Previous | Table of Contents | Next |
Level 1 adds the following additional requirements to those of Level 0.
24.6.2.1 Authorization Tokens
Level 1 implementations shall support the push model for privilege attributes.
Level 1 requires that a CSS provide clients with an ability to include an authorization
token, as defined in Section 24.2.3, “Authorization Token Format,? on page 24-10, in
SAS EstablishContext protocol messages.
Level 1 requires that a TSS be capable of evaluating its support for a received
authorization token according to the rules defined in Section 24.2.3.1, “Extensions of
the IETF AC Profile for CSIv2,? on page 24-11.
A Level 1 TSS shall recognize the standard attributes and extensions defined in the
attribute certificate profile defined in [IETF ID PKIXAC].
Level 1 requires that a target object that supports pushed privilege attributes include in its IORs the names of the privilege
authorities trusted by the target object (as defined
in “struct SAS_ContextSec? on page 24-40).