UseKeyWith (XKMS Documentation)

Overview

Package

Class

Tree

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.xkms
Class UseKeyWith

Object
  UseKeyWith

public class UseKeyWith
extends Object
extends Object

Application identifier constants for common application protocols.

[179] The <UseKeyWith> element specifies a subject identifier and application identifier that determine a use of the key. The interpretation of <UseKeyWith> depends on the enclosing construct.

QueryKeyBinding / PrototypeKeyBinding
A key binding is requested that meets the specified criteria. If the service is unable to meet the criteria exactly 'best guess' is acceptable.
UnverifiedKeyBinding / KeyBinding
The key may be used for the purpose specified (if unverified after validation). If more than one <UseKeyWith> element is specified then all are applicable jointly and severally.

[180] The <UseKeyWith> element contains the following attributes:
Application [Required]
A URI that specifies the application protocol with which the key may be used.
Identifier [Required]
Specifies the subject to which the key corresponds within the specified application protocol.

[181] Note that in some applications, in particular X.509 an application identifier is not guaranteed to be globally unique. In such circumstances the XKMS service is responsible for specifying rules to unambiguously interpret identifiers.

[182] The following table lists application URIs for common application protocols and the corresponding format for the identifier information:

    Application   Application URI                         Identifier                           Type
    -------------------------------------------------------------------------------------------------------------------
    XKMS          http://www.w3.org/2002/03/xkms#         URL identifying SOAP role            URI
    XKMS/profile  http://www.w3.org/2002/03/xkms#profile  URL identifying SOAP role            URI
    S/MIME        urn:ietf:rfc:2633                       SMTP email address of subject        RFC822 addr-spec
    PGP           urn:ietf:rfc:2440                       SMTP email address of subject        RFC822 addr-spec
    TLS           urn:ietf:rfc:2246                       URI identifying certificate subject  URI
    TLS/HTTPS     urn:ietf:rfc:2818                       DNS address of http server           DNS Address
    TLS/SMTP      urn:ietf:rfc:2487                       DNS address of mail server           DNS Address
    IPSEC         urn:ietf:rfc:2401                       IP address of network resource       IP Address
    PKIX          urn:ietf:rfc:2459                       Certificate Subject Name             X.509 Distinguished Name

[183] The XKMS application URI is used to specify a key binding that is used to secure an XKMS service. An XKMS service SHOULD support discovery of the supported security profiles and corresponding key bindings by means of a Locate operation that specifies the XKMS application URI and the URL of the service role. Note that as with any other Locate operation the credentials returned by this mechanism SHOULD only be considered trustworthy if validated according to the trust policy of the client.

[184] The primary use intended for <UseKeyWith> identifiers is to identify application protocols. <UseKeyWith> URI identifiers MAY be specified that represent key binding issuance and/or use policies instead of or in addition to an application protocol. In this case the <UseKeyWith> element specifies that the key binding complies with the specified policy. For example, applications handling XAdES compliant signatures could define their own <UseKeyWith> application values.

[185] In the case that a client follows a referral model in which raw key binding information is obtained from a Locate service then forwarded to a validate service the <UseKeyWith> elements in the query should in both cases specify the uses for which the application intends to use the key. Applications SHOULD NOT forward <UseKeyWith> elements returned in a Locate result in a subsequent Validate query.

[186] The following table describes the formatting for the specified types of identifier:

    Identifier Type           Example                               Description
    -----------------------------------------------------------------------------------------------
    RFC822 addr-spec          bob@example.com                       The addr-spec fragment of an RFC 822
                                                                    email address as used by SMTP
    URI                       https://example.com/                  A Uniform Resource Identifier
    DNS Address               example.com                           An Internet DNS address
    IP Address                10.23.0.20                            An IPv4 address in decimal notation
                              1080::8:800:200C:417A                 An IPv6 address in RFC 2373 notation
    X.509 Distinguished Name  C="UK" O="CryptoGuys Ltd." CN="Bob"   An X.509 Distinguished Name

Field Summary
`static String`	`IPSEC` Application `String` constant specifying IP security usage.
`static String`	`PGP` Application `String` constant specifying Pretty Good Privacy usage.
`static String`	`PKIX` Application `String` constant specifying Public-Key Infrastructure X.509 usage.
`static String`	`SMIME` Application `String` constant specifying Secure/Multipurpose Internet Mail Extensions usage.
`static String`	`TLS` Application `String` constant specifying Transport Layer Security usage.
`static String`	`TLS_HTTPS` Application `String` constant specifying Transport Layer Security with HTTPS usage.
`static String`	`TLS_SMTP` Application `String` constant specifying Transport Layer Security with SMTP usage.
`static String`	`XKMS` Application `String` constant specifying a key binding that is used to secure an XKMS service.

Constructor Summary
`UseKeyWith(String application, String identifier)` Constructs a new `UseKeyWith` object, initialized with the given parameters.

Method Summary
`String`	`getApplication()` Returns the application `String` of this `UseKeyWith` object.
`String`	`getIdentifier()` Returns the identifier `String` of this `UseKeyWith` object.
`String`	`toString()` Returns `String` representation of application + identifier.

Methods inherited from class Object
`equals, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Field Detail

XKMS

public static final String XKMS

Application String constant specifying a key binding that is used to secure an XKMS service.

See Also:: Constant Field Values

SMIME

public static final String SMIME

Application String constant specifying Secure/Multipurpose Internet Mail Extensions usage.

See Also:: Constant Field Values

PGP

public static final String PGP

Application String constant specifying Pretty Good Privacy usage.

See Also:: Constant Field Values

TLS

public static final String TLS

Application String constant specifying Transport Layer Security usage.

See Also:: Constant Field Values

TLS_HTTPS

public static final String TLS_HTTPS

Application String constant specifying Transport Layer Security with HTTPS usage.

See Also:: Constant Field Values

TLS_SMTP

public static final String TLS_SMTP

Application String constant specifying Transport Layer Security with SMTP usage.

See Also:: Constant Field Values

IPSEC

public static final String IPSEC

Application String constant specifying IP security usage.

See Also:: Constant Field Values

PKIX

public static final String PKIX

Application String constant specifying Public-Key Infrastructure X.509 usage.

See Also:: Constant Field Values

Constructor Detail

UseKeyWith

public UseKeyWith(String application,
                  String identifier)

Constructs a new UseKeyWith object, initialized with the given parameters.

Parameters:: application - a URI that specifies the application protocol with which the key may be used; identifier - specifies the subject to which the key corresponds within the specified application protocol
Throws:: IllegalArgumentException - if one of the strings is null or empty.

Method Detail

getApplication

public String getApplication()

Returns the application String of this UseKeyWith object.

Returns:: the application String

getIdentifier

public String getIdentifier()

Returns the identifier String of this UseKeyWith object.

Returns:: the identifier String

toString

public String toString()

Returns String representation of application + identifier.

Returns application+" "+identifier.

Overrides:: toString in class Object