Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.

Published byCarol Conley Modified over 8 years ago

Similar presentations

Presentation on theme: "Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011."— Presentation transcript:

1 Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011

2 Certificate Entity: Implicit self-registration  Server implicitly creates Entity record as a side effect of another KMIP request  No special TTLV required – KMIP server extracts needed values from TLS certificate  Client MAY already have a cert signed by a CA trusted by KMIP server  Resulting Object: Entity UUID: ABCD-1234 Credential Credential Type: Transport Certificate Credential Value: Certificate Certificate Type: X.509 Certificate Value: 2

3 Certificate Entity: Explicit self-registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: x-custom1: custom-value1 x-custom2: custom-value2 Entity:  Certificate fields extracted from TLS 3

4 Certificate Entity: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: Certificate: x-custom1: custom-value1 x-custom2: custom-value2 Entity:  Assumption: Registering Entity has privilege to register Entities 4

5 Certificate Entity: Authentication and Access Control Authentication Credential Credential Type: Transport Certificate Credential Value:  Server looks up Entity based on TLS certificate information Server policy: may be dynamic mapping or exact match  For access control, server checks authenticated Entity UUID against request object Owner attribute 5

6 Username/Password User: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password” x-custom1: custom-value1 x-custom2: custom-value2 Entity: 6

7 Username/Password User: Authentication and Access Control  Same as v1.0 Authentication Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”  Server looks up Entity based on Credential (username)  For access control, server checks Entity UUID against request object Owner attribute 7

8 Multi-factor Entity: Registration Register Object Type=Entity Template-Attribute Credential Credential Type: Transport Certificate Credential Value: Certificate: Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password” x-custom1: custom-value1 x-custom2: custom-value2 Entity: 8

9 Multi-factor Entity: Authentication Authentication Credential Credential Type: Transport Certificate Credential Value: Credential Credential Type: Username and Password Credential Value: Username: “user1” Password: “password”  Server looks up Entity based on each Credential – all must resolve to the same Entity  For access control, server checks Entity UUID against request object Owner attribute 9

10 Locate Entity  Find all Entities with Transport Certificate Credentials: Locate Credential Credential Type: Transport Certificate  Find an Entity by its transport certificate: Locate Credential Credential Type: Transport Certificate Credential Value: Certificate:  Find yourself: Locate Entity Identifier = Self 10

11 Credential Refresh Modify Attribute Attribute: “Credential” Attribute Index: N Attribute Value: Credential Type: Transport Certificate Credential Value: Certificate: Modify Attribute Attribute: “Credential” Attribute Index: N Attribute Value: Credential Type: Username and Password Credential Value: Username: “user1” Password: “new-password” 11

12 Other operations  Get Entity Info Locate Entity Identifier = Self Get Attributes Attribute Name: “Credential” Note server is not allowed to return Password values  Destroy Entity Destroy UUID: “ABCD-1234” 12

Download ppt "Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011."

Similar presentations

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Modifying Managed Objects Alan Frindell 3/29/2011.

Modifying Managed Objects Alan Frindell 3/29/2011.
Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
The Traust Authorization Service A. Lee, M. Winslett, J. Basney, and V. Welch University of Illinois at Urbana-Champaign www.iti.uiuc.edu Goal: A scalable.

The Traust Authorization Service A. Lee, M. Winslett, J. Basney, and V. Welch University of Illinois at Urbana-Champaign Goal: A scalable.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Similar presentations

Ads by Google