[jira] [Created] (CXF-5482) XKMS: provide direct trust validator

[Andrei Shakirin (JIRA)]

Andrei Shakirin created CXF-5482:
------------------------------------

             Summary: XKMS: provide direct trust validator
                 Key: CXF-5482
                 URL: https://issues.apache.org/jira/browse/CXF-5482
             Project: CXF
          Issue Type: Improvement
            Reporter: Andrei Shakirin
            Assignee: Andrei Shakirin


Currently XKMS validate() operation checks only validity period, trusted chain 
and CRLs of X509 certificate. Basically it is not necessary that certificate 
exists in the XKMS repository.
However, in some cases it is required that certificate itself is "known" by 
XKMS (direct trust).
For such cases XKMS validation request should additionally contain element 
<KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>. This element 
triggers direct trust validation.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)