Search This Blog

Thursday, November 1, 2007

XML Schema for ENUM Validation Token Format Definition

Members of the IETF Telephone Number Mapping (ENUM) Working Group have
released an updated "ENUM Validation Token Format Definition" draft
specification. An ENUM domain name is tightly coupled with the underlying
E.164 number. The process of verifying whether the Registrant of an
ENUM domain name is identical to the Assignee of the corresponding
E.164 number is commonly called "validation". This document describes
an signed XML data format (the Validation Token) with which Validation
Entities can convey successful completion of a validation procedure in
a secure fashion. According to the data model requirements, the Token
is the only piece of data passed from the VE to the Registry. Therefore,
the Token needs to contain as least as much information as the Registry
requires to grant the delegation of the requested ENUM domain according
to its registration policy. As the Token will be included in XML-based
Registry/Registrar protocols like the Extensible Provisioning Protocol
(EPP) it is a natural choice to use XML to encode Validation Tokens.
According to the architecture model the propriety of an ENUM delegation
depends on the trust relationship between the Registry and the VE. In
general, an untrusted link between Registry and VE should be assumed
(for instance the Token is passed along with the registration request
by a Registrar, who might have no role in asserting the right-to-use).
Therefore, the Token must be protected against forgery, tampering and
replay-attacks. The cryptographic signature on the token follows RFC
3275 (XML-DSIG. As tokens might be transmitted as part of an already
XML based protocol the exclusive XML canonicalization must be used.
This transform guarantees that namespace declarations inherited from
the surrounding XML do not invalidate the signature. In order to make
the signature an integral part of the token the "enveloped"-signature
mode is employed. The signature covers all information contained in the
Token. The Validation Token is structured into three parts: the basic
validation information, additional information about the Registrant,
and the digital signature. The XML schema can be found in Section 6
of the document. More Information See also the IETF Telephone Number Mapping (ENUM) Working Group Charter: Click Here

No comments: