Share via


3.3.1 Abstract Data Model

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol, in addition to those listed in section 3.1.1. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

Group Password: The group password received out-of-band of the protocols described here. This can be used only when the group supports password authentication (Group Security version is 1.1). This cannot be used when a GMC has already been issued to the local node.

Group Password Hash: A binary value containing the password hash received as part of the Security Properties record. This value is only present when the group supports password authentication (Group Security version is 1.1).

Remote GMC Chain: A list of X509 certificate structures containing the GMC chain for the remote Identity.

Group Authenticate State: The state of current Group Connect sub-protocol with the following states: Initial, TLS Connected, Hello Sent, Hello Received, Password Received, Authentication Complete.

Note that the above conceptual data can be implemented using a variety of techniques. An implementation is at liberty to implement such data in any way it pleases. The list of conceptual data model is for a single instance of the Group Connect subprotocol. A node can instantiate more than one Group Connect subprotocol instance and the same set of conceptual data MUST be maintained for each instance.