This attribute is used in the "Permitted.." sub-elements to define whether a key may be used at "any" value of the permission or only during specified values of the permission. For example, a key with a "PermittedDays" permission might indicate that the specific key can be used on "any" day - by the attribute "any" being set to "true" - or only on specific days - where the attribute "any" would be set to "false" and the permitted days would be listed as sub-elements to "PermittedDays". The latitude coordinate of a location. It is expressed as a decimal with a fraction, where the minutes and seconds are collapsed into a single decimal. An example is 37.385562. The longitude coordinate of a location. It is expressed as a decimal with a fraction, where the minutes and seconds are collapsed into a single decimal. An example is -121.993387. The type of message digest - SHA-1, SHA-256, SHA-512 etc. The base64-encoded message digest of the application. An identifier type that consists of only a single ASCII decimal element that ranges from the value 1 to 18446744073709551615. An identifier type that consists of two 20-character ASCII decimal numbers separated by a hyphen ("-"). Each 20-character decimal element ranges from the value 1 to 18446744073709551615. An identifier type that consists of three 20-character ASCII decimal numbers separated by a hyphen ("-"). Each 20-character decimal element ranges from the value 1 to 18446744073709551615. This is different from the GlobalKeyIDType in that the GlobalKeyIDType permits each part to contain the numeral "0", but the ThreePartIDType does not; the minimum value of each part must be "1". The number of seconds a symmetric key may be used for, once the client application starts using the key. The W3C XML Encryption specified algorithm that this symmetric key must be used with for cryptographic operations. The reason for supporting only the XML Encryption standard has to do with the extensive use of the XML Encryption schema for ciphertext by the current open-source implementation of this protocol. It would be wiser to have newer algorithms supported and specified by W3C in the XML Encrytpion standard before using them, rather than making up one's own algorithm URIs. The Triple-DES with Cipher Block Chaining encryption algorithm The 128-bit AES with Cipher Block Chaining encryption algorithm The 192-bit AES with Cipher Block Chaining encryption algorithm The 256-bit AES with Cipher Block Chaining encryption algorithm The Global Key-ID (GlobalKeyID) is a string identifier of a symmetric key, consisting of five parts: 1) a non-negative integer identifying the Domain ID (DID). The DID identifies the IANA-issued Private Enterprise Number (PEN) as issued and published at http://www.iana.org/assignments/enterprise-numbers and is used within the EKMI to constrain the ownership of objects in the EKMI; 2) a literal hyphen ("-"); 3) a non-negative integer identifying the Server ID of the server that originally generated the key; 4) another literal hyphen ("-"); 5) a non-negative integer identifying the Key ID; Combined, the five components of this element make up a unique identifier for a symmetric key across the internet. A minimal GlobalKeyID element instance would look like: "10514-0-0" which represents a request for a new symmetric key (since there can be no ServerID or a KeyID with a value of "0" other than to specify a request for a new symmetric key). To accomodate the limitations on SQL databases, the maximum value of the GlobalKeyID element must be (a 62-byte ASCII decimal): "18446744073709551615-18446744073709551615-18446744073709551615" In practice, an enterprise will more than likely manage only its own domain, and within the domain have no more than a few dozen Symmetric Key Services (SKS) servers, and perhaps a few billion keys; so we would expect large GlobalKeyID's to look like the following: "10514-2-16777215" "15966-5-1073741823" "22408-13-4294967295" A user-defined class for symmetric keys that can be used by applications to encrypt specific classes of data. The size of the symmetric encryption key. Given the currently supported algorithms, this will range from 128 to 256. 128-bit key 192-bit key 256-bit key An enumeration of the classification levels based on the Bell-LaPadula model. Data that is deemed public. Data that is deemed confidential. Data that is deemed secret. Data that is deemed top-secret. The number of encryption transactions permitted with this symmetric key. It does not limit decryption transactions. The day of week a symmetric key may be used by applications. An indicator if the policy containing this element type is currently "Active", "Default", "Inactive" or "Other". An active policy. If this element is in the KeyCachePolicy object, it indicates that symmetric keys may be cached with this KCP. If it is in the KeyUsePolicy object, it indicates that the symmetric key may be used for encryption. The default policy in the absence of a named KCP or KUP. It is automatically active, unless over-ridden. A policy that, in the case of the KCP, must not be used for caching any symmetric keys or in the case of a KUP for encryption. A policy that has an implementation-specific action. Recommended only for test-use. The unique identifier of the application. The name of the application. The version number of the application. The maximum number of keys permitted to be cached on the client. The maximum number of seconds keys are permitted to be cached on the client. The KeyCachePolicyType document is returned as part of the response to a request for a key-caching policy from a Symmetric Key Services (SKS) server. The KCP tells the SKMS client if it may cache symmetric keys, and if so, how many new and used keys it may cache, for how long, etc. The unique Policy ID of the KeyCachePolicy is a concatenation of the DomainID and the unique key-caching policy ID within that domain. It is a 41-byte ASCII decimal value. The name of the KeyCachePolicy, as defined by the enterprise running this Symmetric Key Management System (SKMS). A detailed description of the KeyCachePolicy, for human readers, as defined by the enterprise