Editing XML Management Protocol (section)

== '''Encapsulation in SSL/TCP''' ==

XMP utilizes SSL (more specifically SSLv3 and/or TLSv1) for privacy and authentication.  Cartographer utilizes its own certificate authority to create and sign X509v3 certificates.  Each Cartographer agent and query tool embeds a certificate authority for the creation of its own certificate thus obviating the administrative overhead of managing certificates.  That is, the first time a Cartographer agent is started, it creates and signs its own certificate for use when communicating with other XMP entities.  All XMP entities validate X509v3 certificates using the Cartographer CA cert, but only agents ''must'' present valid X509v3 certs.  Managers, de-emphasized in the Cartographer model, ''may'' present certificates but are not required to.  All agent-agent communication requires authentication thus both must present valid, signed Cartographer certificates.

SSL certificates are stored in PEM format in the installation directory with the filename ''xmpd.pem'' for agents.  The Cartographer certificate authority private/public keys and certificate are stored in the file ''cartographer.pem''.  Command-line tools store their certificates in a file ''toolname.pem''.  If an XMP entity is unable to find its certificate authority information, it will not run.

XMP has been assigned an [http://www.iana.org/assignments/port-numbers reserved TCP port] and has been assigned TCP/UDP port 5270.

XMP PDUs are pre-pended with the (previously-defined) wire header prior to transmission via SSL and TCP.