OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip] Client Information Structure


Chris,
The issue you raise belongs to those listed in the Usage Guide Section 6 as "Deferred KMIP Functionality":
http://www.oasis-open.org/apps/org/workgroup/kmip/download.php/32338/kmip-1.0-ug-ed-0.98-v1.pdf

Until such a client registration mechanism gets specified in KMIP, one could consider registering KMIP Opaque Objects containing the data you listed (or alternatively in custom attributes), for instance.

Regards,
-Robert


"Dunn, Chris" <Chris.Dunn@safenet-inc.com> wrote on 06/11/2009 03:16:00 PM:
>
> I realize this is partly related to client registration, but I’m
> hoping to get some basic client identifying information transmitted
> to the Key Manager.  The base information would be useful includes:
>             Manufacturer Name
>             Model – model of the product running the client
>             Label – user entered description of the specific client
>             Serial Number – further identification
>             Hardware, firmware and software version of the client’s components
>             Effective security level: (1, 2, 3 or 4modeled after FIPS 140)
>             FIPS validated status
>  
> Having a message or protocol structure that carries this information
> would simplify the otherwise out-of-band client registration
> process.  It would also allow the server to make some policy
> decisions.  For example, a FIPS 140 Level 3 module will require keys
> delivered in wrapped format.  
>  
> As an analog to PKCS #11’s C_GetTokenInfo, I believe this will be
> very useful to Key Managers that are handling a wide range of clients.
>  
> To save communication overhead, I assume each client would be
> responsible for informing its Key Server each time one of these
> items changes value.
>  
> I can put together a detailed proposal, but first I thought I’d get
> this proposal on the table and see what others are thinking.
>  
> Chris Dunn
>  
> The information contained in this electronic mail transmission
> may be privileged and confidential, and therefore, protected
> from disclosure. If you have received this communication in
> error, please notify us immediately by replying to this
> message and deleting it from your computer without copying
> or disclosing it.
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]