Upload File

insert your name insert your title insert date client registration open issues update 5/27/2011...

  • Home
  • Documents
  • Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
10
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Upload: wesley-simon

Post on 04-Jan-2016

215 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Insert Your Name

Insert Your Title

Insert Date

Client Registration Open Issues

Update 5/27/2011

Denis Pochuev

(original proposal by Alan Frindell)

Page 2: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

List of the open issues

Username vs. Entity Name Implicit Registration response “Locate self” – parameter or attribute? Which Locate operations should be allowed on

Entities? Device Credential Proxy Registration/Authentication CSR Credential

2

Page 3: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Username vs. Entity Name

Entity

UUID: ABCD-1234

Attribute

Attribute Name: “Credential”

Attribute Value:

Attribute

Attribute Name: “Name”

Attribute Value: user1

3

KMIP Client KMIP Server

Auth Request+Create Entity

Register Entity

Entity UUID

Create Object

Obj UUID Create Object

KMIP Client

Authentication Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”

Register Object Type=Entity Template-Attribute Attribute Attribute Name: “Credential” Attribute Value: Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”

Page 4: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Implicit Registration Response

4

KMIP Client KMIP Server Auth Request+Create Entity +Create Object

Create Object

Entity UUID + Obj UUID

Create Object

Obj UUID Create Object

Authentication Credential Credential Type: Transport Certificate Credential Value: <empty>

Implicit self-registration with cert (+2 object creations)

What if we did not return Entity UUID No Error => Both Entity and Object were created Use “Locate self” to get Entity UUID

Page 5: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Locate Self – parameter or attribute?

5

Alternative 1:• Part of Locate

• Entity Identifier, see 9.1.3.2.31

• A enumeration object used by the client to locate Entities with special properties

Locate

Entity Identifier = Self

Alternative 2:• New attribute

Locate

Attribute

Attribute Name = Entity Identifier

Attribute Value = Self

Page 6: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

What Locate operations should be allowed on Entities?

Find all Entities with Transport Certificate Credentials:Locate

Credential

Credential Type: Transport Certificate

Find an Entity by its transport certificate:Locate

Credential

Credential Type: Transport Certificate

Credential Value:

Certificate: <certificate>

Find yourself:Locate

Entity Identifier = Self

Find all objects owned by <UUID>:Locate

Owner = <UUID>

6

Page 7: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Device Credential

7

Credential/Subject Type Value

Username and Password (KMIP v1)

00000001

Username 00000002

Device 00000003

World Wide Name 00000004

Distinguished Name 00000005

SAML Subject 00000006

Open ID 00000007

Authentication Information Type

Value

Password 00000001

X.509 Certificate 00000002

Kerberos Ticket 00000003

Extensions 8XXXXXXX

Part of an earlier proposal Needs “secret” part to

protect against entity impersonation

Page 8: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Proxy Registration/Authentication

8

Important use-case KMIP participants• Single proxy is responsible for establishment and

running of the TLS tunnel• Multiple lightweight KMIP clients are connected through

the proxy to the server

Should it be a part of the current proposal? Support for devices that cannot save their own UUIDs

Page 9: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Optional Entity in Authentication Header

9

Current assumption: 1-to-1 mapping between Credential and Entity (only one Entity corresponds to a given Credential)

Adding attributes to Entity registration + sending Entity UUID in Authentication header addresses that issue

KMIP Client KMIP Server

Auth Request+Create Entity

Register Entity

Entity UUID

Create Object

Obj UUID Create Object

Authentication Credential Credential Type: Transport Certificate Credential Value: <empty> Entity UUID=0x172b45a435890c9078243589de2309458

KMIP Client

Register Object Type=Entity Template-Attribute Attribute Attribute Name: “Credential” Attribute Value: Credential Type: Transport Certificate Credential Value: Certificate Certificate Type: X.509 Certificate Value: <cert> Attribute id=0xb34a32b23a43093d Attribute ip-addr=10.10.10.10 Attribute mac-addr=02:ba:d0:ca:fe:99

Page 10: Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Register Object Type=Entity Template-Attribute Attribute Attribute Name: “Credential” Attribute Value: Credential Type: Certificate Request Credential Value: Certificate Certificate Type: X.509 Certificate Value: CSR

