Presentation is loading. Please wait.

Presentation is loading. Please wait.

KMIP Entity Object and Client Registration

Published byΕἰρήνη Κυπραίος Modified over 5 years ago

Similar presentations

Presentation on theme: "KMIP Entity Object and Client Registration"— Presentation transcript:

1 KMIP Entity Object and Client Registration
Alan Frindell -- with input from Robert Haas SafeNet, Inc 11/17/2010

2 What can you do with an entity?
Require subjects passed in TLS and/or Credential to be registered entities Register or generate data that can be used during authentication, possibly to a third party system Restrict operations that create objects, including other entities Register Attributes that can be searched and retrieved Possible policy relevant attributes like FIPS Level, hardware capabilities, server to client operation support Register extended data that can be logged by the server Ask server to notify entity when one or more objects change

3 Credential Redefinition
Object Encoding REQUIRED Credential Structure Credential Type Enumeration Yes Authentication Information Type No Credential Value Object Encoding REQUIRED Credential Value Structure Subject Value Varies according to Credential Type Yes Subject Authentication Information Varies according to Authentication Information Type No Username and Password Credential Value still supported for backwards compatibility

4 Credential/Subject Types
Value Username and Password (KMIP v1) Username Device World Wide Name Distinguished Name SAML Subject WS Security Token Open ID Authentication Information Type Value Password Extensions 8XXXXXXX

5 Entity Definition Entity Attributes: Entity Operations: Object
Encoding REQUIRED Entity Structure Credential Yes, May be repeated Entity Attributes: UUID, Name, Object Type, Operation Policy, Initial Date, Destroy Date, App Specific Info, Contact Info, Last Change Date, Custom Attributes Entity Operations: Register, Locate, Get, Get Attributes, Get Attributes List, Add Attribute, Modify Attribute, Delete Attribute Destroy

6 Default Operation Policy for Entity Objects
Object Type Policy Create Symmetric Key Allowed to all Create Key Pair Public Key, Private Key Register All Certify Public Key Re-certify Certificate Validate Query N/A Cancel Poll

7 How are entities created?
Manually entered by server administrator Imported from a third-party directory by a server administrator Explicitly registered by a KMIP client with appropriate permissions Some server implementations may require administrator approval before the entity is registered Implicitly registered by a KMIP client by sending a new Credential object in a request

Download ppt "KMIP Entity Object and Client Registration"

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Modifying Managed Objects Alan Frindell 3/29/2011.

Modifying Managed Objects Alan Frindell 3/29/2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Identity on Force.com & Benefits of SSO Nick Simha.

Identity on Force.com & Benefits of SSO Nick Simha.
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.

KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.

© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.

Similar presentations

Ads by Google