3.5.1 Abstract Data Model

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this algorithm. The described organization is provided to facilitate the explanation of how the algorithm behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

The server MUST supply an X.509 certificate for the purpose of server identification and to be used by the client and server to encrypt SOAP requests/responses.

The server MUST create and securely store a random password to be used to authenticate API requests.