The receiving end of the GPKI protocol is the GPKI Adapter. The adapter translates the fundamental operations to the specific type of PKI for which it was built (in other words, there is a GPKI Adapter for RSA, another for OpenTrust, and so on).
The GPKI Adapter, being a SOAP Web Services endpoint, publishes a self-describing WSDL. Creating a GPKI PKI Entity amounts to providing XenMobile with that WSDL, either through a URL or by uploading the file itself.
Support for each of the PKI operations in an adapter is optional. If an adapter supports a given operation, it is said to have the corresponding capability (sign, fetch or revoke). Each of these capabilities may be associated with a set of user parameters.
User parameters are parameters that are defined by the GPKI adapter for a specific operation and for which you need to provide values to XenMobile. Which operations the adapter supports (which capabilities it has) and which parameters it requires for each of them is determined by XenMobile by parsing the WSDL. The connection between XenMobile and the GPKI Adapter may optionally be secured using SSL client authentication.