Upload File

insert your name insert your title insert date client registration open issues update 5/27/2011...

  • Home
  • Documents
  • Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
10
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Upload: wesley-simon

Post on 04-Jan-2016

215 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Insert Your Name

Insert Your Title

Insert Date

Client Registration Open Issues

Update 5/27/2011

Denis Pochuev

(original proposal by Alan Frindell)

Page 2: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

List of the open issues

Username vs. Entity Name Implicit Registration response “Locate self” – parameter or attribute? Which Locate operations should be allowed on

Entities? Device Credential Proxy Registration/Authentication CSR Credential

2

Page 3: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Username vs. Entity Name

Entity

UUID: ABCD-1234

Attribute

Attribute Name: “Credential”

Attribute Value:

Attribute

Attribute Name: “Name”

Attribute Value: user1

3

KMIP Client KMIP Server

Auth Request+Create Entity

Register Entity

Entity UUID

Create Object

Obj UUID Create Object

KMIP Client

Authentication Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”

Register Object Type=Entity Template-Attribute Attribute Attribute Name: “Credential” Attribute Value: Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”

Page 4: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Implicit Registration Response

4

KMIP Client KMIP Server Auth Request+Create Entity +Create Object

Create Object

Entity UUID + Obj UUID

Create Object

Obj UUID Create Object

Authentication Credential Credential Type: Transport Certificate Credential Value: <empty>

Implicit self-registration with cert (+2 object creations)

What if we did not return Entity UUID No Error => Both Entity and Object were created Use “Locate self” to get Entity UUID

Page 5: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Locate Self – parameter or attribute?

5

Alternative 1:• Part of Locate

• Entity Identifier, see 9.1.3.2.31

• A enumeration object used by the client to locate Entities with special properties

Locate

Entity Identifier = Self

Alternative 2:• New attribute

Locate

Attribute

Attribute Name = Entity Identifier

Attribute Value = Self

Page 6: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

What Locate operations should be allowed on Entities?

Find all Entities with Transport Certificate Credentials:Locate

Credential

Credential Type: Transport Certificate

Find an Entity by its transport certificate:Locate

Credential

Credential Type: Transport Certificate

Credential Value:

Certificate: <certificate>

Find yourself:Locate

Entity Identifier = Self

Find all objects owned by <UUID>:Locate

Owner = <UUID>

6

Page 7: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Device Credential

7

Credential/Subject Type Value

Username and Password (KMIP v1)

00000001

Username 00000002

Device 00000003

World Wide Name 00000004

Distinguished Name 00000005

SAML Subject 00000006

Open ID 00000007

Authentication Information Type

Value

Password 00000001

X.509 Certificate 00000002

Kerberos Ticket 00000003

Extensions 8XXXXXXX

Part of an earlier proposal Needs “secret” part to

protect against entity impersonation

Page 8: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Proxy Registration/Authentication

8

Important use-case KMIP participants• Single proxy is responsible for establishment and

running of the TLS tunnel• Multiple lightweight KMIP clients are connected through

the proxy to the server

Should it be a part of the current proposal? Support for devices that cannot save their own UUIDs

Page 9: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Optional Entity in Authentication Header

9

Current assumption: 1-to-1 mapping between Credential and Entity (only one Entity corresponds to a given Credential)

Adding attributes to Entity registration + sending Entity UUID in Authentication header addresses that issue

KMIP Client KMIP Server

Auth Request+Create Entity

Register Entity

Entity UUID

Create Object

Obj UUID Create Object

Authentication Credential Credential Type: Transport Certificate Credential Value: <empty> Entity UUID=0x172b45a435890c9078243589de2309458

KMIP Client

Register Object Type=Entity Template-Attribute Attribute Attribute Name: “Credential” Attribute Value: Credential Type: Transport Certificate Credential Value: Certificate Certificate Type: X.509 Certificate Value: <cert> Attribute id=0xb34a32b23a43093d Attribute ip-addr=10.10.10.10 Attribute mac-addr=02:ba:d0:ca:fe:99

