Gsa Certification Requirements Checklist - G2s 1.0.3

GSA Transport v1.2 Certification Requirements – Release 1

1 Overview To be GSA Certified, implementations of the GSA G2S or S2S communications protocol MUST be tested for compliance with a GSA-approved transport as well as compliance with the specific GSA communications protocol. GSA communications protocols may be found on the GSA website at www.gamingstandards.com. The GSA Transport Certification Requirements Checklist, on the following pages, is used to identify the Functional Groups to be certified for implementations using the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification as well as the GSA Multicast Transport Protocol. Separate checklists are used to identify the functional groups to be certified within the GSA communications protocols. Those checklists may be found on the GSA website at www.gamingstandards.com.

1.1 Eligible Versions The following versions of the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification, as well as the GSA Multicast Transport Protocol, are eligible for certification using these Certification Requirements. From time-to-time, as new versions are released, this list may be updated and a new version of these Certification Requirements may be released.

 GSA Point-to-Point SOAP/HTTPS Transport and Security Specification v1.2  GSA Multicast Transport Protocol v1.2

1.2 Technical Bulletins From time-to-time, Technical Bulletins regarding the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification, as well as the GSA Multicast Transport Protocol, may be issued by the GSA. The Technical Bulletins contain critical information regarding corrections, clarifications, and certification requirements for the transports. Information contained in the Technical Bulletins may have a direct impact on the requirements of the transports. Information contained in the Technical Bulletins may also have a direct impact on and the requirements for GSA certification of implementations using the transports. It is strongly recommended that implementers of the transports review the Technical Bulletins on a regular basis for corrections and clarifications that may affect their implementations. The Technical Bulletins are available in the download area of the GSA website www.gamingstandards.com.

1.3 Certification Requirements To be certified, implementations of the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification, as well as the GSA Multicast Transport Protocol, MUST meet the requirements of the version of the transport under test and the requirements identified in this document. Released versions of the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification, as well as the GSA Multicast Transport Protocol, can be found on the GSA website at www.gamingstandards.com. Implementations of the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification, as well as the GSA Multicast Transport Protocol, MUST adhere to the following requirements to be certified by the GSA. From time-to-time, as new versions are released, these requirements may be updated and a new version of these Certification Requirements may be released.

 The manufacturer of the implementation MUST comply with all requirements of the GSA Certification Program Guide. This document can be found on the GSA website at www.gamingstandards.com.

 To be certified for a Functional Group, the implementation MUST comply with all applicable client and/or host requirements defined within the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification for the Functional Group. Requirements are indicated by the terms MUST, MUST NOT, and REQUIRED. Some requirements may not be specifically tested by the testing agency.

 To be certified for a Functional Group that includes multicast functionality, the implementation MUST comply with all applicable client and/or host requirements in the GSA Multicast Transport Protocol for the Functional Group. Requirements are indicated by the terms MUST, MUST NOT, and REQUIRED. Some requirements may not be specifically tested by the testing laboratory.

1.4 Certification Record Requirements For an implementation to be certified, the testing laboratory MUST provide a written Certification Record for the implementation to the Certification Authority. The Certification Record MUST include the complete results of the conformance testing performed on the implementation.

 The Certification Record MUST identify all Functional Groups supported by the implementation regardless of whether a specific Functional Group was actually tested.

 For each Functional Group supported by the implementation, the Certification Record MUST indicate whether the implementation conformed to the requirements for the Functional Group, whether the implementation did not conform to the requirements for the Functional Group, or whether the Functional Group was not tested.

 The implementation MAY contain functionality that is not part of any Functional Group. For example, the implementation may include an extension to the WSDL under test. If any such functionality is present in the implementation, the Certification Record, at a minimum, MUST indicate that other functionality was present in the implementation. Further details of the

functionality MAY be withheld from the Certification Record. The Certification Record MUST NOT include any indication of whether the functionality was tested or whether the functionality conformed to a set of requirements.