Certificate Server Request Credential

10

Client wants to register an entity and receive a signed Transport Certificate

KMIP Server

Auth Request+Create Entity

Register Entity

Entity UUID

Create Object

Obj UUID Create Object

KMIP Client

using new certificateAuthentication Credential Credential Type: Transport Certificate Credential Value: <empty>

Get Certificate

Obj UUID


‘Insert Your Last Name’ Wine Tasting ‘Insert Date’

Insert Your Poster Title Insert Name(s) of Author(s)

[INSERT YOUR LOGO HERE]

Pharmaceutical Sciences Presented by [Insert your name & title here] [Insert name of your PSMO]

Public Health Accreditation [Insert your name and title] [Insert LHD]

INSERT YOUR HEADLINE HERE

Introduction to (Insert Your Country) & Study Abroad Insert Institution Name, Your Name, Title, Department

INSERT YOUR BUSINESS LOGO

11 Raise Your Voice Prevent Meningococcal Meningitis [Insert Affiliation] [Insert Presenter]

Insert the title of your presentation here Insert Master text here

mhw.waamh.org.au · Web view[INSERT YOUR LOGO HERE] MEDIA RELEASE [INSERT DATE] [INSERT HEADLINE – KEEP IT SHORT, CATCHY SHARP AND BOLD] [OPENING PARAGRAPH] [insert your

PLAN-IT ACADEMY TOOLKIT REVIEW [Insert Your Name] [Insert Your Academy] [Insert Your City, Country] [Insert Date]

Put Your Title On These Lines Here Purpose Insert your text here. Purpose Insert your text here. Introduction Disclosure Insert your text here. Disclosure

Evidence-Based Medicine Presentation [Insert your name here] [Insert your designation here] [Insert your institutional affiliation here] Department of

Put Your Title On These Lines Here Purpose Insert your text here. Purpose Insert your text here. Abstract Disclosure Insert your text here. Disclosure

BRINGING WELLNESS TO [INSERT NAME OF COMMUNITY HERE] [INSERT YOUR NAME OR YOUR ORGANIZATION NAME HERE] [INSERT PRESENTATION DATE HERE]

Updated 12/2006 Place your agency/organization/group name here Insert your name Insert Date

Insert your image here

€¦  · Web view(Insert date)Contact:(Insert your contact name for media questions)(Insert contact phone)(Insert your organization name) Celebrates 25th Anniversary of National

Insert Your Title Here

Insert your name Insert your contact info

Insert Your Name Insert Your Title Insert Date SafeNet Authentication Service Vorstellung Authentication “as-a-Service” © SafeNet Confidential and Proprietary

Slide 1 Insert your own content. Slide 2 Insert your own content

My AFS Story: [Insert your AFS Country] [Insert your name] Add an inspiring picture here!

Insert Your Title Here Insert Your Name Here Insert institutional affiliation here Abstract Click here to insert or type it in text. Click on the border

[INSERT Your name, title] [INSERT PRESENTATION TITLE]

< Insert Your Group Name Here >

Redefining Business Ownership. [2]CONFIDENTIAL Insert Your Picture Here Insert your Picture Here Insert Your Picture Here You must have Microsoft Powerpoint

Build Your Own S/V Denis Sullivan Schooner...Build Your Own S/V Denis Sullivan Schooner Continued Build Your Own S/V Denis Sullivan Schooner Take It Further!: Test your schooner to

(Insert Your Event) Fundraiser

Presentation to [insert audience name] [Insert Date of Presentation] [Insert your name], Forum alumna/us

Insert Your Name Insert Your Title Insert Date Building a Fully Trusted Authentication Environment IBM-SafeNet Joint Solutions Strong Authentication for

INSERT YOUR DEPARTMENT LOGO INSERT YOUR DEPARTMENT LOGO

For XYZ Company Presented by INSERT YOUR NAME Internet Marketing Consultant INSERT YOUR CITY office

1 Insert Physical & E-mail Addresses, Phone and Fax Numbers of your Ethics Counselors Insert Names of your Ethics Counselor Insert Name of your Office