Table of Contents
Advertisement
System Architecture
Agent Services Interface
The agent services interface provides JAVA servlets to process HTML form
submissions coming from the agent entry-point. Based on the information given in
each form submission, the agent servlets allow agents to perform agent tasks, such
as editing and approving requests for certificate approval, certificate renewal, and
certificate revocation, and approving certificate profiles. The agent services
interface is almost identical for a CA Subsystem and a RA subsystem. The agent
services interfaces for a DRM subsystem or an OCSP Responder are specific to the
subsystems.
The agent services interface is also used for inter-CIMC_Boundary communication
for RA-to-CA and CA-to-DRM trusted connection. These connections are protected
by SSL client-authentication, and differentiated by separate trusted roles called
Trusted Managers. Like the agent role, the Trusted Managers (pseudo-users
created for inter-CIMC_Boundary connection only) are required to be SSL
client-authenticated, however, unlike the agent role, they are not offered any agent
capability.
Administrative Interface
The administrative interface provides JAVA servlets to process commands coming
from the administrative entry-point. Based on the information given at each
command, the administration servlets allow administrators to perform
administrative tasks and configure plug-in modules and instances of plug-in
modules. This interface is similar for all four subsystem. It contains some common
configuration types, but also contains different plug-in types that can be
configured depending on the kind of subsystem configured. The auditor shares the
same interface with the administrator, with the restriction to view all
configurations and logs (including audit logs); while administrators are restricted
from viewing the audit logs. During setup, the administrator will be directed to
configure this interface to accept only SSL client authentication
JSS and the Java/JNI Layer
Java Security Services (JSS) provides a Java interface for security operations
performed by NSS. JSS and higher levels of the CMS architecture are built with the
Java Native Interface (JNI), which provides binary compatibility across different
versions of the Java Virtual Machine (JVM). This design allows customized
subsystem services to be compiled and built just once and run on a range of
platforms. JSS supports most of the security standards and encryption technologies
supported by NSS. JSS also provides a pure Java interface for ASN.1 types and
BER-DER encoding. JSS documentation can be found on-line at:
Chapter 1
Overview
61
Advertisement
Table of Contents
