Advanced W3C XKMS Certificate Validation Authority Server

Scalable XKMS validation authority

ADSS XKMS Server provides a sophisticated real-time certification Validation Authority, fully conformant with W3C XKMS (XML Key Management Specification) and PEPPOL validation protocol. XKMS promises to make it easier for applications to use these e-trust security features using web-services rather than traditional PKI protocols. The standard also includes functionality that covers registration, certification, revocation and recovery services - these aspects are on the product roadmap.

ADSS XKMS Server provides all of the above functionality in a centralised manner. This allows business applications to delegate all of the responsibility for certificate path discovery and validation to this trusted Validation Authority. This greatly simplifies development of business applications that rely on PKIs, by hiding all the inherent complexity.

Key points:

  • Complies with W3C XKMS standards
  • Supports dynamic Delegated Path Discovery (DPD) even in complex bridge CA, mesh and cross-certification PKI topologies
  • Supports full certificate validation using RFC 5280 and RFC 3379 validation algorithm, including validation of Key Usage, Extended Key Usage, Certificate Policies, Name validation, policy mapping and other related checks
  • Supports revocation checking using advanced OCSP and CRL handling
  • Provides ability to create multiple validation profiles each with their own final trust anchors, path building and validation settings
  • ADSS Client SDK provides the client-side XKMS functionality for easy integration with business applications using high-level Java and .NET calls
  • Ability to split front-end XKMS service from back-end operations for maximizing performance
  • High-performance architecture including caching of intermediate CA certificates and revocation info
  • Detailed logging and human-readable XKMS transaction viewers for easy problem solving
  • Configurable management reporting on service usage, top clients & most validated certificates
  • Strong security, latest crypto algorithms & independently evaluated and certified by multiple entities
  • Supports X-KISS (Validate) protocol

ADSS server architecture

ADSS Server is a powerful server application providing multiple e-Trust services as shown in the diagram below. Although it's a single product, its service modules are licensed individually and branded accordingly. Your investment in ADSS Server is therefore future-protected as you can license new service modules over time as your e-Trust business needs grow. Multiple ADSS service modules may be installed on the same ADSS Server instance, saving on hardware, software and management costs. All of the ADSS Service modules use the same GUI layout and style thereby making training simple for administrators. Ascertia tracks the latest industry standards and is committed to adding new service modules as required by our customers.

3rd Party Apps
(e.g. Logical Access Control Systems (LACS), Physical Access Control System (PACS), etc.)
Core ADSS Server modules Trust Manager | Key Manager | Secure Logging | HSM & DB Manager | Reporting | Client Manger | Dual Control CRL Manager | Access Control | System Integrity Checker | Auto Archiver
PKI services (each separately licensed) e-Trust Services (each separately licensed) Base Modules of ADSS Server (available by default)

The above diagram shows a range of client applications (relying party application) using the ADSS XKMS Service module. Due to the wide acceptance of the standard, there are large number of XKMS-enabled applications, including Physical Access Control Systems (PACS). Click on any of the ADSS service modules to jump to the relevant product page.

The power of ADSS Server is that all of this functionality is available from one unified product, which minimises training costs, provides a single platform for management control and logging, and lowers the total cost of hardware and software ownership.

Request Info


Sales Inquiries:
+44 (0)800 772 0 442


Years of Digital Signature