KMIP Entity Object and Client Registration

Slides:



Advertisements
Similar presentations
Suchin Rengan Principal Technical Architect Salesforce.com
Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Modifying Managed Objects Alan Frindell 3/29/2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Identity on Force.com & Benefits of SSO Nick Simha.
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
The Exchange Network Node Mentoring Workshop User Management on the Exchange Network Joe Carioti February 28, 2005.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.
Comparative Reporting & Analysis (CR&A) How To Run a Report For sample use only. Reports do not reflect actual client information or all of the products.
Isolating and Protecting Devices on the Network A database-driven methodology Tom Zeller June 2008.
Survey of Identity Repository Security Models JSR 351, Sep 2012.
PKI & Web Services SPS Spotlight Series January 2015.
Identity; What you need to know to be in the Microsoft Cloud
CENTRAL BOARD OF EXCISE & CUSTOMS
ICE Integrated Cloud Environment Cloud Scanning and Mobile Printing
OGF PGI – EDGI Security Use Case and Requirements
Authentication Interact Cloud.
Identity Management (IdM)
SSL Certificates for Secure Websites
SAML New Features and Standardization Status
Cryptography and Network Security
SaaS Application Deep Dive
Configuring and Troubleshooting Routing and Remote Access
TPM and TPM Security Technologies
Authentication Applications
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Addressing the Beast: Single Sign-On II
CompTIA Security+ Study Guide (SY0-401)
KMIP Client Registration Ideas for Discussion
IBM Certified WAS 8.5 Administrator
Update on EDG Security (VOMS)
KMIP Key Management with Vormetric Data Security Manager
Enterprise Key Management with OASIS KMIP
Azure AD Line Of Business Application Integration
First-time Login to Business Banking:
Multifactor Authentication & First Time Login
The New Virtual Organization Membership Service (VOMS)
CE Operating Systems Lecture 21
Access Control in KMIPv1.1/v2
Kerberos.
Operating Systems Security
To the ETS – Encumbrance Online Training Course
Office 365 Identity Management
Tim Bornholtz Director of Technology Services
Architecture Competency Group
SharePoint Online Authentication Patterns
Office 365 Development.
To the ETS – Encumbrance Online Training Course
Data Security Awareness
FCL – Administration Tool
HR Portal: What’s New? What’s Next?
Protection Mechanisms in Security Management
Azure AD Simon May Technical Evangelist.
Presentation transcript:

KMIP Entity Object and Client Registration Alan Frindell -- with input from Robert Haas SafeNet, Inc 11/17/2010

What can you do with an entity? Require subjects passed in TLS and/or Credential to be registered entities Register or generate data that can be used during authentication, possibly to a third party system Restrict operations that create objects, including other entities Register Attributes that can be searched and retrieved Possible policy relevant attributes like FIPS Level, hardware capabilities, server to client operation support Register extended data that can be logged by the server Ask server to notify entity when one or more objects change

Credential Redefinition Object Encoding REQUIRED Credential Structure Credential Type Enumeration Yes Authentication Information Type No Credential Value Object Encoding REQUIRED Credential Value Structure Subject Value Varies according to Credential Type Yes Subject Authentication Information Varies according to Authentication Information Type No Username and Password Credential Value still supported for backwards compatibility

Credential/Subject Types Value Username and Password (KMIP v1) 00000001 Username 00000002 Device 00000003 World Wide Name 00000004 Distinguished Name 00000005 SAML Subject 00000006 WS Security Token 00000007 Open ID 00000008 Authentication Information Type Value Password 00000001 Extensions 8XXXXXXX

Entity Definition Entity Attributes: Entity Operations: Object Encoding REQUIRED Entity Structure Credential Yes, May be repeated Entity Attributes: UUID, Name, Object Type, Operation Policy, Initial Date, Destroy Date, App Specific Info, Contact Info, Last Change Date, Custom Attributes Entity Operations: Register, Locate, Get, Get Attributes, Get Attributes List, Add Attribute, Modify Attribute, Delete Attribute Destroy

Default Operation Policy for Entity Objects Object Type Policy Create Symmetric Key Allowed to all Create Key Pair Public Key, Private Key Register All Certify Public Key Re-certify Certificate Validate Query N/A Cancel Poll

How are entities created? Manually entered by server administrator Imported from a third-party directory by a server administrator Explicitly registered by a KMIP client with appropriate permissions Some server implementations may require administrator approval before the entity is registered Implicitly registered by a KMIP client by sending a new Credential object in a request

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.