[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Virtualizing the SO (Security Officer)
For on-line enrollments the SO concept doesn't really work. If on-line enrollments is in scope for PKCS #11 you rather need a virtual (network-based) SO. FWIW, in SKS/KeyGen2 the solution is as follows: It is the USER that grants initial rights to key generation etc. The ISSUER may during provisioning also specify a KMK (Key Management Key) which will be associated with generated keys in that SESSION. Future sessions that target existing keys must then be AUTHORIZED with the proper KMK. I call this concept VSD (Virtual Security Domain). http://webpki.org/papers/keygen2/keygen2.junit.run.html#PlatformNegotiationRequest.UpdateKey.1 https://openkeystore.googlecode.com/svn/resources/trunk/docs/sks-api-arch.pdf thanx, Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]