|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface RegisterRequest
Request information to be bound to a public key pair.
[232] The Register request is used to assert a binding of information to a public key pair. Generation of the public key pair MAY be performed by either the client or the Registration service.
[233] The Registration request message contains a prototype of the requested key binding. The registration service MAY require the client to provide additional information to authenticate the request. If the public key pair is generated by the client, the service MAY require the client to provide Proof of Possession of the private key.
[234] The prototype of the requested key binding may contain only partial information, a key without a name or a name without a key. In this case, the client is requesting that the registration service provide the additional information required to complete the binding. All information contained in the prototype of the requested key binding is advisory to the service and MAY be ignored or overridden at the option of the service.
[235] On receipt of a registration request, the registration service verifies the authentication and POP information provided (if any). If the registration service accepts the request a key binding is registered. This key binding MAY include some, all or none of the information provided by the prototype key binding and MAY include additional information.
[236] The registration service MAY return part or all of the registered key binding to the client.
[239] The choice of generation of the key pair at the client or the service depends on the application and the type of key. In the case of a key used for signing purposes it is generally undesirable for any party apart from the key bearer to have access to the private key. Should access to the private key be lost a new key may be issued without affecting the validity of any of the signatures created using the old private key. Accordingly it is usually preferable for such keys to be generated at the client and not the server.
[240] In the case of a private key used exclusively for certain types of encryption, the loss of access to the private key may result in the loss of access to the stored data encrypted under the key. In such circumstances it is generally desirable for some form of key recovery to be employed. In such systems the key pair is typically generated at the service and delivered to the client.
[241] A key used for both signing and encryption might be generated at the client or the server depending on whether key recovery is to be supported.
[275] Registration services set their own authentication policy.
[276] Services SHOULD require that clients demonstrate Proof of Possession of the private key components of a public key if a request is made to register a valid key binding bound to that public key.
[311] The register request message contains a <RegisterRequest>
element that contains the following elements:
<PrototypeKeyBinding
> [Required]
Specifies elements that the client requests be registered.
<Authentication
> [Required]
Information that authenticates the request.
<ProofOfPossesion>
[Optional]
Proof of possession of the private key component of the key binding. A
Service that requires the ProofOfPossession element MUST return a
'Sender.ProofOfPossessionRequired' result if the ProofOfPossession element is
not present in the request.
Method Summary | |
---|---|
PrototypeKeyBinding |
getPrototypeKeyBinding()
Gets the PrototypeKeyBinding of this request. |
boolean |
hasProofOfPossessionSignature()
Checks whether this request has a ProofOfPossession element. |
void |
setProofOfPossession(Key key)
Sets the key to generate the ProofOfPossession signature
during marshalling of message. |
void |
setPrototypeKeyBinding(PrototypeKeyBinding prototype_key_binding)
Sets the PrototypeKeyBinding of this request. |
Methods inherited from interface XKRSSRequest |
---|
getAuthentication, hasKeyBindingAuthenticationSignature, setAuthentication |
Methods inherited from interface XMessageAbstractType |
---|
addDefaults, addOpaqueClientData, clearOpaqueClientData, getId, getMessageName, getNonce, getOpaqueClientData, getRequestSignatureValue, getService, getSignatureCertificate, hasSignature, isValid, setId, setNonce, setService, setSignature, toString |
Method Detail |
---|
PrototypeKeyBinding getPrototypeKeyBinding()
PrototypeKeyBinding
of this request.
PrototypeKeyBinding
of this request.void setPrototypeKeyBinding(PrototypeKeyBinding prototype_key_binding)
PrototypeKeyBinding
of this request.
prototype_key_binding
- the new PrototypeKeyBinding
for this request.void setProofOfPossession(Key key)
ProofOfPossession
signature
during marshalling of message.
key
- the key in possession possessionboolean hasProofOfPossessionSignature()
ProofOfPossession
element.
true
if this request has a
ProofOfPossession
element, false
otherwise.
|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |