3.2.5 Message Processing Events and Sequencing Rules

For the system to function properly, the client and the server MUST mutually authenticate each other using client TLS authentication [RFC2246]. For this, the client MUST have the appropriate local configuration to evaluate the trustworthiness of the server TLS certificate and MUST have a client TLS certificate for authenticating itself to the server.

The following resources are required to create and maintain a proper trust configuration between the client and the server.

Resource

Description

Proxy/EstablishTrust

Resource used to establish a trust with the server.

Proxy/RenewTrust

Resource used to renew the trust with the server.

The responses to all the operations can result in the following status codes.

Status code

Description

200

The operation has succeeded.

400

The request is not valid.

401

Unauthorized for specified user credentials or for client TLS certificate.

404

The object does not exist.

405

Invalid verb used in request (GET, DELETE, POST, PUT).

409

The object already exists.

500

Version is not specified where required or any other internal error.

501

Version specified (api-version) is invalid (only valid value is 1).

If the operation authenticates using Integrated Windows authentication [RFC2478], the server MUST validate that the authenticated principal is authorized to do the corresponding operation on the server.