diff --git a/security/ClientDirectedCertificateTransfer.txt b/security/ClientDirectedCertificateTransfer.txt
new file mode 100644
index 0000000..f7815da
--- /dev/null
+++ b/security/ClientDirectedCertificateTransfer.txt
@@ -0,0 +1,24 @@
+/*
+@startuml
+autonumber
+
+title Client-directed Certificate Transfer
+
+participant "Credential Management Service" as CMS
+participant "Device" as DEV
+
+note over CMS, DEV
+The Ownership Credential should be used to establish a secure connection.
+end note
+
+CMS->DEV: RETRIEVE /oic/sec/csr
+DEV->CMS: RSP [{"csr":"<contents of CSR>", "encoding":"<supported-encoding-type>"}]
+
+CMS->DEV: UPDATE /oic/sec/cred [{"credtype":8, "subject":"deviceuuid", "credusage":"primary_cert", "publicdata":"<DER-encoded device and CA certificate chain in base64>"}]
+DEV->CMS: RSP 2.04
+
+CMS->DEV: UPDATE /oic/sec/pstat [{..., "tm"="bx0010,0000", ...}]
+DEV->CMS: RSP 2.04
+ 
+@enduml
+*/
diff --git a/security/DOXM-JW.txt b/security/DOXM-JW.txt
index ab7798e..c7800b3 100755
--- a/security/DOXM-JW.txt
+++ b/security/DOXM-JW.txt
@@ -46,7 +46,7 @@ ND->OT: RSP 2.04
 note over OT, ND
 Onboarding tool posts the device owner ID.
 end note
-OT->ND: POST /oic/sec/doxm[{..., "devowner":"B0B0XXXX-...",...}]
+OT->ND: POST /oic/sec/doxm[{..., "devowneruuid":"B0B0XXXX-...",...}]
 ND->OT: RSP 2.04
 
 note over OT, ND
diff --git a/security/DOXM-MFGCERT.txt b/security/DOXM-MFGCERT.txt
index 67f6403..e3f5433 100755
--- a/security/DOXM-MFGCERT.txt
+++ b/security/DOXM-MFGCERT.txt
@@ -52,7 +52,7 @@ ND->OT: RSP 2.04
 note over OT, ND
 Onboarding tool posts the device owner ID.
 end note
-OT->ND: POST /oic/sec/doxm[{..., "devowner":"B0B0XXXX-...",...}]
+OT->ND: POST /oic/sec/doxm[{..., "devowneruuid":"B0B0XXXX-...",...}]
 ND->OT: RSP 2.04
 
 note over OT, ND
diff --git a/security/DOXM-RDP.txt b/security/DOXM-RDP.txt
index 5efcb72..1cd7066 100755
--- a/security/DOXM-RDP.txt
+++ b/security/DOXM-RDP.txt
@@ -51,7 +51,7 @@ ND->OT: RSP 2.04
 note over OT, ND
 Onboarding tool posts the device owner ID.
 end note
-OT->ND: POST /oic/sec/doxm[{..., "devowner":"B0B0XXXX-...",...}]
+OT->ND: POST /oic/sec/doxm[{..., "devowneruuid":"B0B0XXXX-...",...}]
 ND->OT: RSP 2.04
 
 note over OT, ND