kmip message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [kmip] Client Information Structure
- From: Robert Haas <rha@zurich.ibm.com>
- To: "Dunn, Chris" <Chris.Dunn@safenet-inc.com>
- Date: Tue, 16 Jun 2009 15:52:35 +0200
Chris,
The issue you raise belongs to those
listed in the Usage Guide Section 6 as "Deferred KMIP Functionality":
http://www.oasis-open.org/apps/org/workgroup/kmip/download.php/32338/kmip-1.0-ug-ed-0.98-v1.pdf
Until such a client registration mechanism
gets specified in KMIP, one could consider registering KMIP Opaque Objects
containing the data you listed (or alternatively in custom attributes),
for instance.
Regards,
-Robert
"Dunn, Chris" <Chris.Dunn@safenet-inc.com>
wrote on 06/11/2009 03:16:00 PM:
>
> I realize this is partly related to client registration, but I’m
> hoping to get some basic client identifying information transmitted
> to the Key Manager. The base information would be useful includes:
> Manufacturer
Name
> Model
– model of the product running the client
> Label
– user entered description of the specific client
> Serial
Number – further identification
> Hardware,
firmware and software version of the client’s components
> Effective
security level: (1, 2, 3 or 4modeled after FIPS 140)
> FIPS
validated status
>
> Having a message or protocol structure that carries
this information
> would simplify the otherwise out-of-band client registration
> process. It would also allow the server to make some policy
> decisions. For example, a FIPS 140 Level 3 module will require
keys
> delivered in wrapped format.
>
> As an analog to PKCS #11’s C_GetTokenInfo, I
believe this will be
> very useful to Key Managers that are handling a wide range of clients.
>
> To save communication overhead, I assume each
client would be
> responsible for informing its Key Server each time one of these
> items changes value.
>
> I can put together a detailed proposal, but first
I thought I’d get
> this proposal on the table and see what others are thinking.
>
> Chris Dunn
>
> The information contained in this electronic
mail transmission
> may be privileged and confidential, and therefore, protected
> from disclosure. If you have received this communication in
> error, please notify us immediately by replying to this
> message and deleting it from your computer without copying
> or disclosing it.
>
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]