OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Server to Client Query

As requested on the call today, I am sending a description of the server to client query issue that was discussed in the TC call on June 19.

There is an asymmetry in KMIP, such that KMIP clients may use a proxy to connect to a KMIP server, where the proxy terminates the TLS connection with the server. This asymmetry does not permit a server to directly address a client sitting behind the proxy for server to client messages. Incidentally, this is also an issue for the Notify and Put operations, and could perhaps be resolved in a similar manner.

This is not an issue in the client to server direction because:
a. The server is the end point (as far as KMIP request messages are concerned) and we do not (yet) have the concept of a server proxy in KMIP;
b. As the proxy is acting on behalf of clients, it can manage the pairing of requests and their responses, and map these to its end-point clients.

There are many practical examples of this type of configuration: tape library as proxy to tape drives; disk array controller as proxy to disk drives; VM manager as proxy to VM instances; communications controller as proxy to radio receivers and transmitters; key loader as proxy to end-point encryption devices; etc.

As expressed on the call, some TC members' products, and customers, support configurations where clients with DIFFERENT capabilities connect through a proxy. The current proposal for server to client queries assumes a one-to-one direct relationship between the server and the client. The proposal does not specify how a server can direct a query to a specific end-point client behind the proxy, or how a proxy can indicate which end-point client a query response applies to.

I will try to describe some of the possible solutions to this in a later email. Right now, I have other work to do.

John

John Leiseboer | Chief Technology Officer | QuintessenceLabs | W: quintessencelabs.com
E: jl@quintessencelabs.com | M(AU): +61 409 487 510 | M(US): +1 202 294 6825 | Skype: jleiseboer
AU: 15 Denison St | Deakin | ACT 2601 | T: +61 2 6260 4922
US: Suite 1077 Bldg 19 | NASA Ames Research Park | Moffett Field CA 94035 | T: +1 650 870 9920

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]