Versions Compared

Old Version 19

changes.mady.by.user Former user

Saved on

compared with

New Version 20

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel54

2.2.1 Metadata Profiles

IOP (Scott Cantor - cantor.2@osu.edu)
PKIX (Terry McBride)

...

CONFIRM: The interactions remain successful in accordance with the metadata that existed prior to the change. No restart or other service interruption was required to accomodate the change.

2.2.2.1 Metadata Verification (Scott Cantor - cantor.2@osu.edu)

Test the ability of an implementation to verify metadata before importing/accepting it for use. The focus is on import of remote sources, since local file sources can naturally undergo checking outside of the import process before being made available.

Verification by Known Key

Scope
  • Test verification of root level signature via a known key.
Preconditions
  • Any MTI signature algorithm may be used.
  • Valid metadata signed by a known key is available at an http or https URL.
  • Valid metadata with an invalid signature is available via a different URL.
  • The key should not be present inside the signature of the metadata document.
  • Appropriate configuration for the use of the URLs and verification with the key is applied.
  • No configuration of the information supplied via metadata is in place prior to import
Test Sequence

1. Import and verify valid metadata

...

CONFIRM: Import and/or interaction with the metadata subject is unsuccessful.

Verification by Certificate Validation

Scope
  • Test verificiation of root level signature via path validation of a signing certificate.
Preconditions
  • Any MTI signature algorithm may be used.
  • Two certificates issued by a sample certificate authority are created, one valid, one expired.
  • The certificate must be present inside the signature of the metadata document.
  • Valid metadata signed by the key in the valid certificate is available at an http or https URL.
  • Valid metadata signed by the key in the invalid certificate is available via a different URL.
  • Appropriate configuration for the use of the URLs and verification with the issuing CA is applied.
  • No configuration of the information supplied via metadata is in place prior to import
Test Sequence

1. Import and verify valid metadata

...