[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [kmip] Groups - T11 profile for EAP/GPSK/FC-SP-2 (11-022v2.pdf)uploaded
On 20/05/2011 12:14 PM, david.black@emc.com wrote: > Tim, > >> The argument expressed is basically taking a position that the credentials >> structure should be removed from KMIP (if it can never differ then why include >> it at all) and that I don't think that would gain the support of the TC. > > Not exactly ;-). > > As the expresser of the argument, I observe that a specific profile is under discussion, > not KMIP in general. The argument is expressing the position that for this profile's > intended Fibre Channel usage, the notions of user and system coincide (if there even is > a notion of user), and hence the profile should not permit them to differ. Thanks for the expansion - I'd suggest then the 'right' solution for this profile then is to *exclude* the use of the credentials structure entirely - i.e. any request including credentials should be simply rejected. Including a note within the profile as to the context of why this has been included would be useful. That is the simple solution - and one I think would be well suited to that context - and be sufficiently simple to implement and avoid the whole current discussion on mapping between the client authentication information from the TLS link through to the many and varied forms of 'credential' in the context of KMIP. It is also important I think to provide some mechanism whereby the server can indeed determine that the client is requesting to operate within this 'profile' so that such things can be enforced - however that is not something which any of the profiles to date have tackled. Tim.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]