Alert Standard Format (ASF) Specification

Alert Standard Format (ASF) Specification v2.0 DMTF Document DSP0136

DSP0136 23 April 2003 Page 28 of 94

Sliding Window of Received Messages

0 1 1 1 111010111111

Message Stream

Sequence Sequence Sequence

Number Number Number

N N + 7 N + 16

0 = Message Not Yet Received

3.2.3.4 RSP Session Protocol (RSSP)

To make use of RSP, an association must be established between a management console and

the clients that it wishes to manage. An association keeps track of the “state” information that

defines the relationship, including which algorithms to use, keying material, and sequence

numbers. An association is established via a session protocol with a set of messages that can be

used to setup and teardown an association.

For this specification, an RSP Session Protocol (RSSP) is defined (see the diagram that follows)

that divides a session into four (4) phases: Discovery, Creation, Message Transfer, and

Termination. A session is further divided into one of two types based on the management

console user “role” that is used to create the session: operator sessions and administrator

sessions. A managed client must support at least two sessions simultaneously, one of each type.

During the Discovery phase, the management console and the managed client use the RMCP

Presence Ping/Pong messages (see 3.2.4.8 and 3.2.4.3) to determine if a particular managed

client supports the RMCP security extensions. If the managed client supports the RMCP security

extensions and the management console wishes to establish an association with that managed

client, the management console transitions to the Creation phase of the session protocol for that

managed client.

During the Creation phase, the management console and the managed client use the RSSP

Open Session Request/Response messages (see 3.2.4.11 and 3.2.4.6) to exchange Session

IDs, and negotiate the RSSP authentication and key generation protocol (with its associated

algorithms) and the RSP integrity algorithm for the session. Next the management console

initiates the selected authentication and key generation protocol (which might involve one or more

message exchanges) and generates the necessary keying material required for the RSP integrity

algorithm.

If the protocol is successful, an association is now in place between the management console

and the managed client and they each transition to the Message Transfer phase of the session

protocol. If the protocol is not successful because of a lost message (e.g. a reply timer expires

for either entity), both entities re-initialize their protocol state. If the management console detects

the lost message, it restarts the protocol at the beginning.

During the Message Transfer phase, the management console and the managed client exchange

the desired messages necessary to manage the client. Each of these messages is encapsulated

with an RSP Header and Trailer with integrity protection provided by the RSP integrity algorithm

negotiated during the Creation phase. If the management console wishes to close a session, it

transitions to the Termination phase. During the Termination phase, the management console

and managed client exchange the RSSP Close Session Request/Response messages (see

3.2.4.12 and 3.2.4.7) to end the session.