On 4/19/22 2:53 PM, Tim Hudson wrote:
KMIP details below.
Thanks Type. Validation type is different than I thought. I thought it would indication FIPS-140 versus some other NIST validation. So what would be the values for FIPS-140-2 level 1, and FIPS-140-3 level2 ?
bob
Authority Type is the program authority - which is the specific program that is providing validations.
We expect to add other programs on request - i.e. define additional enumerations.
Like PKCS#11, KMIP also has extension encoding options for vendor-specific/private enumeration values.
FIPS 140-2 level 1
   <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="
http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="2"/>    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="1"/>    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>
FIPS 140-3 level 2
   <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="
http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="3"/>    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="2"/>    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>
Note that NIST has changed its URLs since those examples were written.
andÂ
Would be the "current" links and the previous links do redirect (although the certificate based redirect only redirects to the main module search page).Â
Tim.