1. Group Kiran Thota, VMware Saikat Saha, Oracle

2. What is Group? Group can be defined as a logical collection or container of objects – Managed Objects – Vendor proprietary objects such as Clients Administrators

3. Benefits of Group Reduce management complexity Simplify automation Efficient administration Note Bulk-management of keys and policies Almost all KMIP server vendors implement groups Standardizing will promote interoperability

4. What do we propose for v1.3? Group Managed Object – A new Managed Object that will define group (Note: We need to define Base Object) Basic Criteria (for v1.3): – 1-to-1 relationship An Object belongs to MAXIMUM of 1 group – No nesting – No conflict resolution concerns in nesting and when an object belongs to multiple groups.

5. What do we propose? Group attribute (attribute for each object) – Option 1: Object Group (string) Exists, Not unique – Option 2: Link of Group type New type, unique – Option 3 (Recommended): Group UUID New attribute, Unique Max one of this attribute per object. Note: No nesting for v1.3

6. New operations Create Group – Define a new Group – Comparable to a meta-data only (MDO) object When a server performs any operation for a Group Managed Object, the server will have to perform the operation on all the Managed Objects associated with this Group Managed Object. Examples: – Expire all keys in this GMO on Dec 31, 2014 – Revoke all keys in this GMO

7. Life cycle Pre-Active: The object exists and SHALL NOT be used. Active: The object SHALL be transitioned to Active prior to being used. Deactive: The object SHALL NOT be used. Note: Object SHALL NOT be destroyed. Active Deactive Pre-Active 1 2 4 3

8. Open questions Additional operations (or based on attributes) – DeactivateGroup – ActivateGroup Security concerns – An object links to GMO and not GMO adding an object as member of the group.

9. Additional advantages Server-to-Server scenarios