[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Overview of Profiles included in the Basic Asymmetric Key Profiles document
Here is a summary of the use cases covered by the five profiles included in the Basic Asymmetric Key Profiles document posted to the OASIS site today: 1. Basic Asymmetric Key Store (section 1.1): Key pairs are generated external to the server and are sent to the server for storage (perhaps for key escrow reasons or for ease of distribution to other entities). This profile only requires support for the Register operation. No support for certificates imposed on server. 2. Basic Asymmetric Key and Certificate Store (section 1.2): Key pairs and certificates are generated external to the server and are sent to the server for storage (perhaps for key escrow reasons or for ease of distribution to other entities). This profile only requires support for the Register operation. [May need to make vaulting of dig sig/non-rep only keys optional to avoid controversy over whether this type of keys should be held away from the owner of the keys.] 3. Basic Asymmetric Key Foundry and Server (Section 1.3): 3. Key pairs (but not certificates) are generated by the server. This profile only requires support for the Create Key Pair and Rekey (which is modified supports asymmetric keys) operations. 4. Basic Certificate Server (Section 1.4): Key pairs are generated external to the server (aka locally at the client) but the client would contact the server to request a certificate to be generated -- either directly by the KM or the KM proxies the request to a CA. This profile would support Certify and Re-certify. [Optionally this profile could support register for the key pairs.] 5. Basic Asymmetric Key Foundry and Certificate Server (Section 1.5): Key pairs are generated by the server and the server would also handle getting the corresponding certificates generated (either using its own capabilities or by contacting a CA). This profile would include the Create Key Pair, Rekey (which is modified supports asymmetric keys), Certify and Re-certify operations. Judy Judith Furlong | Principal Product Manager | EMC Product Security Office | RSA -The Security Division of EMC | t: 508 249 3698 | f: 508 249 6107 | e: Furlong_Judith@emc.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]