ADSS XKMS Server

Advanced W3C XKMS Certificate Validation Authority Server

Scalable XKMS validation authority

ADSS XKMS Server provides a sophisticated real-time certification Validation Authority, fully conformant with W3C XKMS (XML Key Management Specification) and PEPPOL validation protocol. XKMS promises to make it easier for applications to use these e-trust security features using web-services rather than traditional PKI protocols. The standard also includes functionality that covers registration, certification, revocation and recovery services – these aspects are on the product roadmap.

ADSS XKMS Server provides all of the above functionality in a centralised manner. This allows business applications to delegate all of the responsibility for certificate path discovery and validation to this trusted Validation Authority. This greatly simplifies development of business applications that rely on PKIs, by hiding all the inherent complexity.

Key Points

Complies with W3C XKMS standards
Supports dynamic Delegated Path Discovery (DPD) even in complex bridge CA, mesh and cross-certification PKI topologies
Supports full certificate validation using RFC 5280 and RFC 3379 validation algorithm, including validation of Key Usage, Extended Key Usage, Certificate Policies, Name validation, policy mapping and other related checks

Key Points

Complies with W3C XKMS standards
Supports dynamic Delegated Path Discovery (DPD) even in complex bridge CA, mesh and cross-certification PKI topologies
Supports full certificate validation using RFC 5280 and RFC 3379 validation algorithm, including validation of Key Usage, Extended Key Usage, Certificate Policies, Name validation, policy mapping and other related checks

FEATURES & BENEFITS

Validation hub for multiple CAs

Respond for multiple CAs from a single ADSS XKMS Server instance. Configure separate validation policy for each CA, including unique XKMS signing keys and certificates. XKMS server certificates can optionally be issued using a built-in CA and auto renewed.

Delegated path discovery

Dynamically build certificate paths using either information held within certificates (e.g. AIA cert issuer field) or from pre-configured LDAP repositories. Receiving intermediate certificates within request message as well as pre-registered on server is also supported. Each XKMS profile defines which of these options to use. ADSS XKMS Server has been subjected to independent evaluation and certification against the latest NIST Path Discovery test suite.

Delegated path validation

Complete RFC 5280 based certificate path validation. Supports all standard extensions like acceptable certificate policies, policy mapping, name validation, key usage, extended key usage and many others. ADSS XKMS Server has been subjected to independent evaluation and certification against the latest NIST PKITS test suite.

USE CASE

Full Certificate Validation

Perform complete validation of X509 digital certificate chain by sending XKMS Request to ADSS XKMS Server:

Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.
Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.