Page 10: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Register Object Type=Entity Template-Attribute Attribute Attribute Name: “Credential” Attribute Value: Credential Type: Certificate Request Credential Value: Certificate Certificate Type: X.509 Certificate Value: CSR

Certificate Server Request Credential

10

Client wants to register an entity and receive a signed Transport Certificate

KMIP Server

Auth Request+Create Entity

Register Entity

Entity UUID

Create Object

Obj UUID Create Object

KMIP Client

using new certificateAuthentication Credential Credential Type: Transport Certificate Credential Value: <empty>

Get Certificate

Obj UUID


Presentation to [insert audience name] [Insert Date of Presentation] [Insert your name], Forum alumna/us

INSERT YOUR HEADLINE HERE

Evidence-Based Medicine Presentation [Insert your name here] [Insert your designation here] [Insert your institutional affiliation here] Department of

My AFS Story: [Insert your AFS Country] [Insert your name] Add an inspiring picture here!

Put Your Title On These Lines Here Purpose Insert your text here. Purpose Insert your text here. Abstract Disclosure Insert your text here. Disclosure

€¦  · Web view(Insert date)Contact:(Insert your contact name for media questions)(Insert contact phone)(Insert your organization name) Celebrates 25th Anniversary of National

Insert your image here

PLAN-IT ACADEMY TOOLKIT REVIEW [Insert Your Name] [Insert Your Academy] [Insert Your City, Country] [Insert Date]

(Insert your name here) Support Children’s Healthy Growth (Insert your name here) Workshop Presentation

Insert your information here

Updated 12/2006 Place your agency/organization/group name here Insert your name Insert Date

[INSERT YOUR LOGO HERE]

Put Your Title On These Lines Here Purpose Insert your text here. Purpose Insert your text here. Introduction Disclosure Insert your text here. Disclosure

Public Health Accreditation [Insert your name and title] [Insert LHD]

Introduction to (Insert Your Country) & Study Abroad Insert Institution Name, Your Name, Title, Department

Slide 1 Insert your own content. Slide 2 Insert your own content

PowerPoint Presentation Tips & Recommendations. Insert Your Presentation Title Here Insert Presenter(s) Name(s), CPP? Insert Your Title Here Insert Your

Redefining Business Ownership. [2]CONFIDENTIAL Insert Your Picture Here Insert your Picture Here Insert Your Picture Here You must have Microsoft Powerpoint

For XYZ Company Presented by INSERT YOUR NAME Internet Marketing Consultant INSERT YOUR CITY office

BRINGING WELLNESS TO [INSERT NAME OF COMMUNITY HERE] [INSERT YOUR NAME OR YOUR ORGANIZATION NAME HERE] [INSERT PRESENTATION DATE HERE]

Your organisation’s name Insert your website/email here Insert your logo here

(Insert Your Event) Fundraiser

Insert Your Name Insert Your Title Insert Date SafeNet Authentication Service Vorstellung Authentication “as-a-Service” © SafeNet Confidential and Proprietary

< Insert Your Group Name Here >

mhw.waamh.org.au · Web view[INSERT YOUR LOGO HERE] MEDIA RELEASE [INSERT DATE] [INSERT HEADLINE – KEEP IT SHORT, CATCHY SHARP AND BOLD] [OPENING PARAGRAPH] [insert your

Insert your name Insert your contact info

11 Raise Your Voice Prevent Meningococcal Meningitis [Insert Affiliation] [Insert Presenter]

INSERT YOUR BUSINESS LOGO

Insert Your Name Insert Your Title Insert Date Building a Fully Trusted Authentication Environment IBM-SafeNet Joint Solutions Strong Authentication for

Insert Your Title Here

[Insert your logo here.] [Insert brief description of guide.]

‘Insert Your Last Name’ Wine Tasting ‘Insert Date’

Insert Your Poster Title Insert Name(s) of Author(s)

Denis Browne Bar (DBB) - Orthokids · Denis Browne Bar (DBB) Treatment for Hip Dysplasia Your doctor has prescribed the Denis Browne Hip Abduction Brace (DBB) for treatment of your

INSERT YOUR DEPARTMENT LOGO INSERT YOUR DEPARTMENT LOGO