3.2.5 Message Processing Events and Sequencing Rules
For the system to function properly, the client and the server MUST mutually authenticate each other using client TLS authentication [RFC2246]. For this, the client MUST have the appropriate local configuration to evaluate the trustworthiness of the server TLS certificate and MUST have a client TLS certificate for authenticating itself to the server.
The following resources are required to create and maintain a proper trust configuration between the client and the server.
|
Resource |
Description |
|---|---|
|
Proxy/EstablishTrust |
Resource used to establish a trust with the server. |
|
Proxy/RenewTrust |
Resource used to renew the trust with the server. |
The responses to all the operations can result in the following status codes.
|
Status code |
Description |
|---|---|
|
200 |
The operation has succeeded. |
|
400 |
The request is not valid. |
|
401 |
Unauthorized for specified user credentials or for client TLS certificate. |
|
404 |
The object does not exist. |
|
405 |
Invalid verb used in request (GET, DELETE, POST, PUT). |
|
409 |
The object already exists. |
|
500 |
Version is not specified where required or any other internal error. |
|
501 |
Version specified (api-version) is invalid (only valid value is 1). |
If the operation authenticates using Integrated Windows authentication [RFC2478], the server MUST validate that the authenticated principal is authorized to do the corresponding operation on the server.