Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.

Slides:



Advertisements
Similar presentations
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Advertisements

Chapter 14 – Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Managing User, Computer and Group Accounts
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
MyProxy: A Multi-Purpose Grid Authentication Service
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Report on Attribute Certificates By Ganesh Godavari.
Modifying Managed Objects Alan Frindell 3/29/2011.
Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.
Grid Security. Typical Grid Scenario Users Resources.
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
The Traust Authorization Service A. Lee, M. Winslett, J. Basney, and V. Welch University of Illinois at Urbana-Champaign Goal: A scalable.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Sanzi-1 CSE5 810 CSE5810: Intro to Biomedical Informatics Dynamically Generated Adaptive Credentials for Health Information Exchange Eugene Sanzi.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
1 DoD Cardholder Self Registration November 21, 2008.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
For Client Side Exploitation and Credential Harvesting Attacks.
D u k e S y s t e m s ABAC: An ORCA Perspective GEC 11 Jeff Chase Duke University Thanks: NSF TC CNS
Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.
Cullen Jennings Certificate Directory for SIP.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.
Instructor User Student User Course Registration Form (#8) Grade report (#14)Class list (#13) Grade Entry Form (#10)
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel
Delegation of Authority David Chadwick
Data Acquisition in a PACS Weina Ma Sep 24 th, 2013.
Secure Windows App Development. Authentication.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Constraints Lesson 8. Skills Matrix Constraints Domain Integrity: A domain refers to a column in a table. Domain integrity includes data types, rules,
EMU and DANE Jim Schaad August Cellars. EMU TLS Issues Trust Anchor Matching PKIX cert to EMU Server Name Certificate Revocation Checking – CRLs – OCSP.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
API Auth By Kyle Bradley. Role Definitions  User (Resource Owner)  The resource owner is the person who is giving access to some portion of their account.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
KMIP PKCS#12 February 2014 Tim Hudson – 1.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.
Server to Server Group Requirements Simplifying key management between multiple vendor implementations.
Reef Setup for Students. Login to D2L, access your course, and open the Reef registration link (usually in the Content area).
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.
Safety Compliance Made Easy! Yowcanada.com.  LOGIN  Go to  Enter the following information  Username:
OGF 43, Washington 26 March FELIX background information Authorization NSI Proposed solution Summary.
IEEE SISWG (P1619.3)‏ Messaging & Transport. AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups.
Schritt 1: Wahl der Methode LDAP oder Database:
SFS-HTTP: Securing the Web with Self-Certifying URLs
UVOS and VOMS differences
EDC Process Proposal Brian Brandaw Manager of IT Common Platforms
Cryptography and Network Security
Authentication Applications
Library Reserve System
KMIP Client Registration Ideas for Discussion
Login & administration page
KMIP Entity Object and Client Registration
OSCAR/Surface How to register
SSL Decryption Explained
Create New User in Database. First Connect the System.
Azure AD Simon May Technical Evangelist.
Presentation transcript:

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011

Certificate Entity: Implicit self-registration  Server implicitly creates Entity record as a side effect of another KMIP request  No special TTLV required – KMIP server extracts needed values from TLS certificate  Client MAY already have a cert signed by a CA trusted by KMIP server  Resulting Object: Entity UUID: ABCD-1234 Credential Credential Type: Transport Certificate Credential Value: Certificate Certificate Type: X.509 Certificate Value: 2

Certificate Entity: Explicit self-registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: x-custom1: custom-value1 x-custom2: custom-value2 Entity:  Certificate fields extracted from TLS 3

Certificate Entity: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: Certificate: x-custom1: custom-value1 x-custom2: custom-value2 Entity:  Assumption: Registering Entity has privilege to register Entities 4

Certificate Entity: Authentication and Access Control Authentication Credential Credential Type: Transport Certificate Credential Value:  Server looks up Entity based on TLS certificate information Server policy: may be dynamic mapping or exact match  For access control, server checks authenticated Entity UUID against request object Owner attribute 5

Username/Password User: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password” x-custom1: custom-value1 x-custom2: custom-value2 Entity: 6

Username/Password User: Authentication and Access Control  Same as v1.0 Authentication Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”  Server looks up Entity based on Credential (username)  For access control, server checks Entity UUID against request object Owner attribute 7

Multi-factor Entity: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: Certificate: Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password” x-custom1: custom-value1 x-custom2: custom-value2 Entity: 8

Multi-factor Entity: Authentication Authentication Credential Credential Type: Transport Certificate Credential Value: Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”  Server looks up Entity based on each Credential – all must resolve to the same Entity  For access control, server checks Entity UUID against request object Owner attribute 9

Locate Entity  Find all Entities with Transport Certificate Credentials: Locate Credential Credential Type: Transport Certificate  Find an Entity by its transport certificate: Locate Credential Credential Type: Transport Certificate Credential Value: Certificate:  Find yourself: Locate Entity Identifier = Self 10

Credential Refresh Modify Attribute Attribute: “Credential” Attribute Index: N Attribute Value: Credential Type: Transport Certificate Credential Value: Certificate: Modify Attribute Attribute: “Credential” Attribute Index: N Attribute Value: Credential Type: Username and Password Credential Value: Username: “user1” Password: “new-password” 11

Other operations  Get Entity Info Locate Entity Identifier = Self Get Attributes Attribute Name: “Credential” Note server is not allowed to return Password values  Destroy Entity Destroy UUID: “ABCD-1234” 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.