The ADSS SCVP Service supports the Server-based Certificate Validation Protocol (SCVP), RFC 5055.  This is an ASN.1 encoded request/response protocol for determining the path between an X.509 digital certificate and a trusted root; and the validation of that path according to a particular validation policy.  SCVP supports two modes of operation which may be used in combination or separately:

1. Delegated Path Discovery (DPD); to discover the path between an X.509 digital certificate and a trusted root, and
2. Delegated Path Validation (DPV); to validate the path according to a defined validation policy in ADSS Server.

The ADSS SCVP Service excels because of its scalability, resilience and ability to pre-define different validation policies for each CA; and to cache the validation results in a way that ensures its validation performance is optimized. Validation policies can be set to basic validation or can include a range of advanced validation options and policies can also be defined for non-registered CAs. The attention to detail in security management including optional dual control of specific features, management reporting and transaction log views of validation information are in advance of anything seen elsewhere and these aspects are key to minimizing operations staff time and costs.

A typical work flow of the SCVP Service is as follows:

1. A Relying Party (an end user or client business application) sends a certificate validation request to the ADSS SCVP Service.
2. The ADSS SCVP Service performs all the standard certificate validation checks to ensure that the certificate is not expired and was issued by a recognised and trusted CA etc.  As part of this certificate validation mechanism, ADSS Server will also request certificate status information from the relevant certificate status provider either in the form of CRLs which it retrieves regularly based on a particular polling policy or through an OCSP request.
3. The SCVP response will be composed based on the certificate status and/or the additional information required by the requester in the request.
4. The ADSS SCVP Service will then provide a certificate validation response showing the status of certificate in the response as “valid” or “invalid”.