24.7.1 Confidentiality, Trust in Server, and Trust in Client Established in the Connection

1. Initiate SSL/TLS connection to TSS.

2. SSL/TLS connection and ciphersuite negotiation accepted by both CSS and TSS. CSS evaluates its trust in target authentication identity and decides to continue. Client (P2) authenticates to TSS in the handshake.

3. Send request (with no security service context element).

4. Receive reply (with no security service context element).

5. Same as 3.

6. Same as 4.

   24.7.1.1 Sample IOR Configuration

   The following sample IOR was designed to address the related scenario.

   CompoundSecMechList{stateful = FALSE;mechanism_list = {

   CompoundSecMec { target_requires = {Integrity, Confidentiality, EstablishTrustInClient}; transport_mech = TAG_TLS_SEC_TRANS {

   target_supports = {Integrity, Confidentiality, EstablishTrustInClient,

   EstablishTrustInTarget}; target_requires = {Integrity, Confidentiality, EstablishTrustInClient}; addresses = {

   TransportAddress { host_name = x; port = y;

   };

   };};as_context_mech = {

   target_supports = {};

   ... }; sas_context_mech = {

   target_supports = {};...};};};};

    Note that based on the ciphersuites listed in “Required Ciphersuites? on page 24-46 and the rules for target_supports and target_requires appearing in the tables in Section 24.5.1.3, “TAG_TLS_SEC_TRANS,? on page 24-35, all target IORs should include {Integrity, Confidentiality, EstablishTrustInTarget} in target_supports and at least {Integrity, Confidentiality} in target_requires. This statement applies to all the sample IORs corresponding to all the scenarios described in this chapter.