running this Symmetric Key Management System (SKMS). The class of keys to which this KeyCachePolicy applies. The date and time on which this KeyCachePolicy becomes effective. The date and time when this KeyCachePolicy becomes obsolete. The number of seconds that must elapse before which the client sends a KeyCachePolicy Request message to the SKS server for an update on the policy. This is to ensure that clients are always updated on any KCP changes at the server. Maximum value is 30 days. An indicator if the KeyCachePolicy is currently "Active", "Default", "Inactive" or "Other". Details about the maximum number of new (unused for any encryption transaction by the client) symmetric keys that may be cached by the client and for how long. If the element is missing from a KCP response, it means that new symmetric keys may NOT be cached on the client. Details about the maximum number of used (used for any encryption transaction by the client) symmetric keys that may be cached by the client and for how long. If the element is missing from a KCP response, it means that used symmetric keys may NOT be cached on the client. A list of KeyClass elements that will be used in requests to ask for multiple symmetric keys, each corresponding to a KeyClass type in this list. This is useful in applications that need to encrypt a single data document for multiple targets, each with their own access policies and restrictions. If KeyClasses is used in a request, there must be least one KeyClass child within it. The KeyUsePolicyType document is returned as part of the response to a request for a symmetric key from a Symmetric Key Services (SKS) server. The KUP tells the client how it must use the associated symmetric key. At least one permission-type will provide the policy definition. The unique Policy ID of the KeyUsePolicy is a concatenation of the DomainID and the unique key-use policy ID within that domain. It is a 41-byte ASCII decimal value. The name of the KeyUsePolicy, as defined by the enterprise running this Symmetric Key Management System (SKMS). A user-defined class for keys generated with this KeyUsePolicy. The type of algorithm used by this symmetric key policy. The size of the symmetric encryption key. An indicator if the KeyUsePolicy is currently "Active", "Default", "Inactive" or "Other". The permissions that define the policy for how this symmetric key may be used. A list of applications that are permitted to use this key. The interpretation of the application element is user application-defined. It may consist of a name, version number, a message digest, etc. When the "any" attribute is set to "true", no PermittedApplication elements must appear in this element. A list of the dates when this key may be used. If it exists, the key must be used only between the given sets of StartDate-EndDate with the start and end dates inclusive. Must use the following format: YYYY-MM-DD. When the "any" attribute is set to "true", no PermittedDate elements must appear in this element. A list of days of the week that the symmetric key may be used. Its meaning is application-specific. When the "any" attribute is set to "true", no PermittedDay elements must appear in this element. A complex-type to wrap the DurationType with the "any" attribute. A list of classification levels within which an application is permitted to use the key. Its interpretation is application-specific. When the "any" attribute is set to "true", no PermittedLevel elements must appear in this element. A list of physical locations of the client, where the key may be used. This is specific to the application and may consist of GPS coordinates, Building numbers, secure rooms, cities, etc. Its meaning is application-defined. When the "any" attribute is set to "true", no PermittedLocation elements must appear in this element. A complex-type to wrap the NumberOfTransactionsType with the "any" attribute. A list of the times of day when this key may be used. If it exists, the key must be used only between the start_time and end_time, with the start and end times inclusive. Must use 24-hour clock in the following format: HH:MM:SS. When the "any" attribute is set to "true", no PermittedTime elements must appear in this element. A list of uses that describes how the symmetric key may be used. Its meaning is application-specific. When the "any" attribute is set to "true", no PermittedUse elements must appear in this element. This is a required element that allows companies to define how the symmetric key may be used. It will be included in the KUP object returned with the symmetric key. Applications must parse through the permissions before using the key and only allow what is permitted for that permission type. All "Permitted..." sub-elements - except for the Other element - are required. However, if the attribute "any" for each of the "Permitted..." sub-elements is set to "true", then the xsi:nil attribute must also be set to "true" and the sub-element must be empty. If the value of the "any" attribute for a specific "Permitted..." sub-element is "false", then at least one child element must exist for the "Permitted..." sub-element and the xsi:nil attribute must not exist. A symmetric key object, which is the succesfully response of a request for a key from an SKMS client to an SKS server. While the The global key-identifier of the symmetric key in this object. This will always be non-zero (10514-0-0) in a successful response from an SKS server. Note that in DRAFT 01 of SKSML, the GlobalKeyID was specified in a KeyName element. This element defines a policy for how clients may use symmetric keys on the client device. Note that this element used to be in the EncryptionProperties element in DRAFT 01. The type of encryption used to protect the symmetric key in this payload. The encrypted symmetric key. A response with an error message in the event that a request was not successful. The global key-identifier of the symmetric key that was requested by the client. The requested key-class for a new symmetric key, if any. An application-specific error code. An application-specific error message that provides detail on the error