3.1.5.1.1 Initial Request

  • Artikel

The client sends an initial provisioning request either to retrieve the current security policy settings or in response to the server's remote wipe or account only remote wipe directive. During the initial provisioning request, the current policy key MUST be reset to 0 (zero).

To request the current security policy settings from the server, the client sends the initial provisioning request in the following format. The inclusion of the settings:DeviceInformation element depends on the protocol version that is being used. For details, see section 2.2.2.53.

 <Provision>
    <settings:DeviceInformation>
       ...
    </settings:DeviceInformation>
    <Policies>
       <Policy>
          <PolicyType>...</PolicyType>
       <Policy>
    </Policies>
 </Provision>

If the initial provisioning request is in response to receiving a status code from the server indicating that a remote wipe is requested, the initial provisioning request SHOULD consist of an empty Provision element (section 2.2.2.44). If the server response contains a RemoteWipe (section 2.2.2.45) or an AccountOnlyRemoteWipe (section 2.2.2.1) element within the Provision element, the client SHOULD acknowledge the remote wipe, as specified in section 3.1.5.1.2.2, or account only remote wipe, as specified in section 3.1.5.1.2.3. For a remote wipe, the client SHOULD then destroy all data on the device and restore it to factory default settings. For an account only remote wipe, the client SHOULD then destroy all data that it has ever received from the server and erase any stored credentials used to access the server.

If the server response includes a Status element (section 2.2.2.54.2) within the Provision element that indicates success, and also contains a Policies element (section 2.2.2.40) within the Provision element, the client ensures that the security policy settings contained in the Policy element (section 2.2.2.41) are actually enforced, and acknowledges the security policy settings, as specified in section 3.1.5.1.2.1. Any elements that the client ignores because the client does not support the associated feature SHOULD be considered enforced. The value of the PolicyKey element (section 2.2.2.42) contained within this Policy element is a temporary policy key that is only valid for the acknowledgment request.

The client SHOULD ignore any Policy element that has its PolicyType child element (section 2.2.2.43) set to a value that is not supported by the protocol version that is specified in the MS-ASProtocolVersion header. For details about the MS-ASProtocolVersion header, see [MS-ASHTTP] section 2.2.1.1.2.6.