24.7.4 Confidentiality, Trust in Server, and Trust in Client Established in the Connection - Stateless Forward Trust Association Established in Service Context

1. Initiate SSL/TLS connection to TSS.

2. SSL/TLS connection and ciphersuite negotiation accepted by both CSS and TSS. CSS evaluates its trust in target authentication identity and decides to continue. Intermediate (P2) authenticates to TSS in the handshake.

3. Send request with stateless security service context element containing spoken for identity (P1) in identity_token, and trust rule from P1 in authorization_token delegating proxy to P2.

4. Receive reply with CompleteEstablishContext service context element indicating context (and request) was accepted.

5. Same as 3.

   6. Same as 4.

   24.7.4.1 Sample IOR Configuration

   The following sample IOR was designed to address the related scenario.

   CompoundSecMechList { stateful = FALSE; mechanism_list = {

   CompoundSecMec { target_requires = {Integrity, Confidentiality, EstablishTrustInClient}; transport_mech = TAG_TLS_SEC_TRANS {

   target_supports = {Integrity, Confidentiality, EstablishTrustInClient,

   EstablishTrustInTarget}; target_requires = {Integrity, Confidentiality, EstablishTrustInClient}; addresses = {

   TransportAddress { host_name = x; port = y;

   };

   }; }; as_context_mech = {

   target_supports = {};

   ... }; sas_context_mech = {

   target_supports = {IdentityAssertion, DelegationByClient};target_requires = {};privilege_authorities = {

   ServiceConfigurationSyntax { syntax = s; name = n;

   }; }; supported_naming_mechanisms = {GSSUPMechOID}; supported_identity_types = {ITTPrincipalName};

   };};};};