- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Thu, 07 Oct 2004 11:30:57 +0100
- To: Yunhao Zhang <yzhang@sqldata.com>
- Cc: www-xkms@w3.org
Thanks for those Yunhao. Guillermo is away for the week so it'll be a while before he incorporates 'em into the document (next week I guess). One question though: these tests change the state of the server, so should we also specify pre- and post-conditions, e.g. for T100 a locate shouldn't work beforehand, but should work afterwards? If we did do that, then we should probably ensure that iterating the tests behaves properly, so after doing T100 for example, someone should revoke, or otherwise get rid of, the binding. What do you think? Regards, Stephen. Yunhao Zhang wrote: > The proposed test cases below test basic registration services following > the similar format to the current test suite. > > > > T100: Register Client Generated Key > > > > Alice wishes to register a RSA key pair bound to alice@example.com. She > generates a RSA key pair and sends a registration request to the XKMS > service provider using a shared secret: secret, for key binding > authentication. The processing mode is synchronous, and the X.509 > distinguished name is /“C=US;O=Alice Corp;CN=Alice Aardvark/”. The > response message indicates a successful key binding and there is an > X.509 certificate in the key binding. > > > > > > T101: Register Service Generated Key > > > > In this scenario, Bob wishes to register a key generated by the XKMS > server. He sends a registration request to the XKMS service provider > using a shared secret: secret, for key binding authentication. The > processing mode is synchronous, and the keys to be used with her email > address bob@example.com. The XKMS server returns an RSA key pair with > encrypted private key. > > > > T102: Reissue > > > > Alice wishes to get a new X.509 certificate. She sends a Reissue request > to the XKMS service. The old X.509 certificate is included in the > KeyBinding element as a proof of previous key binding. The shared secret > is “/secret/”, and the processing mode is synchronous. The XKMS server > returns a new certificate with new validity interval in the response > message, and the status of the key binding is valid. > > > > > > T103: Recover > > > > Bob wishes to recover his private key which he has forgotten. The XKMS > administrator issues him a new authorization code “secret1” for the key > recovery operation. He sends key recovery requests to the XKMS with an > indeterminate key binding to his public key. The processing mode is > asynchronous. Bob then sends a GetStatus message and the status result > is success. Finally, he issues a Pending request to retrieve the > encrypted private key. > > > > T104: Revoke > > > > Bob wishes to revoke a compromised key binding. The key was registered > with a revocation pass phrase “Help I Have Revealed My Key”. The > processing mode is synchronous. The revocation result is successful and > the result key binding is invalid. > > > > Regards, > > Yunhao > >
Received on Thursday, 7 October 2004 10:28:47 UTC