RE: [kmip] Client Registration Proposal question

["Pochuev,Denis" <Denis.Pochuev@safenet-inc.com>]

Stan,

Thank you for your feedback.

You are right, the proposal does not address sharing of the objects based on the owner attribute. In fact, I made a comment during the proposal update about two weeks ago that perhaps a different proposal should address object sharing, specifically, the Group proposal. I also remember Krishna's response to my comment that the Group proposal was not a good place for it (I'm paraphrasing). Clearly, object sharing and access control based on the Owner attribute needs to be addressed.

I am open to any suggestions, including the following:

- Client Registration proposal needs to be updated to include object sharing based on the owner attribute and a notion of a collection of Entities (I used the term collection to make it explicitly different from Group)
- Group proposal needs to be updated to include object sharing based on the owner attribute
- A separate collection proposal that addresses object sharing
- Postpone the object sharing and access control until further release (beyond this year)
- Leave object sharing and access control outside of the scope of KMIP at server discretion

I would like to get consensus on which of the options we should choose, perhaps we can discuss this during the call on Thursday.

Regards,
Denis

-----Original Message-----
From: Feather, Stan S [mailto:stan.feather@hp.com] 
Sent: Friday, May 06, 2011 5:12 PM
To: Pochuev,Denis; kmip@lists.oasis-open.org
Subject: RE: [kmip] Client Registration Proposal question

Denis,

I've reviewed the spec changes you've proposed, and I'd like some clarification about support for sharing keys/objects.

Is key sharing between registered Entities considered to be based on server-policy, unrelated to the Owner attribute that each client sees?

There are clearly use cases for sharing objects/keys between multiple Entities registered with the same server.  So, at least to me, it isn't  clear how Owner supports this.


Thanks,
Stan Feather
HP StorageWorks

-----Original Message-----
From: denis.pochuev@safenet-inc.com [mailto:denis.pochuev@safenet-inc.com] 
Sent: Wednesday, April 27, 2011 6:37 PM
To: kmip@lists.oasis-open.org
Subject: [kmip] Groups - Client Registration Proposal (kmip-1.0-spec-client-reg-d.doc) uploaded

Updated following Bruce R's comments and added Entity tag.

 -- Mr. Denis Pochuev

The document revision named Client Registration Proposal
(kmip-1.0-spec-client-reg-d.doc) has been submitted by Mr. Denis Pochuev to
the OASIS Key Management Interoperability Protocol (KMIP) TC document
repository.  This document is revision #2 of
kmip-spec-1.0-client-reg-B.pdf.

Document Description:


View Document Details:
http://www.oasis-open.org/committees/document.php?document_id=41961

Download Document:  
http://www.oasis-open.org/committees/download.php/41961/kmip-1.0-spec-client-reg-d.doc

Revision:
This document is revision #2 of kmip-spec-1.0-client-reg-B.pdf.  The
document details page referenced above will show the complete revision
history.


PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

-OASIS Open Administration

The information contained in this electronic mail transmission 
may be privileged and confidential, and therefore, protected 
from disclosure. If you have received this communication in 
error, please notify us immediately by replying to this 
message and deleting it from your computer without copying 
or disclosing it.