How It Works
A DVCS transaction begins with a client preparing a Data Validation and Certification Request. The request always contains data for which validity, correctness or possession is to be certified. The request MAY be encapsulated using a security envelope to provide for authentication of both requester and server. Requester authentication can be achieved by several of the formats described in CMS, in particular, signed Data.
The DVCS client chooses an appropriate transport mechanism to convey the requests to a DVCS. It may also be necessary to choose a transport mechanism providing confidentiality and, in particular, allowing authentication of the DVCS by the requestor, e.g., TLS or CMS or S/MIME encryption.
If the request is valid, the DVCS performs all necessary verification steps, and generates a Data Validation Certificate(DVC), and sends a response message containing the DVC back to the requestor. The Data Validation Certificate is formed as a signed document (CMS Signed Data).
As with the request, it may be necessary to choose a transport mechanism that provides for confidentiality to carry the DVC. DVCs are not necessarily transported the same way as requests, e.g., they can be returned using e-mail after an online request received via HTTPS.
If the request was invalid, the DVCS generates a response message containing an appropriate error notification. Upon receiving the response, the requesting entity SHOULD verify its validity, i.e., whether it contains an acceptable time, the correct name for the DVCS, the correct request information and message imprint, a valid signature, and satisfactory status, service and policy fields.
When verifying the validity of a DVC, it is up to the requester's application to check whether a DVCS's signing certificate is valid. Depending on the usage environment, different methods, online or out of band, e.g., CRLs, DVCS, or OCSP, may have to be used.
After all checks have passed, the data validation certificate can be used to authenticate the correctness or possession of the corresponding data.
A DVCS may return more than one DVC corresponding to one request. In this case, all but one request have a global status of 'WAITING'.
Read more about this topic: Data Validation And Certification Server
Famous quotes containing the word works:
“... no one who has not been an integral part of a slaveholding community, can have any idea of its abominations.... even were slavery no curse to its victims, the exercise of arbitrary power works such fearful ruin upon the hearts of slaveholders, that I should feel impelled to labor and pray for its overthrow with my last energies and latest breath.”
—Angelina Grimké (1805–1879)