3.6.4.1 Synchronous Enrollment Operation

The RMS enrollment cloud service uses a SOAP over HTTP protocol, as specified in [SOAP1.1].

Enrollment message sequence

Figure 13: Enrollment message sequence

In the enrollment protocol, the server makes an Enroll request submitting information about itself, including its public key, its unique GUID, the type of revocation to use, and Stock Keeping Unit (SKU) and version information about the server. The cloud service generates the SIGNATURE element of the SLC using its private key, appends the element to the SLC, and appends its own certificate chain. It then returns the signed SLC chain to the server in the response.

In the EnrolleeServerInformation complex type (section 3.6.4.1.4.6), the elements SHOULD be populated as follows:

  • SKU SHOULD be set to SKU from ServerState.

  • Version SHOULD be set to serverVersion from ServerState.

  • Name SHOULD be set to name from ServerState.

  • URL SHOULD be set to baseURL from ServerState.

In the EnrolleeRevocationInformation (section 3.6.4.1.4.3) complex type (section 3.6.4.1.4.3), the elements MUST be populated as follows: