1 / 8

Group

Group. Kiran Thota, VMware Saikat Saha, Oracle. What is Group?. Group can be defined as a logical collection or container of objects Managed Objects Vendor proprietary objects such as Clients Administrators. Benefits of Group. Reduce management complexity Simplify automation

kedma
Download Presentation

Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group Kiran Thota, VMware Saikat Saha, Oracle

  2. What is Group? • Group can be defined asa logical collection or container of objects • Managed Objects • Vendor proprietary objects such as • Clients • Administrators

  3. Benefits of Group • Reduce management complexity • Simplify automation • Efficient administration • Note • Bulk-management of keys and policies • Almost all KMIP server vendors implement groups • Standardizing will promote interoperability

  4. What do we propose for v1.3? • Group Managed Object • A new Managed Object that will define group (Note: We need to define Base Object) • Basic Criteria (for v1.3): • 1-to-1 relationship • An Object belongs to MAXIMUM of 1 group • No nesting • No conflict resolution concerns in nesting and when an object belongs to multiple groups.

  5. What do we propose? • Group attribute (attribute for each object) • Option 1: Object Group (string) • Exists, Not unique • Option 2: Link of Group type • New type, unique • Option 3 (Recommended): Group UUID • New attribute, Unique • Max one of this attribute per object. • Note: No nesting for v1.3

  6. New operations • Create Group • Define a new Group • Comparable to a meta-data only (MDO) object • When a server performs any operation for a Group Managed Object, the server will have to perform the operation on all the Managed Objects associated with this Group Managed Object. Examples: • Expire all keys in this GMO on Dec 31, 2014 • Revoke all keys in this GMO

  7. Life cycle • Pre-Active: The object exists and SHALL NOT be used. • Active: The object SHALL be transitioned to Active prior to being used. • Deactive: The object SHALL NOT be used. Note: Object SHALL NOT be destroyed. 1 Pre-Active 3 2 Active 4 Deactive

  8. Open questions • Additional operations (or based on attributes) • DeactivateGroup • ActivateGroup • Security concerns • An object links to GMO and not GMO adding an object as member of the group.

More Related