Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011.

Published byBertina Thomas Modified over 9 years ago

Similar presentations

Presentation on theme: "Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011."— Presentation transcript:

1 Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011

2 Certificate Entity: Implicit self-registration  Server creates Entity record as a side effect of another KMIP request  No special TTLV required – KMIP server extracts needed values from TLS certificate  Assumed the client already has a cert signed by a CA trusted by KMIP server  Result: Entity UUID: ABCD-1234 Credential Subject Type: X.509 Certificate Identifer Subject Value:, Subject Auth Info Type: X.509 Certificate Subject Auth Info: 2

3 Certificate Entity: Explicit self-registration  Register Entity Credential Subject Type: X.509 Certificate Identifier x-custom1: custom-value1 x-custom2: custom-value2  Certificate fields extracted from TLS 3

4 Certificate Entity: Registration  Register Entity Credential Subject Type: X.509 Certificate Identifier Subject Auth Info Type: X.509 Certificate Subject Auth Info: x-custom1: custom-value1 x-custom2: custom-value2  Assumed registering Entity has privilege to register Entities 4

5 Certificate Entity: Authentication and Access Control  Authentication Credential Subject Type: X.509 Certificate Identifier  Server looks up Entity based on TLS certificate information  Server checks Entity UUID against request object Owner attribute 5

6 Username/Password User: Registration  Register Entity Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password” x-custom1: custom-value1 x-custom2: custom-value2 6

7 Username/Password User: Authentication and Access Control  Authentication Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password”  Server looks up Entity based on Subject Value  Server checks Entity UUID against request object Owner attribute 7

8 Multi-factor Entity: Registration  Register Entity Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password” Credenital Subject Type: X.509 Certificate Identifier Subject Auth Info Type: X.509 Certificate Subject Auth Info: 8

9 Multi-factor Entity: Authentication  Authentication Credential Subject Type: Username Subject Value: “user1” Subject Auth Info Type: Password Subject Auth Info: “password” Credenital Subject Type: X.509 Certificate Identifier  Server looks up Entity based on each Subject Value – all must resolve to the same Entity  Server checks Entity UUID against request object Owner attribute 9

Download ppt "Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell 2/18/2011."

Similar presentations

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Essentials Chapter 4

Network Security Essentials Chapter 4
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Modifying Managed Objects Alan Frindell 3/29/2011.

Modifying Managed Objects Alan Frindell 3/29/2011.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Similar presentations

Ads by Google