| Previous | Table of Contents | Next |
A proposed implementation of the CSS state machine is defined in the state diagram,
Figure 24-4 on page 24-28, and in the CSS state table, Table 24-8 on page 24-29. Each
CSS call thread shall operate independently with respect to this state machine. Where necessary, thread synchronization at
shared state shall be handled in the actions called by this state machine.
When a CSS processes a one-way call, it returns to the caller and sets its next state to done, as no response will be sent
by the TSS.
The shaded rows in the state table indicate transitions and states that need not exist in a stateless CSS client side implementation.
The state names, function names, and function signatures that appear in the state diagram and state table are not prescriptive.
Figure 24-4 CSS State Machine
Table 24-8 CSS State Table
123456789 |
State |
Event |
Action |
New State |
|
| start | Request + client policy + IOR ready to send | get_mechanism (policy, thisIOR, Out mech) | Try Mechanism | ||
| Try Mechanism | the selected mechanism is unprotected | get_connection (mech, Out c) | Unprotected Request | ||
| the selected mechanism is protected | get_client_creds (policy, mech, Out creds) | Wait for Credentials | |||
| Unprotected | connection ready | send request | Wait for Reply | ||
| Request | connection rejected | raise exception and return to caller1 | done | ||
| Wait for Reply | receive reply | return to caller | done | ||
| Wait for | client credentials ready | get_connection (policy, mech, creds, Out c) | Wait for Connection | ||
| Credentials | necessary credentials not obtained | raise exception and return to caller2 | done | ||
| Wait for Connection | connection ready | get_context_element (c, policy, creds, mech, Out element) | Wait for Context | ||
| connection rejected | raise exception and return to caller3 | done | |||
| Wait for Context | get_context_element returned EstablishContext {N = 0, tokens} | send Request + EstablishContext {client_context_id = N = 0, tokens} | Wait for SAS Reply | ||
| get_context_element returned EstablishContext {N != 0, tokens} | send Request + EstablishContext {client_context_id = N != 0, tokens} | Wait for SAS Reply | |||
| get_context_element returned NULL | send request | Wait for Reply | |||
| get_context_element returned MessageInContext {N != 0, D} | send Request + MessageInContext {client_context_id = N != 0, D} | Request In Context | |||
| Wait for SAS Reply | receive exception + ContextError (invalid evidence) | raise exception and return to caller4 | done | ||
| receive exception + ContextError (invalid mechanism) | raise exception and return to caller | done | |||
| receive exception + | invalidate_context (c, N) | done | |||
| ContextError (conflicting evidence) | raise exception and return to caller | ||||
| receive Reply + LOCATION_FORWARD status + updated IOR | return to caller | done | |||
| receive Reply + CompleteEstablishContext | complete_context (c, N, context_stateful) | done | |||
| {N, context_stateful} | return to caller | ||||
| Request in Context | receive exception + ContextError (context does not exist) | invalidate_context (c, N ) get_context_element (c, policy, creds, mech, Out element) | Wait for Context | ||
| receive Reply | return to caller | done |
1. A CSS may do next mechanism processing, in which case it might call get_next_mechanism(policy,thisIOR) and transition to state Try Mechanism.
2. Same note as 1.
3. Same note as 1.
4. A CSS may re-collect authentication evidence and try again, in which case it might call get_client_creds(policy, mech, Out creds) and transition to state Wait for Credentials.
24.3.4.1 CSS State Machine Actions
This section defines the intended semantics of the actions appearing in the CSS state machine. As noted above the function
names and function signatures are not prescriptive. The descriptions appearing in the following sections are provided to facilitate
understanding of the proposed implementation of the CSS state machine.
• get_mechanism (policy, IOR, Out mech) Select from the IOR a mechanism definition that satisfies the client policy.
• get_connection (mech, Out c) Open a connection based on the port information in the mechanism argument.
• get_context_element(c, policy, creds, mech, Out element)
• get_client_creds (policy, mech, Out creds)
Get the client credentials as necessary to satisfy the client policy and the target policy in the mechanism.
• get_connection (policy, mech, creds, Out c)
Open a secure connection based on the client policy, the target policy in the mechanism argument, and using the client credentials in the creds argument.
In the scope of connection c, use the client creds to create a SAS protocol context element that satisfies the client policy
and the target policy in the mechanism. If the CSS supports reusable contexts, and the client policy is to establish a reusable
context, the CSS allocates a client_context_id, and initializes a context element in the context table of the connection.
A NULL context element may be returned by get_context_element when the target mechanism definition either does not support
or require SAS layer security functionality, and the client establishes a policy not to use such functionality unless required
to do so.
• invalidate_context (c, N)
Mark context N in connection scope c as invalid such that no more requests may (re)use it.
• complete_context (c, N, context_stateful) This action applies the contents of a returned CompleteEstablishContext message
to context N, in connection scope c, to change its state to completed. In a
stateful CSS, get_context_element will not return a MessageInContext element until complete_context is called with context_stateful
true.