HomePLDAP
 

XKMS Prototype Server

XKMS Prototype Server

As part of the work of developing an test XKMS implementation, this web site runs a test XKMS server. It has very few keys loaded - only the sample keys necessary for interop testing. Currently the server only supports XKISS (Information Service) requests - LocateRequest and ValidateRequest. Signatures on requests are ignored, and all responses are signed with a dummy certificate.

The service is available through the following URLs :

  1. http://www.wingsofhermes.org:81/xkmsd/soap11 - a SOAP V1.1 service
  2. http://www.wingsofhermes.org:81/xkmsd/soap12 - a SOAP V1.2 service
  3. http://www.wingsofhermes.org:81/xkmsd/http - a service over plain HTTP

Statement of Use

This service is for Interoperability Testing only. The keys and certificates used within this service are test keys only. No reliance should be placed on them, and they must not be used for any purposes other than XKMS interop testing.

About the Server

The server itself is a very basic prototype running on linux. The XML processing is performed using the Apache Software Foundation's Xerces C++ parser and the XKMS messages are produced and consumed using the ASF's XML-Security-C library.

The XML-Security-C library can be found here. The library includes a prototype client tool (xklient) that has been build for interop testing, but can be used to generate and consume XKMS messages.

The server supports the following messages :

  • LocateRequest - Find a key in the database but there is no statement as to the keys "worthiness".
  • ValidateRequest - The service will return OK if the key is known to be "good" (note that this service is for interoperability testing only - keys from this service are dummy keys and should not be used for any purposes other than testing)
  • StatusRequest - Determine whether a pending request is ready.
  • PendingRequest - Request the result of a previous request for which a Pending result was returned.

In addition, the service supports:

  • Synchronous Protocol - Standard XKMS protocol in which responses are returned immediately.
  • Asynchronous Protocol - XKMS protocol in which results are not necessarily returned immediately, and for which the client may be required to make another request later to get the result.
  • TwoPhase Protocol - Client is required to make the request in two parts - used to protect against DoS attacks against the service.
  • Compound Requests - Service can accept multiple requests in one message. Note that Asynchronous CompoundRequest messages are not currently supported