author | Dominic Pinkman <dominic.pinkman@nokia.com> |
Tue, 20 Jul 2010 12:00:49 +0100 | |
changeset 13 | 48780e181b38 |
parent 7 | 51a74ef9ed63 |
permissions | -rw-r--r-- |
7
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
1 |
<?xml version="1.0" encoding="utf-8"?> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
2 |
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
3 |
<!-- This component and the accompanying materials are made available under the terms of the License |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
4 |
"Eclipse Public License v1.0" which accompanies this distribution, |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
5 |
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
6 |
<!-- Initial Contributors: |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
7 |
Nokia Corporation - initial contribution. |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
8 |
Contributors: |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
9 |
--> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
10 |
<!DOCTYPE concept |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
11 |
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
12 |
<concept id="GUID-A636C1B3-8AB2-52D7-BB19-4CC93F4BDD97" xml:lang="en"><title>WTLS |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
13 |
Certificates</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
14 |
<p>Wireless Transport Layer Security (WTLS) certificates are used for authenticating |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
15 |
entities in WTLS, the security layer protocol in the WAP architecture. The |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
16 |
WTLS specification [WTLS 1.0], defines the certificate and its use, as well |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
17 |
as the protocol itself. </p> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
18 |
<p>The WTLS protocol is heavily based on TLS [RFC 2246], which is widely used |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
19 |
to provide privacy and data integrity between two applications communicating |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
20 |
using the Internet. In turn, TLS is heavily based on SSL version 3.0. </p> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
21 |
<p>All these protocols use <xref href="GUID-FB2CAA46-8EBB-5F76-847C-F3B953C9D31C.dita">Public |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
22 |
Key Cryptography</xref> to achieve the goals of privacy and data integrity. |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
23 |
Public Key Cryptography is used to reduce the problem of how to achieve these |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
24 |
goals from a secrecy requirement to a requirement of authentication. That |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
25 |
is, given two entities A and B, if A can demonstrate possession of the private |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
26 |
key corresponding to the public key which it supplies, and B can do the same, |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
27 |
then the use of Public Key Cryptography will enable them to communicate privately. <xref href="GUID-911E9F7E-D0AD-55EC-A3F4-1D427F803780.dita">Certificates</xref> are used |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
28 |
to demonstrate this possession: the prover will supply a set of certificates |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
29 |
beginning with their own, and the verifier will attempt to construct and validate |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
30 |
a chain beginning with the prover's own certificate and terminating in a certificate |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
31 |
already trusted by the verifier. </p> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
32 |
<p>Three levels of security are provided by WTLS: </p> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
33 |
<ul> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
34 |
<li id="GUID-2C63B01D-00D9-5389-904B-FAA13D2EE40D"><p>no authentication: anonymous |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
35 |
key exchange is used for creation of an encrypted channel between server and |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
36 |
client; no authentication takes place, so no certificate management is required. </p> </li> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
37 |
<li id="GUID-BCAF0499-50FA-5B05-A510-399D0EF855DD"><p>server authentication: |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
38 |
the server provides a certificate mapping back to an entity trusted by the |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
39 |
client, enabling the client to authenticate the server. This is often all |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
40 |
the authentication that is required; for online shopping, for example, the |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
41 |
client will generally authenticate the server but the reverse will often not |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
42 |
be necessary since the client will supply their credit card number to pay |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
43 |
for the stuff, which is all the server usually cares about. </p> </li> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
44 |
<li id="GUID-48DBD5E5-C833-5FFC-BA2F-DBE1BEB7A84C"><p>client authentication: |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
45 |
the client possesses its own private key and associated public key certificate |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
46 |
which it may use to identify itself to other entities in the network. </p> </li> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
47 |
</ul> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
48 |
<p>For server authentication WTLS certificates are used: thus, WAP clients |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
49 |
do not have to deal with X.509 certificates. However, for client authentication |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
50 |
X.509 certificates are used to leverage existing PKIs. </p> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
51 |
<p>The Symbian platform support for TLS/SSL and WTLS certificate |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
52 |
management only includes server authentication. Thus, the WTLS certificate |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
53 |
management only offers support for the validation of chains composed exclusively |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
54 |
of WTLS certificates, and the storage of WTLS certificates. </p> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
55 |
<p>The Certificate and Key Management component offers the following functionality |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
56 |
for processing WTLS certificates: </p> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
57 |
<ul> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
58 |
<li id="GUID-848C67F6-3B12-535E-AF88-A140DE35E2DE"><p>parses a set of WTLS |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
59 |
certificates sent from the server from their binary encoded form into a form |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
60 |
in which they are useful, and in which client code can extract interesting |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
61 |
information (for example name information). </p> </li> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
62 |
<li id="GUID-AABA31C8-AD82-526E-B826-205D017B067A"><p>uses these certificates |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
63 |
to construct a chain back to a locally stored trusted root certificate. </p> </li> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
64 |
<li id="GUID-406CAF57-BDF8-5CC1-A467-59B5568E8732"><p>validates this chain: |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
65 |
this would include verifying the signature and validity dates on each certificate. </p> </li> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
66 |
<li id="GUID-AF72A928-D50C-585B-8E98-60ED89F78F92"><p>maintains a local store |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
67 |
of certificates, with trust settings for each one, and offering an API to |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
68 |
edit these trust settings, and add and delete certificates. </p> </li> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
69 |
</ul> |
51a74ef9ed63
Week 12 contribution of API Specs and fix SDK submission
Dominic Pinkman <Dominic.Pinkman@Nokia.com>
parents:
diff
changeset
|
70 |
</conbody></concept> |