ATIS 0800023-2011 Managing the IIF Trust Hierarchy Interoperability Specification (Includes Access to Additional Content).pdf

1、 Access to Additional Content for ATIS-0800023 (Click here to view the publication) This Page is not part of the original publication This page has been added by IHS as a convenience to the user in order to provide access to additional content as authorized by the Copyright holder of this document C

2、lick the link(s) below to access the content and use normal procedures for downloading or opening the files. ATIS-0800023 Additional Content Information contained in the above is the property of the Copyright holder and all Notice of Disclaimer use matching rule. 3. If no match, then set the search

3、index to the authorityKeyIdentifier field of the ISS/CA in the next level of the Certificate Chain. 4. Re-try search from step 2 until match is found or stop if chain is followed to root. 5. Use Default URL Rule if there is no match in table. The definition of the Default URL Rule is a matter of ope

4、ration policy and is outside the scope of this document. 5.5.3 Applying the Rule Apply the found rule as follows: If URL Method = 0, then return the empty string as the result. If URL Method = 1, then check the appropriate In-Certificate field for a value and, if the field exists, return that value

5、as the result. Otherwise, return the empty string. If URL Method = 2, then return URL String from the rule as the result. If URL Method = 3, then check the appropriate In-Certificate field for a value and, if the field exists, return that value as the result. Otherwise, return the URL String from th

6、e rule as the result. If URL Method = 4, then return the catenation of the URL String from the rule followed by the value of the authorityKeyIdentifier field of the ISS/C or ISS/CA under check. If URL Method = 5, then check the appropriate In-Certificate field for a value and, if the field exists, r

7、eturn that value as the result. Otherwise, return the catenation of the URL String from the rule followed by the value of the authorityKeyIdentifier field of the ISS/C or ISS/CA under check. Note that when the authorityKeyIdentifier is used in the concatenation to calculate the Synthesized URL, the

8、authorityKeyIdentifier is from the certificate under check, not necessarily the PKI location of the matching rule that is applied. This provides the flexibility for a superior CA to define a uniform rule for all its sub-CAs by providing only one rule at that superior CA level in the Rules Table. It

9、also permits each of those individual sub-CAs to host the revocation status checking service at the URL of their choice by allowing the Synthesized URL to be built using each of those sub-CAs public keys (authorityKeyIdentifier in a Certificate is the hash of the public key of the issuing CA). 5.5.4

10、 Rule Definition Syntax This section defines the XML syntax used to express a rules table. ATIS-0800023 19 The XML text below shall be used to describe the rules table. When URLMethod is 0 or 1, URLString shall be ignored. When URLMethod is 2, 3, 4, or 5, URLString shall be processed as specified by

11、 the URLMethod. The above XML message shall be enclosed in an IPTV Security Solution/Authentication (ISS/A) 9 structure signed by a trusted authority. Additional XML data may be included in the message and ISS/A structure. This specification considers management of the Rules Table a matter of operat

12、ion policy; this includes revising previous Rules Tables both in their entirety as well as partially. 5.5.5 Rules Table Robustness In the context of the robustness rules as defined in ATIS-0800024 8, the Rules Table shall be considered sensitive data that requires integrity protection and shall be a

13、fforded persistent secure storage accordingly. 6 REQUIREMENTS TO SPECIFICATION MAPPING This specification addresses, in part, the following requirements of ATIS-0800001, IPTV DRM Interoperability Requirements. IIF.DRM.General.1000 - The IPTV Security Solution shall support a method to authenticate I

14、PTV Receiving Devices. IIF.DRM.General.1100 - The IPTV Security Solution shall support a method to robustly authenticate subscribers. IIF.DRM.General.1200 - The IPTV Security Solution shall support a method to authenticate users to differentiate these users inside a single subscriber account. Given

15、the assumption of strong subscriber authentication, user authentication may not require a highly robust authentication method. IIF.DRM.General.1400 - The IPTV Security Solution shall support rights management that is independent of specific content formats or standards. ATIS-0800023 20 IIF.DRM.Gener

16、al.1400-0100 - The IPTV solution shall provide a mechanism for secure delivery of entitlements to the IPTV Receiving Devices. IIF.DRM.General.1500 - The IPTV Security Solution shall support non-repudiation of subscriber ordering transactions. IIF.DRM.General.2000 - The IPTV security solution shall s

17、upport a mechanism to allow an IPTV Receiving Device DRM Component to authenticate the DRM Servers. IIF.DRM.General.2100-0200 - The IPTV security solution shall support a mechanism to allow for the authenticity of signaling messages. IIF.DRM.General.2100-0300 - The IPTV security solution shall suppo

18、rt a mechanism to allow for the integrity of signaling messages. IIF.DRM.General.2200 - The IPTV security solution shall provide a secure execution environment in the IPTV Receiving Device by supporting secure boot-loading and secure installs and updates of middleware and applications for the IPTV R

19、eceiving Device DRM Component. IIF.DRM.General.2300 - The IPTV Security Solution shall support secure download and install of the DRM operating code to IPTV Receiving Devices. IIF.DRM.Operator.0500 - The IPTV security solution shall provide a mechanism to allow the IPTV operator to securely retrieve

20、 the parameters (e.g., configuration, status) of an IPTV Receiving Device DRM Component. IIF.DRM.Operator.0600 - The IPTV security solution shall provide a mechanism to allow IPTV operator to securely update the parameters (e.g., configuration) of IPTV Receiving Device DRM Components. IIF.DRM.Operat

21、or.0700 - The IPTV security solution shall provide a mechanism to allow the IPTV operator to securely load the IPTV Receiving Device DRM Component to the IPTV Receiving Devices. ATIS-0800023 21 ANNEX A: XML SCHEMA FOR MANAGING THE IIF TRUST HIERARCHY Two .xsd files and have been electronically packa

22、ged with this ATIS Standard that provide the consolidated XML schema definition for the ATIS IIF Managing the Trust Hierarchy Interoperability Specification. In case of any discrepancies between the XML schema descriptions in this document and those in the companion .xsd documents, the latter shall be normative.