Key Manager Domains February, 2019
Problem "Names SHALL be unique within a given key management domain, but are NOT REQUIRED to be globally unique." "Key Management Domain“ is not defined
Problem Elaboration What is a "Key Management Domain"? Different Users Different Object Groups One server that has provides two independent tenants? A distributed KMIP server with replication? Runs over several different computers Two servers running on the same host with different IP addresses? Virtual machines servers that happen to be running on same system? Cluster / Cloud / Micro-services
Solution Key management domains are Logical Partitions Independent of hardware implementation Single Key Management Domain One server distributed across multiple systems Different Users Different Object Groups Multiple Key Management Domains Two servers same system Two tenants same logical server Pause here
Conclusion Reduce cognitive dissonance Specific deployment approach or technology should not alter fundamental definitions