[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] Server to Client Query
So this is not a new issue it exists today with the current server to client operations. As such it's not really an issue with the new operations I have proposed to query and so I propose it is handled as such as a different proposal entirely Mark Joseph, PhD President P6R, Inc 408-205-0361 www.p6r.com <div>-------- Original message --------</div><div>From: John Leiseboer <JL@quintessencelabs.com> </div><div>Date:08/21/2014 2:29 PM (GMT-08:00) </div><div>To: kmip@lists.oasis-open.org </div><div>Subject: [kmip] Server to Client Query </div><div> </div>As requested on the call today, I am sending a description of the server to client query issue that was discussed in the TC call on June 19. There is an asymmetry in KMIP, such that KMIP clients may use a proxy to connect to a KMIP server, where the proxy terminates the TLS connection with the server. This asymmetry does not permit a server to directly address a client sitting behind the proxy for server to client messages. Incidentally, this is also an issue for the Notify and Put operations, and could perhaps be resolved in a similar manner. This is not an issue in the client to server direction because: a. The server is the end point (as far as KMIP request messages are concerned) and we do not (yet) have the concept of a server proxy in KMIP; b. As the proxy is acting on behalf of clients, it can manage the pairing of requests and their responses, and map these to its end-point clients. There are many practical examples of this type of configuration: tape library as proxy to tape drives; disk array controller as proxy to disk drives; VM manager as proxy to VM instances; communications controller as proxy to radio receivers and transmitters; key loader as proxy to end-point encryption devices; etc. As expressed on the call, some TC members' products, and customers, support configurations where clients with DIFFERENT capabilities connect through a proxy. The current proposal for server to client queries assumes a one-to-one direct relationship between the server and the client. The proposal does not specify how a server can direct a query to a specific end-point client behind the proxy, or how a proxy can indicate which end-point client a query response applies to. I will try to describe some of the possible solutions to this in a later email. Right now, I have other work to do. John John Leiseboer | Chief Technology Officer | QuintessenceLabs | W: quintessencelabs.com E: jl@quintessencelabs.com | M(AU): +61 409 487 510 | M(US): +1 202 294 6825 | Skype: jleiseboer AU: 15 Denison St | Deakin | ACT 2601 | T: +61 2 6260 4922 US: Suite 1077 Bldg 19 | NASA Ames Research Park | Moffett Field CA 94035 | T: +1 650 870 9920 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]