ASF Specification v2.0 DSP0136 - DMTF

More documents

Recommendations

Info

Alert Standard Format (ASF) Specification v2.0 DMTF Document DSP0136 3.2.4.11 Open Session Request (83h) A management console sends this RSSP message to the managed client to open a protected session. The client responds with an Open Session Response (43h) message. Following the Mgt Console Session ID field, this message contains one or more Authentication Payload proposals and one or more Integrity Payload proposals. The format of this message’s Data section is as follows: Data Field Description Byte(s) 1-4 Mgt Console Session ID 5- variable variable Authentication Payload(s) Integrity Payload(s) The Session ID selected by the Mgt Console for this new session. The Bypass Session ID (see 3.2.3.1) is not valid in this context. These payloads define the authentication algorithm proposals to be used to establish a session These payloads define the integrity algorithm proposals to be used to establish a session A Payload is made up of two parts: a Payload Header and Payload Data. Two Payload Data types are defined in this specification: Authentication Algorithm and Integrity Algorithm. The Payload Header is defined in the following table. Data Byte(s) Field Description 1 Payload Type Identifies the type of payload that follows. 00h No payload present (end of list) 01h Authentication algorithm payload 02h Integrity algorithm payload 03h-FFh Reserved for future definition by this specification 2 Reserved Reserved for future definition by this specification, set to 00h 3-4 Payload Length The total length in bytes of the payload including the header The Authentication Algorithm payload data type is defined in the following table. Data Byte(s) Field Description 1 Authentication Defined authentication algorithms are: Algorithm 00h Reserved for future definition by this specification 01h RAKP-HMAC-SHA1 02h-FFh Reserved for future definition by this specification 2-4 Reserved Reserved for future definition by this specification, set to 000000h. The Integrity Algorithm payload data type is defined in the following table. Data Byte(s) Field Description 1 Integrity Algorithm Defined integrity algorithms are: 00h Reserved for future definition by this specification 01h HMAC-SHA1-96 02h-FFh Reserved for future definition by this specification 2-4 Reserved Reserved for future definition by this specification, set to 000000h. 3.2.4.12 Close Session Request (84h) A management console sends this RSSP message to the managed client to close a protected session. The client responds with a Close Session Response (44h) message. Data Length for the sent message is set to 00h, no additional data is sent. DSP0136 23 April 2003 Page 41 of 94
Alert Standard Format (ASF) Specification v2.0 DMTF Document DSP0136 3.2.4.13 RAKP Message 1 (C0h) A management console sends this RAKP message to the managed client to begin the session authentication process. The management console selects a Mgt Console Random Number, a Mgt Console User Role, and an optional Mgt Console User Name and sends them to the managed client along with the Managed Client Session ID specified by the client on the previous Open Session Response (44h). Upon receiving RAKP Message 1, the managed client verifies that the message contains an active Managed Client Session ID and that a session can be created using the requested user information by evaluating of the Device Security Policy. The managed client responds with an RAKP Message 2 (C1h). The format of an RAKP Message 1 message’s Data section is as follows: Data Byte(s) Field 1-4 Managed Client Session ID 5-20 Mgt Console Random Number Description The Managed Client’s Session ID for this session, returned by the client on the previous RSSP Open Session Response (44h) message. Random number selected by the Mgt Console 21 Mgt Console User Role The Role that the user at the Mgt Console wishes to assume for this session. Defined Roles are: Bit(s) Value/Meaning 7:4 Reserved for future definition by this specification, set to 0000b 3:0 0000b Operator 0001b Administrator 0010b-1111b Reserved for future definition by this specification 22-23 Reserved Reserved for future definition by this specification, set to 0000h 24 Mgt Console User Name Length 25-40 Mgt Console User Name (optional) The length in bytes of the Mgt Console user name 00h No name present 01h-10h Name length 11h-FFh Reserved for future definition by this specification A non-NULL terminated ASCII character Name that the user at the Mgt Console wishes to assume for this session. No NULL characters (00h) are allowed in the name. 3.2.4.14 RAKP Message 2 (C1h) A managed client sends this RAKP message to a management console in response to the receipt of an RAKP Message 1 (C0h). Once RAKP Message 1 has been validated (see page 30), the managed client selects a Managed Client Random Number and computes an Integrity Check Value over the values specified by the RAKP algorithm. The managed client sends those values along with the Managed Client Globally Unique ID (GUID) and the Mgt Console Session ID (sent by the console on the previous Open Session Request) to the management console. Upon receiving RAKP Message 2, the management console verifies that the Mgt Console Session ID is active and that the Managed Client GUID matches the managed client that the management console has associated with the session. The management console then validates the Integrity Check Value and responds with an RAKP Message 3 (C2h). The format of an RAKP Message 2 message’s Data section is as follows: DSP0136 23 April 2003 Page 42 of 94
Page 1 and 2: Alert Standard Format Specification
Page 3 and 4: Alert Standard Format (ASF) Specifi
Page 11 and 12: R Alert Standard Format (ASF) Speci
Page 45: Alert Standard Format (ASF) Specifi
Page 97 and 98:
Alert Standard Format (ASF) Specifi
Page 99:
Alert Standard Format (ASF) Specifi
show all

ASF Specification v2.0 DSP0136 - DMTF

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?