The ADSS XKMS Service can be used to validate standard X.509 digital certificates according to the XML Key Management Specifications (XKMS).
A typical workflow for ADSS XKMS Service is as follows:
A Relying party (an end user, customer or client business application) sends the certificate validation request to the ADSS Server XKMS Service.
The ADSS XKMS Service performs all the standard certificate validation checks to ensure that the certificate was issued by a recognised and trusted CA and is not expired, etc. As part of this certificate validation mechanism, ADSS Server will also request certificate status information from the relevant certificate status provider either in the form of CRLs which it retrieves regularly based on a particular polling policy or a real-time OCSP call.
The certificate status service provider will return the certificate status information.
The ADSS XKMS Service will then provide a certificate validation response showing the status of certificate in the request as “valid” or “invalid”. Note ADSS Server can also return various items as evidence information, including the OCSP response, if specifically requested by the client application.