMS Reason Strings
Aspect String Definition
IssuerTrust The trust service believes in the assertion issuer.
Status The trust service has positively verified the status of the assertion with sources that it trusts, such as verified certificate revocation lists or an online certificate status server.
ValidityInterval The validity interval of the assertion includes the request.
Signature The signature (or signed data, such as a certificate) was verified.


The Respond element in a request specifies, through one or more strings, the elements desired in the response. They consist of XMLDSIG elements or the private key element specified in Section 14.4.2. An XKMS service may return additional data not requested. See Table 14-2.

The schema for the xkms:Respond element follows:

 Schema Definition: <element name="Respond" >    <complexType>       <sequence>          <element name="string" type="string"                   minOccurs="0"                   maxOccurs="unbounded"/>       </sequence>    </complexType> </element> 

Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net