OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: s2s inspired changes to KMIPv1

During the work on server-to-server extensions of KMIPv1, we came up with
few proposals for spec changes
that the TC might consider for inclusion already in the KMIPv1. The benefit
of this would be reducing the differences
between KMIPv1 and its future versions. These could be accepted as a part
of public review.

We believe that the changes proposed below are not strictly related to
server-to-server (although the need for them
appeared in this context). Furthermore, most of the changes seem pretty
lightweight and acceptable.

The proposed changes are included below. Best regards,
Marko Vukolic

Issue 1: The behavior of Put when Replaced Unique Identifier (ruuid) is
specified, but the object with ruuid does not exist
on the remote end (client) is not specified. Specifying this behavior might
enhance interoperability.

Proposed resolution:
The client (remote end) ignores the ruuid and acts like it was not

Issue 2: Notify does not support notification about deleted attributes.

Proposed resolution:
Augment Notify to support attribute deletion notification (to be detailed).

Issue 3: the optional support of wildcards in Locate is stated only for
Name and Object group. It is not clear why other
attributes that are represented as Strings are not supported by the
wildcards. This seems to be a leftover from the
early days of KMIP in which Locate supported only a subset of attributes.

(lines 1147-1149)

"1147 When using the Name or Object Group attributes for identification,
wild-cards or regular expressions
1148 (defined, e.g., in [ISO/IEC 9945-2]) MAY be supported by specific key
management system
1149 implementations"

Proposed resolution: replace in line 1147 "Name or Object Group" with
"Unique Identifier, Name, Certificate Identifier,
Certificate Subject, Certificate Issuer, Digest, Operation Policy Name,
Revocation Reason, Object Group, Link,
Application Specific Information or Contact Information".

Issue 4: Not possible to "Locate All" objects in KMIPv1.  This
functionality is
very useful in the server-to-server context but might be nice to have even
for client/server.

Proposed resolution:
Omitting all attributes from a Locate request could be interpreted as
"Locate All"


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]