Presentation is loading. Please wait.

Presentation is loading. Please wait.

KMIP Client Registration Ideas for Discussion

Published byPhillip Peters Modified over 6 years ago

Similar presentations

Presentation on theme: "KMIP Client Registration Ideas for Discussion"— Presentation transcript:

1 KMIP Client Registration Ideas for Discussion
Alan Frindell SafeNet, Inc 9/29/2010

2 Entity Definition Object Encoding REQUIRED Entity Structure Unique ID
Text String Yes Subject Operation Policy Name No, if not present default entity operation policy is used Attribute Yes, MAY be repeated Entity Unique ID may be passed in Credential object Subject comes from Access Control proposal. Named Operation Policy specifies if this entity can issue operations that create objects like Create, Register, Create Key Pair. May also control registration of Entities. The default entity operation policy is All Operations allowed (same as v1.0) Attributes including custom attributes can be associated with the Entity and can be searched via Locate or retrieved using Get or GetAttributes

3 How are entities created?
Manually entered by server administrator Imported from a third-party directory by a server administrator Registered by a KMIP client with appropriate permissions Some server implementations may require administrator approval before the entity is registered

4 What can you do with an entity?
Require subjects passed in TLS and/or Credential to be registered entities Register or generate data that can be used during authentication, possibly to a third party system Restrict operations that create objects Register Attributes that can be searched and retrieved Possible policy relevant attributes like FIPS Level, hardware capabilities Register extended data that can be logged by the server

5 Automated TLS certificate creation (from Sun KMP)
Assumption: Client and server share an authentication passphrase Part I – Plaintext Client sends subject information to server Server replies with CA Certificate and client authentication challenge Part II – TLS with server-only authentication Client sends client authentication response and server authentication challenge to server Server verifies client authentication response Server generates key pair and certificate, signs certificate Server replies with server authentication response, private key, certificate Client verifies server authentication response, stores private key and certificate

Download ppt "KMIP Client Registration Ideas for Discussion"

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Inter-Institutional Registration UNC Cause December 4, 2007.

Inter-Institutional Registration UNC Cause December 4, 2007.
Modifying Managed Objects Alan Frindell 3/29/2011.

Modifying Managed Objects Alan Frindell 3/29/2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Key Management in Cryptography

Key Management in Cryptography
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Week #7 Objectives: Secure Windows 7 Desktop

Week #7 Objectives: Secure Windows 7 Desktop
ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.

Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

Similar presentations

Ads by Google