3.2.1 Abstract Data Model

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

Client secrets: These are the client secrets that must be stored securely on potentially untrusted media. Client secrets need not have any particular format, and their structure is opaque to this protocol.

Wrapped secrets: These are the wrapped versions of the above client secrets. Wrapped secrets have been transformed, through either client-side wrapping or server-side wrapping, into a form that can be securely stored on potentially untrusted media. The client is responsible for the storage of all wrapped secrets.

ClientWrap public keys (ClientWrap subprotocol only): These are the public keys from the server's ClientWrap key pair (as specified in section 3.1.1). They are used by the client to wrap secrets, as specified in section 3.2.4.1. Clients can choose to cache these keys locally, or to retrieve them afresh from the server for each ClientWrap wrapping operation. Each ClientWrap key is associated with an Active Directory domain. A client that executes this protocol against servers in multiple domains will have one ClientWrap public key for each such domain.