Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.

Slides:



Advertisements
Similar presentations
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Advertisements

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
MyProxy: A Multi-Purpose Grid Authentication Service
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Report on Attribute Certificates By Ganesh Godavari.
Modifying Managed Objects Alan Frindell 3/29/2011.
Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
Sanzi-1 CSE5 810 CSE5810: Intro to Biomedical Informatics Dynamically Generated Adaptive Credentials for Health Information Exchange Eugene Sanzi.
1 DoD Cardholder Self Registration November 21, 2008.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
For Client Side Exploitation and Credential Harvesting Attacks.
D u k e S y s t e m s ABAC: An ORCA Perspective GEC 11 Jeff Chase Duke University Thanks: NSF TC CNS
Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.
Cullen Jennings Certificate Directory for SIP.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Instructor User Student User Course Registration Form (#8) Grade report (#14)Class list (#13) Grade Entry Form (#10)
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel
The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Data Acquisition in a PACS Weina Ma Sep 24 th, 2013.
INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Update Tom Zeller
VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Services Security A. Casajus R. Graciani. 12/12/ Overview DIRAC Security Infrastructure HSGE Transport Authentication Authorization DIRAC Authorization.
Constraints Lesson 8. Skills Matrix Constraints Domain Integrity: A domain refers to a column in a table. Domain integrity includes data types, rules,
Get Random Proposal John Leiseboer 11 October 2012.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
API Auth By Kyle Bradley. Role Definitions  User (Resource Owner)  The resource owner is the person who is giving access to some portion of their account.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
KMIP PKCS#12 February 2014 Tim Hudson – 1.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.
Server to Server Group Requirements Simplifying key management between multiple vendor implementations.
Reef Setup for Students. Login to D2L, access your course, and open the Reef registration link (usually in the Content area).
Event-Based Model for Reconciling Digital Entities Ahmet Fatih Mustacoglu Ahmet E. Topcu Aurel Cami Geoffrey C. Fox Indiana University Computer Science.
OGF 43, Washington 26 March FELIX background information Authorization NSI Proposed solution Summary.
IEEE SISWG (P1619.3)‏ Messaging & Transport. AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups.
Schritt 1: Wahl der Methode LDAP oder Database:
Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build SDK Update Andy Wigley
OGF PGI – EDGI Security Use Case and Requirements
UVOS and VOMS differences
EDC Process Proposal Brian Brandaw Manager of IT Common Platforms
Cryptography and Network Security
Module 8: Securing Network Traffic by Using IPSec and Certificates
Library Reserve System
KMIP Client Registration Ideas for Discussion
Update on EDG Security (VOMS)
Security in ebXML Messaging
KMIP Entity Object and Client Registration
OSCAR/Surface How to register
JavaScript Form Validation
Module 8: Securing Network Traffic by Using IPSec and Certificates
CORBA Programming B.Ramamurthy Chapter 3 5/2/2019.
Presentation transcript:

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011

Summary of updates since Feb F2F  Complex structures scrapped for simpler ones with better v1.0 compatibility  More discretion left to server implementers  Credential is now a “first class” Attribute in addition to a base object Facilitates Credential updates with minimal spec angst  Minor updates based on F2F feedback 2

Certificate Entity: Implicit self-registration  Server implicitly creates Entity record as a side effect of another KMIP request  No special TTLV required – KMIP server extracts needed values from TLS certificate  Client MAY already have a cert signed by a CA trusted by KMIP server  Resulting Object: Entity UUID: ABCD-1234 Credential Credential Type: Transport Certificate Credential Value: Certificate Certificate Type: X.509 Certificate Value: 3

Certificate Entity: Explicit self-registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: x-custom1: custom-value1 x-custom2: custom-value2 Entity:  Certificate fields extracted from TLS 4

Certificate Entity: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: Certificate: x-custom1: custom-value1 x-custom2: custom-value2 Entity:  Assumption: Registering Entity has privilege to register Entities 5

Certificate Entity: Authentication and Access Control Authentication Credential Credential Type: Transport Certificate Credential Value:  Server looks up Entity based on TLS certificate information Server policy: may be dynamic mapping or exact match  For access control, server checks authenticated Entity UUID against request object Owner attribute 6

Username/Password User: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password” x-custom1: custom-value1 x-custom2: custom-value2 Entity: 7

Username/Password User: Authentication and Access Control  Same as v1.0 Authentication Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”  Server looks up Entity based on Credential (username)  For access control, server checks authenticated Entity UUID against request object Owner attribute 8

Multi-factor Entity: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: Certificate: Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password” x-custom1: custom-value1 x-custom2: custom-value2 Entity: 9

Multi-factor Entity: Authentication Authentication Credential Credential Type: Transport Certificate Credential Value: Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”  Server looks up Entity based on each Credential – all must resolve to the same Entity  For access control, server checks authenticated Entity UUID against request object Owner attribute 10

Locate Entity  Find all Entities with Transport Certificate Credentials: Locate Credential Credential Type: Transport Certificate  Find an Entity by its transport certificate: Locate Credential Credential Type: Transport Certificate Credential Value: Certificate:  Find yourself: Locate Entity Identifier = Self 11

Credential Refresh Modify Attribute Attribute: “Credential” Attribute Index: N Attribute Value: Credential Type: Transport Certificate Credential Value: Certificate: Modify Attribute Attribute: “Credential” Attribute Index: N Attribute Value: Credential Type: Username and Password Credential Value: Username: “user1” Password: “new-password” 12

Other operations  Get Entity Info Locate Entity Identifier = Self Get Attributes Attribute Name: “Credential”  Server is not allowed to return Password values in Username and Password structure  Destroy Entity Destroy UUID: “ABCD-1234” 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.