Return-Path: 
 <commits-return-26406-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A6CD210A9E
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu,  2 May 2013 16:48:25 +0000 (UTC)
Received: (qmail 60195 invoked by uid 500); 2 May 2013 16:48:25 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 60147 invoked by uid 500); 2 May 2013 16:48:25 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 60139 invoked by uid 99); 2 May 2013 16:48:25 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 May 2013 16:48:25 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 May 2013 16:48:24 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 50CA523888E4
	for <commits@cxf.apache.org>; Thu,  2 May 2013 16:48:04 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r860609 - in /websites/production/cxf/content:
 cache/docs.pageCache docs/xml-key-management-service-xkms.data/XKMS-cxf.jpg
 docs/xml-key-management-service-xkms.html
Date: Thu, 02 May 2013 16:48:04 -0000
To: commits@cxf.apache.org
From: buildbot@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20130502164804.50CA523888E4@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: buildbot
Date: Thu May  2 16:48:03 2013
New Revision: 860609

Log:
Production update by buildbot for cxf

Added:
    websites/production/cxf/content/docs/xml-key-management-service-xkms.data/XKMS-cxf.jpg   (with props)
Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/xml-key-management-service-xkms.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Added: websites/production/cxf/content/docs/xml-key-management-service-xkms.data/XKMS-cxf.jpg
==============================================================================
Binary file - no diff available.

Propchange: websites/production/cxf/content/docs/xml-key-management-service-xkms.data/XKMS-cxf.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Modified: websites/production/cxf/content/docs/xml-key-management-service-xkms.html
==============================================================================
--- websites/production/cxf/content/docs/xml-key-management-service-xkms.html (original)
+++ websites/production/cxf/content/docs/xml-key-management-service-xkms.html Thu May  2 16:48:03 2013
@@ -143,8 +143,41 @@ The sender uses this certificate for mes
 
 <h2><a shape="rect" name="XMLKeyManagementService%28XKMS%29-XKMSSpecification"></a>XKMS Specification</h2>
 
-<p>W3C specifies standard protocol to distribute and register public keys, certificates and CAs that can be used for XML-based cryptography, including signature and encryption: <a shape="rect" class="external-link" href="http://www.w3.org/TR/xkms2/" rel="nofollow">XML Key Management Specification</a> (XKMS 2.0).<br clear="none">
-The XKMS Specification comprises two parts &#8211; the XML Key Information Service Specification (XKISS) describing the runtime aspects of key lookup and certificate validation and the XML Key Registration Service Specification (XKRSS) describing the administrative aspects of registering, renewing, revoking and recovering certificates.</p></div>
+<p>W3C specifies standard protocol to distribute and register public keys, certificates and CAs that can be used for XML-based cryptography, including signature and encryption: <a shape="rect" class="external-link" href="http://www.w3.org/TR/xkms2/" rel="nofollow">XML Key Management Specification</a> (XKMS 2.0). XKMS can be used as standardized frontend to Public Key Infrastructure (PKI).<br clear="none">
+The XKMS Specification comprises two parts &#8211; the XML Key Information Service Specification (XKISS) describing the runtime aspects of key lookup and certificate validation and the XML Key Registration Service Specification (XKRSS) describing the administrative aspects of registering, renewing, revoking and recovering certificates. XKMS Service implements both parts of specification.</p>
+
+<h3><a shape="rect" name="XMLKeyManagementService%28XKMS%29-XKMSDesign"></a>XKMS Design</h3>
+
+<p>Internal structure of XKMS service is represented on the following figure:</p>
+
+<p><span class="image-wrap" style=""><img src="xml-key-management-service-xkms.data/XKMS-cxf.jpg" style="border: 0px solid black"></span></p>
+
+<p>XKMS Service exposes standardized XKISS and XKRSS SOAP interfaces. <br clear="none">
+Input and output parameters as well as samples of SOAP messages are described in the specification <a shape="rect" class="external-link" href="http://www.w3.org/TR/xkms2/" rel="nofollow">XKMS 2.0</a>. <br clear="none">
+XKMS implementation supports chain of responsibility design pattern <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Chain-of-responsibility_pattern" rel="nofollow">chain-of-responsibility </a>. <br clear="none">
+Each XKMS operation defines handler interface and provides one or more implementations of this interface. Handler implementations are connected into chain. <br clear="none">
+Operation implementation invokes handlers one after another from pre-configured chain until either all handlers will be processed or critical error will occur. <br clear="none">
+This design decision makes XKMS internal implementation quite flexible: it is easy to add/remove handlers, change their order, introduce handlers supporting new backends, etc. <br clear="none">
+For example certificate can be searched firstly in the LDAP repository by LDAP lookup handler and, if it is not found there, additionally looked in remote PKI using appropriate lookup handler. Logic validation operation is organized in chain is well: first validation handler checks format and expire date of X509 certificate, next one checks certificate trust chain.</p>
+
+<h4><a shape="rect" name="XMLKeyManagementService%28XKMS%29-DataFormats"></a>Data Formats</h4>
+
+<p>Input and output data formats are specified in XML Key Management Service Specification Version 2.0 (see <span class="error">[XKMS 2.0]</span>). Anyway XKMS service supports only subset of specified requests and responses.<br clear="none">
+Restrictions of formats for request and responses are described in following table:</p>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh">Element XPath</th><th colspan="1" rowspan="1" class="confluenceTh">Supporting values</th><th colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">RootElement/QueryKeyBinding/UseKeyWith@Application </td><td colspan="1" rowspan="1" class="confluenceTd"> urn:ietf:rfc:2459 </td><td colspan="1" rowspan="1" class="confluenceTd"> Application specifies X509 SubjectDN in Identifier attribute. Used for normal users certificates</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">RootElement/QueryKeyBinding/UseKeyWith@Application </td><td colspan="1" rowspan="1" class="confluenceTd"> urn:apache:cxf:service:soap </td><td colspan="1" rowspan="1" class="confluenceTd"> Application specifies Service Id in Identifier attribute in form: 
+<div class="error"><span class="error">Unknown macro: {SERVICE_ NAMESPACE}</span> </div>
+<p>SERVICE_NAME. Used for service certificates</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">RootElement/QueryKeyBinding/UseKeyWith@Identifier </td><td colspan="1" rowspan="1" class="confluenceTd"> X509 Subject DN or Service name as {SERVICE_ NAMESPACE}SERVICE_NAME </td><td colspan="1" rowspan="1" class="confluenceTd"> Depending on Application attribute public key is identified as X509 Subject DN or Service nameservice certificates</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">RootElement/UnverifiedKeyBinding/KeyInfo </td><td colspan="1" rowspan="1" class="confluenceTd"> X509Data/X509Certificate </td><td colspan="1" rowspan="1" class="confluenceTd"> Only X509Data with X509Certificate is supported</td></tr></tbody></table>
+</div>
+
+
+
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1" class="confluenceTd"> colB1 </td><td colspan="1" rowspan="1" class="confluenceTd"> colB2 </td></tr></tbody></table>
+</div>
+</div>
            </div>
            <!-- Content -->
          </td>