1.5 Error and Ambiguities Should an error or ambiguity be discovered during certification testing, the Certification Authority should use the following guidelines to resolve the issue.

 Errors and ambiguities should be resolved in a manner that is consistent with subsequent released versions of the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification, as well as the GSA Multicast Transport Protocol, or, in the absence of a released version, with clarifications or corrections that have been approved by the GSA Transport Technical Committee for inclusion in a future version of the transports.

 Errors and ambiguities should be resolved in a manner that will do the most to promote interoperability.

1.6 Deprecated Functionality Functionality within released versions of the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification, as well as the GSA Multicast Transport Protocol, may be identified as deprecated. This indicates that the GSA no longer recommends that the functionality be implemented. Implementations SHOULD NOT include deprecated functionality. However, to maintain backwards compatibility, implementations MAY include deprecated functionality. Functionality may also be identified as deprecated in subsequent released versions of the GSA Point-to-Point SOAP/HTTPS Transport and Security Specification as well as the GSA Multicast Transport Protocol. Implementations MAY omit any such deprecated functionality. However, before doing so, manufacturers SHOULD verify that the functionality is not needed for interoperability with other end-points.

2 Transport Certification Requirements Checklist

2.1 How to Use Checklist The checklist contains three columns. The first two columns contain checkboxes used to indicate support for the corresponding Functional Group or Sub-Functional Group. The third column contains the description of the Functional Group or Sub-Functional Group. In certain cases, requirements for filling out the checklist are also indicated in the third column with the text "MUST". In the following example:

 There are requirements associated with the first two sets of functionality (A and B). o Set A and B require at least one Functional Group be selected. o Set B requires at least one Sub-Functional Group be selected if Functional Group B.2 is selected.  The last two sets of functionality (C and D) are optional. o Neither, either or both Functional Groups in Set C may be selected. o Set D is comprised of a single optional Functional Group.

In the example below, the checks indicate that all of Set A, Sub-Functional Group B.2, and optional Functional Group C.2 are supported.

Sub- Functional Functional Functional Group Description Group Group Set A Functionality (MUST select at least one)

Functional Group A.1

Functional Group A.2

Set B Functionality (MUST select at least one)

Functional Group B.1 Functional Group B.2 (MUST select at least one of the following if this group is selected)

Sub-Functional Group B.2.1

Sub-Functional Group B.2.2

Set C Functionality Description

Functional Group C.1

Functional Group C.2

Set D Functionality/Functional Group

2.2 Certification Checklist

Sub- Functional Functional Functional Group Description Group Group WSDL Support (MUST select at least one) S2S v1.3 or v1.2.2 S2S v1.2.1 G2S v1.3 or v1.1.2 G2S v1.1.1 4 Megabyte Message Support Transport Options SOAP Client (MUST select one) No Transport Options Support Support Transport Options (MUST select at least one if Support Transport Options is selected) No GZIP

GZIP in HTTP Stack

GZIP Payload

Transport Options SOAP Server (MUST Select one) No Transport Option Support Support Transport Options (MUST select at least one if Support Transport Options is selected) No GZIP

GZIP in HTTP Stack

GZIP Payload Security and Authentication – Certificate Options (Check all that apply) Change Symmetric Key On Demand TLS Re-handshake GetNextCACert Support Verify Domain by Subject Alternate Name Security and Authentication – Symmetric Algorithms Supported (Check all that apply) AES (Recommended) Other Security and Authentication – OCSP Client Support (MUST select at least one) No Communications When OCSP Server Is Offline Use Previously Good Certificates For A Limited Time Use CRLs When OCSP Is Offline

Sub- Functional Functional Functional Group Description Group Group Security and Authentication – OCSP Client Options (Check all that apply) Nonce Support Next Update Support DHCP Support (Host Entities only) DHCP Client Support Multicast Support (Check all that apply) Multicast Listener Multicast Host