3.2.5 Message Processing Events and Sequencing Rules
The following processing events and rules apply when the service needs to verify proof of possession of the private key of an X509 certificate on the client, and the client indicated its ability to participate in this protocol using the request semantics specified in section 3.1.5.1.1.
|
Event |
Description |
|---|---|
|
Issuer based certificate challenge |
A challenge for proof of possession of the private key of any certificate issued by one of a given set of issuers. |
|
Thumbprint based certificate challenge |
A challenge for proof of possession of the private key of a specific certificate. |
|
Challenge response |
Processing of the challenge response that was received from the client. |
Based on the context of the client or the resource being protected, the service will issue either an issuer based certificate challenge (section 3.2.5.1) or a thumbprint based certificate challenge (section 3.2.5.2). This determination is implementation-specific.