[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] Groups - Client Registration Proposal - Examples (2) (Client_Registration_Examples-E.ppt) uploaded
thanks for the updates, some comments:
page 2
i am glad to help with the proxy and 1 to N mapping of credential and entities and the case of using a transport certificate with a group of devices needs to be accommodated
page 3
credentials are currently extensible and need to accommodate more than just using the transport certificate and username/password - as i have suggested previously we should be explicitly documenting a device credential
page 4
if we add the following i think we cover the proxy with 1 to N
implicit self-registration with credential
could be username/password
could be device identifier
could be another credential type
the new pending registration could be an attempt to implicitly register, but by server policy is initially rejected until the pending registration is resolved by the KMS administrator
after page 7 i would suggest we insert the implicit registration using a credential
also the use case of supporting KMIP clients that can not retain the Obj UUID but instead can only identify themselves with a certificate and/or credentials needs to be supported
page 8
i think the pending registration can be handled with existing mechanisms, or by standardizing a return code on other operations - of pending registration
page 14
this looks useful, but also as i suggest above can be solved by documenting the additional credential types and supporting authentication using any of the credential types
STSM, Technical Strategy Security and Storage Software
102 Thorncliff Circle
Cary, NC 27513
(1) 919 469 5725 - office
(1) 919 605 0331 - mobile
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]