The ADSS XKMS Service can be used to validate standard X.509 digital certificates according to the XML Key Management Specifications (XKMS). A typical workflow for ADSS XKMS Service is as follows:



  1. A Relying party (an end user, customer or client business application) sends the certificate validation request to the ADSS Server XKMS Service. 
  2. The ADSS XKMS Service performs all the standard certificate validation checks to ensure that the certificate was issued by a recognised and trusted CA and is not expired, etc.  As part of this certificate validation mechanism, ADSS Server will also request certificate status information from the relevant certificate status provider either in the form of CRLs which it retrieves regularly based on a particular polling policy or a real-time OCSP call.
  3. The certificate status service provider will return the certificate status information.
  4. The ADSS XKMS Service will then provide a certificate validation response showing the status of certificate in the request as “valid” or “invalid”.  Note ADSS Server can also return various items as evidence information, including the OCSP response, if specifically requested by the client application.


See also

Identity Proven, Trust Delivered

ADSS Server Features and Benefits
ADSS Server Trust Services
ADSS Server Architecture & Interfaces
ADSS Signing Service Overview
ADSS Verification Service Overview
ADSS Certification Service Overview
ADSS OCSP Service Overview
ADSS TSA Service Overview
ADSS XKMS Service Overview
ADSS SCVP Service Overview
ADSS LTANS Service Overview
ADSS Decryption Service Overview
ADSS CRL Monitor Overview